search

CIRCL / AIL-framework

AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project
https://github.com/ail-project/ail-framework
GNU Affero General Public License v3.0
1.31k stars 285 forks source link

VirusTotal as source #273

Open ater49 opened 6 years ago

ater49 commented 6 years ago

Hi,

If you have a VirusTotal Intelligence, you can push some Yara Rules in order to monitor some leak/threats about specific targeting. Is it possible to add results of these searches as source of AIL ?

Here's the process: YARA Rules into VT Intelligence > Results are sent to AIL > AIL use VT private API to download files > AIL do the same treatment of files as do for pasties

deadbits commented 6 years ago

I'd also love this. I do a lot of my leak hunting in VTI, and I know of several others others that do the same.

This would need to parse the json notifications feed for user defined YARA rules names and download the matching results

deadbits commented 5 years ago

I use VTI to monitor for data leaks just as much as Paste sites, personally. If the AIL primary devs/maintainers think this is OK to create, I can add this as a module myself to include in master? Cc: @adulau

Terrtia commented 5 years ago

hey @deadbits !

All pull requests are welcome :)

The VT key are located in configs/keys/virusTotalKEYS.py.

Let me know if you need help

adulau commented 5 years ago

@deadbits It sounds like a great idea. Don't hesitate to PR even a beta version. We would be glad to review it and integrate it.