From bcb850d98a20b0b3d6f8460ffec543b0f7cd5264 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Fri, 20 Feb 2026 12:34:28 -0600
Subject: [PATCH] analyzer typo

---
 salt/sensoroni/files/analyzers/threatfox/threatfox.json | 2 +-
 salt/sensoroni/files/analyzers/threatfox/threatfox.py   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/sensoroni/files/analyzers/threatfox/threatfox.json b/salt/sensoroni/files/analyzers/threatfox/threatfox.json
index 2ae3ca909..e9640e7d5 100644
--- a/salt/sensoroni/files/analyzers/threatfox/threatfox.json
+++ b/salt/sensoroni/files/analyzers/threatfox/threatfox.json
@@ -1,6 +1,6 @@
 {
   "name": "Threatfox",
-  "version": "0.2",
+  "version": "0.3",
   "author": "Security Onion Solutions",
   "description": "This analyzer queries Threatfox to see if a domain, hash, or IP is considered malicious.",
   "supportedTypes" :  ["domain","hash","ip"],
diff --git a/salt/sensoroni/files/analyzers/threatfox/threatfox.py b/salt/sensoroni/files/analyzers/threatfox/threatfox.py
index a20f072ed..02311bfab 100644
--- a/salt/sensoroni/files/analyzers/threatfox/threatfox.py
+++ b/salt/sensoroni/files/analyzers/threatfox/threatfox.py
@@ -51,7 +51,7 @@ def prepareResults(raw):
             status = 'info'
         else:
             status = 'ok'
-    elif raw != {} and raw['query_status'] in ['no_result', 'illegal_search_term', 'illegl_hash']:
+    elif raw != {} and raw['query_status'] in ['no_result', 'illegal_search_term', 'illegal_hash']:
         status = 'info'
         summary = 'no result'
     else: