def _lookup_iocs(self, all_iocs):
"""Caches the VirusTotal info for a set of domains.
Domains on a whitelist will be ignored.
Args:
all_iocs - a list of domains.
Returns:
A dict with domain as key and threat info as value
"""
threat_info = {}
cache_file_name = config_get_deep(
'virustotal.LookupDomainsFilter.cache_file_name', None)
vt = VirusTotalApi(self._api_key, cache_file_name=cache_file_name)
iocs = filter(lambda x: not self._whitelist.match_values(x), all_iocs)
reports = vt.get_domain_reports(iocs)
for domain in reports.keys():
if not reports[domain]:
continue
trimmed_report = self._trim_domain_report(domain, reports[domain])
if self._should_store_ioc_info(trimmed_report):
threat_info[domain] = trimmed_report
return threat_info
def _lookup_iocs(self, all_iocs):
"""Caches the VirusTotal info for a set of domains.
Domains on a whitelist will be ignored.
Args:
all_iocs - a list of domains.
Returns:
A dict with domain as key and threat info as value
"""
threat_info = {}
cache_file_name = config_get_deep('virustotal.LookupDomainsFilter.cache_file_name', None)
vt = VirusTotalApi(self._api_key, cache_file_name=cache_file_name)
iocs = filter(lambda x: not self._whitelist.match_values(x), all_iocs)
reports = vt.get_domain_reports(iocs)
for domain in reports.keys():
if not reports[domain]:
continue
trimmed_report = self._trim_domain_report(domain, reports[domain])
if self._should_store_ioc_info(trimmed_report):
threat_info[domain] = trimmed_report
return threat_info
def _lookup_iocs(self):
"""Caches the OpenDNS info for a set of domains"""
vt = VirusTotalApi(self._api_key)
reports = vt.get_domain_reports(self._all_iocs)
for domain in reports.keys():
# TODO(ivanlei): Should score the VT results here and only add them if they're interesting
self._threat_info_by_iocs[domain] = self._trim_domain_report(domain, reports[domain])
def _lookup_iocs(self):
"""Caches the OpenDNS info for a set of domains"""
vt = VirusTotalApi(self._api_key)
reports = vt.get_domain_reports(self._all_iocs)
for md5 in reports.keys():
report = reports[md5]
# TODO(ivanlei): Should score the VT results here and only add them if they're interesting
if 1 == report.get('response_code'):
self._threat_info_by_iocs[md5] = reports[md5]
def _lookup_iocs(self, all_iocs):
"""Caches the VirusTotal info for a set of hashes.
Args:
all_iocs - a list of hashes.
Returns:
A dict with hash as key and threat info as value
"""
threat_info = {}
cache_file_name = config_get_deep('virustotal.LookupHashesFilter.cache_file_name', None)
vt = VirusTotalApi(self._api_key, cache_file_name=cache_file_name)
reports = vt.get_file_reports(all_iocs)
for hash_val in reports.keys():
report = reports[hash_val]
if not report:
continue
if self._should_store_ioc_info(report):
threat_info[hash_val] = self._trim_hash_report(report)
return threat_info
def _lookup_iocs(self, all_iocs):
"""Caches the VirusTotal info for a set of URLs.
Args:
all_iocs - a list of URLs.
Returns:
A dict with URL as key and threat info as value
"""
threat_info = {}
cache_file_name = config_get_deep(
'virustotal.LookupURLsFilter.cache_file_name', None)
vt = VirusTotalApi(self._api_key, cache_file_name=cache_file_name)
reports = vt.get_url_reports(all_iocs)
for url in reports.keys():
report = reports[url]
if not report:
continue
if self._should_store_ioc_info(report):
threat_info[url] = self._trim_url_report(report)
return threat_info
