MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fireampbaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'MD5 (Detection)') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("FireAMP.FireAMPMD5Detection",entry); ## Edit HEre
e.addAdditionalFields("CSV File",filepath,True,filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fabaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'IP') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("jc.ip", entry)
## Edit HEre
e.addAdditionalFields("CSV File", filepath, True, filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fabaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'Filename (Parent)') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("jc.FilenameParent", entry)
## Edit HEre
e.addAdditionalFields("CSV File", filepath, True, filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fabaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'SHA-256 (Parent)') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("jc.SHA-256Parent", entry)
## Edit HEre
e.addAdditionalFields("CSV File", filepath, True, filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fireampbaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'SHA-256 (Detection)') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("FireAMP.FireAMPSHA256Detection", entry)
## Edit HEre
e.addAdditionalFields("CSV File", filepath, True, filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fabaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'MD5 (Parent)') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("jc.MD5Parent", entry)
## Edit HEre
e.addAdditionalFields("CSV File", filepath, True, filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fabaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'Hostname') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("jc.Hostname", entry)
## Edit HEre
e.addAdditionalFields("CSV File", filepath, True, filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fireampbaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'Filepath') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("FireAMP.FireAMPFilepath",entry); ## Edit HEre
e.addAdditionalFields("CSV File",filepath,True,filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fabaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'Detection Name') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("jc.DetectionName", entry)
## Edit HEre
e.addAdditionalFields("CSV File", filepath, True, filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fabaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'Time') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("jc.Time", entry)
## Edit HEre
e.addAdditionalFields("CSV File", filepath, True, filepath)
MT.returnOutput()
import sys
from MaltegoTransform import *
import fa_parser as fa
column = sys.argv[1]
filepath = sys.argv[2]
MT = MaltegoTransform()
data = fa.parseCSV(filepath)
##########################################################################
if column == 'MD5 (Detection)':
result = fa.ItemsCounts(data, column)
for entry in result:
e = MT.addEntity("jc.MD5Detection", entry)
e.addAdditionalFields("CSV File", filepath, True, filepath)
##########################################################################
elif column == 'Filename (Parent)':
result = fa.ItemsCounts(data, column)
for entry in result:
e = MT.addEntity("jc.FilenameParent", entry)
e.addAdditionalFields("CSV File", filepath, True, filepath)
##########################################################################
elif column == 'Filepath':
result = fa.ItemsCounts(data, column)
for entry in result:
e = MT.addEntity("jc.Filepath", entry)
e.addAdditionalFields("CSV File", filepath, True, filepath)
##########################################################################
elif column == 'Remote IP':
result = fa.ItemsCounts(data, column)
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fireampbaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'Remote IP') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("FireAMP.FireAMPRemoteIP",entry); ## Edit HEre
e.addAdditionalFields("CSV File",filepath,True,filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fabaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'Event Type') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("jc.EventType", entry)
## Edit HEre
e.addAdditionalFields("CSV File", filepath, True, filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fabaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'Port') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("jc.Port", entry)
## Edit HEre
e.addAdditionalFields("CSV File", filepath, True, filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fireampbaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'File Name') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("FireAMP.FireAMPFilename", entry)
## Edit HEre
e.addAdditionalFields("CSV File", filepath, True, filepath)
MT.returnOutput()
