def dotransform(request, response): try: items=ast.literal_eval(request.fields['resolutions']) except: return response for item in items: last=item['last_resolved'] host=item['hostname'] r=Domain(host) r.linklabel=last response+=r return response
def dotransform(request, response): if request.fields['behavioral'] != "": try: behavior = ast.literal_eval(request.fields['behavior_data']) except Exception as e: debug("Entity has no behavioral data") return response if behavior.has_key("network"): if behavior['network'].has_key('dns'): for item in behavior['network']['dns']: host = Domain(item['hostname']) host.linklabel = "vt_behav->hosts" response += host if item.has_key('ip'): ip = IPv4Address(item['ip']) ip.linklabel = "vt_behav->hosts" response += ip if behavior['network'].has_key('tcp'): for item in behavior['network']['tcp']: conn = item.split(":") r = IPv4Address(conn[0]) r.linklabel = "vt_behav->hosts_tcp (%s)" % str(conn[1]) response += r if behavior['network'].has_key('udp'): for item in behavior['network']['udp']: conn = item.split(":") r = IPv4Address(conn[0]) r.linklabel = "vt_behav->hosts_udp (%s)" % str(conn[1]) response += r if behavior['network'].has_key('http'): for item in behavior['network']['http']: r = URL(item['url']) r.url = item['url'] r.linklabel = "vt_behav->hosts_http (%s)" % item['method'] response += r else: debug("ripVT: No behavioral for %s" % request.value) return response
def dotransform(request, response): ns = request.value results = query('-n', ns, 0, 'n') for result in results: data = json.loads(result) if data.has_key('rrname'): if data.has_key('time_first'): first = data['time_first'] last = data['time_last'] elif data.has_key('zone_time_first'): first = data['zone_time_first'] last = data['zone_time_last'] fnice = datetime.datetime.fromtimestamp(int(first)).strftime('%m-%d-%Y') lnice = datetime.datetime.fromtimestamp(int(last)).strftime('%m-%d-%Y') e = Domain(data['rrname'].rstrip('.')) e.linklabel = fnice + ' - ' + lnice response += e return response
def dotransform(request, response): ns = request.value results = query('-n', ns, 0, 'n') for result in results: data = json.loads(result) if data.has_key('rrname'): if data.has_key('time_first'): first = data['time_first'] last = data['time_last'] elif data.has_key('zone_time_first'): first = data['zone_time_first'] last = data['zone_time_last'] fnice = datetime.datetime.fromtimestamp( int(first)).strftime('%m-%d-%Y') lnice = datetime.datetime.fromtimestamp( int(last)).strftime('%m-%d-%Y') e = Domain(data['rrname'].rstrip('.')) e.linklabel = fnice + ' - ' + lnice response += e return response