def test_add_url(self): intel = Intel() intel.add_url(original="https://test.domain.com:9500/") self.assertEqual(intel.intel["url"]["original"], "https://test.domain.com:9500/") self.assertEqual(intel.intel["url"]["scheme"], "https") intel.add_url(full="https://test.domain.com:9500/") self.assertEqual(intel.intel["url"]["original"], "https://test.domain.com:9500/") self.assertEqual(intel.intel["url"]["full"], "https://test.domain.com:9500/") self.assertEqual(intel.intel["url"]["scheme"], "https")
def _parse(self): for line in self._raw_threat_intel.split("\n"): # Add as source ip try: intel = Intel(original=line, event_type="indicator", event_reference=self._feed_url, event_provider="botvrij", event_dataset="botvrij.domains", threat_first_seen=None, threat_last_seen=None, threat_type="url") intel.add_url(domain=line, top_level_domain=line.split(".")[1]) except Exception: pass else: intel.add_docid() self.intel.append(intel)
def _parse(self): for line in self._raw_threat_intel.split("\n"): if line[:1] is "#": pass else: split_line = line.split('","') try: intel = Intel(original=line, event_type="indicator", event_reference=self._feed_url, event_provider="Abuse.ch", event_dataset="URLhaus", threat_first_seen=split_line[1], threat_last_seen=None, threat_type="domain", threat_description=split_line[4]) intel.add_url(original=split_line[2]) except IndexError: pass else: intel.add_docid() self.intel.append(intel)