Open mfiedler144 opened 3 years ago
jkb-s
commented
3 years ago yes and no.
cortex can give you answer about score for given ioc/ip/domain/etc. If you want to get a list of IOCs with a score attached to each one of them, you need a tool above Cortex to automate it.
jkb-s
commented
3 years ago Basicaly:
for ioc in ioc_list:
response = cortex_api.run_analyzer('VirusTotal_Get_report', domain.com)
print(ioc, response.json()['summary']or something like that.
Hello everyone,
my current setup is the following:
I have multiple lists containing iocs (url, ip and domain). The list are in csv format, but do not have all the same header. Some are for example a single value only and some have multiple columns.
My goal is now to take all these lists and enrich them. Like a virus total lookup to get the community score or similar.
From this ip, source firstip, source secondip, source
to this ip, source, community_score, status firstip, source, 0, 0(no information -> 0 times checked) secondip, source, -1, 3(checked already 3 times)
Is cortex the right tool for me, and can I enrich the files directly? Or do I have to download the results and combine the two files? Alternatively I can work with the data in a database.
I am looking forward to your answers.
Best regards Maurice
Work Environment