AIL-framework icon indicating copy to clipboard operation
AIL-framework copied to clipboard
verified publisher icon CIRCL

VirusTotal as source

Open ater49 opened this issue 7 years ago • 4 comments

Hi,

If you have a VirusTotal Intelligence, you can push some Yara Rules in order to monitor some leak/threats about specific targeting. Is it possible to add results of these searches as source of AIL ?

Here's the process: YARA Rules into VT Intelligence > Results are sent to AIL > AIL use VT private API to download files > AIL do the same treatment of files as do for pasties

ater49 avatar Oct 18 '18 12:10 ater49

I'd also love this. I do a lot of my leak hunting in VTI, and I know of several others others that do the same.

This would need to parse the json notifications feed for user defined YARA rules names and download the matching results

deadbits avatar Nov 09 '18 10:11 deadbits

I use VTI to monitor for data leaks just as much as Paste sites, personally. If the AIL primary devs/maintainers think this is OK to create, I can add this as a module myself to include in master? Cc: @adulau

deadbits avatar Jan 09 '19 19:01 deadbits

hey @deadbits !

All pull requests are welcome :)

The VT key are located in configs/keys/virusTotalKEYS.py.

Let me know if you need help

Terrtia avatar Jan 11 '19 15:01 Terrtia

@deadbits It sounds like a great idea. Don't hesitate to PR even a beta version. We would be glad to review it and integrate it.

adulau avatar Jan 11 '19 21:01 adulau