mirror of
https://github.com/adulau/hashlookup-server.git
synced 2024-12-26 10:46:02 +00:00
new: [api] hashlookup:trust added in the output
The trust level is calculated based on the number of parent to the file. If the file has been seen on many sources, the trust level increase. The scale of the trust level is between 0 and 100. By default, the trust level is 50 meaning we don't know the trust. Below 50, the file is suspicious. Above 50, we have evidences that the file is more legitimate. The calculation is based on the number of parents seen per file. If a file is seen more often in various sources, it increases the trust level to reach a maximum of 100.
This commit is contained in:
parent
d8ac479d72
commit
a928c4e51e
1 changed files with 17 additions and 0 deletions
|
@ -84,6 +84,20 @@ def get_session():
|
|||
ttl = rdb.ttl("session:{}".format(session_name))
|
||||
return ttl
|
||||
|
||||
def calculate_trust(hobject=None):
|
||||
"""Trust level is between 0 and 100. 50 means we don't know the trust. Above 50, the trust level is more important as the file has been seen on various sources."""
|
||||
if hobject is None:
|
||||
return False
|
||||
hashlookup_trust = 50
|
||||
if 'hashlookup:parent-total' in hobject:
|
||||
hashlookup_trust = hashlookup_trust + (5*hobject['hashlookup:parent-total'])
|
||||
if 'KnownMalicious' in hobject:
|
||||
hashlookup_trust = hashlookup_trust - 20
|
||||
if hashlookup_trust > 100:
|
||||
hashlookup_trust = 100
|
||||
hobject['hashlookup:trust'] = hashlookup_trust
|
||||
return hobject
|
||||
|
||||
@api.route('/lookup/md5/<string:md5>')
|
||||
@api.doc(description="Lookup MD5.")
|
||||
class lookup(Resource):
|
||||
|
@ -141,6 +155,7 @@ class lookup(Resource):
|
|||
for child in rdb.smembers("c:{}".format(sha1)):
|
||||
children.append(child)
|
||||
h['children'] = children
|
||||
h = calculate_trust(hobject=h)
|
||||
return h
|
||||
|
||||
@api.route('/lookup/sha1/<string:sha1>')
|
||||
|
@ -196,6 +211,7 @@ class lookup(Resource):
|
|||
for child in rdb.smembers("c:{}".format(k)):
|
||||
children.append(child)
|
||||
h['children'] = children
|
||||
h = calculate_trust(hobject=h)
|
||||
return h
|
||||
|
||||
@api.route('/lookup/sha256/<string:sha256>')
|
||||
|
@ -255,6 +271,7 @@ class lookup(Resource):
|
|||
for child in rdb.smembers("c:{}".format(sha1)):
|
||||
children.append(child)
|
||||
h['children'] = children
|
||||
h = calculate_trust(hobject=h)
|
||||
return h
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue