search

fr0gger / vthunting

Vthunting is a tiny script used to generate report about Virus Total hunting and send it by email, slack or telegram.
MIT License
157 stars 40 forks source link

Enhancement: Add rule whitelisting and blacklisting #8

Open ITAYC0HEN opened 4 years ago

ITAYC0HEN commented 4 years ago

Some people would like to get notifications for all their hunting rules, others would like to see notifications only for special specific rules (whitelisting), and some would like to not get notifications for specific rules.

By now, VTHunting does not support the filtering of rules. I suggest adding two lists for the configuration:

RULES_WHITELIST = [ ] // default: all rules allowed
RULES_BLACKLIST = [ ]

Then you can do something like:

# Report notifications only if the rule is not blacklisted and the user didn't
# specify specific rules to be whitelisted
if (not RULES_WHITELIST or rule_name in RULES_WHITELIST) 
        and (rule_name not in RULES_BLACKLIST):
    # report is valid
fr0gger commented 4 years ago

Hey Itay, I will update the code asap. Thanks for making this PR. :)

ITAYC0HEN commented 4 years ago

Nice! Sorry, I didn't find the time to make a PR haha so only opened issues