Python Code

Python Code

zoho-getCI-Router.py

# coding=utf-8
import requests
import json

CINameValue = []
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
    <citype>
    <name>Router</name>
        <criterias>
            <criteria>
                <parameter>
                    <name compOperator="CONTAINS">CI Name</name>
                    <value>*</value>
                </parameter>
            </criteria>
        </criterias>
        <returnFields>
            <name>CI Name</name>
        </returnFields>
        <range>
        <startindex>1</startindex>
        <limit>100000</limit>
        </range>
    </citype>
</API>"""

argsCIName = {
    'OPERATION_NAME': 'read',
    'format': 'json',
    "TECHNICIAN_KEY": tocken,
    "INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
#print response.text
response = json.loads(response.text)

for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
    CINameDataList = CINamevalueData.values()
    CINameValue.append(CINameDataList[0])

for CINAME in CINameValue:  ### 获取到ciname信息
    input_data = '''<?xml version="1.0" encoding="UTF-8"?>
    <API version="1.0">   
            <citype>
                <name>Router</name>
                <criterias>
                    <criteria>
                        <parameter>
                            <name compOperator="IS">CI Name</name>
                            <value>%s</value>
                        </parameter>
                    </criteria>
                </criterias>
                <returnFields>
                 <name>IP Address</name>
                  <name>CI Name</name>
                  <name>Mac Address</name>
                  <name>Department</name>
                  <name>Business Impact</name>
                  <name>Site</name>
                  <name>CI Type</name>
                </returnFields>
                <sortFields sortOrder="desc">
                    <name>Product Name</name>
                </sortFields>
            </citype>
</API>''' % CINAME

    argsDetailed = {
        'OPERATION_NAME': 'read',
        'format': 'json',
        "TECHNICIAN_KEY": tocken,
        "INPUT_DATA": input_data
    }
    response = requests.post(url=url, params=argsDetailed)
    #print response.text
    response = json.loads(response.text)
    IP = ""
    Mac = ""
    try:
        totalSubRecords = response['API']['response']['operation']['Details']['field-values']['record']['value'][5]['totalSubRecords']
        SubRecord = response['API']['response']['operation']['Details']['field-values']['record']['value'][5]['SubRecord']

    except TypeError:
        SubRecord = None
        totalSubRecords = None
    DataKey = ["CI Name", "CI Type", "Site", "Business Impact", "Department", "Mac Address", "IP Address"]
    DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value'][0:5]

    if type(SubRecord) == list:
        for SubRecordValue in SubRecord:
            IP = IP + "|" + SubRecordValue['value'][1]
            Mac = Mac + "|" + SubRecordValue['value'][0]
        DataValue.append(Mac.strip("|"))
        DataValue.append(IP.strip("|"))
    elif type(SubRecord) == dict:
        IP = SubRecord['value'][1]
        Mac = SubRecord['value'][0]
        DataValue.append(Mac)
        DataValue.append(IP)
    else:
        IP = None
        Mac = None
        DataValue.append(Mac)
        DataValue.append(IP)
    i = 0
    Dict = {}
    while i < 7:
        Dict[DataKey[i]] = DataValue[i]
        i += 1
    DataValueJSON = json.dumps(Dict, ensure_ascii=False, encoding='utf-8')
    print DataValueJSON

zoho-getCI-StorageDevice.py

# coding=utf-8
import requests
import json

CINameValue = []
CINamevalueData = {}
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
    <citype>
    <name>Storage Device</name>
        <criterias>
            <criteria>
                <parameter>
                    <name compOperator="CONTAINS">CI Name</name>
                    <value>*</value>
                </parameter>
            </criteria>
        </criterias>
        <returnFields>
            <name>CI Name</name>
        </returnFields>
        <range>
        <startindex>1</startindex>
        <limit>100000</limit>
        </range>
    </citype>
</API>"""

argsCIName = {
    'OPERATION_NAME': 'read',
    'format': 'json',
    "TECHNICIAN_KEY": tocken,
    "INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
response = json.loads(response.text)


for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
    CINameDataList = CINamevalueData.values()
    CINameValue.append(CINameDataList[0])

for CINAME in CINameValue:  ### 获取到ciname信息
    input_data = '''<?xml version="1.0" encoding="UTF-8"?>
    <API version="1.0">   
            <citype>
                <name>Storage Device</name>
                <criterias>
                    <criteria>
                        <parameter>
                            <name compOperator="IS">CI Name</name>
                            <value>%s</value>
                        </parameter>
                    </criteria>
                </criterias>
                <returnFields>
                  <name>IP Address</name>
                  <name>CI Name</name>
                  <name>Mac Address</name>
                  <name>Department</name>
                  <name>Business Impact</name>
                  <name>Site</name>
                  <name>CI Type</name>

