Skip to main content

Bad Reputation (Blacklisted IP) Incident Reporting.

Project description

Daily Blacklisted IP Reporting

Document Bad Reputation incidents in GuardiCore Centra (GC).

Howto

Primary use cases of the BlacklistReport package are displayed in main.py.

main.py shows, through use of environment variables SAVE_HTML and SAVE_PLAINTEXT, the following use cases:

  • Save an html report to an html file.
  • Save a plaintext report to a text file.

BlacklistReport.generate_blacklist_report

  • generate_blacklist_report generates a blacklisted IP report in both html and plaintext formats.
  • Omitting use cases in which intermediate data must be collected, generate_blacklist_report is the only function call required to generate a blacklist report.

Classes

  • BlacklistReport is responsible for high-level data collection & formatting.
  • BlacklistEntry defines the outline for entries in a blacklist report.
  • IpEntry inner class of BlacklistEntry; defines the structure of IP entries.
  • ThreatData singleton-esque class for fetching threat intel summaries.

BlacklistReport

  • Initialization: Instantiating a BlacklistReport object requires an authenticated Centra instance.
  • fetch_customer_label retrieves the GC label corresponding to a given customer.
  • fetch_incidents retrieves all Bad Reputation incidents from an authenticated Centra instance.
  • build_report instantiates a BlacklistEntry object for each incident retrieved in fetch_incidents.
  • build_report_str creates a string (HTML or plaintext) representation of a `BlacklistReport' object.

BlacklistEntry

  • Note: Besides the src, destinations, and ports properties, all properties of BlacklistEntry are READ-ONLY
  • add_destination appends destination ip addresses to a BlacklistEntry object's (unique) destination list.
  • add_ports appends destination ports to a BlacklistEntry object's (unique) port list.

IpEntry

  • Note: IpEntry is an inner class of BlacklistEntry. Furthermore, all properties of IpEntry are READ-ONLY

ThreatData

  • Note: This class has no constructor, and has a single class variable: OPSWAT_KEY
  • set_opswat_key sets the class variable OPSWAT_KEY to the provided key

Logging

  • A default logging configuration has been defined in BlacklistReport.__init__.py.
  • By default, log messages are recorded in a top-level file called dailyblacklistreporting.log.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

BlacklistReport-0.4.0.tar.gz (20.6 kB view hashes)

Uploaded Source

Built Distribution

BlacklistReport-0.4.0-py3-none-any.whl (21.0 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page