mirror of
https://github.com/mvt-project/mvt.git
synced 2024-06-26 14:28:54 +00:00
Fixed checking of indicators in filesystem module
This commit is contained in:
parent
b35cd4bc73
commit
0e2eb51732
|
@ -47,9 +47,11 @@ class Filesystem(IOSExtraction):
|
||||||
if self.fast_mode:
|
if self.fast_mode:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
for ioc in ioc_file.get_iocs("processes"):
|
for ioc in self.indicators.get_iocs("processes"):
|
||||||
parts = result["path"].split("/")
|
parts = result["path"].split("/")
|
||||||
if ioc in parts:
|
if ioc["value"] in parts:
|
||||||
|
self.log.warning("Found known suspicious process name mentioned in file at path \"%s\" matching indicators from \"%s\"",
|
||||||
|
result["path"], ioc["name"])
|
||||||
self.detected.append(result)
|
self.detected.append(result)
|
||||||
|
|
||||||
def run(self):
|
def run(self):
|
||||||
|
|
Loading…
Reference in New Issue
Block a user