def dotransform(request, response): # Check PAN Authentication AND KEY key = pamod.get_login() # Get report XML response and parse XML root = ET.fromstring(pamod.pa_pred_report('top-attackers', key)) entry_list = [] for result in root: for entry in result: entry_dic = {} for data in entry: entry_dic[data.tag] = data.text entry_list.append(entry_dic) for d in entry_list: response += IPv4Address( d['src'], user=d['srcuser'], resolved=d['resolved-src'], count=d['count'] ) return response
def dotransform(request, response): # Check PAN Authentication AND KEY key = pamod.get_login() # Create and submit the query to the API and return the jobid ip_entity = request.value query = '(addr.dst in %s) or (addr.src in %s)' % (ip_entity, ip_entity) jobid = pamod.pa_log_query('threat', key, query) sleep(5) # Loop function to check if the log query job is done root = ET.fromstring(pamod.pa_log_get(jobid, key)) for status in root.findall(".//job/status"): while status.text == 'ACT': sleep(5) root = ET.fromstring(pamod.pa_log_get(jobid, key)) for status in root.findall(".//job/status"): if status.text == 'FIN': break # parse the log data and create dictionaries stored in a list for each individual log log_list = [] for entry in root.findall(".//log/logs/entry"): entry_dic = {} for data in entry: entry_dic[data.tag] = data.text log_list.append(entry_dic) # Create the Maltego Entity threat_list = [] for d in log_list: if d['threatid'] not in threat_list: response += paThreat( d['threatid'], tid=d['tid'], ipsrc=d['src'], ipdst=d['dst'] ) threat_list.append(d['threatid']) return response
def dotransform(request, response): # Check PAN Authentication AND KEY key = pamod.get_login() # Create and submit the query to the API and return the jobid tid = request.fields['tid'] query = '(threatid eq %s)' % (tid) jobid = pamod.pa_log_query('threat', key, query) sleep(5) # Loop function to check if the log query job is done root = ET.fromstring(pamod.pa_log_get(jobid, key)) for status in root.findall(".//job/status"): while status.text == 'ACT': sleep(5) root = ET.fromstring(pamod.pa_log_get(jobid, key)) for status in root.findall(".//job/status"): if status.text == 'FIN': break # parse the log data and create dictionaries stored in a list for each individual log log_list = [] for entry in root.findall(".//log/logs/entry"): entry_dic = {} for data in entry: entry_dic[data.tag] = data.text log_list.append(entry_dic) # Create the Maltego Entity ip_list = [] for d in log_list: if d['src'] not in ip_list: response += IPv4Address( d['src'], tid=d['tid'], ipsrc=d['dst'], ) ip_list.append(d['src']) return response
def dotransform(request, response): # Check PAN Authentication AND KEY key = pamod.get_login() # Get report XML response and parse XML root = ET.fromstring(pamod.pa_pred_report('top-spyware-threats', key)) entry_list = [] for result in root: for entry in result: entry_dic = {} for data in entry: entry_dic[data.tag] = data.text entry_list.append(entry_dic) for d in entry_list: response += paThreat(d['threatid'], tid=d['tid'], count=d['count']) return response
def dotransform(request, response): # Check PAN Authentication AND KEY key = pamod.get_login() # Get report XML response and parse XML root = ET.fromstring(pamod.pa_pred_report("top-attacks", key)) entry_list = [] for result in root: for entry in result: entry_dic = {} for data in entry: entry_dic[data.tag] = data.text entry_list.append(entry_dic) for d in entry_list: response += paThreat(d["threatid"], tid=d["tid"], subtype=d["subtype"], count=d["count"]) return response
def dotransform(request, response): # Check PAN Authentication AND KEY key = pamod.get_login() # Get report XML response and parse XML root = ET.fromstring(pamod.pa_pred_report('top-victims', key)) entry_list = [] for result in root: for entry in result: entry_dic = {} for data in entry: entry_dic[data.tag] = data.text entry_list.append(entry_dic) for d in entry_list: response += IPv4Address(d['dst'], user=d['dstuser'], resolved=d['resolved-dst'], count=d['count']) return response
def dotransform(request, response): # Check PAN Authentication AND KEY key = pamod.get_login() # Get report XML response and parse XML root = ET.fromstring(pamod.pa_pred_report('top-spyware-threats', key)) entry_list = [] for result in root: for entry in result: entry_dic = {} for data in entry: entry_dic[data.tag] = data.text entry_list.append(entry_dic) for d in entry_list: response += paThreat( d['threatid'], tid=d['tid'], count=d['count'] ) return response