From 5cd8f3aa3f71ce5fcb73118863a16677707ebd3f Mon Sep 17 00:00:00 2001
From: Cristina Ascari <c.ascari@certego.net>
Date: Wed, 23 Oct 2024 16:04:17 +0200
Subject: [PATCH] more mappings

---
 .../observable_analyzers/talos.py                | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/api_app/analyzers_manager/observable_analyzers/talos.py b/api_app/analyzers_manager/observable_analyzers/talos.py
index 69c282501f..8e816c27b9 100644
--- a/api_app/analyzers_manager/observable_analyzers/talos.py
+++ b/api_app/analyzers_manager/observable_analyzers/talos.py
@@ -58,6 +58,22 @@ def update(cls) -> bool:
 
         return False
 
+    def _do_create_data_model(self):
+        return super()._do_create_data_model() and self.report.report.get(
+            "found", False
+        )
+
+    def _update_data_model(self, data_model):
+        super()._update_data_model(data_model)
+        found = self.report.report.get("found", False)
+        if found:
+            data_model.external_references.append(
+                f"https://www.talosintelligence.com/reputation_center/lookup?search={self.report.job.observable_name}"
+            )
+            data_model.evaluation = (
+                self.report.data_model_class.EVALUATIONS.MALICIOUS.value
+            )
+
     @classmethod
     def _monkeypatch(cls):
         patches = [