def pre_top_spyware(pa_hostname, key):
reportname = 'top-spyware-threats'
top_spyware = pamod.pa_pred_report(pa_hostname, key, reportname)
entry_list = []
root = ET.fromstring(top_spyware)
for result in root:
for entry in result:
entry_dic = {}
for data in entry:
entry_dic[data.tag] = data.text
entry_list.append(entry_dic)
# Maltego XML Output
print "<MaltegoMessage>\n<MaltegoTransformResponseMessage>"
print "\t<Entities>"
for dic in entry_list:
print """ <Entity Type="pamalt.paThreat">
<Value>%s</Value>
<AdditionalFields>
<Field Name="tid" DisplayName="Threat ID">%s</Field>
<Field Name="count" DisplayName="Count">%s</Field>
</AdditionalFields>
</Entity>""" % (dic['threatid'], dic['tid'], dic['count'])
print "\t</Entities>"
print "</MaltegoTransformResponseMessage>\n</MaltegoMessage>"
def pre_top_attackers(pa_hostname, key):
reportname = 'top-attackers'
topattackers = pamod.pa_pred_report(pa_hostname, key, reportname)
entry_list = []
root = ET.fromstring(topattackers)
for result in root:
for entry in result:
entry_dic = {}
for data in entry:
entry_dic[data.tag] = data.text
entry_list.append(entry_dic)
# Maltego XML Output
print "<MaltegoMessage>\n<MaltegoTransformResponseMessage>"
print "\t<Entities>"
for dic in entry_list:
print """ <Entity Type="maltego.IPv4Address">
<Value>%s</Value>
<AdditionalFields>
<Field Name="count" DisplayName="Count">%s</Field>
<Field Name="user" DisplayName="User">%s</Field>
<Field Name="resolved" DisplayName="Resolved Hostname">%s</Field>
</AdditionalFields>
</Entity>""" % (dic['src'], dic['count'], dic['srcuser'], dic['resolved-src'])
print "\t</Entities>"
print "</MaltegoTransformResponseMessage>\n</MaltegoMessage>"
