def _lookup_iocs(self, all_iocs, resource_per_req=25): """Caches the VirusTotal info for a set of hashes. Args: all_iocs - a list of hashes. Returns: A dict with hash as key and threat info as value """ threat_info = {} cache_file_name = config_get_deep( 'virustotal.LookupHashesFilter.cache_file_name', None) vt = VirusTotalApi(self._api_key, resource_per_req, cache_file_name=cache_file_name) reports = vt.get_file_reports(all_iocs) for hash_val in reports: report = reports[hash_val] if not report: continue if self._should_store_ioc_info(report): threat_info[hash_val] = self._trim_hash_report(report) return threat_info
def _lookup_iocs(self, all_iocs, resource_per_req=25): """Caches the VirusTotal info for a set of domains. Domains on a whitelist will be ignored. Args: all_iocs - a list of domains. Returns: A dict with domain as key and threat info as value """ threat_info = {} cache_file_name = config_get_deep('virustotal.LookupDomainsFilter.cache_file_name', None) vt = VirusTotalApi(self._api_key, resource_per_req, cache_file_name=cache_file_name) iocs = [x for x in all_iocs if not self._whitelist.match_values(x)] reports = vt.get_domain_reports(iocs) for domain in reports: if not reports[domain]: continue trimmed_report = self._trim_domain_report(domain, reports[domain]) if self._should_store_ioc_info(trimmed_report): threat_info[domain] = trimmed_report return threat_info
def _lookup_iocs(self, all_iocs, resource_per_req=25): """Caches the VirusTotal info for a set of domains. Domains on a whitelist will be ignored. Args: all_iocs - a list of domains. Returns: A dict with domain as key and threat info as value """ threat_info = {} cache_file_name = config_get_deep('virustotal.LookupDomainsFilter.cache_file_name', None) vt = VirusTotalApi(self._api_key, resource_per_req, cache_file_name=cache_file_name) iocs = filter(lambda x: not self._whitelist.match_values(x), all_iocs) reports = vt.get_domain_reports(iocs) for domain in reports.keys(): if not reports[domain]: continue trimmed_report = self._trim_domain_report(domain, reports[domain]) if self._should_store_ioc_info(trimmed_report): threat_info[domain] = trimmed_report return threat_info
def _lookup_iocs(self, all_iocs, resource_per_req=25): """Caches the VirusTotal info for a set of hashes. Args: all_iocs - a list of hashes. Returns: A dict with hash as key and threat info as value """ threat_info = {} cache_file_name = config_get_deep('virustotal.LookupHashesFilter.cache_file_name', None) vt = VirusTotalApi(self._api_key, resource_per_req, cache_file_name=cache_file_name) reports = vt.get_file_reports(all_iocs) for hash_val in reports.keys(): report = reports[hash_val] if not report: continue if self._should_store_ioc_info(report): threat_info[hash_val] = self._trim_hash_report(report) return threat_info
def setup_vt(self): self.vt = VirusTotalApi('test_key')