in elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/enrich_domainscategorization/cat_vt.py [0:0]
def check_domain(self, domain):
"""Check the domain categoriation in VirusTotal"""
result = {
"domain": domain,
"categories": [],
"status": "unknown",
"response_code": -1,
"extra_data": {},
"last_checked": None,
}
# Get the remaining quota for this run
remaining_quota = self.get_remaining_quota()
if remaining_quota == 0:
self.logger.warning("No remaining quota, skipping VT check")
result["status"] = "skipped"
return result
# Within quota, let's check the file hash with VT
self.logger.debug("Checking domain %s", domain)
vt_result = self.get_vt_domain_results(domain)
self.logger.debug("Response: %s", vt_result)
if (
vt_result is not None
and isinstance(vt_result, type({}))
and "data" in vt_result
):
result["status"] = "found"
vt_cats = get_value("data.attributes.categories", vt_result, {})
result["extra_data"]["record"] = get_value("data.attributes", vt_result, {})
# Parse the categories
for cat in vt_cats:
result["categories"].extend(
[x.strip() for x in vt_cats[cat].split(",")]
)
# # Get first submission date
# first_submitted_ts = get_value(
# "data.attributes.first_submission_date", vt_result, None
# )
# try:
# first_submitted_date = datetime.fromtimestamp(
# first_submitted_ts
# ).isoformat()
# # pylint: disable=broad-except
# except Exception:
# first_submitted_date = None
# last_modification_ts = get_value(
# "data.attributes.last_modification_date", vt_result, None
# )
# try:
# last_modification_date = datetime.fromtimestamp(
# last_modification_ts
# ).isoformat()
# # pylint: disable=broad-except
# except Exception:
# last_modification_date = None
else:
# 404 not found
result["status"] = "not_found"
return result