From 05a55fb5f538676278d874f68b6a0bd0311479a2 Mon Sep 17 00:00:00 2001 From: mikekacz Date: Fri, 20 Apr 2018 11:56:00 +0200 Subject: [PATCH] positives and totals added --- OpSec-VirusTotal.ps1 | 14 +++++++++----- config.ps1.template | 1 + 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/OpSec-VirusTotal.ps1 b/OpSec-VirusTotal.ps1 index 752c586..851de97 100644 --- a/OpSec-VirusTotal.ps1 +++ b/OpSec-VirusTotal.ps1 @@ -30,25 +30,25 @@ function Get-VTFileReport catch { $response = new-object psobject -property @{'StatusCode' = 000} - $data = new-object psobject -property @{'positives' = ''; 'permalink' = '' } + $data = new-object psobject -property @{'positives' = ''; 'total' = ''; 'permalink' = '' } } if ($response.StatusCode -eq 200) { $status = "OK" - if ($data.positives -eq 0) {$result = 'Clean'} else {$result = 'NOT Clean'} + if ($data.positives -lt $positivesThreshold) {$result = 'Clean'} else {$result = 'NOT Clean'} } else { $status = "try later" $result = 'not checked' } - return new-object psobject -property @{'status' = $status; 'result' = $result; 'permalink' = $data.permalink } + return new-object psobject -property @{'status' = $status; 'result' = $result; 'positives' = $data.positives ; 'total' = $data.total ;'permalink' = $data.permalink } } if (-not (Test-Path $SQLite_path)) #create DB file if not existing { - $Query = "CREATE TABLE Hashes (hash TEXT PRIMARY KEY, path TEXT, count INTEGER, result TEXT, permalink TEXT, lastEntry FLOAT)" #Table to store hashes + $Query = "CREATE TABLE Hashes (hash TEXT PRIMARY KEY, path TEXT, count INTEGER, result TEXT, positives INTEGER, total INTEGER, permalink TEXT, lastEntry FLOAT)" #Table to store hashes Invoke-SqliteQuery -Query $Query -DataSource $SQLite_path $query = "CREATE TABLE Log (lastEntry FLOAT PRIMARY KEY, status TEXT)" #Table to store each run Invoke-SqliteQuery -Query $Query -DataSource $SQLite_path @@ -107,6 +107,8 @@ foreach ($newEvent in $eventsToProcess) elseif ($newEvent.status -eq 'not exists') { $newEvent | add-member -membertype noteproperty -name result -value $null + $newEvent | add-member -membertype noteproperty -name positives -value $null + $newEvent | add-member -membertype noteproperty -name total -value $null $newEvent | add-member -membertype noteproperty -name permalink -value $null do { @@ -115,13 +117,15 @@ foreach ($newEvent in $eventsToProcess) else { $newEvent.status = "to be added to DB" $newEvent.result = $hashInfo.result + $newEvent.positives = $hashInfo.positives + $newEvent.total = $hashInfo.total $newEvent.permalink = $hashInfo.permalink if ($newEvent.result -ne "Clean") {Write-Warning -Message $($newEvent.path)} } } until ($hashInfo.status -eq 'OK') #add new items to DB - $query = "INSERT INTO Hashes (hash, path, count, lastEntry, result, permalink) VALUES ('$($newEvent.hash)', '$($newEvent.path)', '$($newEvent.count)', '$($newEvent.lastEntry)', '$($newEvent.result)', '$($newEvent.permalink)')" + $query = "INSERT INTO Hashes (hash, path, count, lastEntry, result, positives, total, permalink) VALUES ('$($newEvent.hash)', '$($newEvent.path)', '$($newEvent.count)', '$($newEvent.lastEntry)', '$($newEvent.result)', '$($newEvent.positives)', '$($newEvent.total)', '$($newEvent.permalink)')" $Query Invoke-SqliteQuery -DataSource $SQLite_path -Query $query } diff --git a/config.ps1.template b/config.ps1.template index 4252d28..d56cf9f 100644 --- a/config.ps1.template +++ b/config.ps1.template @@ -1,6 +1,7 @@ #VirusTotal $virusTotalAPIkey = '' $virusTotalCheckFrequency = 15 #seconds - default value for non-enterprise account +$positivesThreshold = 5 #mail $mailserver = ''