Python DateTime.DateTimeの例、intelmq.lib.harmonization.DateTime.DateTime Pythonの例

コード例 #1

0

ファイルを表示

ファイル: collector_rt.py プロジェクト: jmj-uy/intelmq-1

    def process(self):
        RT = rt.Rt(self.parameters.uri, self.parameters.user,
                   self.parameters.password)
        if not RT.login():
            raise ValueError('Login failed.')

        query = RT.search(Queue=self.parameters.search_queue,
                          Subject__like=self.parameters.search_subject_like,
                          Owner=self.parameters.search_owner,
                          Status=self.parameters.search_status)
        self.logger.info('{} results on search query.'.format(len(query)))

        for ticket in query:
            ticket_id = int(ticket['id'].split('/')[1])
            self.logger.debug('Process ticket {}.'.format(ticket_id))
            for (att_id, att_name, _, _) in RT.get_attachments(ticket_id):
                if re.search(self.parameters.attachment_regex, att_name):
                    self.logger.debug('Found attachment {}: {!r}.'
                                      ''.format(att_id, att_name))
                    break
            else:
                self.logger.debug('No matching attachement name found.')
                continue
            attachment = RT.get_attachment_content(ticket_id, att_id)

            if self.parameters.unzip_attachment:
                file_obj = io.BytesIO(attachment)
                zipped = zipfile.ZipFile(file_obj)
                raw = zipped.read(zipped.namelist()[0])
            else:
                raw = attachment

            if self.parameters.gnupg_decrypt:
                raw = str(
                    self.gpg.decrypt(
                        raw,
                        always_trust=self.parameters.gnupg_trust,
                        passphrase=self.parameters.gnupg_passphrase))
                self.logger.info('Successfully decrypted attachment.')

            self.logger.debug(raw)
            report = Report()
            report.add("raw", raw, sanitize=True)
            report.add("rtir_id", ticket_id, sanitize=True)
            report.add("feed.name", self.parameters.feed, sanitize=True)
            report.add("feed.accuracy",
                       self.parameters.accuracy,
                       sanitize=True)
            time_observation = DateTime().generate_datetime_now()
            report.add('time.observation', time_observation, sanitize=True)
            self.send_message(report)

            if self.parameters.take_ticket:
                RT.edit_ticket(ticket_id, Owner=self.parameters.user)

コード例 #2

0

ファイルを表示

ファイル: collector.py プロジェクト: openspherelab/intelmq

    def process(self):
        self.logger.info("Downloading report through API")
        otx = OTXv2(self.parameters.api_key)
        pulses = otx.getall()
        self.logger.info("Report downloaded.")

        report = Report()
        report.add("raw", json.dumps(pulses), sanitize=True)
        report.add("feed.name", self.parameters.feed, sanitize=True)
        report.add("feed.accuracy", self.parameters.accuracy, sanitize=True)
        time_observation = DateTime().generate_datetime_now()
        report.add('time.observation', time_observation, sanitize=True)
        self.send_message(report)

コード例 #3

0

ファイルを表示

    def process(self):
        mailbox = imbox.Imbox(self.parameters.mail_host,
                              self.parameters.mail_user,
                              self.parameters.mail_password,
                              self.parameters.mail_ssl)
        emails = mailbox.messages(folder=self.parameters.mail_folder,
                                  unread=True)

        if emails:
            for uid, message in emails:

                if (self.parameters.mail_subject_regex and not re.search(
                        self.parameters.mail_subject_regex, message.subject)):
                    continue

                self.logger.info("Reading email report")

                for attach in message.attachments:
                    if not attach:
                        continue

                    # remove quote marks from filename
                    attach_name = attach['filename'][1:len(attach['filename']
                                                           ) - 1]

                    if re.search(self.parameters.mail_attach_regex,
                                 attach_name):

                        if self.parameters.mail_attach_unzip:
                            zipped = zipfile.ZipFile(attach['content'])
                            raw_report = zipped.read(zipped.namelist()[0])
                        else:
                            raw_report = attach['content'].read()

                        report = Report()
                        report.add("raw", raw_report, sanitize=True)
                        report.add("feed.name",
                                   self.parameters.feed,
                                   sanitize=True)
                        report.add("feed.accuracy",
                                   self.parameters.accuracy,
                                   sanitize=True)
                        time_observation = DateTime().generate_datetime_now()
                        report.add('time.observation',
                                   time_observation,
                                   sanitize=True)

                        self.send_message(report)

                mailbox.mark_seen(uid)
                self.logger.info("Email report read")

