def OTX_Query_File(self, data):
baseurl = "https://otx.alienvault.com:443/api/v1/indicators/file/%s/" % data
headers = self._getHeaders()
sections = ['general', 'analysis']
IP_ = {}
try:
for section in sections:
queryurl = baseurl + section
IP_[section] = json.loads(requests.get(queryurl, headers=headers).content)
if IP_['analysis']['analysis']:
# file has been analyzed before
self.report({
'pulse_count': IP_.get('general',{}).get('pulse_info',{}).get('count',"0"),
'pulses': IP_.get('general',{}).get('pulse_info',{}).get('pulses',"-"),
'malware': IP_.get('analysis',{}).get('malware',"-"),
'page_type': IP_.get('analysis',{}).get('page_type',"-"),
'sha1': IP_.get('analysis',{}).get('analysis',{}).get('info',{}).get('results',{}).get('sha1',"-"),
'sha256': IP_.get('analysis',{}).get('analysis',{}).get('info',{}).get('results',{}).get('sha256',"-"),
'md5': IP_.get('analysis',{}).get('analysis',{}).get('info',{}).get('results',{}).get('md5',"-"),
'file_class': IP_.get('analysis',{}).get('analysis',{}).get('info',{}).get('results',{}).get('file_class',"-"),
'file_type': IP_.get('analysis',{}).get('analysis',{}).get('info',{}).get('results',{}).get('file_type',"-"),
'filesize': IP_.get('analysis',{}).get('analysis',{}).get('info',{}).get('results',{}).get('filesize',"-"),
'ssdeep': IP_.get('analysis',{}).get('analysis',{}).get('info',{}).get('results',{}).get('ssdeep')
})
else:
# file has not been analyzed before
self.report({
'errortext': 'File has not previously been analyzed by OTX!',
'pulse_count': IP_['general']['pulse_info']['count'],
'pulses': IP_['general']['pulse_info']['pulses']
})
except:
self.error('API Error! Please verify data type is correct.')
评论列表
文章目录
