def test_add_url(self):
intel = Intel()
intel.add_url(original="https://test.domain.com:9500/")
self.assertEqual(intel.intel["url"]["original"],
"https://test.domain.com:9500/")
self.assertEqual(intel.intel["url"]["scheme"], "https")
intel.add_url(full="https://test.domain.com:9500/")
self.assertEqual(intel.intel["url"]["original"],
"https://test.domain.com:9500/")
self.assertEqual(intel.intel["url"]["full"],
"https://test.domain.com:9500/")
self.assertEqual(intel.intel["url"]["scheme"], "https")
def _parse(self):
for line in self._raw_threat_intel.split("\n"):
# Add as source ip
try:
intel = Intel(original=line,
event_type="indicator",
event_reference=self._feed_url,
event_provider="botvrij",
event_dataset="botvrij.domains",
threat_first_seen=None,
threat_last_seen=None,
threat_type="url")
intel.add_url(domain=line, top_level_domain=line.split(".")[1])
except Exception:
pass
else:
intel.add_docid()
self.intel.append(intel)
def _parse(self):
for line in self._raw_threat_intel.split("\n"):
if line[:1] is "#":
pass
else:
split_line = line.split('","')
try:
intel = Intel(original=line,
event_type="indicator",
event_reference=self._feed_url,
event_provider="Abuse.ch",
event_dataset="URLhaus",
threat_first_seen=split_line[1],
threat_last_seen=None,
threat_type="domain",
threat_description=split_line[4])
intel.add_url(original=split_line[2])
except IndexError:
pass
else:
intel.add_docid()
self.intel.append(intel)
