CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
60763c38db72cff24407f1fb3605ee95de62d41e
securityonion/salt/sensoroni/files/analyzers/emailrep/emailrep.py
Wes Lambert 5a9acb3857 Add EmailRep analyzer and tests
2022-05-03 14:06:32 +00:00

68 lines
2.0 KiB
Python
Executable File
Raw Blame History

import json
import os
import sys
import requests
import helpers
import argparse
def checkConfigRequirements(conf):
if "api_key" not in conf:
sys.exit(126)
else:
return True
def sendReq(conf, meta, email):
url = conf['base_url'] + email
headers = {"Key": conf['api_key']}
response = requests.request('GET', url=url, headers=headers)
return response.json()
def prepareResults(raw):
if "suspicious" in raw:
if raw['suspicious'] is True:
status = "caution"
summary = "suspicious"
elif raw['suspicious'] is False:
status = "ok"
summary = "harmless"
elif "status" in raw:
if raw["reason"] == "invalid email":
status = "caution"
summary = "Invalid email address."
if "exceeded daily limit" in raw["reason"]:
status = "caution"
summary = "Exceeded daily request limit."
else:
status = "caution"
summary = "internal_failure"
results = {'response': raw, 'summary': summary, 'status': status}
return results
def analyze(conf, input):
checkConfigRequirements(conf)
meta = helpers.loadMetadata(__file__)
data = helpers.parseArtifact(input)
helpers.checkSupportedType(meta, data["artifactType"])
response = sendReq(conf, meta, data["value"])
return prepareResults(response)
def main():
dir = os.path.dirname(os.path.realpath(__file__))
parser = argparse.ArgumentParser(description='Search Greynoise for a given artifact')
parser.add_argument('artifact', help='the artifact represented in JSON format')
parser.add_argument('-c', '--config', metavar="CONFIG_FILE", default=dir + "/emailrep.yaml", help='optional config file to use instead of the default config file')
args = parser.parse_args()
if args.artifact:
results = analyze(helpers.loadConfig(args.config), args.artifact)
print(json.dumps(results))
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink