certstream + analytics
Project description
Certstream + Analytics
Installation
The package can be installed from PyPI
pip install certstream-analytics
Usage
import time
from certstream_analytics.analysers import Debugger
from certstream_analytics.transformers import CertstreamTransformer
from certstream_analytics.storages import ElasticsearchStorage
from certstream_analytics.stream import CertstreamAnalytics
done = False
# This will just print out the record for debugging purpose
debugger = Debugger()
# The following fields are filtered out and indexed:
# - String: domain
# - List: SAN
# - List: Trust chain
# - Timestamp: Not before
# - Timestamp: Not after
# - Timestamp: Seen
transformer = CertstreamTransformer()
# Indexed the data in Elasticsearch
storage = ElasticsearchStorage(hosts=['localhost:9200'])
consumer = CertstreamAnalytics(transformer=transformer,
storage=storage,
analyser=debugger)
# The consumer is run in another thread so this function is non-blocking
consumer.start()
while not done:
time.sleep(1)
consumer.stop()
Most popular domains matching (for Anti-phishing)
A domain and its SAN from Certstream will be compared against a list of most popular domains (from OpenDNS). This is a simple check to remove some of the most obvious phishing domains, for examples, www.facebook.com.msg40.site will match with facebook cause facebook is in the above list of most popular domains (I wonder how long it is going to last).
Aho-Corasick
from certstream_analytics.analysers import AhoCorasickDomainMatching
with open('opendns-top-domains.txt')) as fhandle:
domains = [line.rstrip() for line in fhandle]
# The list of domains to match against
domain_matching_analyser = AhoCorasickDomainMatching(domains)
consumer = CertstreamAnalytics(transformer=transformer,
analyser=domain_matching_analyser)
# Need to think about what to do with the matching result
consumer.start()
while not done:
time.sleep(1)
consumer.stop()
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for certstream-analytics-0.1.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | bdebfc3ef0d98769af0fea23befb5bf2b8973a7d1190bb99cb375faeb73ff10b |
|
MD5 | 9bb973e2b569990b0918b35d58d661ec |
|
BLAKE2b-256 | ad5fecc957891ad36db0dd6debe26dfda9d82618060f4dd810f1eb954b6cb81d |
Close
Hashes for certstream_analytics-0.1.2-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8f3f4025e8babbb0d07ca8f574b4a61a6f769f237546164f772baa8899189f25 |
|
MD5 | 706699a75049084c5c2167b020313e1d |
|
BLAKE2b-256 | 4e0c64f91f159322ea1ce7303a9e5f22baf32497d156c28479e611c4efd7a88e |