                </returnFields>
                <sortFields sortOrder="desc">
                    <name>Product Name</name>
                </sortFields>
            </citype>
</API>''' % CINAME

    argsDetailed = {
        'OPERATION_NAME': 'read',
        'format': 'json',
        "TECHNICIAN_KEY": tocken,
        "INPUT_DATA": input_data
    }
    response = requests.post(url=url, params=argsDetailed)
    response = json.loads(response.text)
    # API.response.operation.Details.field-names.name[0].content
    DateKey = response['API']['response']['operation']['Details']['field-names']['name']
    DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value']
    i = 0
    Dict = {}
    while i < 6:
        Dict[DateKey[i]['content']] = DataValue[i]
        i += 1
    DataValueJSON = json.dumps(Dict, ensure_ascii=False, encoding='utf-8')
    print DataValueJSON

zoho-getCI-Switch.py

# coding=utf-8
import requests
import json

CINameValue = []
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
    <citype>
    <name>Switch</name>
        <criterias>
            <criteria>
                <parameter>
                    <name compOperator="CONTAINS">CI Name</name>
                    <value>*</value>
                </parameter>
            </criteria>
        </criterias>
        <returnFields>
            <name>CI Name</name>
        </returnFields>
        <range>
        <startindex>1</startindex>
        <limit>100000</limit>
        </range>
    </citype>
</API>"""

argsCIName = {
    'OPERATION_NAME': 'read',
    'format': 'json',
    "TECHNICIAN_KEY": tocken,
    "INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
#print response.text
response = json.loads(response.text)

for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
    CINameDataList = CINamevalueData.values()
    CINameValue.append(CINameDataList[0])

for CINAME in CINameValue:  ### 获取到ciname信息
    input_data = '''<?xml version="1.0" encoding="UTF-8"?>
    <API version="1.0">   
            <citype>
                <name>Switch</name>
                <criterias>
                    <criteria>
                        <parameter>
                            <name compOperator="IS">CI Name</name>
                            <value>%s</value>
                        </parameter>
                    </criteria>
                </criterias>
                <returnFields>
                 <name>IP Address</name>
                  <name>CI Name</name>
                  <name>Mac Address</name>
                  <name>Department</name>
                  <name>Business Impact</name>
                  <name>Site</name>
                  <name>CI Type</name>
                </returnFields>
                <sortFields sortOrder="desc">
                    <name>Product Name</name>
                </sortFields>
            </citype>
</API>''' % CINAME

    argsDetailed = {
        'OPERATION_NAME': 'read',
        'format': 'json',
        "TECHNICIAN_KEY": tocken,
        "INPUT_DATA": input_data
    }
    response = requests.post(url=url, params=argsDetailed)
    print response.text
    response = json.loads(response.text)
    IP = ""
    Mac = ""
    try:
        totalSubRecords = response['API']['response']['operation']['Details']['field-values']['record']['value'][5]['totalSubRecords']
        SubRecord = response['API']['response']['operation']['Details']['field-values']['record']['value'][5]['SubRecord']

    except TypeError:
        SubRecord = None
        totalSubRecords = None
    DataKey = ["CI Name", "CI Type", "Site", "Business Impact", "Department", "Mac Address", "IP Address"]
    DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value'][0:5]

