|
26 | 26 | }, |
27 | 27 | { |
28 | 28 | "cell_type": "code", |
29 | | - "execution_count": null, |
| 29 | + "execution_count": 1, |
30 | 30 | "id": "59ab69c2", |
31 | 31 | "metadata": {}, |
32 | 32 | "outputs": [], |
33 | 33 | "source": [ |
34 | | - "from ReversingLabs.SDK.helper import *\n", |
35 | | - "from ReversingLabs.SDK.ticloud import AdvancedSearch, AdvancedActions" |
| 34 | + "from ReversingLabs.SDK.ticloud import AdvancedSearch\n", |
| 35 | + "from ReversingLabs.SDK.advanced import AdvancedActions" |
36 | 36 | ] |
37 | 37 | }, |
38 | 38 | { |
|
51 | 51 | }, |
52 | 52 | { |
53 | 53 | "cell_type": "code", |
54 | | - "execution_count": null, |
| 54 | + "execution_count": 2, |
55 | 55 | "id": "66ed0816", |
56 | 56 | "metadata": {}, |
57 | 57 | "outputs": [], |
|
80 | 80 | }, |
81 | 81 | { |
82 | 82 | "cell_type": "code", |
83 | | - "execution_count": null, |
| 83 | + "execution_count": 3, |
84 | 84 | "id": "791783de", |
85 | 85 | "metadata": {}, |
86 | 86 | "outputs": [], |
|
102 | 102 | }, |
103 | 103 | { |
104 | 104 | "cell_type": "code", |
105 | | - "execution_count": null, |
| 105 | + "execution_count": 4, |
106 | 106 | "id": "dbdf8739", |
107 | 107 | "metadata": {}, |
108 | 108 | "outputs": [], |
|
130 | 130 | }, |
131 | 131 | { |
132 | 132 | "cell_type": "code", |
133 | | - "execution_count": null, |
| 133 | + "execution_count": 5, |
134 | 134 | "id": "067c7c95", |
135 | 135 | "metadata": {}, |
136 | 136 | "outputs": [], |
|
154 | 154 | "id": "ae7e378c", |
155 | 155 | "metadata": {}, |
156 | 156 | "source": [ |
157 | | - "# 6. Main Execution Function\n", |
| 157 | + "# 6. Main Execution Function, results processing and output\n", |
158 | 158 | "- Performs the search using the ReversingLabs SDK\n", |
159 | 159 | "- Processes each sample to extract basic information\n", |
160 | 160 | "- Attempts to enrich each sample and extract relevant URLs\n", |
161 | | - "- Handles errors gracefully, continuing even if enrichment fails for some samples" |
| 161 | + "- Handles errors gracefully, continuing even if enrichment fails for some samples\n", |
| 162 | + "\n", |
| 163 | + " Results Processing and output:\n", |
| 164 | + "- Groups samples by the extracted URLs\n", |
| 165 | + "- Creates a default group if no URLs are found\n", |
| 166 | + "- Builds the final report structure \n", |
| 167 | + "- Writes the grouped results to a JSON file\n", |
| 168 | + "- Provides summary statistics on the console" |
162 | 169 | ] |
163 | 170 | }, |
164 | 171 | { |
|
246 | 253 | " \n", |
247 | 254 | " minimal_results.append(minimal_data)\n", |
248 | 255 | "\n", |
249 | | - " print(f\"Found URLs in {urls_found_count} samples\")" |
250 | | - ] |
251 | | - }, |
252 | | - { |
253 | | - "cell_type": "markdown", |
254 | | - "id": "3f59c5f7", |
255 | | - "metadata": {}, |
256 | | - "source": [ |
257 | | - "# 7. Results Processing and output\n", |
258 | | - "- Groups samples by the extracted URLs\n", |
259 | | - "- Creates a default group if no URLs are found\n", |
260 | | - "- Builds the final report structure \n", |
261 | | - "- Writes the grouped results to a JSON file\n", |
262 | | - "- Provides summary statistics on the console" |
263 | | - ] |
264 | | - }, |
265 | | - { |
266 | | - "cell_type": "code", |
267 | | - "execution_count": null, |
268 | | - "id": "5680ca67", |
269 | | - "metadata": {}, |
270 | | - "outputs": [], |
271 | | - "source": [ |
272 | | - "url_groups = {}\n", |
273 | | - "for sample in minimal_results:\n", |
274 | | - " for url in sample.get(\"extracted_urls\", []):\n", |
