IntelOwl icon indicating copy to clipboard operation
IntelOwl copied to clipboard

Published 20 hours ago verified publisher icon intelowlproject

[Analyzer] Validin

Open mlodic opened this issue 1 year ago • 6 comments

Name

Validin

Link

https://app.validin.com/

Type of analyzer

observable: ip and domains

Why should we use it

free reverse pdns lookups: https://app.validin.com/pricing?s=08

Possible implementation

https://app.validin.com/docs

mlodic avatar Oct 25 '23 16:10 mlodic

Hi @mlodic Can you please assign me this analyzer to work on.

404-geek avatar Jan 20 '24 20:01 404-geek

Thank You @mlodic for assigning the analyzer work.

Below is the code snippet I have written for the same. Please have a look into it If it can be raised for PR

class Validin(classes.ObservableAnalyzer):

  base_url: str = "https://app.validin.com"

  validin_analysis: str
  _api_key_name: str

def run(self):
    headers = {
        'Authorization': 'Bearer ' + self._api_key_name
    }

    if self.validin_analysis == "ip":

        uri = f"/api/axon/ip/dns/history/{self.observable_name}"

    elif self.validin_analysis == "domain":

        uri = f"api/axon/domain/dns/hostname/{self.observable_name}"

    else:
        raise AnalyzerConfigurationException(
            f"analysis type: '{self.validin_analysis}' not supported."
            "Supported are: 'ip', 'domain'."
        )

    try:
        response = requests.get(self.base_url + uri, headers=headers)
        response.raise_for_status()
    except requests.RequestException as e:
        raise AnalyzerRunException(e)

    result = response.json()
    return result

@classmethod
def _monkeypatch(cls):
    patches = [
        if_mock_connections(
            patch(
                "requests.get",
                return_value=MockUpResponse({
                    "key": "192.168.1.1",
                    "effective_opts": {
                        "type": "ip4",
                        "limit": 100,
                        "wildcard": false
                    },
                    "status": "finished",
                    "query_key": "192.168.1.1",
                    "records": {
                        "A": [
                            {
                                "key": "192.168.1.1",
                                "value": "650.mba",
                                "val_type": "DOM",
                                "first_seen": 1678752000,
                                "last_seen": 1678773600
                            },
                            {
                                "key": "192.168.1.1",
                                "value": "681.mba",
                                "val_type": "DOM",
                                "first_seen": 1678752000,
                                "last_seen": 1678773600
                            }

                        ]
                    },
                    "records_returned": 100,
                    "limited": true,
                    "error": null
                }, 200),
            ),
        )
    ]
    return super()._monkeypatch(patches=patches)

404-geek avatar Jan 21 '24 00:01 404-geek

please solve the other issue first.

mlodic avatar Jan 21 '24 18:01 mlodic

hello! @mlodic , in the meantime can I work on this?

g4ze avatar Feb 07 '24 06:02 g4ze

Hi! I'm Validin's founder. Feel free to at-mention me (@warmer) if you need any help, or fill out the contact-us form on our website if you want to correspond via email.

warmer avatar Feb 07 '24 18:02 warmer

Great! sure! :D

g4ze avatar Feb 07 '24 18:02 g4ze

merged! this will be available in the upcoming v6 release

mlodic avatar Mar 04 '24 17:03 mlodic

Hi @mlodic / @g4ze - wanted to let you know in case you didn't get emails before the update that you'll need to get new Validin API keys if you haven't already.

warmer avatar Mar 25 '24 18:03 warmer

thanks for the update :) we are about to make a major release with the analyzer for your service (this thursday). What do you think about making a blog post about that or, idk, put something about IntelOwl in your own site? That could help to redirect the interest to both your service and our project.

mlodic avatar Mar 26 '24 08:03 mlodic

Hi @mlodic - we're happy to drop a mention or short blog post highlighting IntelOwl. If you need more query quota for testing, ping me privately and I'll set you up. Validin's contact info is on our website and in the community portal.

warmer avatar Mar 27 '24 21:03 warmer

Hi @mlodic - we're happy to drop a mention or short blog post highlighting IntelOwl.

Thank you! Once you do that, we can provide a cross-reference here too!

If you need more query quota for testing, ping me privately and I'll set you up

I have just created a new account and asked for that! Thank you :)

mlodic avatar Mar 28 '24 10:03 mlodic