    if type(SubRecord) == list:
        for SubRecordValue in SubRecord:
            IP = IP + "|" + SubRecordValue['value'][1]
            Mac = Mac + "|" + SubRecordValue['value'][0]
        DataValue.append(Mac.strip("|"))
        DataValue.append(IP.strip("|"))
    elif type(SubRecord) == dict:
        IP = SubRecord['value'][1]
        Mac = SubRecord['value'][0]
        DataValue.append(Mac)
        DataValue.append(IP)
    else:
        IP = None
        Mac = None
        DataValue.append(Mac)
        DataValue.append(IP)
    i = 0
    Dict = {}
    while i < 7:
        Dict[DataKey[i]] = DataValue[i]
        i += 1
    DataValueJSON = json.dumps(Dict, ensure_ascii=False, encoding='utf-8')
    print DataValueJSON

zoho-getCI-IPS.py

# coding=utf-8
import requests
import json

CINameValue = []
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
    <citype>
    <name>IPS</name>
        <criterias>
            <criteria>
                <parameter>
                    <name compOperator="CONTAINS">CI Name</name>
                    <value>*</value>
                </parameter>
            </criteria>
        </criterias>
        <returnFields>
            <name>CI Name</name>
        </returnFields>
        <range>
        <startindex>1</startindex>
        <limit>100000</limit>
        </range>
    </citype>
</API>"""

argsCIName = {
    'OPERATION_NAME': 'read',
    'format': 'json',
    "TECHNICIAN_KEY": tocken,
    "INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
response = json.loads(response.text)

for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
    CINameDataList = CINamevalueData.values()
    CINameValue.append(CINameDataList[0])

for CINAME in CINameValue:  ### 获取到ciname信息
    input_data = '''<?xml version="1.0" encoding="UTF-8"?>
    <API version="1.0">   
            <citype>
                <name>IPS</name>
                <criterias>
                    <criteria>
                        <parameter>
                            <name compOperator="IS">CI Name</name>
                            <value>%s</value>
                        </parameter>
                    </criteria>
                </criterias>
                <returnFields>
                  <name>IP Address</name>
                  <name>CI Name</name>
                  <name>Mac Address</name>
                  <name>Department</name>
                  <name>Business Impact</name>
                  <name>Site</name>
                  <name>CI Type</name>

                </returnFields>
                <sortFields sortOrder="desc">
                    <name>Product Name</name>
                </sortFields>
            </citype>
</API>''' % CINAME

    argsDetailed = {
        'OPERATION_NAME': 'read',
        'format': 'json',
        "TECHNICIAN_KEY": tocken,
        "INPUT_DATA": input_data
    }
    response = requests.post(url=url, params=argsDetailed)
    response = json.loads(response.text)
    # API.response.operation.Details.field-names.name[0].content
    DateKey = response['API']['response']['operation']['Details']['field-names']['name']
    DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value']
    i = 0
    Dict = {}
    while i < 6:
        Dict[DateKey[i]['content']] = DataValue[i]
        i += 1
    DataValueJSON = json.dumps(Dict, ensure_ascii=False, encoding='utf-8')
    print DataValueJSON

zoho-getCI-Firewall.py

# coding=utf-8
import requests
import json

CINameValue = []
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
    <citype>
    <name>Firewall</name>
        <criterias>
            <criteria>
                <parameter>
                    <name compOperator="CONTAINS">CI Name</name>
                    <value>*</value>
                </parameter>
            </criteria>
        </criterias>
        <returnFields>
            <name>CI Name</name>
        </returnFields>
        <range>
        <startindex>1</startindex>
        <limit>100000</limit>
        </range>
    </citype>
</API>"""

argsCIName = {
    'OPERATION_NAME': 'read',
    'format': 'json',
    "TECHNICIAN_KEY": tocken,
    "INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
response = json.loads(response.text)

for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
    CINameDataList = CINamevalueData.values()
    CINameValue.append(CINameDataList[0])

for CINAME in CINameValue:  ### 获取到ciname信息
    input_data = '''<?xml version="1.0" encoding="UTF-8"?>
    <API version="1.0">   
            <citype>
                <name>Firewall</name>
                <criterias>
                    <criteria>
                        <parameter>
                            <name compOperator="IS">CI Name</name>
                            <value>%s</value>
                        </parameter>
                    </criteria>
                </criterias>
                <returnFields>
                  <name>IP Address</name>
                  <name>CI Name</name>
                  <name>Mac Address</name>
                  <name>Department</name>
                  <name>Business Impact</name>
                  <name>Site</name>
                  <name>CI Type</name>

