From d2fa80e48aae38542585e9286e65c7eed263b29b Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 5 Apr 2022 07:20:23 -0400
Subject: [PATCH] Update status codes to match SOC

---
 .github/workflows/pythontest.yml                  | 2 +-
 salt/sensoroni/files/analyzers/urlhaus/urlhaus.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pythontest.yml b/.github/workflows/pythontest.yml
index b77aa8329..47172b141 100644
--- a/.github/workflows/pythontest.yml
+++ b/.github/workflows/pythontest.yml
@@ -22,7 +22,7 @@ jobs:
       run: |
         python -m pip install --upgrade pip
         python -m pip install flake8 pytest pytest-cov
-        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+        find . -name requirements.txt -exec pip install -r {} \;
     - name: Lint with flake8
       run: |
         flake8 ${{ matrix.python-code-path }} --show-source --max-complexity=10  --doctests --max-line-length=200 --statistics
diff --git a/salt/sensoroni/files/analyzers/urlhaus/urlhaus.py b/salt/sensoroni/files/analyzers/urlhaus/urlhaus.py
index 3e7493b56..f83af3536 100644
--- a/salt/sensoroni/files/analyzers/urlhaus/urlhaus.py
+++ b/salt/sensoroni/files/analyzers/urlhaus/urlhaus.py
@@ -18,13 +18,13 @@ def sendReq(meta, payload):
 def prepareResults(raw):
     if 'threat' in raw:
         summary = raw['threat']
-        status = "danger"
+        status = "threat"
     elif 'query_status' in raw:
         summary = raw['query_status']
         if summary == 'no_results':
             status = "ok"
         else:
-            status = "error"
+            status = "caution"
     results = {'response': raw, 'summary': summary, 'status': status}
     return results