1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
import vt
import time
def enrich_iocs(iocs, vt_api_key):
enriched = {'ip': [], 'domain': [], 'hash': []}
client = vt.Client(vt_api_key)
for ip in iocs['ip'][:50]: # Respect rate limits
try:
obj = client.get_object(f"/ip_addresses/{ip['value']}")
stats = obj.last_analysis_stats
enriched['ip'].append({
**ip,
'vt_malicious': stats.get('malicious', 0),
'vt_total': sum(stats.values()),
'country': getattr(obj, 'country', 'Unknown'),
'asn': getattr(obj, 'asn', 'Unknown'),
'as_owner': getattr(obj, 'as_owner', 'Unknown'),
})
except Exception:
enriched['ip'].append({**ip, 'vt_malicious': 0, 'vt_total': 0})
time.sleep(0.5)
for h in iocs['hash'][:50]:
try:
obj = client.get_object(f"/files/{h['value']}")
stats = obj.last_analysis_stats
enriched['hash'].append({
**h,
'vt_malicious': stats.get('malicious', 0),
'vt_total': sum(stats.values()),
'file_type': getattr(obj, 'type_description', 'Unknown'),
'file_name': getattr(obj, 'meaningful_name', h['value'][:16] + '...'),
})
except Exception:
enriched['hash'].append({**h, 'vt_malicious': 0, 'vt_total': 0})
time.sleep(0.5)
client.close()
return enriched
|