Python paThreat примеры использования

Пример #1

Файл: ip_threat.py Проект: bostonlink/pamalt_canari

def dotransform(request, response):

    # Check PAN Authentication AND KEY
    key = pamod.get_login()
    
    # Create and submit the query to the API and return the jobid
    ip_entity = request.value

    query = '(addr.dst in %s) or (addr.src in %s)' % (ip_entity, ip_entity)
    jobid = pamod.pa_log_query('threat', key, query)
    sleep(5)

    # Loop function to check if the log query job is done
    root = ET.fromstring(pamod.pa_log_get(jobid, key))
    for status in root.findall(".//job/status"):
        while status.text == 'ACT':
            sleep(5)
            root = ET.fromstring(pamod.pa_log_get(jobid, key))
            for status in root.findall(".//job/status"):
                if status.text == 'FIN':
                    break

    # parse the log data and create dictionaries stored in a list for each individual log
    log_list = []
    for entry in root.findall(".//log/logs/entry"):
        entry_dic = {}
        for data in entry:
            entry_dic[data.tag] = data.text

        log_list.append(entry_dic)

    # Create the Maltego Entity
    threat_list = []
    for d in log_list:
        if d['threatid'] not in threat_list:
            response += paThreat(
                d['threatid'],
                tid=d['tid'],
                ipsrc=d['src'],
                ipdst=d['dst']
            )
            threat_list.append(d['threatid'])

    return response

Пример #2

Файл: ip_threat.py Проект: djgrasss/pamalt_canari

def dotransform(request, response):

    # Check PAN Authentication AND KEY
    key = pamod.get_login()

    # Create and submit the query to the API and return the jobid
    ip_entity = request.value

    query = '(addr.dst in %s) or (addr.src in %s)' % (ip_entity, ip_entity)
    jobid = pamod.pa_log_query('threat', key, query)
    sleep(5)

    # Loop function to check if the log query job is done
    root = ET.fromstring(pamod.pa_log_get(jobid, key))
    for status in root.findall(".//job/status"):
        while status.text == 'ACT':
            sleep(5)
            root = ET.fromstring(pamod.pa_log_get(jobid, key))
            for status in root.findall(".//job/status"):
                if status.text == 'FIN':
                    break

    # parse the log data and create dictionaries stored in a list for each individual log
    log_list = []
    for entry in root.findall(".//log/logs/entry"):
        entry_dic = {}
        for data in entry:
            entry_dic[data.tag] = data.text

        log_list.append(entry_dic)

    # Create the Maltego Entity
    threat_list = []
    for d in log_list:
        if d['threatid'] not in threat_list:
            response += paThreat(d['threatid'],
                                 tid=d['tid'],
                                 ipsrc=d['src'],
                                 ipdst=d['dst'])
            threat_list.append(d['threatid'])

    return response

Пример #3

Файл: top_spyware.py Проект: djgrasss/pamalt_canari

def dotransform(request, response):

    # Check PAN Authentication AND KEY
    key = pamod.get_login()
    # Get report XML response and parse XML
    root = ET.fromstring(pamod.pa_pred_report('top-spyware-threats', key))
    entry_list = []

    for result in root:
        for entry in result:
            entry_dic = {}
            for data in entry:
                entry_dic[data.tag] = data.text

            entry_list.append(entry_dic)

    for d in entry_list:
        response += paThreat(d['threatid'], tid=d['tid'], count=d['count'])

    return response

Пример #4

Файл: top_attacks.py Проект: bostonlink/pamalt_canari

def dotransform(request, response):

    # Check PAN Authentication AND KEY
    key = pamod.get_login()
    # Get report XML response and parse XML
    root = ET.fromstring(pamod.pa_pred_report("top-attacks", key))
    entry_list = []

    for result in root:
        for entry in result:
            entry_dic = {}
            for data in entry:
                entry_dic[data.tag] = data.text

            entry_list.append(entry_dic)

    for d in entry_list:
        response += paThreat(d["threatid"], tid=d["tid"], subtype=d["subtype"], count=d["count"])

    return response

Пример #5

Файл: top_spyware.py Проект: bostonlink/pamalt_canari

def dotransform(request, response):

    # Check PAN Authentication AND KEY
    key = pamod.get_login()
    # Get report XML response and parse XML
    root = ET.fromstring(pamod.pa_pred_report('top-spyware-threats', key))
    entry_list = []

    for result in root:
        for entry in result:
            entry_dic = {}
            for data in entry:
                entry_dic[data.tag] = data.text

            entry_list.append(entry_dic)

    for d in entry_list:
        response += paThreat(
            d['threatid'],
            tid=d['tid'],
            count=d['count']
            )

    return response