https://developer.cisco.com/site/license/cisco-sample-code-license/
Summary
sha_report.py:
This tool takes in a SHA 256 value as command line parameter and provides a report on sha statistics and domain details in umbrella and prints them to a screen
Files used by sha_report.py
umbrella.py
threatgrid.py
sha_report.py
Dependencies
Python 2.7
import requests
import json
import sys
Usage Enter the api credentials for your Threat Grid account (found on line 16)
Enter the api credentials for your Umbrella investigate account (found on line 17)
# enter api credentials for the corresponding accounts for ThreatGrid and Umbrella
in api.cfg file
To execute the script from the OS shell run either:
python sha_report.py <sha-256 of file>
or ./sha_report.py <sha-256 of file>
The script will then return:
number of runs of same sha and average score
any associated behaviors from Threat Grid
all outbound IP communications
domain communications that are known bad
domain communications that are unknown
security reports for unknown domains
Extras:
To use these scripts ip_workflow.py, file_hash_workflow.py, domain_workflow.py please modify the api.cfg file in this folder with proper API keys or Token for your following account.
[ThreatGrid][VirusTotal][Investigate]
Usage: $ python file_hash_workflow.py “hash”
$ python ip_workflow.py “ip address”
$ python domain_workflow.py “domain”