Open syloktools opened 6 years ago
The VT enrichment module is already doing this if I remember correctly. @adulau?
Works fine for me now (2.4.97).
Is there a possibility to have VT return the expansion data as Objects instead of standard attributes? Utilizing the File Object - I would assume the File Object needs to updated to include additional data from VirusTotal. This would be a great way to group information of a file.
@vedd3r, it would also be be great if this was the case with any enrichment that comes from Cortex
If given a SHA256 hash the module would return the MD5 hash and vice versa. Some security tools only take MD5s or SHA256s and having the module auto pull these would be fantastic.