mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge pull request #7935 from Security-Onion-Solutions/fix/pulsedive
Fix Pulsedive analyzer logic
This commit is contained in:
weslambert
GitHub
@@ -14,7 +14,7 @@ def checkConfigRequirements(conf):
|
|||||||
|
|
||||||
|
|
||||||
def buildReq(conf, artifactType, artifactValue):
|
def buildReq(conf, artifactType, artifactValue):
|
||||||
indicatorTypes = ["domain", "hash", "ip" "url"]
|
indicatorTypes = ["domain", "hash", "ip", "url"]
|
||||||
if artifactType in indicatorTypes:
|
if artifactType in indicatorTypes:
|
||||||
url = conf['base_url'] + '/info.php'
|
url = conf['base_url'] + '/info.php'
|
||||||
params = {"key": conf["api_key"], "indicator": artifactValue}
|
params = {"key": conf["api_key"], "indicator": artifactValue}
|
||||||
@@ -53,19 +53,17 @@ def prepareResults(raw):
|
|||||||
for r in raw['results']:
|
for r in raw['results']:
|
||||||
risk = r['risk']
|
risk = r['risk']
|
||||||
classified.append(classification.get(risk))
|
classified.append(classification.get(risk))
|
||||||
else:
|
elif "risk" in raw:
|
||||||
classified.append(classification.get(raw['risk']))
|
classified.append(classification.get(raw['risk']))
|
||||||
|
elif "error" in raw and raw["error"] == "Indicator not found.":
|
||||||
|
classified.append("no_results")
|
||||||
if classified.count('malicious') > 0:
|
if classified.count('malicious') > 0:
|
||||||
summary = "malicious"
|
summary = "malicious"
|
||||||
status = "threat"
|
status = "threat"
|
||||||
elif classified.count('suspicious') > 0:
|
elif classified.count('suspicious') > 0:
|
||||||
summary = "suspicious"
|
summary = "suspicious"
|
||||||
status = "caution"
|
status = "caution"
|
||||||
elif classified.count('harmless') > 0:
|
elif classified.count('harmless') or classified.count('none') > 0:
|
||||||
summary = "harmless"
|
|
||||||
status = "ok"
|
|
||||||
elif classified.count('none') > 0:
|
|
||||||
summary = "harmless"
|
summary = "harmless"
|
||||||
status = "ok"
|
status = "ok"
|
||||||
elif classified.count('unknown') > 0:
|
elif classified.count('unknown') > 0:
|
||||||
|
|||||||
@@ -104,6 +104,13 @@ class TestVirusTotalMethods(unittest.TestCase):
|
|||||||
self.assertEqual(results["summary"], "harmless")
|
self.assertEqual(results["summary"], "harmless")
|
||||||
self.assertEqual(results["status"], "ok")
|
self.assertEqual(results["status"], "ok")
|
||||||
|
|
||||||
|
def test_prepareResults_indicator_not_Found(self):
|
||||||
|
raw = {"error": "Indicator not found."}
|
||||||
|
results = pulsedive.prepareResults(raw)
|
||||||
|
self.assertEqual(results["response"], raw)
|
||||||
|
self.assertEqual(results["summary"], "no_results")
|
||||||
|
self.assertEqual(results["status"], "ok")
|
||||||
|
|
||||||
def test_prepareResults_error(self):
|
def test_prepareResults_error(self):
|
||||||
raw = {}
|
raw = {}
|
||||||
results = pulsedive.prepareResults(raw)
|
results = pulsedive.prepareResults(raw)
|
||||||
|
|||||||
Reference in New Issue
Block a user