def load_client(context): """Get an instance of a loaded client.""" username = context.getTransformSetting('username') api_key = context.getTransformSetting('aKey') test_status = context.getTransformSetting('test_local') if test_status and test_status == 'True': server = context.getTransformSetting('server') version = context.getTransformSetting('version') return AttributeRequest(username, api_key, server, version) else: return AttributeRequest(username, api_key, headers=gen_debug(request))
def get_attribute(self, **kwargs): client = AttributeRequest(self.username, self.apikey) keys = ['query', 'type'] params = self._cleanup_params(keys, **kwargs) if params.get('type') == 'tracker': return client.get_host_attribute_trackers(**params) else: return client.get_host_attribute_components(**params)
def setup_class(self): self.patcher = patch('passivetotal.api.Client._get', fake_request) self.patcher.start() self.client = AttributeRequest('--No-User--', '--No-Key--')
try: logger.info("Starting command processing") input_events, dummyresults, settings = splunk.Intersplunk.getOrganizedResults( ) keywords, options = splunk.Intersplunk.getKeywordsAndOptions() query_value = options.get("query", "") logger.info("Query target: %s" % query_value) logger.debug("Raw options: %s" % str(options)) configuration = get_config("passivetotal", "api-setup") username = configuration.get('username', None) api_key = configuration.get('apikey', None) output_events = [] tmp = AttributeRequest( username, api_key, headers=build_headers()).get_host_attribute_trackers(query=query_value) if 'error' in tmp: raise Exception( "Whoa there, looks like you reached your quota for today! Please come back tomorrow to resume your investigation or contact support for details on enterprise plans." ) for result in tmp.get("results", []): output_events.append(result) splunk.Intersplunk.outputResults(output_events) except Exception, e: stack = traceback.format_exc() splunk.Intersplunk.generateErrorResults(str(e)) logger.error(str(e) + ". Traceback: " + str(stack))
except: ip = "domain did not resolve" # Get geo-coordinates of the IP address coordinates = None if not row['lat'] and not row['lng']: try: coordinates = DbIpCity.get(ip, api_key='free') except: pass # Gather web trackers (Google Analytics Tracking ID, FacebookId, etc.) username = "" api_key = "" trackers = AttributeRequest( username=username, api_key=api_key).get_host_attribute_trackers( query=row['domain']) # Create dictionary that will be written at the end of processing the entire file. # We do this because the RiskIQ Tracker API call can return a varying amount of fields # so we don't know what headers to write in the CSV file until the processing is complete. csv_row = {} csv_row["domain"] = row['domain'] csv_row["ip"] = ip csv_row["locationVerified"] = row['locationVerified'] if coordinates: csv_row["latitude"] = str(coordinates.latitude) csv_row["longitude"] = str(coordinates.longitude) else: csv_row["latitude"] = row['lat']