CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7935 from Security-Onion-Solutions/fix/pulsedive

Browse Source 
Fix Pulsedive analyzer logic
This commit is contained in:
weslambert
2022-05-12 15:20:15 -04:00
committed by GitHub
parent 58b049257d 3dc266cfa9
commit 6c506bbab0
2 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
salt/sensoroni/files/analyzers/pulsedive/pulsedive.py
View File

@@ -14,7 +14,7 @@ def checkConfigRequirements(conf):
def buildReq(conf, artifactType, artifactValue):
indicatorTypes = ["domain", "hash", "ip" "url"]
indicatorTypes = ["domain", "hash", "ip", "url"]
if artifactType in indicatorTypes:
url = conf['base_url'] + '/info.php'
params = {"key": conf["api_key"], "indicator": artifactValue}
@@ -53,19 +53,17 @@ def prepareResults(raw):
for r in raw['results']:
risk = r['risk']
classified.append(classification.get(risk))
else:
elif "risk" in raw:
classified.append(classification.get(raw['risk']))
elif "error" in raw and raw["error"] == "Indicator not found.":
classified.append("no_results")
if classified.count('malicious') > 0:
summary = "malicious"
status = "threat"
elif classified.count('suspicious') > 0:
summary = "suspicious"
status = "caution"
elif classified.count('harmless') > 0:
summary = "harmless"
status = "ok"
elif classified.count('none') > 0:
elif classified.count('harmless') or classified.count('none') > 0:
summary = "harmless"
status = "ok"
elif classified.count('unknown') > 0:

7
salt/sensoroni/files/analyzers/pulsedive/pulsedive_test.py
View File

@@ -104,6 +104,13 @@ class TestVirusTotalMethods(unittest.TestCase):
self.assertEqual(results["summary"], "harmless")
self.assertEqual(results["status"], "ok")
def test_prepareResults_indicator_not_Found(self):
raw = {"error": "Indicator not found."}
results = pulsedive.prepareResults(raw)
self.assertEqual(results["response"], raw)
self.assertEqual(results["summary"], "no_results")
self.assertEqual(results["status"], "ok")
def test_prepareResults_error(self):
raw = {}
results = pulsedive.prepareResults(raw)