Bad Reputation (Blacklisted IP) Incident Reporting.
Project description
Daily Blacklisted IP Reporting
Document Bad Reputation incidents in GuardiCore Centra (GC).
Howto
Primary use cases of the BlacklistReport package are displayed in main.py.
main.py shows, through use of environment variables SAVE_HTML and SAVE_PLAINTEXT,
the following use cases:
- Save an html report to an html file.
- Save a plaintext report to a text file.
BlacklistReport.generate_blacklist_report
generate_blacklist_reportgenerates a blacklisted IP report in both html and plaintext formats.- Omitting use cases in which intermediate data must be collected,
generate_blacklist_reportis the only function call required to generate a blacklist report.
Classes
BlacklistReportis responsible for high-level data collection & formatting.BlacklistEntrydefines the outline for entries in a blacklist report.IpEntryinner class ofBlacklistEntry; defines the structure of IP entries.ThreatDatasingleton-esque class for fetching threat intel summaries.
BlacklistReport
- Initialization: Instantiating a
BlacklistReportobject requires an authenticated Centra instance. fetch_customer_labelretrieves the GC label corresponding to a given customer.fetch_incidentsretrieves all Bad Reputation incidents from an authenticated Centra instance.build_reportinstantiates aBlacklistEntryobject for each incident retrieved infetch_incidents.build_report_strcreates a string (HTML or plaintext) representation of a `BlacklistReport' object.
BlacklistEntry
- Note: Besides the
src,destinations, andportsproperties, all properties ofBlacklistEntryare READ-ONLY add_destinationappends destination ip addresses to aBlacklistEntryobject's (unique) destination list.add_portsappends destination ports to aBlacklistEntryobject's (unique) port list.
IpEntry
- Note:
IpEntryis an inner class ofBlacklistEntry. Furthermore, all properties ofIpEntryare READ-ONLY
ThreatData
- Note: This class has no constructor, and has a single class variable:
OPSWAT_KEY set_opswat_keysets the class variableOPSWAT_KEYto the provided key
Logging
- A default logging configuration has been defined in
BlacklistReport.__init__.py. - By default, log messages are recorded in a top-level file called
dailyblacklistreporting.log.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
BlacklistReport-0.5.0.tar.gz
(20.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file BlacklistReport-0.5.0.tar.gz.
File metadata
- Download URL: BlacklistReport-0.5.0.tar.gz
- Upload date:
- Size: 20.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.3.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.9.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
03652a52887af88c2be4274f64fd11627e06091980ef1b86cef098440ce295de
|
|
| MD5 |
8e67f307f3008472201367456cb28b4f
|
|
| BLAKE2b-256 |
e11b4c738917e46f08938411fdf8d67d284318c5dec43a5eacb1f51889f1f398
|
File details
Details for the file BlacklistReport-0.5.0-py3-none-any.whl.
File metadata
- Download URL: BlacklistReport-0.5.0-py3-none-any.whl
- Upload date:
- Size: 21.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.3.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.9.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2444cf58f26da0ac0a3ed3b986518721d23c674c73d4e84da9820b8b576424cf
|
|
| MD5 |
63ff0fe5478a9345972603e66185d628
|
|
| BLAKE2b-256 |
4292dcce5b66043ad94bbcef8b818bc4867323d3de2192a96a15e0903409203f
|
