CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reduce complexity

Browse Source
This commit is contained in:
weslambert
2023-12-15 09:00:31 -05:00
committed by GitHub
parent d41daa37f1
commit 55c957170d
1 changed files with 15 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.py
View File

@@ -75,29 +75,21 @@ def prepareResults(raw):
# gauge vendors to determine an approximation of status, normalized to a value out of 100 # gauge vendors to determine an approximation of status, normalized to a value out of 100
# only updates score if it finds a higher indicator value # only updates score if it finds a higher indicator value
score = 0 score = 0
if 'vxCube' in vendor_data: vendor_info_list = [
score = int(vendor_data['vxCube']['maliciousness']) ('vxCube', 'maliciousness', int),
('Triage', 'score', lambda x: int(x) * 10),
if 'Triage' in vendor_data: ('DocGuard', 'alertlevel', lambda x: int(x) * 10),
score = int(vendor_data['Triage']['score'])*10 if int( ('YOROI_YOMI', 'score', lambda x: int(float(x)) * 100),
vendor_data['Triage']['score'])*10 > score else score ('Inquest', 'verdict', lambda x: 100 if x == 'MALICIOUS' else 0),
('ReversingLabs', 'status', lambda x: 100 if x == 'MALICIOUS' else 0),
if 'DocGuard' in vendor_data: ('Spamhaus_HBL', 'detection', lambda x: 100 if x == 'MALICIOUS' else 0),
score = int(vendor_data['DocGuard']['alertlevel'])*10 if int( ]
vendor_data['DocGuard']['alertlevel'])*10 > score else score for vendor, key, transform in vendor_info_list:
if vendor in vendor_data and key in vendor_data[vendor]:
if 'YOROI_YOMI' in vendor_data: value = vendor_data[vendor][key]
score = int(float(vendor_data['YOROI_YOMI']['score']))*100 if int( score = max(score, transform(value))
float(vendor_data['YOROI_YOMI']['score']))*100 > score else score # Ensure score is at least 0 (or some default value)
score = max(score, 0)
if 'Inquest' in vendor_data and vendor_data['Inquest']['verdict'] == 'MALICIOUS':
score = 100 if 100 > score else score
if 'ReversingLabs' in vendor_data and vendor_data['ReversingLabs']['status'] == 'MALICIOUS':
score = 100 if 100 > score else score
if 'Spamhaus_HBL' in vendor_data and vendor_data['Spamhaus_HBL'][0]['detection'] == 'MALICIOUS':
score = 100 if 100 > score else score
# compute status # compute status
if score >= 75 or isInJson(raw, 'MALICIOUS'.lower()): if score >= 75 or isInJson(raw, 'MALICIOUS'.lower()):