as lists and fix rule

examples/livehunt_network_watch.py

@@ -123,14 +123,19 @@ async def upload_rulesets(queue):
         )
         try:
           # Fix for https://github.com/VirusTotal/vt-py/issues/155 issue.
-          await client.patch_async(
+          result = await client.patch_async(
               path="/intelligence/hunting_rulesets/" + task.get("id"),
               json_data={"data": ruleset.to_dict()},
           )
-          print(f'Ruleset {name} [{RULESET_LINK}{task["id"]}] updated.')
         except vt.error.APIError as e:
           print(f"Error updating {name}: {e}")
 
+        response = await result.json_async()
+        if response.get('error') != None:
+          print(f'{name}: {response}')
+
+        print(f'Ruleset {name} [{RULESET_LINK}{task["id"]}] updated.')
+
       else:
         ruleset = vt.Object(
             obj_type="hunting_ruleset",
@@ -146,10 +151,15 @@ async def upload_rulesets(queue):
           result = await client.post_object_async(
               path="/intelligence/hunting_rulesets", obj=ruleset
           )
-          print(f"Ruleset {name} [{RULESET_LINK}{result.id}] created.")
         except vt.error.APIError as e:
           print(f"Error saving {name}: {e}")
 
+        response = await result.json_async()
+        if response.get('error') != None:
+          print(f'{name}: {response}')
+
+        print(f"Ruleset {name} [{RULESET_LINK}{result.id}] created.")
+
       queue.task_done()
 
 
@@ -182,11 +192,15 @@ async def main():
   parser.add_argument(
       "-a",
       "--add-domain",
+      action="append",
+      type=str,
       help="Add a domain to the list.",
   )
   parser.add_argument(
       "-d",
       "--delete-domain",
+      action="append",
+      type=str,
       help="Remove a domain from the list.",
   )
   parser.add_argument(
@@ -243,13 +257,14 @@ async def main():
 
   else:
     if args.add_domain:
-      new_domain_list.append(args.add_domain)
+      new_domain_list += args.add_domain
 
     if args.delete_domain:
-      if not args.delete_domain in new_domain_list:
-        print(f"* {args.delete_domain} not in list")
-        sys.exit(1)
-      new_domain_list.remove(args.delete_domain)
+      for deleted_domain in args.delete_domain:
+        if not deleted_domain in new_domain_list:
+          print(f"* {deleted_domain} not in list")
+          sys.exit(1)
+        new_domain_list.remove(deleted_domain)
 
   new_domain_list = list(set(new_domain_list))
   new_domain_list.sort()

examples/netwatch_templates/domain.yara

@@ -1,4 +1,4 @@
-rule network_watch_${domain_escaped} : ${domain_escaped} {
+rule network_watch_${domain_escaped} : domain_${domain_escaped} {
 meta:
   description = "Monitor new subdomains for ${domain}"
   target_entity = "domain"

examples/netwatch_templates/file.yara

@@ -1,4 +1,4 @@
-rule network_watch_${domain_escaped} : ${domain_escaped} {
+rule network_watch_${domain_escaped} : domain_${domain_escaped} {
 meta:
   description = "New files downloaded from ${domain}"
   target_entity = "file"
@@ -8,7 +8,7 @@ condition:
 }
 
 
-rule network_watch_contact_${domain_escaped} : ${domain_escaped} {
+rule network_watch_contact_${domain_escaped} : domain_${domain_escaped} {
 meta:
   description = "New files contacting ${domain}"
   target_entity = "file"

examples/netwatch_templates/ip_address.yara

@@ -1,4 +1,4 @@
-rule network_watch_${domain_escaped} : ${domain_escaped} {
+rule network_watch_${domain_escaped} : domain_${domain_escaped} {
 meta:
   description = "New IP addresses resolving domain ${domain} or its subdomains"
   target_entity = "ip_address"

examples/netwatch_templates/url.yara

@@ -1,4 +1,4 @@
-rule network_watch_${domain_escaped} : ${domain_escaped} {
+rule network_watch_${domain_escaped} : domain_${domain_escaped} {
 meta:
   description = "Monitor new URLs in ${domain}"
   target_entity = "url"