def process(self): report = self.receive_message() if report: for row in report.split('\n'): row = row.strip() if len(row) == 0 or not row.startswith('http'): continue url_object = urlparse.urlparse(row) if not url_object: continue url = url_object.geturl() hostname = url_object.hostname port = url_object.port event = Event() event.add("source_url", url) event.add("source_domain_name", hostname) if port: event.add("source_port", str(port)) event.add('feed', 'vxvault') event.add('feed_url', 'http://vxvault.siri-urz.net/URL_List.php') event.add('type', 'malware') event = utils.generate_source_time(event, "source_time") event = utils.generate_observation_time(event, "observation_time") event = utils.generate_reported_fields(event) self.send_message(event) self.acknowledge_message()
def process(self): report = self.receive_message() if report: for row in report.split('\n'): row = row.strip() if len(row) == 0 or row.startswith('other'): continue row = row.split() event = Event() columns = ["source_ip"] for key, value in zip(columns, row): event.add(key, value) event.add('feed', 'arbor') event.add('feed_url', 'http://atlas-public.ec2.arbor.net/public/ssh_attackers') event.add('type', 'brute-force') event = utils.generate_source_time(event, "source_time") event = utils.generate_observation_time(event, "observation_time") event = utils.generate_reported_fields(event) self.send_message(event) self.acknowledge_message()
def process(self): report = self.receive_message() if report: for row in report.split('\n'): row = row.strip() if len(row) == 0 or not row.startswith('<td style'): continue m = re.search("color: black;\">(\d+.\d+.\d+.\d+)</span></td><td>(.*)</td>", row) if m: event = Event() event.add("source_ip", m.group(1)) event.add('feed', 'netflowhtml') event.add('feed_url', 'https://tc.edu.tw/net/netflow/lkout/recent/1') event.add('type', m.group(2)) event = utils.generate_source_time(event, "source_time") event = utils.generate_observation_time(event, "observation_time") event = utils.generate_reported_fields(event) self.send_message(event) self.acknowledge_message()
def process(self): report = self.receive_message() self.logger.info(report) if report: #m = json.loads(report) m = report event = Event() for k in m.keys(): event.add(k, m.value(k)) event.add('feed', 'hpfeed') event.add('feed_url', m.value("sensorname")) event = utils.generate_source_time(event, "source_time") event = utils.generate_observation_time(event, "observation_time") event = utils.generate_reported_fields(event) self.send_message(event) self.acknowledge_message()