81 lines
2.4 KiB
Python
Executable File
81 lines
2.4 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
#
|
|
# Copyright 2019, Mischa Peters <mischa AT netskope DOT com>, Netskope.
|
|
# Version 1.0 - 20191107
|
|
#
|
|
# Permission to use, copy, modify, and distribute this software for any
|
|
# purpose with or without fee is hereby granted, provided that the above
|
|
# copyright notice and this permission notice appear in all copies.
|
|
#
|
|
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
#
|
|
# Requires:
|
|
# - Python 3.x
|
|
#
|
|
import os
|
|
import sys
|
|
import json
|
|
import time
|
|
import re
|
|
import logging
|
|
import urllib.parse
|
|
import requests
|
|
|
|
NTSKP_TENANT = 'https://astrazeneca.eu.goskope.com'
|
|
NTSKP_TOKEN = '604d0a3b26ea9b22c3ec42130ebbfa8e'
|
|
NTSKP_PERIOD = '2592000'
|
|
cct_list = ["Cloud Storage", "Webmail"]
|
|
ccl_list = ["low", "poor"]
|
|
whitelist = re.compile("yahoo")
|
|
ioc_list = []
|
|
|
|
ZS_MAX_DOMAINS = 2
|
|
headers = {'Content-Type': 'application/json', 'Cache-Control': 'no-cache', 'User-Agent': 'Netskope_ZscalerImporter1.0'}
|
|
PROXY=''
|
|
|
|
logging.basicConfig(level=logging.DEBUG)
|
|
logging = logging.getLogger('zsc')
|
|
|
|
def ntskp_get_domains(headers):
|
|
uri = f"{NTSKP_TENANT}/api/v1/events?token={NTSKP_TOKEN}&type=page&timeperiod={NTSKP_PERIOD}"
|
|
try:
|
|
r = requests.get(uri, headers=headers, proxies=PROXY)
|
|
r.raise_for_status()
|
|
except Exception as e:
|
|
logging.error('Error: ' + str(e))
|
|
sys.exit(1)
|
|
json = r.json()
|
|
limit = (len(json['data']))
|
|
|
|
for item in json['data']:
|
|
if not "domain" in item:
|
|
domain = urllib.parse.urlparse(item['url']).netloc
|
|
else:
|
|
domain = item['domain']
|
|
if whitelist.search(domain):
|
|
continue
|
|
if item['category'] in cct_list:
|
|
if item['ccl'] in ccl_list:
|
|
if domain not in ioc_list:
|
|
print(f"{domain:<50s} {item['ccl']}")
|
|
endtime = item['timestamp']
|
|
ioc_list.append(domain)
|
|
print(limit)
|
|
print(endtime)
|
|
starttime = endtime - (10 * 60)
|
|
print(ioc_list[:ZS_MAX_DOMAINS])
|
|
return ioc_list[:ZS_MAX_DOMAINS]
|
|
|
|
|
|
ntskp_get_domains(headers)
|
|
|
|
now = int(time.time() * 1000)
|
|
print(now)
|
|
#print(str(time.ctime(int(time.time()))))
|