Feature Request for VirusTotal Module

MISP / misp-modules

Modules for expansion services, enrichment, import and export in MISP and other tools.

http://misp.github.io/misp-modules

GNU Affero General Public License v3.0

344 stars 233 forks source link

Feature Request for VirusTotal Module #234

Open syloktools opened 6 years ago

syloktools commented 6 years ago

If given a SHA256 hash the module would return the MD5 hash and vice versa. Some security tools only take MD5s or SHA256s and having the module auto pull these would be fantastic.

rommelfs commented 5 years ago

The VT enrichment module is already doing this if I remember correctly. @adulau?

StefanKelm commented 5 years ago

Works fine for me now (2.4.97).

vedd3r commented 5 years ago

Is there a possibility to have VT return the expansion data as Objects instead of standard attributes? Utilizing the File Object - I would assume the File Object needs to updated to include additional data from VirusTotal. This would be a great way to group information of a file.

geekscrapy commented 5 years ago

@vedd3r, it would also be be great if this was the case with any enrichment that comes from Cortex