def ipv4_matchkeywords(ipv4):
	ret_match = ''
	# Given an IPv4 address, pull 30 days worth of messages that contain the indicator and see what keywords are found
	then = common_functions.queryrange(30)
	json = '''
	{"size" : 10000,
	"query": {
	  "match": {
		"ipv4":{"query":"'''+ipv4+'''"}
	  }
	}}
	'''
	res = es.search(index=es_collection_name, body=json)
	
	keywords_list = keywords.split('\n')
	for keyword in keywords_list:
		if keyword.strip() == '': continue
		regex = r"\b(?=\w)" + re.escape(keyword) + r"\b(?!\w)"
		#print 'Looking at keyword: '+keyword
		#print 'Compiled this regex: '+regex
		for hit in res['hits']['hits']:
			rawtext = hit["_source"]['message_text']
			if re.search(regex, rawtext, re.IGNORECASE):
				if not re.search(r"\:?" + re.escape(keyword) + r"\:", ret_match):
					ret_match += keyword+':'
	if ret_match.endswith(":"): ret_match = ret_match[:-1]
	return ret_match
Exemplo n.º 2
0
def gen_wordcloud():

    then = common_functions.queryrange(1)

    body = '''{
		"size" : 10000,
		"query": {
			"constant_score": {
				"filter": {
					"range": {
						"epoch": {
							"from": ''' + then + '''
						}
					}
				}
			}
		}
	}'''

    text = common_functions.pull_mailtext_24hrs(es, es_collection_name, body,
                                                keywords_list).lower()

    print text
    print

    wc = WordCloud(background_color="white", max_words=40)
    fileloc = "/home/pierre/es_email_intel/wordcloud.png"
    try:
        wc.generate(text)
        wc.to_file(fileloc)
        print 'Finished!'
        return
    except:
        target = open(fileloc, 'w')
        target.truncate()
        target.close()
        print 'Except!'
        return
Exemplo n.º 3
0
def gen_wordcloud():

	then = common_functions.queryrange(1)

	body = '''{
		"size" : 10000,
		"query": {
			"constant_score": {
				"filter": {
					"range": {
						"epoch": {
							"from": '''+then+'''
						}
					}
				}
			}
		}
	}'''

	text = common_functions.pull_mailtext_24hrs(es, es_collection_name, body, keywords_list).lower()

	print text
	print
	
	wc = WordCloud(background_color="white", max_words=40)
	fileloc = "/home/pierre/es_email_intel/wordcloud.png"
	try:
		wc.generate(text)
		wc.to_file(fileloc)
		print 'Finished!'
		return
	except:
		target = open(fileloc, 'w')
		target.truncate()
		target.close()
		print 'Except!'
		return
	part = MIMEBase('application', "octet-stream")
	part.set_payload(report_contents)
	Encoders.encode_base64(part)
	part.add_header('Content-Disposition', 'attachment; filename="report.html"')

	msg.attach(part)

	server = smtplib.SMTP(EMAIL_SERVER)
	server.sendmail(EMAIL_FROM, EMAIL_TO, msg.as_string())


es_server = '192.168.3.208'
es = Elasticsearch([{'host': es_server, 'port': 9200}])
es_collection_name = 'mail2json'

then = common_functions.queryrange(1)

body = '''{
	"size" : 10000,
    "query": {
        "constant_score": {
            "filter": {
                "range": {
                    "epoch": {
                        "from": '''+then+'''
                    }
                }
            }
        }
    }
}'''
    Encoders.encode_base64(part)

    part.add_header('Content-Disposition',
                    'attachment; filename="report.html"')

    msg.attach(part)

    server = smtplib.SMTP(EMAIL_SERVER)
    server.sendmail(EMAIL_FROM, EMAIL_TO, msg.as_string())


es_server = '192.168.3.208'
es = Elasticsearch([{'host': es_server, 'port': 9200}])
es_collection_name = 'mail2json'

then = common_functions.queryrange(1)

body = '''{
	"size" : 10000,
    "query": {
        "constant_score": {
            "filter": {
                "range": {
                    "epoch": {
                        "from": ''' + then + '''
                    }
                }
            }
        }
    }
}'''
	part.set_payload(report_contents)
	Encoders.encode_base64(part)

	part.add_header('Content-Disposition', 'attachment; filename="report.html"')

	msg.attach(part)

	server = smtplib.SMTP(EMAIL_SERVER)
	server.sendmail(EMAIL_FROM, EMAIL_TO, msg.as_string())


es_server = '192.168.3.208'
es = Elasticsearch([{'host': es_server, 'port': 9200}])
es_collection_name = 'mail2json'

then = common_functions.queryrange(1) # Replace this when done testing

body = '''{
	"size" : 10000,
    "query": {
        "constant_score": {
            "filter": {
                "range": {
                    "epoch": {
                        "from": '''+then+'''
                    }
                }
            }
        }
    }
}'''
Exemplo n.º 7
0
    Encoders.encode_base64(part)

    part.add_header('Content-Disposition',
                    'attachment; filename="report.html"')

    msg.attach(part)

    server = smtplib.SMTP(EMAIL_SERVER)
    server.sendmail(EMAIL_FROM, EMAIL_TO, msg.as_string())


es_server = '192.168.3.208'
es = Elasticsearch([{'host': es_server, 'port': 9200}])
es_collection_name = 'mail2json'

then = common_functions.queryrange(1)  # Replace this when done testing

body = '''{
	"size" : 10000,
    "query": {
        "constant_score": {
            "filter": {
                "range": {
                    "epoch": {
                        "from": ''' + then + '''
                    }
                }
            }
        }
    }
}'''