275 | | - " if url not in url_groups:\n", |
276 | | - " url_groups[url] = []\n", |
277 | | - " url_groups[url].append(sample)\n", |
| 256 | + " print(f\"Found URLs in {urls_found_count} samples\")\n", |
278 | 257 | "\n", |
279 | | - "if not url_groups and minimal_results:\n", |
280 | | - " print(\"No URLs found in any samples. Creating a default group for all samples.\")\n", |
281 | | - " default_url = f\"{url_prefix}[no_specific_url_found]\"\n", |
282 | | - " url_groups[default_url] = minimal_results\n", |
| 258 | + " url_groups = {}\n", |
| 259 | + " for sample in minimal_results:\n", |
| 260 | + " for url in sample.get(\"extracted_urls\", []):\n", |
| 261 | + " if url not in url_groups:\n", |
| 262 | + " url_groups[url] = []\n", |
| 263 | + " url_groups[url].append(sample)\n", |
283 | 264 | "\n", |
284 | | - "grouped_output = {\"urls\": []}\n", |
285 | | - "for url, samples in url_groups.items():\n", |
286 | | - " hashes = [sample[\"hashes\"][\"sha1\"] for sample in samples]\n", |
287 | | - " \n", |
288 | | - " grouped_output[\"urls\"].append({\n", |
289 | | - " \"value\": url,\n", |
290 | | - " \"hashes\": hashes,\n", |
291 | | - " \"samples\": samplesđ\n", |
292 | | - " })\n", |
293 | | - "output_file = \"report.json\"\n", |
294 | | - "try:\n", |
295 | | - " with open(output_file, \"w\") as f:\n", |
296 | | - " json.dump(grouped_output, f, indent=2)\n", |
297 | | - " print(f\"Grouped report written to {output_file}\")\n", |
298 | | - "except Exception as e:\n", |
299 | | - " print(\"Error exporting report:\", e)\n", |
| 265 | + " if not url_groups and minimal_results:\n", |
| 266 | + " print(\"No URLs found in any samples. Creating a default group for all samples.\")\n", |
| 267 | + " default_url = f\"{url_prefix}[no_specific_url_found]\"\n", |
| 268 | + " url_groups[default_url] = minimal_results\n", |
| 269 | + "\n", |
| 270 | + " grouped_output = {\"urls\": []}\n", |
| 271 | + " for url, samples in url_groups.items():\n", |
| 272 | + " hashes = [sample[\"hashes\"][\"sha1\"] for sample in samples]\n", |
| 273 | + " \n", |
| 274 | + " grouped_output[\"urls\"].append({\n", |
| 275 | + " \"value\": url,\n", |
| 276 | + " \"hashes\": hashes,\n", |
| 277 | + " \"samples\": samples\n", |
| 278 | + " })\n", |
| 279 | + " output_file = \"report.json\"\n", |
| 280 | + " try:\n", |
| 281 | + " with open(output_file, \"w\") as f:\n", |
| 282 | + " json.dump(grouped_output, f, indent=2)\n", |
| 283 | + " print(f\"Grouped report written to {output_file}\")\n", |
| 284 | + " except Exception as e:\n", |
| 285 | + " print(\"Error exporting report:\", e)\n", |
300 | 286 | "\n", |
301 | 287 | "if __name__ == \"__main__\":\n", |
302 | | - " main()" |
| 288 | + " main()" |
303 | 289 | ] |
304 | 290 | }, |
305 | 291 | { |
306 | 292 | "cell_type": "markdown", |
307 | 293 | "id": "6bee59fe", |
308 | 294 | "metadata": {}, |
309 | 295 | "source": [ |
310 | | - "# 8. Results example" |
| 296 | + "# 7. Results example" |
311 | 297 | ] |
312 | 298 | }, |
313 | 299 | { |
|
546 | 532 | "name": "python3" |
547 | 533 | }, |
548 | 534 | "language_info": { |
| 535 | + "codemirror_mode": { |
| 536 | + "name": "ipython", |
| 537 | + "version": 3 |
| 538 | + }, |
| 539 | + "file_extension": ".py", |
| 540 | + "mimetype": "text/x-python", |
549 | 541 | "name": "python", |
550 | | - "version": "3.x" |
| 542 | + "nbconvert_exporter": "python", |
| 543 | + "pygments_lexer": "ipython3", |
| 544 | + "version": "3.13.0" |
551 | 545 | } |
552 | 546 | }, |
553 | 547 | "nbformat": 4, |
|
0 commit comments