Bad Reputation (Blacklisted IP) Incident Reporting.
Project description
Daily Blacklisted IP Reporting
Document Bad Reputation
incidents in GuardiCore Centra (GC).
Howto
Primary use cases of the BlacklistReport package are displayed in main.py
.
main.py
shows, through use of environment variables SAVE_HTML
and SAVE_PLAINTEXT
,
the following use cases:
- Save an html report to an html file.
- Save a plaintext report to a text file.
BlacklistReport.generate_blacklist_report
generate_blacklist_report
generates a blacklisted IP report in both html and plaintext formats.- Omitting use cases in which intermediate data must be collected,
generate_blacklist_report
is the only function call required to generate a blacklist report.
Classes
BlacklistReport
is responsible for high-level data collection & formatting.BlacklistEntry
defines the outline for entries in a blacklist report.IpEntry
inner class ofBlacklistEntry
; defines the structure of IP entries.ThreatData
singleton-esque class for fetching threat intel summaries.
BlacklistReport
- Initialization: Instantiating a
BlacklistReport
object requires an authenticated Centra instance. fetch_customer_label
retrieves the GC label corresponding to a given customer.fetch_incidents
retrieves all Bad Reputation incidents from an authenticated Centra instance.build_report
instantiates aBlacklistEntry
object for each incident retrieved infetch_incidents
.build_report_str
creates a string (HTML or plaintext) representation of a `BlacklistReport' object.
BlacklistEntry
- Note: Besides the
src
,destinations
, andports
properties, all properties ofBlacklistEntry
are READ-ONLY add_destination
appends destination ip addresses to aBlacklistEntry
object's (unique) destination list.add_ports
appends destination ports to aBlacklistEntry
object's (unique) port list.
IpEntry
- Note:
IpEntry
is an inner class ofBlacklistEntry
. Furthermore, all properties ofIpEntry
are READ-ONLY
ThreatData
- Note: This class has no constructor, and has a single class variable:
OPSWAT_KEY
set_opswat_key
sets the class variableOPSWAT_KEY
to the provided key
Logging
- A default logging configuration has been defined in
BlacklistReport.__init__.py
. - By default, log messages are recorded in a top-level file called
dailyblacklistreporting.log
.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
BlacklistReport-0.3.1.tar.gz
(20.0 kB
view hashes)
Built Distribution
Close
Hashes for BlacklistReport-0.3.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 700c2fe2439bf40485896aa604ac2e47baceef2fbeb8ece2c82e18f4bfe7952b |
|
MD5 | 9d2353dcf07c3e66531d29f0b2ad21c8 |
|
BLAKE2b-256 | f5907df932ad6766775e5e87777f51306391b35e0997402e324f5010cc04e523 |