Consumes Anti-Virus tags (av.virus_name) and extracts family, behavior, and
platform information based on AVClass2.
The service has no parameters, but relies on the following files, as described in the AVClass2 documentation.
data/avclass.tagging- Tag aliasesdata/avclass.expansion- Implied tagsdata/avclass.taxonomy- Tag categories
These configurations differ from defaults provided by AVClass2 in that they were generated using a large quantity of VirusTotal submissions. Configuration should be periodically updated to ensure that new malware families and behaviors are correctly extracted.