Yeah, I was thinking about that. I'll make that change in a bit. --Vlad
On Nov 5, 2013, at 1:35 PM, Siwek, Jonathan Luke <[email protected]> wrote: > Maybe it would be helpful if the URL format string is something a user can > redef? > > - Jon > > > On Nov 5, 2013, at 11:36 AM, Vlad Grigorescu <[email protected]> wrote: > >> Repository : ssh://[email protected]/bro >> >> On branch : fastpath >> Link : >> https://github.com/bro/bro/commit/09779836cbbea6744114fba67bf0aa277cce4131 >> >>> --------------------------------------------------------------- >> >> commit 09779836cbbea6744114fba67bf0aa277cce4131 >> Author: Vlad Grigorescu <[email protected]> >> Date: Tue Nov 5 12:06:33 2013 -0500 >> >> Update VirusTotal URL to work with changes to their website. >> >> >>> --------------------------------------------------------------- >> >> 09779836cbbea6744114fba67bf0aa277cce4131 >> scripts/policy/frameworks/files/detect-MHR.bro | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/scripts/policy/frameworks/files/detect-MHR.bro >> b/scripts/policy/frameworks/files/detect-MHR.bro >> index 5ed8715..753372e 100644 >> --- a/scripts/policy/frameworks/files/detect-MHR.bro >> +++ b/scripts/policy/frameworks/files/detect-MHR.bro >> @@ -48,7 +48,7 @@ event file_hash(f: fa_file, kind: string, hash: string) >> if ( mhr_detect_rate >= notice_threshold ) >> { >> local message = fmt("Malware Hash >> Registry Detection rate: %d%% Last seen: %s", mhr_detect_rate, >> readable_first_detected); >> - local virustotal_url = >> fmt("https://www.virustotal.com/en/file/%s/analysis/";, hash); >> + local virustotal_url = >> fmt("https://www.virustotal.com/en/search/?query=%s";, hash); >> NOTICE([$note=Match, $msg=message, >> $sub=virustotal_url, $f=f]); >> } >> } >> >> _______________________________________________ >> bro-commits mailing list >> [email protected] >> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-commits >> > > > _______________________________________________ > bro-dev mailing list > [email protected] > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
