MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: [virustotal] fix the typo for the VT link 

Fix #644
Fix #595
pull/664/head
Alexandre Dulaunoy 2024-05-09 17:32:29 +02:00
parent e4d93173a7
commit 8b25af853f
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
misp_modules/modules/expansion/virustotal.py
View File

@ -8,7 +8,7 @@ mispattributes = {'input': ['hostname', 'domain', "ip-src", "ip-dst", "md5", "sh
'format': 'misp_standard'} 'format': 'misp_standard'}
# possible module-types: 'expansion', 'hover' or both # possible module-types: 'expansion', 'hover' or both
moduleinfo = {'version': '5', 'author': 'Hannah Ward', moduleinfo = {'version': '6', 'author': 'Hannah Ward',
'description': 'Enrich observables with the VirusTotal v3 API', 'description': 'Enrich observables with the VirusTotal v3 API',
'module-type': ['expansion']} 'module-type': ['expansion']}
@ -51,7 +51,11 @@ class VirusTotalParser:
def add_vt_report(self, report: vt.Object) -> str: def add_vt_report(self, report: vt.Object) -> str:
analysis = report.get('last_analysis_stats') analysis = report.get('last_analysis_stats')
total = self.get_total_analysis(analysis, report.get('known_distributors')) total = self.get_total_analysis(analysis, report.get('known_distributors'))
permalink = f'https://www.virustotal.com/gui/{report.type}/{report.id}' if report.type == 'ip_address':
rtype = 'ip-address'
else:
rtype = report.type
permalink = f'https://www.virustotal.com/gui/{rtype}/{report.id}'
vt_object = MISPObject('virustotal-report') vt_object = MISPObject('virustotal-report')
vt_object.add_attribute('permalink', type='link', value=permalink) vt_object.add_attribute('permalink', type='link', value=permalink)