Skip to content

Commit

Permalink
add BOTS config for domaintools
Browse files Browse the repository at this point in the history
  • Loading branch information
aaronkaplan committed Jun 12, 2017
1 parent 5c61f0a commit 5348b39
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 10 deletions.
8 changes: 8 additions & 0 deletions intelmq/bots/BOTS
Original file line number Diff line number Diff line change
Expand Up @@ -476,6 +476,14 @@
"redis_cache_ttl": "86400"
}
},
"Domaintools": {
"description": "Domaintools expert is a bot which queries domaintools.com for a scoring of a domain name",
"module": "intelmq.bots.experts.domaintools.expert",
"parameters": {
"user": "",
"password": ""
}
},
"Field Reducer": {
"description": "The field reducer bot is capable of removing fields from events.",
"module": "intelmq.bots.experts.field_reducer.expert",
Expand Down
17 changes: 10 additions & 7 deletions intelmq/bots/experts/domaintools/expert.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,27 +26,30 @@ def init(self):
self.api = API(self.parameters.user, self.parameters.password)

def domaintools_get_score(self, fqdn):

score = None
if fqdn:
resp = self.api.reputation(fqdn, include_reason=False) # don't include a reason in the JSON response
resp = self.api.reputation(fqdn, include_reasons=False) # don't include a reason in the JSON response

try:
score = resp['risk_score']
except exceptions.NotFoundException:
score = None
score = None
except exceptions.BadRequestException:
score = None
score = None
return score

def process(self):
event = self.receive_message()
extra = {}

for key in ["source.", "destination."]:
key_fqdn = key + "fqdn"
if key_fqdn not in event:
continue # can't query if we don't have a domain name
score = self.domaintools_get_score(key_fqdn)
if score:
event.add("extra.domaintools_score", score, raise_failure=False)
score = self.domaintools_get_score(event.get(key_fqdn))
if score is not None:
extra["domaintools_score"] = score
event.add("extra", extra)

self.send_message(event)
self.acknowledge_message()
Expand Down
Empty file.
7 changes: 4 additions & 3 deletions intelmq/tests/bots/experts/domaintools/test_expert.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,15 @@
import unittest

import intelmq.lib.test as test
from intelmq.bots.experts.gethostbyname.expert import DomaintoolsExpertBot
from intelmq.bots.experts.domaintools.expert import DomaintoolsExpertBot

EXAMPLE_INPUT = {"__type": "Event",
"source.fqdn": "google.com",
"time.observation": "2015-01-01T00:00:00+00:00"
}
EXAMPLE_OUTPUT = {"__type": "Event",
"source.fqdn": "example.com",
"extra.domaintools_score": 0,
"source.fqdn": "google.com",
"extra": '{"domaintools_score": 0}',
"time.observation": "2015-01-01T00:00:00+00:00"
}
NONEXISTING_INPUT = {"__type": "Event",
Expand All @@ -33,6 +33,7 @@ class TestDomaintoolsExpertBot(test.BotTestCase, unittest.TestCase):
@classmethod
def set_bot(self):
self.bot_reference = DomaintoolsExpertBot
self.sysconfig = {'user': 'mkendrick_first2017', 'password': 'c0e4e-e2527-dc6af-824a4-229d5'}

def test_existing(self):
self.input_message = EXAMPLE_INPUT
Expand Down

0 comments on commit 5348b39

Please sign in to comment.