I have this json file. It's a report of threat intelligence platform.
{
"data": {
"attributes": {
"authentihash": "a077f952798eb3bc0730c7c4774da7636326cf4b524ed6571b7eaf3d43f0bd9b",
"creation_date": 1387937380,
"crowdsourced_yara_results": [
{
"author": "Florian Roth",
"description": "Malware InstallRex / AntiFW",
"rule_name": "PUP_InstallRex_AntiFWb",
"ruleset_id": "000ca30c43",
"ruleset_name": "crime_antifw_installrex",
"source": "https://github.com/Neo23x0/signature-base"
}
],
"first_submission_date": 1389124248,
"last_analysis_date": 1603898773,
"last_analysis_results": {
"ALYac": {
"category": "undetected",
"engine_name": "ALYac",
"engine_update": "20201028",
"engine_version": "1.1.1.5",
"method": "blacklist",
"result": null
},
"APEX": {
"category": "undetected",
"engine_name": "APEX",
"engine_update": "20201028",
"engine_version": "6.90",
"method": "blacklist",
"result": null
},
"AVG": {
"category": "malicious",
"engine_name": "AVG",
"engine_update": "20201028",
"engine_version": "18.4.3895.0",
"method": "blacklist",
"result": "FileRepMetagen [Malware]"
},
I would count how many antimalware detected the malware as "maliciuous". So i can access and print the whole list of "last_analysis_results", but i can't access to "category" of each antimalware. I try with:
for elem in data['data']['attributes']['last_analysis_results']:
but then? thank you :)
Use .values() to get the dictionary values. Then you can access the category element of each dictionary.
sum(r['category'] == 'malicious' for r in data['data']['attributes']['last_analysis_results'].values())
Booleans are treated as 1 and 0 when used arithmetically, so summing the comparisons counts the number of times it's true.