diskurse
commented
5 years ago Same problem here, wondering if the problem is on the VT side, maybe they have changed the way api calls are made?
Open matthewahill opened 5 years ago
diskurse
commented
5 years ago Same problem here, wondering if the problem is on the VT side, maybe they have changed the way api calls are made?
diskurse
commented
5 years ago Ok so I see that the code for the dropdown is referencing sourcetype=kippojson, you'll need to edit this to whatever your sourcetype is, having fixed this though I still think that the lookup isn't working.
androidloverbe
commented
3 years ago Hello,
Yeah replace that kippojson sourcetype with cowrie and that select box will no longer be greyed out.Also there is something in the file vt.py that is not fully correct this code
if j['scans'][i]['result'] == None:
in many programming languages this is known as a null check but since null does not exist in Python it is different then other languages.Python's way of a null check is indeed None but you need to use the python is keyword instead of the == operator since None is a singleton object so
if j['scans'][i]['result'] is None:
but you still get allot of "unknown" results i guess that is due to the limitations of the virustotal api.
androidloverbe
commented
3 years ago Hello,
Got this thing working when the file is unknown to virustotal (not scanned yet) you get "unknown" in the other cases you get the scandate , filehash , the number of antivirus vendors that detect the virus and the vendor signatures.The old python script vt.py will no longer work if anybody wants it give me a yell no need to reinvent the wheel
Hi, Great app.
Problem is I cant seem to get my VirusTotal connection working. The API is in the py file and the 'requests' py files are in the specified directory. However when in splunk, the VirusTotal SHA Lookup dropdown box is greyed out. I would expect from images seen, that a list of the SHA HASH of the files downloaded/uploaded would be in there.
Any thoughts ?