Updating old iocs

VirusTotal · Aug 5, 2024 · 561d9ee · 561d9ee
1 parent 9311327
commit 561d9ee
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/Packs/GoogleThreatIntelligence/Integrations/CategorizedFeeds/CategorizedFeeds.py b/Packs/GoogleThreatIntelligence/Integrations/CategorizedFeeds/CategorizedFeeds.py
@@ -131,7 +131,7 @@ def fetch_indicators_command(client: Client,
             'fields': {
                 'md5': attributes.get('md5'),
                 'sha1': attributes.get('sha1'),
-                'sha256': attributes.get('sha256'),
+                'sha256': attributes['sha256'],
                 'size': attributes.get('size'),
                 'tags': attributes.get('tags'),
             },
@@ -154,6 +154,10 @@ def fetch_indicators_command(client: Client,
 
         if (indicator_obj.get('gti_threat_score') or 0) >= minimum_score:
             indicators.append(indicator_obj)
+        else:
+            existing_indicators = list(IndicatorsSearcher(value=indicator_obj['value']))
+            if len(existing_indicators) > 0 and int(existing_indicators[0].get('total', 0)) > 0:
+                indicators.append(indicator_obj)
 
     return indicators
 

diff --git a/Packs/GoogleThreatIntelligence/Integrations/CategorizedFeeds/CategorizedFeeds.yml b/Packs/GoogleThreatIntelligence/Integrations/CategorizedFeeds/CategorizedFeeds.yml
@@ -65,7 +65,7 @@ configuration:
   required: false
 - display: Feed Fetch Interval
   name: feedFetchInterval
-  defaultvalue: "30"
+  defaultvalue: "60"
   type: 19
   required: false
 - name: feedMinimumGTIScore