コード例 #1
0
    def _lookup_iocs(self, all_iocs):
        """Caches the VirusTotal info for a set of domains.

        Domains on a whitelist will be ignored.

        Args:
            all_iocs - a list of domains.
        Returns:
            A dict with domain as key and threat info as value
        """
        threat_info = {}

        cache_file_name = config_get_deep(
            'virustotal.LookupDomainsFilter.cache_file_name', None)
        vt = VirusTotalApi(self._api_key, cache_file_name=cache_file_name)

        iocs = filter(lambda x: not self._whitelist.match_values(x), all_iocs)
        reports = vt.get_domain_reports(iocs)
        for domain in reports.keys():
            if not reports[domain]:
                continue

            trimmed_report = self._trim_domain_report(domain, reports[domain])
            if self._should_store_ioc_info(trimmed_report):
                threat_info[domain] = trimmed_report

        return threat_info
コード例 #2
0
    def _lookup_iocs(self, all_iocs):
        """Caches the VirusTotal info for a set of URLs.

        Args:
            all_iocs - a list of URLs.
        Returns:
            A dict with URL as key and threat info as value
        """
        threat_info = {}

        cache_file_name = config_get_deep(
            'virustotal.LookupURLsFilter.cache_file_name', None)
        vt = VirusTotalApi(self._api_key, cache_file_name=cache_file_name)
        reports = vt.get_url_reports(all_iocs)

        for url in reports.keys():
            report = reports[url]
            if not report:
                continue
            if self._should_store_ioc_info(report):
                threat_info[url] = self._trim_url_report(report)

        return threat_info