CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update logic to handle indicators that are not present in database.

Browse Source
This commit is contained in:
Wes Lambert
2022-05-12 19:02:02 +00:00
parent 58b049257d
commit a233c08830
1 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
salt/sensoroni/files/analyzers/pulsedive/pulsedive.py
View File

@@ -14,7 +14,7 @@ def checkConfigRequirements(conf):
def buildReq(conf, artifactType, artifactValue):
indicatorTypes = ["domain", "hash", "ip" "url"]
indicatorTypes = ["domain", "hash", "ip", "url"]
if artifactType in indicatorTypes:
url = conf['base_url'] + '/info.php'
params = {"key": conf["api_key"], "indicator": artifactValue}
@@ -53,19 +53,17 @@ def prepareResults(raw):
for r in raw['results']:
risk = r['risk']
classified.append(classification.get(risk))
else:
elif "risk" in raw:
classified.append(classification.get(raw['risk']))
elif "error" in raw and raw["error"] == "Indicator not found.":
classified.append("no_results")
if classified.count('malicious') > 0:
summary = "malicious"
status = "threat"
elif classified.count('suspicious') > 0:
summary = "suspicious"
status = "caution"
elif classified.count('harmless') > 0:
summary = "harmless"
status = "ok"
elif classified.count('none') > 0:
elif classified.count('harmless') or classified.count('none') > 0:
summary = "harmless"
status = "ok"
elif classified.count('unknown') > 0: