CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d2fa80e48aae38542585e9286e65c7eed263b29b
securityonion/salt/sensoroni/files/analyzers/urlhaus/urlhaus.py
Jason Ertel d2fa80e48a Update status codes to match SOC
2022-04-05 07:20:23 -04:00

48 lines
1.0 KiB
Python
Raw Blame History

#!/usr/bin/python3
import json
import requests
import sys
import helpers
def buildReq(artifact_value):
return {"url": artifact_value}
def sendReq(meta, payload):
url = meta['baseUrl']
response = requests.request('POST', url, data=payload)
return response.json()
def prepareResults(raw):
if 'threat' in raw:
summary = raw['threat']
status = "threat"
elif 'query_status' in raw:
summary = raw['query_status']
if summary == 'no_results':
status = "ok"
else:
status = "caution"
results = {'response': raw, 'summary': summary, 'status': status}
return results
def analyze(input):
meta = helpers.loadMetadata(__file__)
data = helpers.parseArtifact(input)
helpers.checkSupportedType(meta, data["artifactType"])
payload = buildReq(data["value"])
response = sendReq(meta, payload)
return prepareResults(response)
def main():
results = analyze(sys.argv[1])
print(json.dumps(results))
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink