def ipv4_matchkeywords(ipv4): ret_match = '' # Given an IPv4 address, pull 30 days worth of messages that contain the indicator and see what keywords are found then = common_functions.queryrange(30) json = ''' {"size" : 10000, "query": { "match": { "ipv4":{"query":"'''+ipv4+'''"} } }} ''' res = es.search(index=es_collection_name, body=json) keywords_list = keywords.split('\n') for keyword in keywords_list: if keyword.strip() == '': continue regex = r"\b(?=\w)" + re.escape(keyword) + r"\b(?!\w)" #print 'Looking at keyword: '+keyword #print 'Compiled this regex: '+regex for hit in res['hits']['hits']: rawtext = hit["_source"]['message_text'] if re.search(regex, rawtext, re.IGNORECASE): if not re.search(r"\:?" + re.escape(keyword) + r"\:", ret_match): ret_match += keyword+':' if ret_match.endswith(":"): ret_match = ret_match[:-1] return ret_match
def gen_wordcloud(): then = common_functions.queryrange(1) body = '''{ "size" : 10000, "query": { "constant_score": { "filter": { "range": { "epoch": { "from": ''' + then + ''' } } } } } }''' text = common_functions.pull_mailtext_24hrs(es, es_collection_name, body, keywords_list).lower() print text print wc = WordCloud(background_color="white", max_words=40) fileloc = "/home/pierre/es_email_intel/wordcloud.png" try: wc.generate(text) wc.to_file(fileloc) print 'Finished!' return except: target = open(fileloc, 'w') target.truncate() target.close() print 'Except!' return
def gen_wordcloud(): then = common_functions.queryrange(1) body = '''{ "size" : 10000, "query": { "constant_score": { "filter": { "range": { "epoch": { "from": '''+then+''' } } } } } }''' text = common_functions.pull_mailtext_24hrs(es, es_collection_name, body, keywords_list).lower() print text print wc = WordCloud(background_color="white", max_words=40) fileloc = "/home/pierre/es_email_intel/wordcloud.png" try: wc.generate(text) wc.to_file(fileloc) print 'Finished!' return except: target = open(fileloc, 'w') target.truncate() target.close() print 'Except!' return
part = MIMEBase('application', "octet-stream") part.set_payload(report_contents) Encoders.encode_base64(part) part.add_header('Content-Disposition', 'attachment; filename="report.html"') msg.attach(part) server = smtplib.SMTP(EMAIL_SERVER) server.sendmail(EMAIL_FROM, EMAIL_TO, msg.as_string()) es_server = '192.168.3.208' es = Elasticsearch([{'host': es_server, 'port': 9200}]) es_collection_name = 'mail2json' then = common_functions.queryrange(1) body = '''{ "size" : 10000, "query": { "constant_score": { "filter": { "range": { "epoch": { "from": '''+then+''' } } } } } }'''
Encoders.encode_base64(part) part.add_header('Content-Disposition', 'attachment; filename="report.html"') msg.attach(part) server = smtplib.SMTP(EMAIL_SERVER) server.sendmail(EMAIL_FROM, EMAIL_TO, msg.as_string()) es_server = '192.168.3.208' es = Elasticsearch([{'host': es_server, 'port': 9200}]) es_collection_name = 'mail2json' then = common_functions.queryrange(1) body = '''{ "size" : 10000, "query": { "constant_score": { "filter": { "range": { "epoch": { "from": ''' + then + ''' } } } } } }'''
part.set_payload(report_contents) Encoders.encode_base64(part) part.add_header('Content-Disposition', 'attachment; filename="report.html"') msg.attach(part) server = smtplib.SMTP(EMAIL_SERVER) server.sendmail(EMAIL_FROM, EMAIL_TO, msg.as_string()) es_server = '192.168.3.208' es = Elasticsearch([{'host': es_server, 'port': 9200}]) es_collection_name = 'mail2json' then = common_functions.queryrange(1) # Replace this when done testing body = '''{ "size" : 10000, "query": { "constant_score": { "filter": { "range": { "epoch": { "from": '''+then+''' } } } } } }'''
Encoders.encode_base64(part) part.add_header('Content-Disposition', 'attachment; filename="report.html"') msg.attach(part) server = smtplib.SMTP(EMAIL_SERVER) server.sendmail(EMAIL_FROM, EMAIL_TO, msg.as_string()) es_server = '192.168.3.208' es = Elasticsearch([{'host': es_server, 'port': 9200}]) es_collection_name = 'mail2json' then = common_functions.queryrange(1) # Replace this when done testing body = '''{ "size" : 10000, "query": { "constant_score": { "filter": { "range": { "epoch": { "from": ''' + then + ''' } } } } } }'''