Virus total connector (#1458)

stix_shifter_modules/virus_total/.coveragerc

@@ -0,0 +1,2 @@
+[run]
+omit = tests/*

stix_shifter_modules/virus_total/configuration/config.json

@@ -0,0 +1,105 @@
+{
+    "connection": {
+        "type": {
+            "id": "VirusTotal_Connector",
+            "displayName": "VirusTotal",
+            "description": "Get the latest VirusTotal report for a file, hash, domain or an IP address. The use of a public key is not recommended."
+        },
+        "help": {
+            "default": "www.ibm.com",
+            "type": "link"
+        },
+        "options": {
+            "type": "fields",
+            "concurrent": {
+                "default": 4,
+                "min": 1,
+                "max": 100,
+                "type": "number",
+                "previous": "connection.maxConcurrentSearches"
+            },
+            "result_limit": {
+                "default": 10000,
+                "min": 1,
+                "max": 500000,
+                "type": "number",
+                "previous": "connection.resultSizeLimit",
+                "hidden": true
+            },
+            "time_range": {
+                "default": 5,
+                "min": 1,
+                "max": 10000,
+                "type": "number",
+                "previous": "connection.timerange",
+                "nullable": true,
+                "hidden": true
+            },
+            "timeout": {
+                "default": 30,
+                "min": 1,
+                "max": 60,
+                "type": "number",
+                "previous": "connection.timeoutLimit"
+            }
+        },
+        "namespace":{
+            "type": "text",
+            "default": "9d4bedaf-d351-4f50-930f-f8eb121e5bae",
+            "hidden": true
+        }
+    },
+    "configuration": {
+        "auth": {
+            "type": "fields",
+            "key": {
+                "type": "password"
+            }
+        },
+        "rateLimit": {
+            "type": "fields",
+            "rateLimit": {
+                "default": 4,
+                "type": "number",
+                "hidden": true
+            },
+            "rateUnit": {
+                "default": "Minute",
+                "type": "text",
+                "hidden": true
+            }
+        },
+        "cacheDuration": {
+            "type": "fields",
+            "cacheDuration": {
+                "default": 10,
+                "type": "number",
+                "hidden": true
+            },
+            "unit": {
+                "default": "Minute",
+                "type": "text",
+                "hidden": true
+            }
+        },
+        "dataTypeList": {
+            "type": "fields",
+            "ip": {
+                "type": "checkbox",
+                "default": true
+            },
+            "domain": {
+                "type": "checkbox",
+                "default": true
+            },
+            "url": {
+                "type": "checkbox",
+                "default": true
+            },
+            "hash": {
+                "type": "checkbox",
+                "default": true
+            }
+        }
+    }
+}

stix_shifter_modules/virus_total/configuration/lang_en.json

@@ -0,0 +1,73 @@
+{
+    "connection": {
+        "options": {
+            "concurrent": {
+                "label": "Concurrent Search Limit",
+                "description": "The number of simultaneous connections that can be made between the host and the data source.  Valid input range is {{min}} to {{max}}."
+            },
+            "search_timeout": {
+                "label": "Query Search Timeout Limit",
+                "description": "The limit on how long the query will run, in minutes, on the data source."
+            }
+        },
+        "host": {
+            "label": "Management IP address or Hostname",
+            "placeholder": "192.168.1.10",
+            "description": "Specify the OCP Cluster hostname or the XForce API host URL"
+        },
+        "port": {
+            "label": "Host Port",
+            "description": "Set the port number that is associated with the Host name or IP"
+        },
+        "namespace": {
+            "label": "The UUID Namespace to generate unique ",
+            "description": "Supply a UUID to generate deterministic UUIDs for the resulting STIX bundle"
+        }
+    },
+    "configuration": {
+        "auth": {
+            "key": {
+                "label": "key",
+                "description": "VirusTotal APIKey"
+            }
+        },
+        "rateLimit": {
+            "rateLimit": {
+                "label": "Rate Limit",
+                "description": "The number of queries allowed by VirusTotal"
+            },
+            "rateUnit": {
+                "label": "Rate Unit",
+                "description": "The rate unit for rate limit in [seconds, minutes, days, months, years ...]"
+            }
+        },
+        "cacheDuration": {
+            "cacheDuration": {
+                "label": "Cache Duration",
+                "description": "How long should we cache the results of the STIX Bundle execution?"
+            },
+            "unit": {
+                "label": "Rate Unit",
+                "description": "The unit for cache in [seconds, minutes, days, months, years ...]"
+            }
+        },
+        "dataTypeList": {
+            "ip": {
+                "label": "IP Address",
+                "description": "Whether IP Address lookup queries are supported by VirusTotal based on the User's API Provisioning"
+            },
+            "domain": {
+                "label": "Domain",
+                "description": "Whether Domain queries are supported by VirusTotal based on the User's API Provisioning"
+            },
+            "url": {
+                "label": "URL",
+                "description": "Whether Domain queries are supported by VirusTotal based on the User's API Provisioning"
+            },
+            "hash": {
+                "label": "Hash",
+                "description": "Whether Hash queries are supported by VirusTotal based on the User's API Provisioning"
+            }
+        }
+    }
+}

