Hello, love the work and effort you've put on this project. I'm looking at testing it out in Splunk, but am unable to have it installed in my Splunk Cloud instance due to failing their cloud security vetting process.
In vtlookup.py:
response = urllib2.urlopen('http://www.virustotal.com/vtapi/v2/file/report','apikey=<VTKEY>&resource=' + md5)
VirusTotal supports placing the request to https://www.virustotal.com/vtapi/v2/ so would it be possible to allow changing this to do VT API call to https instead? Splunk Cloud specifically responded during vetting as such:
Thank you for your app install request. Your app did not meet security and functionality requirements for Splunk Cloud for the following reasons:
Download file from a http url is unencrypted network communication, which is not allowed in Splunk. The app would result in that the virustotal scan report be transitioned in network unencrypted. Can the developer explain why a url with HTTP is used for virustotal api from a https url from the last version? Why the change?
Thanks for pointing this out! I don't know why it was http in the first place :) 👍
It's fixed in the Git version, I'm working on the other AppInspect issues, then I'll upload it to Splunkbase.
Hello, love the work and effort you've put on this project. I'm looking at testing it out in Splunk, but am unable to have it installed in my Splunk Cloud instance due to failing their cloud security vetting process.
In vtlookup.py:
response = urllib2.urlopen('http://www.virustotal.com/vtapi/v2/file/report','apikey=<VTKEY>&resource=' + md5)
VirusTotal supports placing the request to https://www.virustotal.com/vtapi/v2/ so would it be possible to allow changing this to do VT API call to https instead? Splunk Cloud specifically responded during vetting as such: