Automatically import results from VirusTotal queries into MISP objects
Project description
VirusTotel Query to MISP Objects (vt2m)
While there are multiple Python projects which implement the object creation based on single VirusTotal objects, this project aims to enable users to directly convert VirusTotal search queries to MISP objects. This is work in progress. Future release will implement handling URLs, Domain and IP objects, too. Right now, only file objects are implemented.
Installation
pip install vt2m
Usage
If you use the script frequently, passing the arguments as environment variables (MISP_URL, MISP_KEY, VT_KEY)
can be useful to save some time. For example, this can be achieved through creating a shell script which passes the
environment variables and executes the command with spaces in front, so it does not show up in the shell history.
Via --relations VirusTotal relations can be resolved and added as MISP objects with the specific relations, e.g. the
following graph was created using vt2m:
vt2m --uuid <UUID> --limit 5 --relations dropped_files,execution_parents "behaviour_processes:\"ping -n 70\""
Params
usage: vt2m [-h] --uuid UUID [--url URL] [--key KEY] [--vt-key VT_KEY] [--comment COMMENT] [--limit LIMIT] [--relations RELATIONS] query
positional arguments:
query VT query
optional arguments:
-h, --help show this help message and exit
--uuid UUID, -u UUID MISP event uuid
--url URL, -U URL MISP URL - can also be given as env MISP_URL
--key KEY, -k KEY MISP API key - can also be given as env MISP_KEY
--vt-key VT_KEY, -K VT_KEY
VT API key - can also be given as env VT_KEY
--comment COMMENT, -c COMMENT
Comment to add to MISP objects
--limit LIMIT, -l LIMIT
Limit results of VT query - default is 100
--relations RELATIONS, -r RELATIONS
Comma-seperated list of relations to request PER result (if type fits). This can burn your API credits. Currently
implemented: dropped_files, executing_parents, bundled_files
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vt2m-0.1.3.tar.gz.
File metadata
- Download URL: vt2m-0.1.3.tar.gz
- Upload date:
- Size: 91.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.7 CPython/3.9.7 Linux/5.16.11-76051611-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6c70fc52f64eca7a0f3335f9daf29439cff71c5af484e870230f61b43179eef3
|
|
| MD5 |
838a5942efecd20d8e1e37431ce87e53
|
|
| BLAKE2b-256 |
04f56c483010b979f12d1131d198875a12a68de761c0a1570844d9d42bf88514
|
File details
Details for the file vt2m-0.1.3-py3-none-any.whl.
File metadata
- Download URL: vt2m-0.1.3-py3-none-any.whl
- Upload date:
- Size: 91.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.1.7 CPython/3.9.7 Linux/5.16.11-76051611-generic
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6b245606a7cd9171020ebbd7982b8489556f5f3be239da0d505f01c6c204f893
|
|
| MD5 |
c81a6234047baa86b1c36a23eaf0c731
|
|
| BLAKE2b-256 |
28cce1bf6d08ea3714856643a7fa828410eb6fb95d9229c18e8c211243eccc91
|
