# BASIC HTTP Authentication to NWD
nwmodule.nw_http_auth()
# NW REST API Query amd results
risk_phrase = sys.argv[1]
date_t = datetime.today()
tdelta = timedelta(days=1)
diff = date_t - tdelta
diff = "'" + diff.strftime('%Y-%b-%d %H:%M:%S') + "'-'" + date_t.strftime('%Y-%b-%d %H:%M:%S') + "'"
threat_ip_dst = 'select risk.warning where (time=%s) && risk.warning contains %s' % (diff, risk_phrase)
json_data = json.loads(nwmodule.nwQuery(0, 0, threat_ip_dst, 'application/json', 25))
ip_list = []
print trans_header
for d in json_data['results']['fields']:
value = d['value'].decode('ascii')
if value in ip_list:
continue
else:
# Kind of a hack but hey it works!
print """ <Entity Type="netwitness.NWThreatNOIP">
<Value>%s</Value>
<AdditionalFields>
<Field Name="phrase" DisplayName="Phrase">%s</Field>
<Field Name="metaid1" DisplayName="Meta id1">%s</Field>
<Field Name="metaid2" DisplayName="Meta id2">%s</Field>
fields = sys.argv[2].split('#')
date_t = datetime.today()
tdelta = timedelta(days=1)
diff = date_t - tdelta
diff = "'" + diff.strftime('%Y-%b-%d %H:%M:%S') + "'-'" + date_t.strftime('%Y-%b-%d %H:%M:%S') + "'"
for i in fields:
if 'ip' in i:
parse = i.split('=')
ip = parse[1]
query = 'select ip.dst where (time=%s) && risk.warning="%s" && ip.src=%s' % (diff, risk_name, ip)
else:
query = 'select ip.dst where (time=%s) && risk.warning="%s"' % (diff, risk_name)
json_data = json.loads(nwmodule.nwQuery(0, 0, query, 'application/json', 25))
ip_list = []
print trans_header
for d in json_data['results']['fields']:
value = d['value'].decode('ascii')
if value in ip_list:
continue
else:
# Kind of a hack but hey it works!
print """ <Entity Type="maltego.IPv4Address">
<Value>%s</Value>
<AdditionalFields>
<Field Name="threat" DisplayName="Threat Name">%s</Field>
<Field Name="metaid1" DisplayName="Meta id1">%s</Field>
<Field Name="metaid2" DisplayName="Meta id2">%s</Field>
# BASIC HTTP Authentication to NWD
nwmodule.nw_http_auth()
# NW REST API Query amd results
risk_name = sys.argv[1]
date_t = datetime.today()
tdelta = timedelta(days=1)
diff = date_t - tdelta
diff = "'" + diff.strftime('%Y-%b-%d %H:%M:%S') + "'-'" + date_t.strftime('%Y-%b-%d %H:%M:%S') + "'"
threat_ip_all = 'select ip.dst,ip.src where (time=%s) && risk.warning="%s"' % (diff, risk_name)
json_data = json.loads(nwmodule.nwQuery(0, 0, threat_ip_all, 'application/json', 10))
ip_list = []
print trans_header
for d in json_data['results']['fields']:
value = d['value'].decode('ascii')
if value in ip_list:
continue
else:
# Kind of a hack but hey it works!
print """ <Entity Type="maltego.IPv4Address">
<Value>%s</Value>
<AdditionalFields>
<Field Name="threat" DisplayName="Threat Name">%s</Field>
<Field Name="metaid1" DisplayName="Meta id1">%s</Field>
<Field Name="metaid2" DisplayName="Meta id2">%s</Field>
tdelta = timedelta(days=1)
diff = date_t - tdelta
diff = "'" + diff.strftime('%Y-%b-%d %H:%M:%S') + "'-'" + date_t.strftime(
'%Y-%b-%d %H:%M:%S') + "'"
for i in fields:
if 'ip' in i:
parse = i.split('=')
ip = parse[1]
query = 'select ip.dst where (time=%s) && risk.warning="%s" && ip.src=%s' % (
diff, risk_name, ip)
else:
query = 'select ip.dst where (time=%s) && risk.warning="%s"' % (
diff, risk_name)
json_data = json.loads(nwmodule.nwQuery(0, 0, query, 'application/json', 25))
ip_list = []
print trans_header
for d in json_data['results']['fields']:
value = d['value'].decode('ascii')
if value in ip_list:
continue
else:
# Kind of a hack but hey it works!
print """ <Entity Type="maltego.IPv4Address">
<Value>%s</Value>
<AdditionalFields>
<Field Name="threat" DisplayName="Threat Name">%s</Field>
<Field Name="metaid1" DisplayName="Meta id1">%s</Field>
<Field Name="metaid2" DisplayName="Meta id2">%s</Field>
nwmodule.nw_http_auth()
# NW REST API Query amd results
ip_src = sys.argv[1]
date_t = datetime.today()
tdelta = timedelta(days=1)
diff = date_t - tdelta
diff = "'" + diff.strftime('%Y-%b-%d %H:%M:%S') + "'-'" + date_t.strftime(
'%Y-%b-%d %H:%M:%S') + "'"
threat_ip_dst = 'select ip.dst where (time=%s) && ip.src=%s' % (diff, ip_src)
json_data = json.loads(
nwmodule.nwQuery(0, 0, threat_ip_dst, 'application/json', 10))
ip_list = []
print trans_header
for d in json_data['results']['fields']:
value = d['value'].decode('ascii')
# Kind of a hack but hey it works!
if value in ip_list:
continue
else:
print """ <Entity Type="maltego.IPv4Address">
<Value>%s</Value>
<AdditionalFields>
<Field Name="ip" DisplayName="IP Source Address">%s</Field>
<Field Name="metaid1" DisplayName="Meta id1">%s</Field>
<Field Name="metaid2" DisplayName="Meta id2">%s</Field>
# BASIC HTTP Authentication to NWD
nwmodule.nw_http_auth()
# NW REST API Query amd results
ip_src = sys.argv[1]
date_t = datetime.today()
tdelta = timedelta(days=1)
diff = date_t - tdelta
diff = "'" + diff.strftime("%Y-%b-%d %H:%M:%S") + "'-'" + date_t.strftime("%Y-%b-%d %H:%M:%S") + "'"
threat_ip_dst = "select ip.dst where (time=%s) && ip.src=%s" % (diff, ip_src)
json_data = json.loads(nwmodule.nwQuery(0, 0, threat_ip_dst, "application/json", 10))
ip_list = []
print trans_header
for d in json_data["results"]["fields"]:
value = d["value"].decode("ascii")
# Kind of a hack but hey it works!
if value in ip_list:
continue
else:
print """ <Entity Type="maltego.IPv4Address">
<Value>%s</Value>
<AdditionalFields>
<Field Name="ip" DisplayName="IP Source Address">%s</Field>
<Field Name="metaid1" DisplayName="Meta id1">%s</Field>
<Field Name="metaid2" DisplayName="Meta id2">%s</Field>
