Ejemplo n.º 1
0
def main():
    s = get_args()
    format_ = '%d-%m-%Y'
    for day_counter in range(s.days_back):
        until_param, until_param_string, since_param, since_param_string = \
            utils.get_time_params(s.end_date, day_counter, format_)

        output_file = 'threat_indicators_' + since_param_string + '_to_' + \
            until_param_string + '.csv'

        with open(output_file, 'wb') as fout:
            writer = csv.writer(fout)
            results = ThreatIndicator.objects(
                fields=ThreatIndicator._fields,
                limit=1000,
                text=s.text,
                strict_text=s.strict_text,
                threat_type=s.threat_type,
                type_=s.type,
                since=since_param_string,
                until=until_param_string,
            )

            fields_list = [
                TI.ID,
                TI.INDICATOR,
                TI.TYPE,
            ]

            # Headers
            writer.writerow(map(utils.convert_to_header, fields_list))
            for result in results:
                writer.writerow(
                    map(lambda x: utils.get_data_field(x, result),
                        fields_list))
Ejemplo n.º 2
0
def main():
    s = get_args()
    format_ = '%d-%m-%Y'
    for day_counter in range(s.days_back):
        until_param, until_param_string, since_param, since_param_string = \
            utils.get_time_params(s.end_date, day_counter, format_)

        output_file = 'threat_indicators_' + since_param_string + '_to_' + \
            until_param_string + '.csv'

        with open(output_file,'wb') as fout:
            writer = csv.writer(fout)
            results = ThreatIndicator.objects(
                fields=ThreatIndicator._fields,
                limit=1000,
                text=s.text,
                strict_text=s.strict_text,
                threat_type=s.threat_type,
                type_=s.type,
                since=since_param_string,
                until=until_param_string,
            )

            fields_list = [
                TI.ID,
                TI.INDICATOR,
                TI.TYPE,
            ]

            # Headers
            writer.writerow(map(utils.convert_to_header,fields_list))
            for result in results:
                writer.writerow(
                    map(lambda x: utils.get_data_field(x, result), fields_list)
                )
def get_results(options):
    '''
    Builds a query string based on the specified options and runs it.
    '''

    if options.since is None or options.until is None:
        raise Exception('You must specify both "since" and "until" values')

    results = ThreatIndicator.objects(threat_type=tt.COMPROMISED_CREDENTIAL, type_=t.EMAIL_ADDRESS, limit=options.limit,
                                      fields=['indicator', 'passwords'], since=options.since, until=options.until)
    return results
Ejemplo n.º 4
0
    def sendToThreatExchange(self,
                            ipaddress=None,
                            comment='malicious IP'):
        try:
            if ipaddress is not None and self.options is not None:

                maliciousActor=ThreatIndicator()
                maliciousActor.indicator= ipaddress
                maliciousActor.threat_type="MALICIOUS_IP"
                maliciousActor.type="IP_ADDRESS"
                maliciousActor.share_level="GREEN"
                maliciousActor.status="MALICIOUS"
                maliciousActor.privacy_type="VISIBLE"
                maliciousActor.description= comment
                maliciousActor.save()

                sys.stdout.write('Sent {0} to threat exchange server\n'.format(ipaddress))

        except Exception as e:
            sys.stderr.write('Error while sending to threatexchange %s: %r\n' % (ipaddress, e))
Ejemplo n.º 5
0
def indicators_main(args):
    """
    Call the /threat_indicators API endpoint and print the results.

    :param args: Command line arguments
    :type args: ArgumentParser    
    """
    indicators = ThreatIndicator.objects(text=args.text, strict_text=args.strict_text, limit=args.limit, 
        type_=args.type, threat_type=args.threat_type, 
        since=args.since, until=args.until, dict_generator=True)
    for indicator in indicators:
        sys.stdout.write(json.dumps(indicator))
        sys.stdout.write('\n')
def get_results(options):
    '''
    Builds a query string based on the specified options and runs it.
    '''

    if options.since is None or options.until is None:
        raise Exception('You must specify both "since" and "until" values')

    results = ThreatIndicator.objects(type_=t.EMAIL_ADDRESS,
                                      limit=options.limit,
                                      fields=['indicator', 'passwords'],
                                      since=options.since,
                                      until=options.until)
    return results
Ejemplo n.º 7
0
def get_results(options):
    '''
    Builds a query string based on the specified options and runs it.
    '''

    if options.since is None or options.until is None:
        raise Exception('You must specify both "since" and "until" values')

    query = {
        'threat_type': tt.COMPROMISED_CREDENTIAL,
        'type': t.EMAIL_ADDRESS,
        'fields': 'indicator,passwords',
        'since': options.since,
        'until': options.until,
    }

    results = ThreatIndicator.objects(__raw__=query, dict_generator=True)
    return results
Ejemplo n.º 8
0
def run_query(options, handle):
    start = int(time.time())
    print "READING %s%s" % (te.URL, te.THREAT_INDICATORS)

