[Bro-Dev] [Bro-Commits] [git/bro] fastpath: Update VirusTotal URL to work with changes to their website. (0977983)

Vlad Grigorescu vladg at cmu.edu
Tue Nov 5 11:13:29 PST 2013 

Yeah, I was thinking about that. I'll make that change in a bit.

  --Vlad


On Nov 5, 2013, at 1:35 PM, Siwek, Jonathan Luke <jsiwek at illinois.edu> wrote:

> Maybe it would be helpful if the URL format string is something a user can redef?
> 
> - Jon
> 
> 
> On Nov 5, 2013, at 11:36 AM, Vlad Grigorescu <grigorescu at gmail.com> wrote:
> 
>> Repository : ssh://git@bro-ids.icir.org/bro
>> 
>> On branch  : fastpath
>> Link       : https://github.com/bro/bro/commit/09779836cbbea6744114fba67bf0aa277cce4131
>> 
>>> ---------------------------------------------------------------
>> 
>> commit 09779836cbbea6744114fba67bf0aa277cce4131
>> Author: Vlad Grigorescu <grigorescu at gmail.com>
>> Date:   Tue Nov 5 12:06:33 2013 -0500
>> 
>>   Update VirusTotal URL to work with changes to their website.
>> 
>> 
>>> ---------------------------------------------------------------
>> 
>> 09779836cbbea6744114fba67bf0aa277cce4131
>> scripts/policy/frameworks/files/detect-MHR.bro | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>> 
>> diff --git a/scripts/policy/frameworks/files/detect-MHR.bro b/scripts/policy/frameworks/files/detect-MHR.bro
>> index 5ed8715..753372e 100644
>> --- a/scripts/policy/frameworks/files/detect-MHR.bro
>> +++ b/scripts/policy/frameworks/files/detect-MHR.bro
>> @@ -48,7 +48,7 @@ event file_hash(f: fa_file, kind: string, hash: string)
>> 				if ( mhr_detect_rate >= notice_threshold )
>> 					{
>> 					local message = fmt("Malware Hash Registry Detection rate: %d%%  Last seen: %s", mhr_detect_rate, readable_first_detected);
>> -					local virustotal_url = fmt("https://www.virustotal.com/en/file/%s/analysis/", hash);
>> +					local virustotal_url = fmt("https://www.virustotal.com/en/search/?query=%s", hash);
>> 					NOTICE([$note=Match, $msg=message, $sub=virustotal_url, $f=f]);
>> 					}
>> 				}
>> 
>> _______________________________________________
>> bro-commits mailing list
>> bro-commits at bro.org
>> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-commits
>> 
> 
> 
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

More information about the bro-dev mailing list