We’ve made some changes to VALHALLA and released version 1.1 and valhallAPI version 0.5 to reflect these changes.
The new modified date shows when this rule has last been modified.
See this example.
The modified date will also appear in the JSON feed and metadata of the text feed.
Rules now contain a “hash1” value, which is one of the samples from which it has been derived.
The API offers two new endpoints named “keyword” and “keyword-matches”, which allow two new lookups. (customers only)
The “keyword” lookup is not very spectacular and simply returns a list of rule meta data based on a certain keyword.
However, the “keyword-matches” endpoint adds a new vector. It combines a keyword lookup on the rules with a lookup on matches created by these rules.
E.g. by providing the keyword “Turla”, you get a list of sample hashes on which Turla related rules matched in the past.
The new valhallaAPI client and Python module in version 0.5 allow to use these features.
You can upgrade your current version with
pip3 install valhallaAPI --upgrade