CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 18:52:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

greynoise dep upgrade + use community version with no auth

Browse Source
This commit is contained in:
reyesj2
2025-08-21 14:30:21 -05:00
parent 7d883cb5e0
commit d3108c3549
14 changed files with 36 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
salt/sensoroni/files/analyzers/greynoise/greynoise.py
View File

@@ -7,6 +7,10 @@ import argparse
def checkConfigRequirements(conf):
# Community API doesn't require API key
if conf.get('api_version') == 'community':
return True
# Other API versions require API key
if "api_key" not in conf or len(conf['api_key']) == 0:
sys.exit(126)
else:
@@ -17,10 +21,12 @@ def sendReq(conf, meta, ip):
url = conf['base_url']
if conf['api_version'] == 'community':
url = url + 'v3/community/' + ip
elif conf['api_version'] == 'investigate' or 'automate':
# Community API doesn't use API key
response = requests.request('GET', url=url)
elif conf['api_version'] in ['investigate', 'automate']:
url = url + 'v2/noise/context/' + ip
headers = {"key": conf['api_key']}
response = requests.request('GET', url=url, headers=headers)
headers = {"key": conf['api_key']}
response = requests.request('GET', url=url, headers=headers)
return response.json()