def dotransform(request, response):
try:
items=ast.literal_eval(request.fields['resolutions'])
except:
return response
for item in items:
last=item['last_resolved']
host=item['hostname']
r=Domain(host)
r.linklabel=last
response+=r
return response
def dotransform(request, response):
if request.fields['behavioral'] != "":
try:
behavior = ast.literal_eval(request.fields['behavior_data'])
except Exception as e:
debug("Entity has no behavioral data")
return response
if behavior.has_key("network"):
if behavior['network'].has_key('dns'):
for item in behavior['network']['dns']:
host = Domain(item['hostname'])
host.linklabel = "vt_behav->hosts"
response += host
if item.has_key('ip'):
ip = IPv4Address(item['ip'])
ip.linklabel = "vt_behav->hosts"
response += ip
if behavior['network'].has_key('tcp'):
for item in behavior['network']['tcp']:
conn = item.split(":")
r = IPv4Address(conn[0])
r.linklabel = "vt_behav->hosts_tcp (%s)" % str(conn[1])
response += r
if behavior['network'].has_key('udp'):
for item in behavior['network']['udp']:
conn = item.split(":")
r = IPv4Address(conn[0])
r.linklabel = "vt_behav->hosts_udp (%s)" % str(conn[1])
response += r
if behavior['network'].has_key('http'):
for item in behavior['network']['http']:
r = URL(item['url'])
r.url = item['url']
r.linklabel = "vt_behav->hosts_http (%s)" % item['method']
response += r
else:
debug("ripVT: No behavioral for %s" % request.value)
return response
def dotransform(request, response):
ns = request.value
results = query('-n', ns, 0, 'n')
for result in results:
data = json.loads(result)
if data.has_key('rrname'):
if data.has_key('time_first'):
first = data['time_first']
last = data['time_last']
elif data.has_key('zone_time_first'):
first = data['zone_time_first']
last = data['zone_time_last']
fnice = datetime.datetime.fromtimestamp(int(first)).strftime('%m-%d-%Y')
lnice = datetime.datetime.fromtimestamp(int(last)).strftime('%m-%d-%Y')
e = Domain(data['rrname'].rstrip('.'))
e.linklabel = fnice + ' - ' + lnice
response += e
return response
def dotransform(request, response):
ns = request.value
results = query('-n', ns, 0, 'n')
for result in results:
data = json.loads(result)
if data.has_key('rrname'):
if data.has_key('time_first'):
first = data['time_first']
last = data['time_last']
elif data.has_key('zone_time_first'):
first = data['zone_time_first']
last = data['zone_time_last']
fnice = datetime.datetime.fromtimestamp(
int(first)).strftime('%m-%d-%Y')
lnice = datetime.datetime.fromtimestamp(
int(last)).strftime('%m-%d-%Y')
e = Domain(data['rrname'].rstrip('.'))
e.linklabel = fnice + ' - ' + lnice
response += e
return response
