CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update tests

Browse Source
This commit is contained in:
Wes
2023-12-15 20:53:19 +00:00
parent 020472085b
commit 981f3642a0
4 changed files with 172 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/sensoroni/files/analyzers/malwarebazaar/malwarebazaar.py
View File

@@ -65,11 +65,11 @@ def prepareResults(raw):
vendor_data = parsed['vendor_intel']
# get summary
if parsed['signature']:
if 'signature' in parsed:
summary = parsed['signature']
elif parsed['tags']:
elif 'tags' in parsed:
summary = str(parsed['tags'][0])
elif vendor_data['YOROI_YOMI']:
elif 'YOROI_YOMI' in vendor_data:
summary = vendor_data['YOROI_YOMI']['detection']
# gauge vendors to determine an approximation of status, normalized to a value out of 100
@@ -92,7 +92,7 @@ def prepareResults(raw):
score = max(score, 0)
# compute status
if score >= 75 or isInJson(raw, 'MALICIOUS'.lower()):
if score >= 75 or isInJson(raw, 'MALICIOUS'.lower(), 1001):
# if score >= 75:
status = 'threat'
elif score >= 50: