def pre_top_spyware(pa_hostname, key): reportname = 'top-spyware-threats' top_spyware = pamod.pa_pred_report(pa_hostname, key, reportname) entry_list = [] root = ET.fromstring(top_spyware) for result in root: for entry in result: entry_dic = {} for data in entry: entry_dic[data.tag] = data.text entry_list.append(entry_dic) # Maltego XML Output print "<MaltegoMessage>\n<MaltegoTransformResponseMessage>" print "\t<Entities>" for dic in entry_list: print """ <Entity Type="pamalt.paThreat"> <Value>%s</Value> <AdditionalFields> <Field Name="tid" DisplayName="Threat ID">%s</Field> <Field Name="count" DisplayName="Count">%s</Field> </AdditionalFields> </Entity>""" % (dic['threatid'], dic['tid'], dic['count']) print "\t</Entities>" print "</MaltegoTransformResponseMessage>\n</MaltegoMessage>"
def pre_top_attackers(pa_hostname, key): reportname = 'top-attackers' topattackers = pamod.pa_pred_report(pa_hostname, key, reportname) entry_list = [] root = ET.fromstring(topattackers) for result in root: for entry in result: entry_dic = {} for data in entry: entry_dic[data.tag] = data.text entry_list.append(entry_dic) # Maltego XML Output print "<MaltegoMessage>\n<MaltegoTransformResponseMessage>" print "\t<Entities>" for dic in entry_list: print """ <Entity Type="maltego.IPv4Address"> <Value>%s</Value> <AdditionalFields> <Field Name="count" DisplayName="Count">%s</Field> <Field Name="user" DisplayName="User">%s</Field> <Field Name="resolved" DisplayName="Resolved Hostname">%s</Field> </AdditionalFields> </Entity>""" % (dic['src'], dic['count'], dic['srcuser'], dic['resolved-src']) print "\t</Entities>" print "</MaltegoTransformResponseMessage>\n</MaltegoMessage>"