mwdb-core icon indicating copy to clipboard operation
mwdb-core copied to clipboard

Published 20 hours ago verified publisher icon CERT-Polska

VT Link

Open petikvx opened this issue 3 years ago • 2 comments
trafficstars

VT Link

Is it possible to add an automatical link to VT ? By this way we can have access to the name of the malware

By example : mwdbv2 mwdbv3

Thank you

petikvx avatar Apr 22 '22 08:04 petikvx

We are using attributes for this. Once a new sample enters the system we're querying VT and retrieving meaningful information (detections, suggested_threat_label, etc). We're using karton but it can also be done with MWDB plugins.

ITAYC0HEN avatar Apr 23 '22 14:04 ITAYC0HEN

@petikvx now that an initial version of Rich Attributes was merged (#602) to MWDB, it will be nice to show such things. Anyways, I think it should not be a built-in feature - I truly suggest using suggested_threat_label as an attribute via MWDB API (or Karton-MWDB-Reporter).

@psrok1 what do you think? are you planning of implement this thing as a built-in feature?

ITAYC0HEN avatar May 30 '22 16:05 ITAYC0HEN

I think the most recommended way is to push an attribute with appropriate hash and URL mapping or make a plugin.

I'm revisiting the web plugin engine right now so it will be much better documented in the near future!

psrok1 avatar Jan 23 '23 13:01 psrok1