mirror of https://github.com/MISP/misp-modules
Merge pull request #370 from JakubOnderka/vt-query-sha512
fix: [VT] Disable SHA512 query for VTpull/374/head
commit
2a137f1631
|
@ -3,12 +3,12 @@ import json
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "sha512", "url"],
|
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "url"],
|
||||||
'format': 'misp_standard'}
|
'format': 'misp_standard'}
|
||||||
|
|
||||||
# possible module-types: 'expansion', 'hover' or both
|
# possible module-types: 'expansion', 'hover' or both
|
||||||
moduleinfo = {'version': '4', 'author': 'Hannah Ward',
|
moduleinfo = {'version': '4', 'author': 'Hannah Ward',
|
||||||
'description': 'Get information from virustotal',
|
'description': 'Get information from VirusTotal',
|
||||||
'module-type': ['expansion']}
|
'module-type': ['expansion']}
|
||||||
|
|
||||||
# config fields that your code expects from the site admin
|
# config fields that your code expects from the site admin
|
||||||
|
@ -25,8 +25,7 @@ class VirusTotalParser(object):
|
||||||
self.input_types_mapping = {'ip-src': self.parse_ip, 'ip-dst': self.parse_ip,
|
self.input_types_mapping = {'ip-src': self.parse_ip, 'ip-dst': self.parse_ip,
|
||||||
'domain': self.parse_domain, 'hostname': self.parse_domain,
|
'domain': self.parse_domain, 'hostname': self.parse_domain,
|
||||||
'md5': self.parse_hash, 'sha1': self.parse_hash,
|
'md5': self.parse_hash, 'sha1': self.parse_hash,
|
||||||
'sha256': self.parse_hash, 'sha512': self.parse_hash,
|
'sha256': self.parse_hash, 'url': self.parse_url}
|
||||||
'url': self.parse_url}
|
|
||||||
|
|
||||||
def query_api(self, attribute):
|
def query_api(self, attribute):
|
||||||
self.attribute = MISPAttribute()
|
self.attribute = MISPAttribute()
|
||||||
|
|
|
@ -3,10 +3,10 @@ import json
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
misperrors = {'error': 'Error'}
|
misperrors = {'error': 'Error'}
|
||||||
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "sha512", "url"],
|
mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sha1", "sha256", "url"],
|
||||||
'format': 'misp_standard'}
|
'format': 'misp_standard'}
|
||||||
moduleinfo = {'version': '1', 'author': 'Christian Studer',
|
moduleinfo = {'version': '1', 'author': 'Christian Studer',
|
||||||
'description': 'Get information from virustotal public API v2.',
|
'description': 'Get information from VirusTotal public API v2.',
|
||||||
'module-type': ['expansion', 'hover']}
|
'module-type': ['expansion', 'hover']}
|
||||||
|
|
||||||
moduleconfig = ['apikey']
|
moduleconfig = ['apikey']
|
||||||
|
@ -155,7 +155,7 @@ ip = ('ip', IpQuery)
|
||||||
file = ('resource', HashQuery)
|
file = ('resource', HashQuery)
|
||||||
misp_type_mapping = {'domain': domain, 'hostname': domain, 'ip-src': ip,
|
misp_type_mapping = {'domain': domain, 'hostname': domain, 'ip-src': ip,
|
||||||
'ip-dst': ip, 'md5': file, 'sha1': file, 'sha256': file,
|
'ip-dst': ip, 'md5': file, 'sha1': file, 'sha256': file,
|
||||||
'sha512': file, 'url': ('resource', UrlQuery)}
|
'url': ('resource', UrlQuery)}
|
||||||
|
|
||||||
|
|
||||||
def parse_error(status_code):
|
def parse_error(status_code):
|
||||||
|
|
Loading…
Reference in New Issue