Python Indicator.reference_tlpの例

コード例 #1

ファイル: spamhaus_ip.py プロジェクト: noodled/verbose-robot

def process(i):
    if not ENABLED:
        return

    if i.itype not in ['ipv4', 'ipv6']:
        return

    if i.provider == 'spamhaus.org' and not is_ipv4_net(i.indicator):
        return

    try:
        r = _resolve(i.indicator)
    except Exception as e:
        return

    r = CODES.get(str(r), None)
    if not r:
        return

    f = Indicator(**i.__dict__())

    f.tags = [r['tags']]
    f.description = r['description']
    f.confidence = CONFIDENCE
    f.provider = PROVIDER
    f.reference_tlp = 'white'
    f.reference = 'http://www.spamhaus.org/query/bl?ip={}'.format(f.indicator)
    f.lasttime = arrow.utcnow()
    f.probability = 0
    return f

コード例 #2

ファイル: spamhaus_fqdn.py プロジェクト: pombredanne/bearded-avenger

    def process(self, i, router):
        if i.itype == 'fqdn' and i.provider != 'spamhaus.org':
            try:
                r = self._resolve(i.indicator)
                self.logger.debug(r)
                try:
                    r = CODES[r]
                except Exception as e:
                    # https://www.spamhaus.org/faq/section/DNSBL%20Usage
                    self.logger.error(e)
                    self.logger.info('check spamhaus return codes')
                    r = None

                if r:
                    f = Indicator(**i.__dict__)

                    f.tags = [r['tags']]
                    f.description = r['description']
                    f.confidence = CONFIDENCE
                    f.provider = PROVIDER
                    f.reference_tlp = 'white'
                    f.reference = 'http://www.spamhaus.org/query/dbl?domain={}'.format(
                        f.indicator)
                    x = router.indicators_create(f)
                    self.logger.debug(x)
            except KeyError as e:
                self.logger.error(e)
            except dns.resolver.NoAnswer:
                self.logger.debug('no answer...')
            except dns.resolver.NXDOMAIN:
                self.logger.debug('nxdomain...')
            except EmptyLabel:
                self.logger.error('empty label: {}'.format(i.indicator))

コード例 #3

def process(i):
    if not ENABLED:
        return

    if i.itype != 'fqdn':
        return

    if i.provider == 'spamhaus.org':
        return

    r = _resolve(i.indicator)
    r = CODES.get(str(r), None)

    if not r:
        return

    confidence = CONFIDENCE
    if ' legit ' in r['description']:
        confidence = 1

    f = Indicator(**i.__dict__())

    f.tags = [r['tags']]
    f.description = r['description']
    f.confidence = confidence
    f.provider = PROVIDER
    f.reference_tlp = 'white'
    f.reference = 'http://www.spamhaus.org/query/dbl?domain={}'.format(
        f.indicator)
    f.lasttime = arrow.utcnow()
    f.probability = 0
    return f

コード例 #4

ファイル: spamhaus_ip.py プロジェクト: richardmaize/bearded-avenger

    def process(self, i, router):
        if i.itype != 'ipv4' and i.itype != 'ipv6':
            return

        if i.provider == 'spamhaus.org' and not is_ipv4_net(i.indicator):
            return

        try:
            r = self._resolve(i.indicator)
            try:
                r = CODES.get(str(r), None)
            except Exception as e:
                # https://www.spamhaus.org/faq/section/DNSBL%20Usage
                self.logger.error(e)
                self.logger.info('check spamhaus return codes')
                r = None

            if r:
                f = Indicator(**i.__dict__())

                f.tags = [r['tags']]
                f.description = r['description']
                f.confidence = CONFIDENCE
                f.provider = PROVIDER
                f.reference_tlp = 'white'
                f.reference = 'http://www.spamhaus.org/query/bl?ip={}'.format(
                    f.indicator)
                x = router.indicators_create(f)

        except Exception as e:
            self.logger.error(e)
            import traceback
            traceback.print_exc()

