def dotransform(request, response):
# Check PAN Authentication AND KEY
key = pamod.get_login()
# Get report XML response and parse XML
root = ET.fromstring(pamod.pa_pred_report('top-attackers', key))
entry_list = []
for result in root:
for entry in result:
entry_dic = {}
for data in entry:
entry_dic[data.tag] = data.text
entry_list.append(entry_dic)
for d in entry_list:
response += IPv4Address(
d['src'],
user=d['srcuser'],
resolved=d['resolved-src'],
count=d['count']
)
return response
def dotransform(request, response):
# Check PAN Authentication AND KEY
key = pamod.get_login()
# Create and submit the query to the API and return the jobid
ip_entity = request.value
query = '(addr.dst in %s) or (addr.src in %s)' % (ip_entity, ip_entity)
jobid = pamod.pa_log_query('threat', key, query)
sleep(5)
# Loop function to check if the log query job is done
root = ET.fromstring(pamod.pa_log_get(jobid, key))
for status in root.findall(".//job/status"):
while status.text == 'ACT':
sleep(5)
root = ET.fromstring(pamod.pa_log_get(jobid, key))
for status in root.findall(".//job/status"):
if status.text == 'FIN':
break
# parse the log data and create dictionaries stored in a list for each individual log
log_list = []
for entry in root.findall(".//log/logs/entry"):
entry_dic = {}
for data in entry:
entry_dic[data.tag] = data.text
log_list.append(entry_dic)
# Create the Maltego Entity
threat_list = []
for d in log_list:
if d['threatid'] not in threat_list:
response += paThreat(
d['threatid'],
tid=d['tid'],
ipsrc=d['src'],
ipdst=d['dst']
)
threat_list.append(d['threatid'])
return response
def dotransform(request, response):
# Check PAN Authentication AND KEY
key = pamod.get_login()
# Create and submit the query to the API and return the jobid
tid = request.fields['tid']
query = '(threatid eq %s)' % (tid)
jobid = pamod.pa_log_query('threat', key, query)
sleep(5)
# Loop function to check if the log query job is done
root = ET.fromstring(pamod.pa_log_get(jobid, key))
for status in root.findall(".//job/status"):
while status.text == 'ACT':
sleep(5)
root = ET.fromstring(pamod.pa_log_get(jobid, key))
for status in root.findall(".//job/status"):
if status.text == 'FIN':
break
# parse the log data and create dictionaries stored in a list for each individual log
log_list = []
for entry in root.findall(".//log/logs/entry"):
entry_dic = {}
for data in entry:
entry_dic[data.tag] = data.text
log_list.append(entry_dic)
# Create the Maltego Entity
ip_list = []
for d in log_list:
if d['src'] not in ip_list:
response += IPv4Address(
d['src'],
tid=d['tid'],
ipsrc=d['dst'],
)
ip_list.append(d['src'])
return response
def dotransform(request, response):
# Check PAN Authentication AND KEY
key = pamod.get_login()
# Get report XML response and parse XML
root = ET.fromstring(pamod.pa_pred_report('top-spyware-threats', key))
entry_list = []
for result in root:
for entry in result:
entry_dic = {}
for data in entry:
entry_dic[data.tag] = data.text
entry_list.append(entry_dic)
for d in entry_list:
response += paThreat(d['threatid'], tid=d['tid'], count=d['count'])
return response
def dotransform(request, response):
# Check PAN Authentication AND KEY
key = pamod.get_login()
# Get report XML response and parse XML
root = ET.fromstring(pamod.pa_pred_report("top-attacks", key))
entry_list = []
for result in root:
for entry in result:
entry_dic = {}
for data in entry:
entry_dic[data.tag] = data.text
entry_list.append(entry_dic)
for d in entry_list:
response += paThreat(d["threatid"], tid=d["tid"], subtype=d["subtype"], count=d["count"])
return response
def dotransform(request, response):
# Check PAN Authentication AND KEY
key = pamod.get_login()
# Get report XML response and parse XML
root = ET.fromstring(pamod.pa_pred_report('top-victims', key))
entry_list = []
for result in root:
for entry in result:
entry_dic = {}
for data in entry:
entry_dic[data.tag] = data.text
entry_list.append(entry_dic)
for d in entry_list:
response += IPv4Address(d['dst'],
user=d['dstuser'],
resolved=d['resolved-dst'],
count=d['count'])
return response
def dotransform(request, response):
# Check PAN Authentication AND KEY
key = pamod.get_login()
# Get report XML response and parse XML
root = ET.fromstring(pamod.pa_pred_report('top-spyware-threats', key))
entry_list = []
for result in root:
for entry in result:
entry_dic = {}
for data in entry:
entry_dic[data.tag] = data.text
entry_list.append(entry_dic)
for d in entry_list:
response += paThreat(
d['threatid'],
tid=d['tid'],
count=d['count']
)
return response
