diff --git a/analyzers/VirusTotal/VirusTotal_GetReport.json b/analyzers/VirusTotal/VirusTotal_GetReport.json
index b9d223dee..44457c351 100644
--- a/analyzers/VirusTotal/VirusTotal_GetReport.json
+++ b/analyzers/VirusTotal/VirusTotal_GetReport.json
@@ -1,6 +1,6 @@
{
"name": "VirusTotal_GetReport",
- "version": "2.0",
+ "version": "3.0",
"author": "CERT-BDF",
"url": "https://github.com/CERT-BDF/Cortex-Analyzers",
"license": "AGPL-V3",
diff --git a/analyzers/VirusTotal/VirusTotal_Scan.json b/analyzers/VirusTotal/VirusTotal_Scan.json
index b1233b3da..693f8a123 100644
--- a/analyzers/VirusTotal/VirusTotal_Scan.json
+++ b/analyzers/VirusTotal/VirusTotal_Scan.json
@@ -1,6 +1,6 @@
{
"name": "VirusTotal_Scan",
- "version": "2.0",
+ "version": "3.0",
"author": "CERT-BDF",
"url": "https://github.com/CERT-BDF/Cortex-Analyzers",
"license": "AGPL-V3",
diff --git a/analyzers/VirusTotal/virustotal.py b/analyzers/VirusTotal/virustotal.py
index 7e88a121f..48cc341eb 100755
--- a/analyzers/VirusTotal/virustotal.py
+++ b/analyzers/VirusTotal/virustotal.py
@@ -64,6 +64,10 @@ def read_scan_response(self, response, func):
self.error('Scan not found')
def summary(self, raw):
+
+ taxonomy = {"level": "clean", "namespace": "VT", "predicate": "Score", "value": 0}
+ taxonomies = []
+
result = {
"has_result": True
}
@@ -91,6 +95,16 @@ def summary(self, raw):
result["detected_downloaded_samples"] = len(
raw["detected_downloaded_samples"])
+ taxonomy['value'] = "{}/{}".format(result["positives"], result["total"])
+ if result["positives"] == 0:
+ taxonomy["level"] = "safe"
+ elif result["positives"] < 5 :
+ taxonomy["level"] = "suspicious"
+ else:
+ taxonomy["level"] = "malicious"
+
+ taxonomies.append(taxonomy)
+ result = {"taxonomies": taxonomies}
return result
def run(self):
diff --git a/thehive-templates/VirusTotal_GetReport_2_0/short.html b/thehive-templates/VirusTotal_GetReport_2_0/short.html
deleted file mode 100644
index 63f7252ff..000000000
--- a/thehive-templates/VirusTotal_GetReport_2_0/short.html
+++ /dev/null
@@ -1,8 +0,0 @@
-
- VT:Score=
- {{content.positives}}/{{content.total}}
- Scans({{content.scans}})
- Resolutions({{content.resolutions}})
- Url detections({{content.detected_urls}})
- files({{content.detected_downloaded_samples}})
-
diff --git a/thehive-templates/VirusTotal_GetReport_2_0/long.html b/thehive-templates/VirusTotal_GetReport_3_0/long.html
similarity index 100%
rename from thehive-templates/VirusTotal_GetReport_2_0/long.html
rename to thehive-templates/VirusTotal_GetReport_3_0/long.html
diff --git a/thehive-templates/VirusTotal_GetReport_3_0/short.html b/thehive-templates/VirusTotal_GetReport_3_0/short.html
new file mode 100644
index 000000000..563ca58f3
--- /dev/null
+++ b/thehive-templates/VirusTotal_GetReport_3_0/short.html
@@ -0,0 +1,3 @@
+
+ {{t.namespace}}:{{t.predicate}}={{t.value}}
+
diff --git a/thehive-templates/VirusTotal_Scan_2_0/short.html b/thehive-templates/VirusTotal_Scan_2_0/short.html
deleted file mode 100644
index 623d717dc..000000000
--- a/thehive-templates/VirusTotal_Scan_2_0/short.html
+++ /dev/null
@@ -1,3 +0,0 @@
-
- VT:Score= {{content.positives}}/{{content.total}}
-
diff --git a/thehive-templates/VirusTotal_Scan_2_0/long.html b/thehive-templates/VirusTotal_Scan_3_0/long.html
similarity index 100%
rename from thehive-templates/VirusTotal_Scan_2_0/long.html
rename to thehive-templates/VirusTotal_Scan_3_0/long.html
diff --git a/thehive-templates/VirusTotal_Scan_3_0/short.html b/thehive-templates/VirusTotal_Scan_3_0/short.html
new file mode 100644
index 000000000..563ca58f3
--- /dev/null
+++ b/thehive-templates/VirusTotal_Scan_3_0/short.html
@@ -0,0 +1,3 @@
+
+ {{t.namespace}}:{{t.predicate}}={{t.value}}
+