                </returnFields>
                <sortFields sortOrder="desc">
                    <name>Product Name</name>
                </sortFields>
            </citype>
</API>''' % CINAME

    argsDetailed = {
        'OPERATION_NAME': 'read',
        'format': 'json',
        "TECHNICIAN_KEY": tocken,
        "INPUT_DATA": input_data
    }
    response = requests.post(url=url, params=argsDetailed)
    response = json.loads(response.text)
    # API.response.operation.Details.field-names.name[0].content
    DateKey = response['API']['response']['operation']['Details']['field-names']['name']
    DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value']
    i = 0
    Dict = {}
    while i < 6:
        Dict[DateKey[i]['content']] = DataValue[i]
        i += 1
    DataValueJSON = json.dumps(Dict, ensure_ascii=False, encoding='utf-8')
    print DataValueJSON

zoho-getCI-Workstation.py

# coding=utf-8
import requests
import json

CINameValue = []
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
    <citype>
    <name>Workstation</name>
        <criterias>
            <criteria>
                <parameter>
                    <name compOperator="CONTAINS">CI Name</name>
                    <value>*</value>
                </parameter>
            </criteria>
        </criterias>
        <returnFields>
            <name>CI Name</name>
        </returnFields>
        <range>
        <startindex>1</startindex>
        <limit>100</limit>
        </range>
    </citype>
</API>"""

argsCIName = {
    'OPERATION_NAME': 'read',
    'format': 'json',
    "TECHNICIAN_KEY": tocken,
    "INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
#print response.text
response = json.loads(response.text)

for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
    CINameDataList = CINamevalueData.values()
    CINameValue.append(CINameDataList[0])

for CINAME in CINameValue:  ### 获取到ciname信息
    input_data = '''<?xml version="1.0" encoding="UTF-8"?>
    <API version="1.0">   
            <citype>
                <name>Workstation</name>
                <criterias>
                    <criteria>
                        <parameter>
                            <name compOperator="IS">CI Name</name>
                            <value>%s</value>
                        </parameter>
                    </criteria>
                </criterias>
                <returnFields>
                 <name>IP Address</name>
                  <name>CI Name</name>
                  <name>Mac Address</name>
                  <name>Department</name>
                  <name>Business Impact</name>
                  <name>Site</name>
                  <name>CI Type</name>
                </returnFields>
                <sortFields sortOrder="desc">
                    <name>Product Name</name>
                </sortFields>
            </citype>
</API>''' % CINAME

    argsDetailed = {
        'OPERATION_NAME': 'read',
        'format': 'json',
        "TECHNICIAN_KEY": tocken,
        "INPUT_DATA": input_data
    }
    response = requests.post(url=url, params=argsDetailed)
    #print response.text
    response = json.loads(response.text)
    IP = ""
    Mac = ""
    try:
        totalSubRecords = response['API']['response']['operation']['Details']['field-values']['record']['value'][5]['totalSubRecords']
        SubRecord = response['API']['response']['operation']['Details']['field-values']['record']['value'][5]['SubRecord']

    except TypeError:
        SubRecord = None
        totalSubRecords = None
    DataKey = ["CI Name", "CI Type", "Site", "Business Impact", "Department", "Mac Address", "IP Address"]
    DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value'][0:5]

    if type(SubRecord) == list:
        for SubRecordValue in SubRecord:
            IP = IP + "|" + SubRecordValue['value'][1]
            Mac = Mac + "|" + SubRecordValue['value'][0]
        DataValue.append(IP.strip("|"))
        DataValue.append(Mac.strip("|"))
    elif type(SubRecord) == dict:
        DataValue.append(SubRecord['value'][1])
        DataValue.append(SubRecord['value'][0])
    else:
        IP = None
        Mac = None
        DataValue.append(IP)
        DataValue.append(Mac)
    i = 0
    Dict = {}
    while i < 7:
        Dict[DataKey[i]] = DataValue[i]
        i += 1
    DataValueJSON = json.dumps(Dict)
    print DataValueJSON