    # query = get_query(options)
    if not options.type and not options.text:
        raise Exception("You must specify either a type or text")

    count = 0
    results = ThreatIndicator.objects(__raw__=options.__dict__, dict_generator=True)
    for result in results:
        process_results(handle, result)
        count += 1

    end = int(time.time())
    print ("SUCCESS: Got %d indicators in %d seconds" % (count, end - start))

    return
Ejemplo n.º 9
0
def run_query(options, handle):
    start = int(time.time())
    print 'READING %s%s' % (te.URL, te.THREAT_INDICATORS)

    # query = get_query(options)
    if not options.type and not options.text:
        raise Exception('You must specify either a type or text')

    count = 0
    results = ThreatIndicator.objects(__raw__=options.__dict__, dict_generator=True)
    for result in results:
        process_results(handle, result)
        count += 1

    end = int(time.time())
    print ('SUCCESS: Got %d indicators in %d seconds' %
           (count, end - start))

    return
def get_results(options):
    '''
    Builds a query string based on the specified options and runs it.
    '''

    if options.since is None or options.until is None:
        raise Exception('You must specify both "since" and "until" values')


    query = {
        'threat_type': tt.COMPROMISED_CREDENTIAL,
        'type' : t.EMAIL_ADDRESS,
        'fields' : 'indicator,passwords',
        'since' : options.since,
        'until' : options.until,
    }

    results = ThreatIndicator.objects(__raw__=query, dict_generator=True)
    return results
Ejemplo n.º 11
0
    def sendToThreatExchange(self, ipaddress=None, comment='malicious IP'):
        try:
            if ipaddress is not None and self.options is not None:

                maliciousActor = ThreatIndicator()
                maliciousActor.indicator = ipaddress
                maliciousActor.threat_type = "MALICIOUS_IP"
                maliciousActor.type = "IP_ADDRESS"
                maliciousActor.share_level = "GREEN"
                maliciousActor.status = "MALICIOUS"
                maliciousActor.privacy_type = "VISIBLE"
                maliciousActor.description = comment
                maliciousActor.save()

                sys.stdout.write(
                    'Sent {0} to threat exchange server\n'.format(ipaddress))

        except Exception as e:
            sys.stderr.write('Error while sending to threatexchange %s: %r\n' %
                             (ipaddress, e))
Ejemplo n.º 12
0
    handle.write(json.dumps(data))
    handle.write('\n')


def run_query(options, handle):
    try:
        start = int(time.time())
        print 'READING %s%s' % (te.URL, te.THREAT_INDICATORS)
        query = get_query(options)
    except Exception, e:
        print str(e)
        sys.exit(1)

    count = 0
    results = ThreatIndicator.objects(__raw__=query, dict_generator=True)
    for result in results:
        process_results(handle, result)
        count += 1

    try:
        end = int(time.time())
        print('SUCCESS: Got %d indicators in %d seconds' %
              (count, end - start))

        if handle:
            handle.close()
    except Exception as e:
        print(str(e))

    return
Ejemplo n.º 13
0
        return

    handle.write(json.dumps(data))
    handle.write('\n')

def run_query(options, handle):
    try:
        start = int(time.time())
        print 'READING %s%s' % (te.URL, te.THREAT_INDICATORS)
        query = get_query(options)
    except Exception, e:
        print str(e)
        sys.exit(1)

    count = 0
    results = ThreatIndicator.objects(__raw__=query, dict_generator=True)
    for result in results:
        process_results(handle, result)
        count += 1

    try:
        end = int(time.time())
        print ('SUCCESS: Got %d indicators in %d seconds' %
            (count, end-start))

        if handle:
            handle.close()
    except Exception as e:
        print (str(e))

    return