IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Issue with virus total API lookup functionality

  • 1.  Issue with virus total API lookup functionality

    Posted Tue January 03, 2023 04:03 AM
    Hi IBM community,

    I am currently developing a lookup function using multiple tools and my goal is to process the dictionary output return by the API as dictionary. During the API lookup, all the function works fine on the API part with the exception of VirusTotal where I got the following error:

    In the virus total package, the error pointed out to the following:

    Where below are the code for my VirusTotal Function following the workflow example given by adding the application into the AppHost server:


    My confusion with this error is that the activation for it is seemingly random because at times I have manage to call the virus total function despite using the same command. Below are the example of successful activation for the similar query:

    Below are the code for the artifact generation which I wrapped in try-except clause:

    Is there any possible lead on what could possibly lead to this error. Is it on my artifact generation part or the API lookup part or simply some steps that I have missed?


    Regards,

    Luqman

    ------------------------------
    Luqman Nur
    Techlab
    ------------------------------


  • 2.  RE: Issue with virus total API lookup functionality

    Posted Wed January 04, 2023 04:10 AM

    Hi Luqman,

    Your workflow code is perfect, it looks like the response result of VirusToatal that you send for scan sometimes cannot be converted into a list format but an integer which results in result['response_code'] cannot be found. Following is the test code to reproduce this issue. You may add another exception to handle this case.

    -> % cat test.py

    RC_NOT_FOUND = 0
    RC_READY = 1
    RC_IN_QUEUE = -2

    results = int(100)

    if results['response_code'] == RC_NOT_FOUND:
    print(results['response_code'])

    -> % python test.py
    Traceback (most recent call last):
    File "test.py", line 8, in <module>
    if results['response_code'] == RC_NOT_FOUND:
    TypeError: 'int' object has no attribute '__getitem__'



    ------------------------------
    Sam Wang
    ------------------------------



  • 3.  RE: Issue with virus total API lookup functionality

    Posted Wed January 04, 2023 04:33 AM