def output(domain, list, type):
if type == "json":
print "Saving output in JSON file"
data = {"domainsdetected": list}
with open("[O365Squatting]" + domain + "_report.json", 'w') as outfile:
json.dump(data, outfile)
print "JSON file generated successfully!!!"
if type == "csv":
print "Saving output in CSV file"
outputcsv = open('[O365Squatting]' + domain + '_report.csv', 'w')
outputline = csv.writer(outputcsv, delimiter=',')
outputline.writerow(['Domain', 'Detected'])
for i in list:
outputline.writerow([i.encode('utf-8'), 'Detected!'])
outputcsv.close()
print "CSV file generated successfully!!"
if type == "cef":
print "Saving output in CEF format"
f = open("[O365Squatting]" + domain + "CEF.log", "w")
listofentries = []
for i in list:
entry = 'CEF:0|O365Squatting|O365 Squatting Script|1|2|Domain squatting in Microsoft detected|3| DomainDetected=' + i
f.write(str(pycef.parse(entry)) + "\n")
f.close()
print "CEF log file generated succesfully!!!"
def test_cef_format(self):
'''
Test cases for properly formatted CEF samples.
'''
with open("tests/testdata.cef", "r") as f:
for l in f.readlines():
d = pycef.parse(l)
d_ref = CEF_REFERENCE_DATA.pop()
self.assertDictEqual(d, d_ref)
def test_cef_format(self):
'''
Test cases for properly formatted CEF samples.
'''
with open("tests/testdata.cef", "r") as f:
for l in f.readlines():
d = pycef.parse(l)
d_ref = CEF_REFERENCE_DATA.pop()
self.assertDictEqual(d, d_ref)
def test_syslog_format(self):
'''
Test cases for syslog-formatted CEF samples (i.e., with syslog header
junk at the beginning of each line)
'''
with open("tests/testdata-syslog.txt", "r") as f:
for l in f.readlines():
d = pycef.parse(l)
d_ref = SYSLOG_REFERENCE_DATA.pop()
self.assertDictEqual(d, d_ref)
def parse_cef_logs_to_dict_logs(self, response):
logs_list_in_cef_format = response.get('Data', {}).get('Logs', [])
parsed_logs_list = []
for log in logs_list_in_cef_format:
parsed_log = pycef.parse(log)
if parsed_log:
parsed_trendmicro_log = self.fix_log_headers(parsed_log)
parsed_logs_list.append(parsed_trendmicro_log)
return parsed_logs_list
def test_pipes(self):
'''
Test to ensure that embedded pipe symbols in the values don't interfere
with parsing the CEF record.
'''
with open("tests/testdata-pipes.cef", "r") as f:
for l in f.readlines():
d = pycef.parse(l)
d_ref = REFERENCE_DATA.pop()
self.assertDictEqual(d, d_ref)
def test_syslog_format(self):
'''
Test cases for syslog-formatted CEF samples (i.e., with syslog header
junk at the beginning of each line)
'''
with open("tests/testdata-syslog.txt", "r") as f:
for l in f.readlines():
d = pycef.parse(l)
d_ref = SYSLOG_REFERENCE_DATA.pop()
self.assertDictEqual(d, d_ref)
def test_pipes(self):
'''
Test to ensure that embedded pipe symbols in the values don't interfere
with parsing the CEF record.
'''
with open("tests/testdata-pipes.cef", "r") as f:
for l in f.readlines():
d = pycef.parse(l)
d_ref = REFERENCE_DATA.pop()
self.assertDictEqual(d, d_ref)
def GetResults(self):
"""
Find out where the results went, read, parse and return them if possible.
"""
ofile = self.GetConfig("filename")
out = []
with open(os.path.join(self.root, "log", ofile)) as fp:
for line in fp.readlines():
data = line.strip()
if not data: continue
if data.startswith("CEF"):
out.append(pycef.parse(data))
continue
m = self.keyval_rex.match(data)
if m:
out.append(m.groupdict())
continue
out.append(json.loads(data))
return out
def test_pipes(self):
with open("tests/testdata-pipes.cef", "r") as f:
for l in f.readlines():
d = pycef.parse(l)
d_ref = REFERENCE_DATA.pop()
self.assertDictEqual(d, d_ref)
import pycef cef = "Jul 14 2020 00:49:42 myvxkp.manage.trendmicro.com CEF:0|Trend Micro|Apex Central|2019|WB:36|36|3|deviceExternalId=1 rt=Jun 21 2020 07:56:09 GMT+00:00 app=5 cnt=1 dpt=80 act=2 src=10.128.0.11 cs1Label=SLF_PolicyName cs1=Internal User Policy deviceDirection=2 cat=36 dvchost=CU-PRO1-8254-2 request=http://www.eicar.org/download/eicar.com.txt duser=TRENDMICROAPEX-\\admin shost=TRENDMICROAPEX- deviceProcessName=C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe cn3Label=Web_Reputation_Rating cn3=49 deviceFacility=Apex One cn2Label=SLF_SeverityLevel cn2=100 " a = pycef.parse(cef)