From c73af0e636e254bddfa4ab3b32f4cd4f38b1dbe1 Mon Sep 17 00:00:00 2001
From: liquidsec <paul.mueller08@gmail.com>
Date: Fri, 8 Nov 2024 16:46:13 -0500
Subject: [PATCH] refactor excavate finding description

---
 bbot/modules/internal/excavate.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/bbot/modules/internal/excavate.py b/bbot/modules/internal/excavate.py
index 85c5501a6..f672abeb5 100644
--- a/bbot/modules/internal/excavate.py
+++ b/bbot/modules/internal/excavate.py
@@ -274,12 +274,11 @@ async def process(self, yara_results, event, yara_rule_settings, discovery_conte
                 description_string = (
                     f" with description: [{yara_rule_settings.description}]" if yara_rule_settings.description else ""
                 )
-                # Get URL from event if available
-                url = event.data.get("url", "") if hasattr(event, "data") else ""
-                url_string = f" on @{url}" if url else ""
+
+                url_string = event.data.get("url") or event.data.get("host", "Unknown Source")
 
                 event_data["description"] = (
-                    f"Custom Yara Rule [{self.name}]{description_string} Matched via identifier [{identifier}]{url_string}"
+                    f"Custom Yara Rule [{self.name}]{description_string} Matched via identifier [{identifier}] on [{url_string}]"
                 )
                 if yara_rule_settings.emit_match:
                     event_data["description"] += f" and extracted [{result}]"