mirror of https://github.com/MISP/misp-modules
14 lines
1.3 KiB
JSON
14 lines
1.3 KiB
JSON
{
|
|
"description": "Module to get advanced information from virustotal.",
|
|
"logo": "virustotal.png",
|
|
"requirements": [
|
|
"An access to the VirusTotal API (apikey), with a high request rate limit."
|
|
],
|
|
"input": "A domain, hash (md5, sha1, sha256 or sha512), hostname or IP address attribute.",
|
|
"output": "MISP attributes and objects resulting from the parsing of the VirusTotal report concerning the input attribute.",
|
|
"references": [
|
|
"https://www.virustotal.com/",
|
|
"https://docs.virustotal.com/reference/overview"
|
|
],
|
|
"features": "New format of modules able to return attributes and objects.\n\nA module to take a MISP attribute as input and query the VirusTotal API to get additional data about it.\n\nCompared to the [standard VirusTotal expansion module](https://github.com/MISP/misp-modules/blob/main/misp_modules/modules/expansion/virustotal_public.py), this module is made for advanced parsing of VirusTotal report, with a recursive analysis of the elements found after the first request.\n\nThus, it requires a higher request rate limit to avoid the API to return a 204 error (Request rate limit exceeded), and the data parsed from the different requests are returned as MISP attributes and objects, with the corresponding relations between each one of them."
|
|
} |