search

hversu / ugh

ugh! universal graph harness
MIT License
1 stars 2 forks source link

VT API mode misclassifying #6

Open hversu opened 5 months ago

hversu commented 5 months ago 
{
  "nodes": [
    {
      "id": "185.247.226.196",
      "label": "185.247.226.196",
      "type": "threat",
      "properties": {}
    },
    {
      "id": "185.247.226.196ns1.ryncloud.com",
      "label": "Resolved Domain",
      "type": "domain",
      "properties": {}
    },

should be

{
  "nodes": [
    {
      "id": "12",
      "label": "185.247.226.196",
      "type": "ip",
      "properties": {}
    },
    {
      "id": "15",
      "label": "185.247.226.196ns1.ryncloud.com",
      "type": "domain",
      "properties": {}
    },
hversu commented 5 months ago

additionally, edge source and target don't leverage id like they should:

{
      "source": "162.244.82.35cordial-djgpp.wingsvacation.com",  <----- should be node id
      "target": "162.244.82.35",  <------------------------------------------ should be node id
      "relation_type": "resolves_to",
      "properties": {}
    },
hversu commented 5 months ago

IDS fixed: https://github.com/hversu/ugh/pull/11