コード例 #4

0

ファイルを表示

 def on_message(self, headers, message):
     self.n6stomper.logger.debug('Receive message '
                                 '{!r}...'.format(message[:500]))
     report = Report()
     report.add("raw", message.rstrip(), sanitize=True)
     report.add("feed.name", self.n6stomper.parameters.feed, sanitize=True)
     report.add("feed.url",
                "stomp://" + self.n6stomper.parameters.server + ":" +
                str(self.n6stomper.parameters.port) + "/" +
                self.n6stomper.parameters.exchange,
                sanitize=True)
     time_observation = DateTime().generate_datetime_now()
     report.add('time.observation', time_observation, sanitize=True)
     self.n6stomper.send_message(report)
     self.n6stomper.logger.debug('Receiving Message.')

コード例 #5

0

ファイルを表示

    def process(self):
        mailbox = imbox.Imbox(self.parameters.mail_host,
                              self.parameters.mail_user,
                              self.parameters.mail_password,
                              self.parameters.mail_ssl)
        emails = mailbox.messages(folder=self.parameters.mail_folder, unread=True)

        if emails:
            for uid, message in emails:

                if (self.parameters.mail_subject_regex and
                        not re.search(self.parameters.mail_subject_regex,
                                      message.subject)):
                    continue

                self.logger.info("Reading email report")

                for body in message.body['plain']:
                    match = re.search(self.parameters.mail_url_regex, body)
                    if match:
                        url = match.group()

                        self.logger.info("Downloading report from %s" % url)
                        raw_report = fetch_url(url, timeout=60.0,
                                               chunk_size=16384)
                        self.logger.info("Report downloaded.")

                        report = Report()
                        report.add("raw", raw_report, sanitize=True)
                        report.add("feed.name",
                                   self.parameters.feed, sanitize=True)
                        report.add("feed.accuracy", self.parameters.accuracy, sanitize=True)
                        time_observation = DateTime().generate_datetime_now()
                        report.add('time.observation', time_observation,
                                   sanitize=True)
                        self.send_message(report)

                mailbox.mark_seen(uid)
                self.logger.info("Email report read")

コード例 #6

0

ファイルを表示

    def process(self):
        self.logger.info("Downloading report from %s" %
                         self.parameters.http_url)

        resp = requests.get(url=self.parameters.http_url,
                            auth=self.auth,
                            proxies=self.proxy,
                            headers=self.http_header,
                            verify=self.http_verify_cert)

        if resp.status_code // 100 != 2:
            raise ValueError('HTTP response status code was {}.'
                             ''.format(resp.status_code))

        self.logger.info("Report downloaded.")

        report = Report()
        report.add("raw", resp.text, sanitize=True)
        report.add("feed.name", self.parameters.feed, sanitize=True)
        report.add("feed.url", self.parameters.http_url, sanitize=True)
        report.add("feed.accuracy", self.parameters.accuracy, sanitize=True)
        time_observation = DateTime().generate_datetime_now()
        report.add('time.observation', time_observation, sanitize=True)
        self.send_message(report)

コード例 #7

0

ファイルを表示

ファイル: backend.py プロジェクト: bernhardreiter/intelmq-webinput-csv

def submit():
    parameters = handle_parameters(request.form)
    temp_file = get_temp_file()
    if not temp_file:
        return create_response('No file')

    destination_pipeline = PipelineFactory.create(PipelineParameters(),
                                                  logger=app.logger,
                                                  direction='destination')
    if not CONFIG.get('destination_pipeline_queue_formatted', False):
        destination_pipeline.set_queues(CONFIG['destination_pipeline_queue'], "destination")
        destination_pipeline.connect()

    time_observation = DateTime().generate_datetime_now()