zoho-getCI-Server.py

# coding=utf-8
import requests
import json

CINameValue = []
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
    <citype>
    <name>Server</name>
        <criterias>
            <criteria>
                <parameter>
                    <name compOperator="CONTAINS">CI Name</name>
                    <value>*</value>
                </parameter>
            </criteria>
        </criterias>
        <returnFields>
            <name>CI Name</name>
        </returnFields>
        <range>
        <startindex>1</startindex>
        <limit>100</limit>
        </range>
    </citype>
</API>"""

argsCIName = {
    'OPERATION_NAME': 'read',
    'format': 'json',
    "TECHNICIAN_KEY": tocken,
    "INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
response = json.loads(response.text)

for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
    CINameDataList = CINamevalueData.values()
    CINameValue.append(CINameDataList[0])

for CINAME in CINameValue:  ### 获取到ciname信息
    input_data = '''<?xml version="1.0" encoding="UTF-8"?>
    <API version="1.0">   
            <citype>
                <name>Server</name>
                <criterias>
                    <criteria>
                        <parameter>
                            <name compOperator="IS">CI Name</name>
                            <value>%s</value>
                        </parameter>
                    </criteria>
                </criterias>
                <returnFields>
                  <name>IP Address</name>
                  <name>CI Name</name>
                  <name>Mac Address</name>
                  <name>Department</name>
                  <name>Business Impact</name>
                  <name>Site</name>
                  <name>CI Type</name>

                </returnFields>
                <sortFields sortOrder="desc">
                    <name>Product Name</name>
                </sortFields>
            </citype>
</API>''' % CINAME

    argsDetailed = {
        'OPERATION_NAME': 'read',
        'format': 'json',
        "TECHNICIAN_KEY": tocken,
        "INPUT_DATA": input_data
    }
    response = requests.post(url=url, params=argsDetailed)
    response = json.loads(response.text)
    DateKey = response['API']['response']['operation']['Details']['field-names']['name']
    DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value']
    i = 0
    Dict = {}
    while i < 6:
        Dict[DateKey[i]['content']] = DataValue[i]
        i += 1
    DataValueJSON = json.dumps(Dict)
    print DataValueJSON

threatbook_tip.py

# -*- coding: utf-8 -*-

import urllib2
import json
import sys
import logging

reload(sys);
sys.setdefaultencoding("utf8")

level = logging.DEBUG
DATE_FORMAT = '[%(asctime)s] %(levelname)s %(message)s'
LOG_FORMAT = '%Y-%m-%d %H:%M:%S'
filename = "/data/rizhiyi/logs/splserver/threat_ip_query.log"
logging.basicConfig(filename=filename,level=level,filemode='a',format=DATE_FORMAT,datefmt=LOG_FORMAT)

apikey = "1d5feb0fa35f47659d07b01292d5f696d3c941a36ae240498777777a5a40a828"
apiurl = "https://api.threatbook.cn/v3/ip/query"


def TiSearch(data):
    url = apiurl+"?apikey="+apikey+"&resource="+data
    proxy = urllib2.ProxyHandler({"http":"proxyinygsc.huawei.com:8080","https":"proxyin.gsc.huawei.com:8080"})
    opener = urllib2.build_opener(proxy)
    urllib2.install_opener(opener)
    req = urllib2.Request(url)
    conn = urllib2.urlopen(req)
    ti = conn.read()
    logging.info("query ip:"+data+",query source:siem")
    result = json.loads(ti)
    ti = {}
    if result["response_code"] == 0:
        content = []
        data = {}
        ip = result['data'].keys()[0]
        data['ip'] = ip
        result['data'][ip]['judgments'] = ",".join(result['data'][ip]['judgments'])
        data['data'] = result['data'][ip]
        content.append(data)
        ti['content'] = content

    else:
        content = []
        data = {}
        data['response_code'] = result['response_code']
        data['verbose_msg'] = result['verbose_msg']
        content.append(data)
        ti['content'] = content
    return ti
if __name__ == '__main__':
    query_data = sys.argv[1]
    result = TiSearch(query_data)
    print json.dumps(result)

sdpassetPythonCode.tar

[splunklib]
(https://www.hesc.info/upload/2020/11/splunklib-46c6cfb2c20e4c6dbd028cdb562f1689.tgz)

Copyright: 采用 知识共享署名4.0 国际许可协议进行许可

Links: https://www.hesc.info/archives/20201104144217

Buy me a cup of coffee ☕.