async def get_dispatches(self, payload: Payload,
request: Request) -> DispatcherResponse:
dr = DispatcherResponse()
for match in self._yara_matches(payload.content, self.dispatch_rules):
if match['meta'].get('save', '').lower().strip() == 'false':
payload.results.payload_meta.should_archive = False
plugin_names = self._extract_plugin_names(match)
if 'xordecode' in plugin_names:
self._plugin_xor_extract_key(match)
for name in plugin_names:
dr.plugin_names.append(name)
dr.meta[name] = match
return dr
async def get_dispatches(self, payload: Payload,
request: Request) -> DispatcherResponse:
"""
Check if `iocextract` plugin has results, if so, dispatch to `vtmis-search` worker
"""
dr = DispatcherResponse()
if 'iocextract' in payload.results.workers:
dr.plugin_names.append('vtmis-search')
return dr
def get_dispatches(self, payload: Payload,
request_meta: RequestMeta) -> DispatcherResponse:
dr = DispatcherResponse()
for match in self._yara_dispatch_matches(payload.content):
if 'plugin' in match['meta']:
plugin_str = match['meta']['plugin'].lower().strip()
plugin_names = {
p.strip()
for p in plugin_str.split(',') if p.strip()
}
for name in plugin_names:
if name:
if match['meta'].get('save',
'').lower().strip() == 'false':
payload.payload_meta.should_archive = False
name = name.strip()
dr.plugin_names.append(name)
dr.meta[name] = match
return dr
def get_dispatches(self, payload: Payload,
request_meta: RequestMeta) -> DispatcherResponse:
"""
Check if `iocextract` plugin has results, if so, dispatch to `vtmis-search` worker
"""
dr = DispatcherResponse()
for worker_result in payload.worker_results:
if 'iocextract' in worker_result:
dr.plugin_names.append('vtmis-search')
break
return dr