コード例 #5

ファイル: spamhaus_fqdn.py プロジェクト: vladoros/bearded-avenger

    def process(self, i, router):
        if i.itype == 'fqdn' and i.provider != 'spamhaus.org':
            try:
                r = self._resolve(i.indicator)
                try:
                    r = CODES.get(str(r), None)
                except Exception as e:
                    # https://www.spamhaus.org/faq/section/DNSBL%20Usage
                    self.logger.error(e)
                    self.logger.info('check spamhaus return codes')
                    r = None

                if r:
                    confidence = CONFIDENCE
                    if ' legit ' in r['description']:
                        confidence = 6

                    f = Indicator(**i.__dict__())

                    f.tags = [r['tags']]
                    f.description = r['description']
                    f.confidence = confidence
                    f.provider = PROVIDER
                    f.reference_tlp = 'white'
                    f.reference = 'http://www.spamhaus.org/query/dbl?domain={}'.format(f.indicator)
                    f.lasttime = arrow.utcnow()
                    x = router.indicators_create(f)
                    self.logger.debug(x)
            except KeyError as e:
                self.logger.error(e)

コード例 #6

ファイル: spamhaus_ip.py プロジェクト: csirtgadgets/bearded-avenger

    def process(self, i, router):
        if i.itype != 'ipv4' and i.itype != 'ipv6':
            return

        if i.provider == 'spamhaus.org' and not is_ipv4_net(i.indicator):
            return

        try:
            r = self._resolve(i.indicator)
            try:
                r = CODES.get(str(r), None)
            except Exception as e:
                # https://www.spamhaus.org/faq/section/DNSBL%20Usage
                self.logger.error(e)
                self.logger.info('check spamhaus return codes')
                r = None

            if r:
                f = Indicator(**i.__dict__())

                f.tags = [r['tags']]
                f.description = r['description']
                f.confidence = CONFIDENCE
                f.provider = PROVIDER
                f.reference_tlp = 'white'
                f.reference = 'http://www.spamhaus.org/query/bl?ip={}'.format(f.indicator)
                f.lasttime = arrow.utcnow()
                x = router.indicators_create(f)

        except Exception as e:
            self.logger.error(e)
            import traceback
            traceback.print_exc()

コード例 #7

ファイル: spamhaus_fqdn.py プロジェクト: makflwana/bearded-avenger

    def process(self, i, router):
        if i.itype == 'fqdn' and i.provider != 'spamhaus.org':
            try:
                r = self._resolve(i.indicator)

                try:
                    r = CODES[r]
                except Exception as e:
                    # https://www.spamhaus.org/faq/section/DNSBL%20Usage
                    self.logger.error(e)
                    self.logger.info('check spamhaus return codes')
                    r = None

                if r:
                    f = Indicator(**i.__dict__)

                    f.tags = [r['tags']]
                    f.description = r['description']
                    f.confidence = CONFIDENCE
                    f.provider = PROVIDER
                    f.reference_tlp = 'white'
                    f.reference = 'http://www.spamhaus.org/query/dbl?domain={}'.format(f.indicator)
                    x = router.indicators_create(f)
                    self.logger.debug(x)
            except KeyError as e:
                self.logger.error(e)
            except dns.resolver.NoAnswer:
                self.logger.info('no answer...')
            except dns.resolver.NXDOMAIN:
                self.logger.info('nxdomain...')
            except EmptyLabel:
                self.logger.error('empty label: {}'.format(i.indicator))

コード例 #8

ファイル: spamhaus_ip.py プロジェクト: makflwana/bearded-avenger

    def process(self, i, router):
        if (i.itype == 'ipv4' or i.itype == 'ipv6') and i.provider != 'spamhaus.org':
            try:
                r = self._resolve(i.indicator)
                try:
                    r = CODES.get(str(r), None)
                except Exception as e:
                    # https://www.spamhaus.org/faq/section/DNSBL%20Usage
                    self.logger.error(e)
                    self.logger.info('check spamhaus return codes')
                    r = None

                if r:
                    f = Indicator(**i.__dict__)

                    f.tags = [r['tags']]
                    f.description = r['description']
                    f.confidence = CONFIDENCE
                    f.provider = PROVIDER
                    f.reference_tlp = 'white'
                    f.reference = 'http://www.spamhaus.org/query/bl?ip={}'.format(f.indicator)
                    x = router.indicators_create(f)
                    self.logger.debug(x)
            except dns.resolver.NoAnswer:
                self.logger.info('no answer...')
            except dns.resolver.NXDOMAIN:
                self.logger.info('nxdomain...')
            except Exception as e:
                self.logger.error(e)
                import traceback
                traceback.print_exc()