    successful_lines = 0

    with open(temp_file[0], encoding='utf8') as handle:
        reader = csv.reader(handle, delimiter=parameters['delimiter'],
                            quotechar=parameters['quotechar'],
                            skipinitialspace=parameters['skipInitialSpace'],
                            escapechar=parameters['escapechar'],
                            )
        if parameters['has_header']:
            next(reader)
        for _ in range(parameters['skipInitialLines']):
            next(reader)
        for lineindex, line in enumerate(reader):
            event = Event()
            try:
                for columnindex, (column, value) in \
                        enumerate(zip(parameters['columns'], line)):
                    if not column or not value:
                        continue
                    if column.startswith('time.'):
                        parsed = dateutil.parser.parse(value)
                        if not parsed.tzinfo:
                            value += parameters['timezone']
                            parsed = dateutil.parser.parse(value)
                        value = parsed.isoformat()
                    if column == 'extra':
                        value = handle_extra(value)
                    event.add(column, value)
                for key, value in parameters.get('constant_fields', {}).items():
                    if key not in event:
                        event.add(key, value)
                for key, value in request.form.items():
                    if not key.startswith('custom_'):
                        continue
                    key = key[7:]
                    if key not in event:
                        event.add(key, value)
                if CONFIG.get('destination_pipeline_queue_formatted', False):
                    queue_name = CONFIG['destination_pipeline_queue'].format(ev=event)
                    destination_pipeline.set_queues(queue_name, "destination")
                    destination_pipeline.connect()
            except Exception:
                continue
            if 'classification.type' not in event:
                event.add('classification.type', parameters['classification.type'])
            if 'classification.identifier' not in event:
                event.add('classification.identifier', parameters['classification.identifier'])
            if 'feed.code' not in event:
                event.add('feed.code', parameters['feed.code'])
            if 'time.observation' not in event:
                event.add('time.observation', time_observation, sanitize=False)
            raw_message = MessageFactory.serialize(event)
            destination_pipeline.send(raw_message)
            successful_lines += 1
    return create_response('Successfully processed %s lines.' % successful_lines)

コード例 #8

0

ファイルを表示

ファイル: collector_mail_strip.py プロジェクト: certbe/intelmq

    def process(self):
        mailbox = imbox.Imbox(self.parameters.mail_host, self.parameters.mail_user, utils.base64_decode(self.parameters.mail_password), self.parameters.mail_ssl)
        self.logger.info("Connected to mail server")
        emails = mailbox.messages(folder=self.parameters.folder, unread=True)
        try:
            if emails:
                    self.logger.info("Parsing emails in mailbox")
                    for uid, message in emails:
                        if self.parameters.subject_regex and not re.search(self.parameters.subject_regex, message.subject):
                            continue
                        self.logger.info("Reading email report")

                        if hasattr(message,'attachments') and message.attachments:
                                for attach in message.attachments:
                                    if not attach:
                                        continue

                                    attach_name = attach['filename'][1:len(attach['filename'])-1] # remove quote marks from filename
                                    if re.search(self.parameters.attach_regex, attach_name):

                                        self.logger.info("Parsing attachment")
                                        if self.parameters.attach_unzip:
                                            zipped = zipfile.ZipFile(attach['content'])
                                            raw_report = zipped.read(zipped.namelist()[0])
                                        else:
                                            raw_report = attach['content'].read()

                                        self.logger.info('content read')
                                        report = Report()
                                        report.add("raw", raw_report, sanitize=True)
                                        report.add("feed.name", self.parameters.feed,sanitize=True)
                                        report.add("feed.accuracy", self.parameters.accuracy, sanitize=True)
                                        time_observation = DateTime().generate_datetime_now()
                                        #report.add('time.observation', time_observation)
                                        report.add('feed.reportname', message.subject, sanitize=True)
                                        self.logger.info('rocking in a free world')

                                        self.send_message(report)
                                self.logger.info('just some administration left')
                                mailbox.mark_seen(uid)
                                self.logger.info("Email report read")
                        else:
                                # If no attachment, read from url
                                # update way of fetching from url to new way in http/
                                self.logger.info("No attachment found, trying collecting from URL")
                                for body in message.body['plain']:
                                    self.logger.info("Parsing message body")
                                    match = re.search(self.parameters.url_regex, body)
                                    if match:
                                        url = match.group()

                                        self.logger.info("Downloading report from %s" % url)
                                        resp = requests.get(url=url)
                                        if resp.status_code // 100 != 2: 
                                            raise ValueError('HTTP response status code was {}.' ''.format(resp.status_code))

                                        raw_report = resp.content

                                        self.logger.info("Report downloaded.")

                                        report = Report()
                                        report.add("raw", raw_report, sanitize=True)
                                        report.add("feed.name", self.parameters.feed, sanitize=True)
                                        report.add("feed.accuracy", self.parameters.accuracy, sanitize=True)
                                        self.logger.info("all is well sir")
                                        time_observation = DateTime().generate_datetime_now()
                                        #report.add('time.observation', time_observation, sanitize=True)
                                        report.add('feed.reportname', message.subject, sanitize=True)

                                        self.send_message(report)

                                mailbox.mark_seen(uid)
                                self.logger.info("Email report read")
        except:
                self.logger.info("ERROR with the collector ---")