def main():
s = get_args()
format_ = '%d-%m-%Y'
for day_counter in range(s.days_back):
until_param, until_param_string, since_param, since_param_string = \
utils.get_time_params(s.end_date, day_counter, format_)
output_file = 'threat_indicators_' + since_param_string + '_to_' + \
until_param_string + '.csv'
with open(output_file, 'wb') as fout:
writer = csv.writer(fout)
results = ThreatIndicator.objects(
fields=ThreatIndicator._fields,
limit=1000,
text=s.text,
strict_text=s.strict_text,
threat_type=s.threat_type,
type_=s.type,
since=since_param_string,
until=until_param_string,
)
fields_list = [
TI.ID,
TI.INDICATOR,
TI.TYPE,
]
# Headers
writer.writerow(map(utils.convert_to_header, fields_list))
for result in results:
writer.writerow(
map(lambda x: utils.get_data_field(x, result),
fields_list))
def main():
s = get_args()
format_ = '%d-%m-%Y'
for day_counter in range(s.days_back):
until_param, until_param_string, since_param, since_param_string = \
utils.get_time_params(s.end_date, day_counter, format_)
output_file = 'threat_indicators_' + since_param_string + '_to_' + \
until_param_string + '.csv'
with open(output_file,'wb') as fout:
writer = csv.writer(fout)
results = ThreatIndicator.objects(
fields=ThreatIndicator._fields,
limit=1000,
text=s.text,
strict_text=s.strict_text,
threat_type=s.threat_type,
type_=s.type,
since=since_param_string,
until=until_param_string,
)
fields_list = [
TI.ID,
TI.INDICATOR,
TI.TYPE,
]
# Headers
writer.writerow(map(utils.convert_to_header,fields_list))
for result in results:
writer.writerow(
map(lambda x: utils.get_data_field(x, result), fields_list)
)
def get_results(options):
'''
Builds a query string based on the specified options and runs it.
'''
if options.since is None or options.until is None:
raise Exception('You must specify both "since" and "until" values')
results = ThreatIndicator.objects(threat_type=tt.COMPROMISED_CREDENTIAL, type_=t.EMAIL_ADDRESS, limit=options.limit,
fields=['indicator', 'passwords'], since=options.since, until=options.until)
return results
def sendToThreatExchange(self,
ipaddress=None,
comment='malicious IP'):
try:
if ipaddress is not None and self.options is not None:
maliciousActor=ThreatIndicator()
maliciousActor.indicator= ipaddress
maliciousActor.threat_type="MALICIOUS_IP"
maliciousActor.type="IP_ADDRESS"
maliciousActor.share_level="GREEN"
maliciousActor.status="MALICIOUS"
maliciousActor.privacy_type="VISIBLE"
maliciousActor.description= comment
maliciousActor.save()
sys.stdout.write('Sent {0} to threat exchange server\n'.format(ipaddress))
except Exception as e:
sys.stderr.write('Error while sending to threatexchange %s: %r\n' % (ipaddress, e))
def indicators_main(args):
"""
Call the /threat_indicators API endpoint and print the results.
:param args: Command line arguments
:type args: ArgumentParser
"""
indicators = ThreatIndicator.objects(text=args.text, strict_text=args.strict_text, limit=args.limit,
type_=args.type, threat_type=args.threat_type,
since=args.since, until=args.until, dict_generator=True)
for indicator in indicators:
sys.stdout.write(json.dumps(indicator))
sys.stdout.write('\n')
def get_results(options):
'''
Builds a query string based on the specified options and runs it.
'''
if options.since is None or options.until is None:
raise Exception('You must specify both "since" and "until" values')
results = ThreatIndicator.objects(type_=t.EMAIL_ADDRESS,
limit=options.limit,
fields=['indicator', 'passwords'],
since=options.since,
until=options.until)
return results
def get_results(options):
'''
Builds a query string based on the specified options and runs it.
'''
if options.since is None or options.until is None:
raise Exception('You must specify both "since" and "until" values')
query = {
'threat_type': tt.COMPROMISED_CREDENTIAL,
'type': t.EMAIL_ADDRESS,
'fields': 'indicator,passwords',
'since': options.since,
'until': options.until,
}
results = ThreatIndicator.objects(__raw__=query, dict_generator=True)
return results
def run_query(options, handle):
start = int(time.time())
print "READING %s%s" % (te.URL, te.THREAT_INDICATORS)
# query = get_query(options)
if not options.type and not options.text:
raise Exception("You must specify either a type or text")
count = 0
results = ThreatIndicator.objects(__raw__=options.__dict__, dict_generator=True)
for result in results:
process_results(handle, result)
count += 1
end = int(time.time())
print ("SUCCESS: Got %d indicators in %d seconds" % (count, end - start))
return
def run_query(options, handle):
start = int(time.time())
print 'READING %s%s' % (te.URL, te.THREAT_INDICATORS)
# query = get_query(options)
if not options.type and not options.text:
raise Exception('You must specify either a type or text')
count = 0
results = ThreatIndicator.objects(__raw__=options.__dict__, dict_generator=True)
for result in results:
process_results(handle, result)
count += 1
end = int(time.time())
print ('SUCCESS: Got %d indicators in %d seconds' %
(count, end - start))
return
def get_results(options):
'''
Builds a query string based on the specified options and runs it.
'''
if options.since is None or options.until is None:
raise Exception('You must specify both "since" and "until" values')
query = {
'threat_type': tt.COMPROMISED_CREDENTIAL,
'type' : t.EMAIL_ADDRESS,
'fields' : 'indicator,passwords',
'since' : options.since,
'until' : options.until,
}
results = ThreatIndicator.objects(__raw__=query, dict_generator=True)
return results
def sendToThreatExchange(self, ipaddress=None, comment='malicious IP'):
try:
if ipaddress is not None and self.options is not None:
maliciousActor = ThreatIndicator()
maliciousActor.indicator = ipaddress
maliciousActor.threat_type = "MALICIOUS_IP"
maliciousActor.type = "IP_ADDRESS"
maliciousActor.share_level = "GREEN"
maliciousActor.status = "MALICIOUS"
maliciousActor.privacy_type = "VISIBLE"
maliciousActor.description = comment
maliciousActor.save()
sys.stdout.write(
'Sent {0} to threat exchange server\n'.format(ipaddress))
except Exception as e:
sys.stderr.write('Error while sending to threatexchange %s: %r\n' %
(ipaddress, e))
handle.write(json.dumps(data))
handle.write('\n')
def run_query(options, handle):
try:
start = int(time.time())
print 'READING %s%s' % (te.URL, te.THREAT_INDICATORS)
query = get_query(options)
except Exception, e:
print str(e)
sys.exit(1)
count = 0
results = ThreatIndicator.objects(__raw__=query, dict_generator=True)
for result in results:
process_results(handle, result)
count += 1
try:
end = int(time.time())
print('SUCCESS: Got %d indicators in %d seconds' %
(count, end - start))
if handle:
handle.close()
except Exception as e:
print(str(e))
return
return
handle.write(json.dumps(data))
handle.write('\n')
def run_query(options, handle):
try:
start = int(time.time())
print 'READING %s%s' % (te.URL, te.THREAT_INDICATORS)
query = get_query(options)
except Exception, e:
print str(e)
sys.exit(1)
count = 0
results = ThreatIndicator.objects(__raw__=query, dict_generator=True)
for result in results:
process_results(handle, result)
count += 1
try:
end = int(time.time())
print ('SUCCESS: Got %d indicators in %d seconds' %
(count, end-start))
if handle:
handle.close()
except Exception as e:
print (str(e))
return