Ejemplo n.º 1
0
def dotransform(request, response):

    # Check PAN Authentication AND KEY
    key = pamod.get_login()
    # Get report XML response and parse XML
    root = ET.fromstring(pamod.pa_pred_report('top-attackers', key))
    entry_list = []

    for result in root:
        for entry in result:
            entry_dic = {}
            for data in entry:
                entry_dic[data.tag] = data.text

            entry_list.append(entry_dic)

    for d in entry_list:
        response += IPv4Address(
            d['src'],
            user=d['srcuser'],
            resolved=d['resolved-src'],
            count=d['count']
            )

    return response
Ejemplo n.º 2
0
def dotransform(request, response):

    # Check PAN Authentication AND KEY
    key = pamod.get_login()
    
    # Create and submit the query to the API and return the jobid
    ip_entity = request.value

    query = '(addr.dst in %s) or (addr.src in %s)' % (ip_entity, ip_entity)
    jobid = pamod.pa_log_query('threat', key, query)
    sleep(5)

    # Loop function to check if the log query job is done
    root = ET.fromstring(pamod.pa_log_get(jobid, key))
    for status in root.findall(".//job/status"):
        while status.text == 'ACT':
            sleep(5)
            root = ET.fromstring(pamod.pa_log_get(jobid, key))
            for status in root.findall(".//job/status"):
                if status.text == 'FIN':
                    break

    # parse the log data and create dictionaries stored in a list for each individual log
    log_list = []
    for entry in root.findall(".//log/logs/entry"):
        entry_dic = {}
        for data in entry:
            entry_dic[data.tag] = data.text

        log_list.append(entry_dic)

    # Create the Maltego Entity
    threat_list = []
    for d in log_list:
        if d['threatid'] not in threat_list:
            response += paThreat(
                d['threatid'],
                tid=d['tid'],
                ipsrc=d['src'],
                ipdst=d['dst']
            )
            threat_list.append(d['threatid'])

    return response
Ejemplo n.º 3
0
def dotransform(request, response):

    # Check PAN Authentication AND KEY
    key = pamod.get_login()

    # Create and submit the query to the API and return the jobid
    tid = request.fields['tid']

    query = '(threatid eq %s)' % (tid)
    jobid = pamod.pa_log_query('threat', key, query)
    sleep(5)

    # Loop function to check if the log query job is done
    root = ET.fromstring(pamod.pa_log_get(jobid, key))
    for status in root.findall(".//job/status"):
        while status.text == 'ACT':
            sleep(5)
            root = ET.fromstring(pamod.pa_log_get(jobid, key))
            for status in root.findall(".//job/status"):
                if status.text == 'FIN':
                    break

    # parse the log data and create dictionaries stored in a list for each individual log
    log_list = []
    for entry in root.findall(".//log/logs/entry"):
        entry_dic = {}
        for data in entry:
            entry_dic[data.tag] = data.text

        log_list.append(entry_dic)

    # Create the Maltego Entity
    ip_list = []
    for d in log_list:
        if d['src'] not in ip_list:
            response += IPv4Address(
                d['src'],
                tid=d['tid'],
                ipsrc=d['dst'],
            )
            ip_list.append(d['src'])

    return response
Ejemplo n.º 4
0
def dotransform(request, response):

    # Check PAN Authentication AND KEY
    key = pamod.get_login()
    # Get report XML response and parse XML
    root = ET.fromstring(pamod.pa_pred_report('top-spyware-threats', key))
    entry_list = []

    for result in root:
        for entry in result:
            entry_dic = {}
            for data in entry:
                entry_dic[data.tag] = data.text

            entry_list.append(entry_dic)

    for d in entry_list:
        response += paThreat(d['threatid'], tid=d['tid'], count=d['count'])

    return response
Ejemplo n.º 5
0
def dotransform(request, response):

    # Check PAN Authentication AND KEY
    key = pamod.get_login()
    # Get report XML response and parse XML
    root = ET.fromstring(pamod.pa_pred_report("top-attacks", key))
    entry_list = []

    for result in root:
        for entry in result:
            entry_dic = {}
            for data in entry:
                entry_dic[data.tag] = data.text

            entry_list.append(entry_dic)

    for d in entry_list:
        response += paThreat(d["threatid"], tid=d["tid"], subtype=d["subtype"], count=d["count"])

    return response
Ejemplo n.º 6
0
def dotransform(request, response):

    # Check PAN Authentication AND KEY
    key = pamod.get_login()
    # Get report XML response and parse XML
    root = ET.fromstring(pamod.pa_pred_report('top-victims', key))
    entry_list = []

    for result in root:
        for entry in result:
            entry_dic = {}
            for data in entry:
                entry_dic[data.tag] = data.text

            entry_list.append(entry_dic)

    for d in entry_list:
        response += IPv4Address(d['dst'],
                                user=d['dstuser'],
                                resolved=d['resolved-dst'],
                                count=d['count'])

    return response
Ejemplo n.º 7
0
def dotransform(request, response):

    # Check PAN Authentication AND KEY
    key = pamod.get_login()
    # Get report XML response and parse XML
    root = ET.fromstring(pamod.pa_pred_report('top-spyware-threats', key))
    entry_list = []

    for result in root:
        for entry in result:
            entry_dic = {}
            for data in entry:
                entry_dic[data.tag] = data.text

            entry_list.append(entry_dic)

    for d in entry_list:
        response += paThreat(
            d['threatid'],
            tid=d['tid'],
            count=d['count']
            )

    return response