コード例 #9

ファイル: spamhaus_ip.py プロジェクト: fl0x2208/bearded-avenger

    def process(self, i, router):
        if (i.itype == 'ipv4'
                or i.itype == 'ipv6') and i.provider != 'spamhaus.org':
            try:
                r = self._resolve(i.indicator)
                try:
                    r = CODES.get(str(r), None)
                except Exception as e:
                    # https://www.spamhaus.org/faq/section/DNSBL%20Usage
                    self.logger.error(e)
                    self.logger.info('check spamhaus return codes')
                    r = None

                if r:
                    f = Indicator(**i.__dict__)

                    f.tags = [r['tags']]
                    f.description = r['description']
                    f.confidence = CONFIDENCE
                    f.provider = PROVIDER
                    f.reference_tlp = 'white'
                    f.reference = 'http://www.spamhaus.org/query/bl?ip={}'.format(
                        f.indicator)
                    x = router.indicators_create(f)
                    self.logger.debug(x)
            except dns.resolver.NoAnswer:
                self.logger.info('no answer...')
            except dns.resolver.NXDOMAIN:
                self.logger.info('nxdomain...')
            except Exception as e:
                self.logger.error(e)
                import traceback
                traceback.print_exc()

コード例 #10

ファイル: spamhaus_ip.py プロジェクト: csirtgadgets/bearded-avenger

    def process(self, i, router, **kwargs):
        if 'search' in i.tags:
            return

        if i.itype != 'ipv4' and i.itype != 'ipv6':
            return

        if i.provider == 'spamhaus.org' and not is_ipv4_net(i.indicator):
            return

        try:
            r = self._resolve(i.indicator)
            try:
                r = CODES.get(str(r), None)
            except Exception as e:
                # https://www.spamhaus.org/faq/section/DNSBL%20Usage
                self.logger.error(e)
                self.logger.info('check spamhaus return codes')
                r = None

            if r:
                f = Indicator(**i.__dict__())

                f.tags = [r['tags']]
                if 'hunter' not in f.tags:
                    f.tags.append('hunter')
                f.description = r['description']
                f.confidence = CONFIDENCE
                f.provider = PROVIDER
                f.reference_tlp = 'white'
                f.reference = 'http://www.spamhaus.org/query/bl?ip={}'.format(
                    f.indicator)
                f.lasttime = f.reporttime = arrow.utcnow()
                x = router.indicators_create(f)
                self.logger.debug("Spamhaus IP: {}".format(x))

        except Exception as e:
            self.logger.error(
                "[Hunter: SpamhausIp] {}: giving up on indicator {}".format(
                    e, i))
            import traceback
            traceback.print_exc()

コード例 #11

    def process(self, i, router, **kwargs):
        if 'search' in i.tags:
            return

        if i.itype == 'fqdn' and i.provider != 'spamhaus.org':
            try:
                r = self._resolve(i.indicator)
                try:
                    r = CODES.get(str(r), None)
                except Exception as e:
                    # https://www.spamhaus.org/faq/section/DNSBL%20Usage
                    self.logger.error(e)
                    self.logger.info('check spamhaus return codes')
                    r = None

                if r:
                    confidence = CONFIDENCE
                    if ' legit ' in r['description']:
                        confidence = 6

                    f = Indicator(**i.__dict__())

                    f.tags = [r['tags']]
                    if 'hunter' not in f.tags:
                        f.tags.append('hunter')
                    f.description = r['description']
                    f.confidence = confidence
                    f.provider = PROVIDER
                    f.reference_tlp = 'white'
                    f.reference = 'http://www.spamhaus.org/query/dbl?domain={}'.format(f.indicator)
                    f.lasttime = f.reporttime = arrow.utcnow()
                    x = router.indicators_create(f)
                    self.logger.debug('Spamhaus FQDN: {}'.format(x))
            except KeyError as e:
                self.logger.error(e)
            except Exception as e:
                self.logger.error('[Hunter: SpamhausFqdn] {}: giving up on indicator {}'.format(e, i))