MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fabaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'IP') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("jc.ip", entry)
## Edit HEre
e.addAdditionalFields("CSV File", filepath, True, filepath)
MT.returnOutput()
MT = MaltegoTransform()
MT.parseArguments(sys.argv)
#########################################
## lookup fieldname of sending request ##
#########################################
field = None
filepath = None
for x in MT.values:
if x == 'properties.fireampbaseentity': continue
if x.startswith('properties.'):
field = fa.fieldLookup(x)
if x.startswith('CSV File'):
filepath = MT.values[x].replace("\\\\", "\\")
#############################
## Get the correlated data ##
#############################
data = fa.parseCSV(filepath)
query = fa.correlate(data, field, value)
result = fa.ItemsCounts(query, 'MD5 (Detection)') ## Edit Here
####################
## Submit Results ##
####################
for entry in result:
e = MT.addEntity("FireAMP.FireAMPMD5Detection",entry); ## Edit HEre
e.addAdditionalFields("CSV File",filepath,True,filepath)
MT.returnOutput()
