Maybe it would be helpful if the URL format string is something a user can redef?
- Jon On Nov 5, 2013, at 11:36 AM, Vlad Grigorescu <[email protected]> wrote: > Repository : ssh://[email protected]/bro > > On branch : fastpath > Link : > https://github.com/bro/bro/commit/09779836cbbea6744114fba67bf0aa277cce4131 > >> --------------------------------------------------------------- > > commit 09779836cbbea6744114fba67bf0aa277cce4131 > Author: Vlad Grigorescu <[email protected]> > Date: Tue Nov 5 12:06:33 2013 -0500 > > Update VirusTotal URL to work with changes to their website. > > >> --------------------------------------------------------------- > > 09779836cbbea6744114fba67bf0aa277cce4131 > scripts/policy/frameworks/files/detect-MHR.bro | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/scripts/policy/frameworks/files/detect-MHR.bro > b/scripts/policy/frameworks/files/detect-MHR.bro > index 5ed8715..753372e 100644 > --- a/scripts/policy/frameworks/files/detect-MHR.bro > +++ b/scripts/policy/frameworks/files/detect-MHR.bro > @@ -48,7 +48,7 @@ event file_hash(f: fa_file, kind: string, hash: string) > if ( mhr_detect_rate >= notice_threshold ) > { > local message = fmt("Malware Hash > Registry Detection rate: %d%% Last seen: %s", mhr_detect_rate, > readable_first_detected); > - local virustotal_url = > fmt("https://www.virustotal.com/en/file/%s/analysis/";, hash); > + local virustotal_url = > fmt("https://www.virustotal.com/en/search/?query=%s";, hash); > NOTICE([$note=Match, $msg=message, > $sub=virustotal_url, $f=f]); > } > } > > _______________________________________________ > bro-commits mailing list > [email protected] > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-commits > _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
