add BOTS config for domaintools

Author: aaronkaplan

intelmq/bots/BOTS

@@ -476,6 +476,14 @@
                 "redis_cache_ttl": "86400"
             }
         },
+        "Domaintools": {
+            "description": "Domaintools expert is a bot which queries domaintools.com for a scoring of a domain name",
+            "module": "intelmq.bots.experts.domaintools.expert",
+            "parameters": {
+                "user": "",
+                "password": ""
+            }
+        },
         "Field Reducer": {
             "description": "The field reducer bot is capable of removing fields from events.",
             "module": "intelmq.bots.experts.field_reducer.expert",

intelmq/bots/experts/domaintools/expert.py

@@ -26,27 +26,30 @@ def init(self):
         self.api = API(self.parameters.user, self.parameters.password)
 
     def domaintools_get_score(self, fqdn):
-
+        score = None
         if fqdn:
-            resp = self.api.reputation(fqdn, include_reason=False)     # don't include a reason in the JSON response
+            resp = self.api.reputation(fqdn, include_reasons=False)     # don't include a reason in the JSON response
+
             try:
                 score = resp['risk_score']
             except exceptions.NotFoundException:
-                    score = None
+                score = None
             except exceptions.BadRequestException:
-                    score = None
+                score = None
             return score
 
     def process(self):
         event = self.receive_message()
+        extra = {}
 
         for key in ["source.", "destination."]:
             key_fqdn = key + "fqdn"
             if key_fqdn not in event:
                 continue        # can't query if we don't have a domain name
-            score = self.domaintools_get_score(key_fqdn)
-            if score:
-                event.add("extra.domaintools_score", score, raise_failure=False)
+            score = self.domaintools_get_score(event.get(key_fqdn))
+            if score is not None:
+                extra["domaintools_score"] = score
+                event.add("extra", extra)
 
         self.send_message(event)
         self.acknowledge_message()

intelmq/tests/bots/experts/domaintools/__init__.py

@@ -6,15 +6,15 @@
 import unittest
 
 import intelmq.lib.test as test
-from intelmq.bots.experts.gethostbyname.expert import DomaintoolsExpertBot
+from intelmq.bots.experts.domaintools.expert import DomaintoolsExpertBot
 
 EXAMPLE_INPUT = {"__type": "Event",
                  "source.fqdn": "google.com",
                  "time.observation": "2015-01-01T00:00:00+00:00"
                  }
 EXAMPLE_OUTPUT = {"__type": "Event",
-                  "source.fqdn": "example.com",
-                  "extra.domaintools_score": 0,
+                  "source.fqdn": "google.com",
+                  "extra": '{"domaintools_score": 0}',
                   "time.observation": "2015-01-01T00:00:00+00:00"
                   }
 NONEXISTING_INPUT = {"__type": "Event",
@@ -33,6 +33,7 @@ class TestDomaintoolsExpertBot(test.BotTestCase, unittest.TestCase):
     @classmethod
     def set_bot(self):
         self.bot_reference = DomaintoolsExpertBot
+        self.sysconfig = {'user': 'mkendrick_first2017', 'password': 'c0e4e-e2527-dc6af-824a4-229d5'}
 
     def test_existing(self):
         self.input_message = EXAMPLE_INPUT