stix_shifter_modules/virus_total/entry_point.py

@@ -0,0 +1,44 @@
+from stix_shifter_utils.utils.base_entry_point import BaseEntryPoint
+from .stix_transmission.api_client import APIClient
+from .stix_transmission.ping_connector import PingConnector
+from .stix_transmission.results_connector import ResultsConnector
+from .stix_transmission.delete_connector import DeleteConnector
+from .stix_translation.query_translator import QueryTranslator
+from .stix_translation.results_translator import ResultsTranslator
+from stix_shifter_utils.modules.base.stix_transmission.base_sync_connector import BaseSyncConnector
+from stix_shifter_utils.utils import logger
+import os
+
+
+class EntryPoint(BaseEntryPoint):
+
+    def __init__(self, connection={}, configuration={}, options={}):
+        try:
+            self.logger = logger.set_logger(__name__)
+            super().__init__(connection, configuration, options)
+            self.set_async(False)
+            if connection:
+                api_client = APIClient(connection, configuration)
+                base_sync_connector = BaseSyncConnector()
+                ping_connector = PingConnector(api_client)
+                query_connector = base_sync_connector
+                status_connector = base_sync_connector
+                results_connector = ResultsConnector(api_client)
+                delete_connector = DeleteConnector(api_client)
+
+                self.set_ping_connector(ping_connector)
+                self.set_query_connector(query_connector)
+                self.set_status_connector(status_connector)
+                self.set_results_connector(results_connector)
+                self.set_delete_connector(delete_connector)
+
+            basepath = os.path.dirname(__file__)
+            filepath = os.path.abspath(
+                os.path.join(basepath, "stix_translation"))
+
+            dialect = 'default'
+            query_translator = QueryTranslator(options, dialect, filepath)
+            results_translator = ResultsTranslator(options, dialect, filepath)
+            self.add_dialect(dialect, query_translator=query_translator, results_translator=results_translator, default=True)
+        except Exception as err: 
+            self.logger.error('error when loading module: {}'.format(err)) 

stix_shifter_modules/virus_total/requirements.txt

@@ -0,0 +1,2 @@
+vt-py==0.17.5
+uuid==1.30

stix_shifter_modules/virus_total/stix_translation/json/from_stix_map.json

@@ -0,0 +1,30 @@
+{
+  "url": {
+    "fields": {
+        "value": ["Url"]
+    }
+  },
+  "ipv4-addr": {
+    "fields": {
+      "value":["SourceIpV4", "DestinationIpV4"]
+    }
+  },
+  "ipv6-addr": {
+    "fields":{
+      "value":["SourceIpV6", "DestinationIpV6"]
+    }
+  },
+  "domain-name":{
+    "fields":{
+      "value":["Url"]
+    }
+  },
+  "file":{
+    "fields":{
+      "hashes.'SHA-256'": ["sha256hash"],
+      "hashes.MD5": ["md5hash"],
+      "hashes.'MD5'": ["md5hash"],
+      "hashes.'SHA-1'": ["sha1hash"]
+    }
+  }
+}

stix_shifter_modules/virus_total/stix_translation/json/operators.json

@@ -0,0 +1,16 @@
+{
+  "ComparisonExpressionOperators.And": "AND",
+  "ComparisonExpressionOperators.Or": "OR",
+  "ComparisonComparators.GreaterThan": ">",
+  "ComparisonComparators.GreaterThanOrEqual": ">=",
+  "ComparisonComparators.LessThan": "<",
+  "ComparisonComparators.LessThanOrEqual": "<=",
+  "ComparisonComparators.Equal": "=",
+  "ComparisonComparators.NotEqual": "!=",
+  "ComparisonComparators.Like": "=",
+  "ComparisonComparators.In": "IN",
+  "ComparisonComparators.Matches": "CONTAINS",
+  "ComparisonComparators.IsSubSet": "insubnet",
+  "ObservationOperators.Or": "OR",
+  "ObservationOperators.And": "AND"
+}

stix_shifter_modules/virus_total/stix_translation/json/to_stix_map.json

@@ -0,0 +1,3 @@
+{
+
+}