New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR] Virustotal custom functionality #899

Closed

dadokkio opened this issue Nov 16, 2020 · 0 comments

Labels

category:feature-request

Contributor

dadokkio commented Nov 16, 2020 •

edited

For internal purposes we created an "improved" virustotal analyzer with some customization:

Add rescan flavour to rescan an hash
[get_report] Add specific taxonomies if "selected antivirus" didn't recognize the observable
[get_report] Add the possibility to automatically rescan hash if report is older than specified days
[get_report] Add the possibility to download sample and add as attachment [always or if "selected antivirus" didn't recognize it]

The new settings gui for the moment is like:

TheHive gui with custom taxonomy and sample as observable:

Note:

"download sample" requires a private virustotal key, rescan works also with public key
Rescan and Get_report uses the same taxonomies, so if you use both on same hash you'll have duplicated taxonomies.

dadokkio added the category:feature-request label

dadokkio mentioned this issue

virustotal flow #933

Merged

dadokkio mentioned this issue

Velociraptor: Add upload functionality for flow results #852

Merged

garanews closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment