zoho-getCI-Router.py
# coding=utf-8
import requests
import json
CINameValue = []
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
<citype>
<name>Router</name>
<criterias>
<criteria>
<parameter>
<name compOperator="CONTAINS">CI Name</name>
<value>*</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>CI Name</name>
</returnFields>
<range>
<startindex>1</startindex>
<limit>100000</limit>
</range>
</citype>
</API>"""
argsCIName = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
#print response.text
response = json.loads(response.text)
for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
CINameDataList = CINamevalueData.values()
CINameValue.append(CINameDataList[0])
for CINAME in CINameValue: ### 获取到ciname信息
input_data = '''<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0">
<citype>
<name>Router</name>
<criterias>
<criteria>
<parameter>
<name compOperator="IS">CI Name</name>
<value>%s</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>IP Address</name>
<name>CI Name</name>
<name>Mac Address</name>
<name>Department</name>
<name>Business Impact</name>
<name>Site</name>
<name>CI Type</name>
</returnFields>
<sortFields sortOrder="desc">
<name>Product Name</name>
</sortFields>
</citype>
</API>''' % CINAME
argsDetailed = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url=url, params=argsDetailed)
#print response.text
response = json.loads(response.text)
IP = ""
Mac = ""
try:
totalSubRecords = response['API']['response']['operation']['Details']['field-values']['record']['value'][5]['totalSubRecords']
SubRecord = response['API']['response']['operation']['Details']['field-values']['record']['value'][5]['SubRecord']
except TypeError:
SubRecord = None
totalSubRecords = None
DataKey = ["CI Name", "CI Type", "Site", "Business Impact", "Department", "Mac Address", "IP Address"]
DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value'][0:5]
if type(SubRecord) == list:
for SubRecordValue in SubRecord:
IP = IP + "|" + SubRecordValue['value'][1]
Mac = Mac + "|" + SubRecordValue['value'][0]
DataValue.append(Mac.strip("|"))
DataValue.append(IP.strip("|"))
elif type(SubRecord) == dict:
IP = SubRecord['value'][1]
Mac = SubRecord['value'][0]
DataValue.append(Mac)
DataValue.append(IP)
else:
IP = None
Mac = None
DataValue.append(Mac)
DataValue.append(IP)
i = 0
Dict = {}
while i < 7:
Dict[DataKey[i]] = DataValue[i]
i += 1
DataValueJSON = json.dumps(Dict, ensure_ascii=False, encoding='utf-8')
print DataValueJSON
zoho-getCI-StorageDevice.py
# coding=utf-8
import requests
import json
CINameValue = []
CINamevalueData = {}
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
<citype>
<name>Storage Device</name>
<criterias>
<criteria>
<parameter>
<name compOperator="CONTAINS">CI Name</name>
<value>*</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>CI Name</name>
</returnFields>
<range>
<startindex>1</startindex>
<limit>100000</limit>
</range>
</citype>
</API>"""
argsCIName = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
response = json.loads(response.text)
for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
CINameDataList = CINamevalueData.values()
CINameValue.append(CINameDataList[0])
for CINAME in CINameValue: ### 获取到ciname信息
input_data = '''<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0">
<citype>
<name>Storage Device</name>
<criterias>
<criteria>
<parameter>
<name compOperator="IS">CI Name</name>
<value>%s</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>IP Address</name>
<name>CI Name</name>
<name>Mac Address</name>
<name>Department</name>
<name>Business Impact</name>
<name>Site</name>
<name>CI Type</name>
</returnFields>
<sortFields sortOrder="desc">
<name>Product Name</name>
</sortFields>
</citype>
</API>''' % CINAME
argsDetailed = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url=url, params=argsDetailed)
response = json.loads(response.text)
# API.response.operation.Details.field-names.name[0].content
DateKey = response['API']['response']['operation']['Details']['field-names']['name']
DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value']
i = 0
Dict = {}
while i < 6:
Dict[DateKey[i]['content']] = DataValue[i]
i += 1
DataValueJSON = json.dumps(Dict, ensure_ascii=False, encoding='utf-8')
print DataValueJSON
zoho-getCI-Switch.py
# coding=utf-8
import requests
import json
CINameValue = []
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
<citype>
<name>Switch</name>
<criterias>
<criteria>
<parameter>
<name compOperator="CONTAINS">CI Name</name>
<value>*</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>CI Name</name>
</returnFields>
<range>
<startindex>1</startindex>
<limit>100000</limit>
</range>
</citype>
</API>"""
argsCIName = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
#print response.text
response = json.loads(response.text)
for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
CINameDataList = CINamevalueData.values()
CINameValue.append(CINameDataList[0])
for CINAME in CINameValue: ### 获取到ciname信息
input_data = '''<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0">
<citype>
<name>Switch</name>
<criterias>
<criteria>
<parameter>
<name compOperator="IS">CI Name</name>
<value>%s</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>IP Address</name>
<name>CI Name</name>
<name>Mac Address</name>
<name>Department</name>
<name>Business Impact</name>
<name>Site</name>
<name>CI Type</name>
</returnFields>
<sortFields sortOrder="desc">
<name>Product Name</name>
</sortFields>
</citype>
</API>''' % CINAME
argsDetailed = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url=url, params=argsDetailed)
print response.text
response = json.loads(response.text)
IP = ""
Mac = ""
try:
totalSubRecords = response['API']['response']['operation']['Details']['field-values']['record']['value'][5]['totalSubRecords']
SubRecord = response['API']['response']['operation']['Details']['field-values']['record']['value'][5]['SubRecord']
except TypeError:
SubRecord = None
totalSubRecords = None
DataKey = ["CI Name", "CI Type", "Site", "Business Impact", "Department", "Mac Address", "IP Address"]
DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value'][0:5]
if type(SubRecord) == list:
for SubRecordValue in SubRecord:
IP = IP + "|" + SubRecordValue['value'][1]
Mac = Mac + "|" + SubRecordValue['value'][0]
DataValue.append(Mac.strip("|"))
DataValue.append(IP.strip("|"))
elif type(SubRecord) == dict:
IP = SubRecord['value'][1]
Mac = SubRecord['value'][0]
DataValue.append(Mac)
DataValue.append(IP)
else:
IP = None
Mac = None
DataValue.append(Mac)
DataValue.append(IP)
i = 0
Dict = {}
while i < 7:
Dict[DataKey[i]] = DataValue[i]
i += 1
DataValueJSON = json.dumps(Dict, ensure_ascii=False, encoding='utf-8')
print DataValueJSON
zoho-getCI-IPS.py
# coding=utf-8
import requests
import json
CINameValue = []
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
<citype>
<name>IPS</name>
<criterias>
<criteria>
<parameter>
<name compOperator="CONTAINS">CI Name</name>
<value>*</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>CI Name</name>
</returnFields>
<range>
<startindex>1</startindex>
<limit>100000</limit>
</range>
</citype>
</API>"""
argsCIName = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
response = json.loads(response.text)
for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
CINameDataList = CINamevalueData.values()
CINameValue.append(CINameDataList[0])
for CINAME in CINameValue: ### 获取到ciname信息
input_data = '''<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0">
<citype>
<name>IPS</name>
<criterias>
<criteria>
<parameter>
<name compOperator="IS">CI Name</name>
<value>%s</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>IP Address</name>
<name>CI Name</name>
<name>Mac Address</name>
<name>Department</name>
<name>Business Impact</name>
<name>Site</name>
<name>CI Type</name>
</returnFields>
<sortFields sortOrder="desc">
<name>Product Name</name>
</sortFields>
</citype>
</API>''' % CINAME
argsDetailed = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url=url, params=argsDetailed)
response = json.loads(response.text)
# API.response.operation.Details.field-names.name[0].content
DateKey = response['API']['response']['operation']['Details']['field-names']['name']
DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value']
i = 0
Dict = {}
while i < 6:
Dict[DateKey[i]['content']] = DataValue[i]
i += 1
DataValueJSON = json.dumps(Dict, ensure_ascii=False, encoding='utf-8')
print DataValueJSON
zoho-getCI-Firewall.py
# coding=utf-8
import requests
import json
CINameValue = []
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
<citype>
<name>Firewall</name>
<criterias>
<criteria>
<parameter>
<name compOperator="CONTAINS">CI Name</name>
<value>*</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>CI Name</name>
</returnFields>
<range>
<startindex>1</startindex>
<limit>100000</limit>
</range>
</citype>
</API>"""
argsCIName = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
response = json.loads(response.text)
for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
CINameDataList = CINamevalueData.values()
CINameValue.append(CINameDataList[0])
for CINAME in CINameValue: ### 获取到ciname信息
input_data = '''<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0">
<citype>
<name>Firewall</name>
<criterias>
<criteria>
<parameter>
<name compOperator="IS">CI Name</name>
<value>%s</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>IP Address</name>
<name>CI Name</name>
<name>Mac Address</name>
<name>Department</name>
<name>Business Impact</name>
<name>Site</name>
<name>CI Type</name>
</returnFields>
<sortFields sortOrder="desc">
<name>Product Name</name>
</sortFields>
</citype>
</API>''' % CINAME
argsDetailed = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url=url, params=argsDetailed)
response = json.loads(response.text)
# API.response.operation.Details.field-names.name[0].content
DateKey = response['API']['response']['operation']['Details']['field-names']['name']
DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value']
i = 0
Dict = {}
while i < 6:
Dict[DateKey[i]['content']] = DataValue[i]
i += 1
DataValueJSON = json.dumps(Dict, ensure_ascii=False, encoding='utf-8')
print DataValueJSON
zoho-getCI-Workstation.py
# coding=utf-8
import requests
import json
CINameValue = []
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
<citype>
<name>Workstation</name>
<criterias>
<criteria>
<parameter>
<name compOperator="CONTAINS">CI Name</name>
<value>*</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>CI Name</name>
</returnFields>
<range>
<startindex>1</startindex>
<limit>100</limit>
</range>
</citype>
</API>"""
argsCIName = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
#print response.text
response = json.loads(response.text)
for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
CINameDataList = CINamevalueData.values()
CINameValue.append(CINameDataList[0])
for CINAME in CINameValue: ### 获取到ciname信息
input_data = '''<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0">
<citype>
<name>Workstation</name>
<criterias>
<criteria>
<parameter>
<name compOperator="IS">CI Name</name>
<value>%s</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>IP Address</name>
<name>CI Name</name>
<name>Mac Address</name>
<name>Department</name>
<name>Business Impact</name>
<name>Site</name>
<name>CI Type</name>
</returnFields>
<sortFields sortOrder="desc">
<name>Product Name</name>
</sortFields>
</citype>
</API>''' % CINAME
argsDetailed = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url=url, params=argsDetailed)
#print response.text
response = json.loads(response.text)
IP = ""
Mac = ""
try:
totalSubRecords = response['API']['response']['operation']['Details']['field-values']['record']['value'][5]['totalSubRecords']
SubRecord = response['API']['response']['operation']['Details']['field-values']['record']['value'][5]['SubRecord']
except TypeError:
SubRecord = None
totalSubRecords = None
DataKey = ["CI Name", "CI Type", "Site", "Business Impact", "Department", "Mac Address", "IP Address"]
DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value'][0:5]
if type(SubRecord) == list:
for SubRecordValue in SubRecord:
IP = IP + "|" + SubRecordValue['value'][1]
Mac = Mac + "|" + SubRecordValue['value'][0]
DataValue.append(IP.strip("|"))
DataValue.append(Mac.strip("|"))
elif type(SubRecord) == dict:
DataValue.append(SubRecord['value'][1])
DataValue.append(SubRecord['value'][0])
else:
IP = None
Mac = None
DataValue.append(IP)
DataValue.append(Mac)
i = 0
Dict = {}
while i < 7:
Dict[DataKey[i]] = DataValue[i]
i += 1
DataValueJSON = json.dumps(Dict)
print DataValueJSON
zoho-getCI-Server.py
# coding=utf-8
import requests
import json
CINameValue = []
url = "http://192.168.10.5:8080/api/cmdb/ci"
tocken = "470CD3BC-31AB-4044-A022-BCD53C3E4CC7"
input_data = """<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0" locale="en">
<citype>
<name>Server</name>
<criterias>
<criteria>
<parameter>
<name compOperator="CONTAINS">CI Name</name>
<value>*</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>CI Name</name>
</returnFields>
<range>
<startindex>1</startindex>
<limit>100</limit>
</range>
</citype>
</API>"""
argsCIName = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url, params=argsCIName)
response = json.loads(response.text)
for CINamevalueData in response['API']['response']['operation']['Details']['field-values']['record']:
CINameDataList = CINamevalueData.values()
CINameValue.append(CINameDataList[0])
for CINAME in CINameValue: ### 获取到ciname信息
input_data = '''<?xml version="1.0" encoding="UTF-8"?>
<API version="1.0">
<citype>
<name>Server</name>
<criterias>
<criteria>
<parameter>
<name compOperator="IS">CI Name</name>
<value>%s</value>
</parameter>
</criteria>
</criterias>
<returnFields>
<name>IP Address</name>
<name>CI Name</name>
<name>Mac Address</name>
<name>Department</name>
<name>Business Impact</name>
<name>Site</name>
<name>CI Type</name>
</returnFields>
<sortFields sortOrder="desc">
<name>Product Name</name>
</sortFields>
</citype>
</API>''' % CINAME
argsDetailed = {
'OPERATION_NAME': 'read',
'format': 'json',
"TECHNICIAN_KEY": tocken,
"INPUT_DATA": input_data
}
response = requests.post(url=url, params=argsDetailed)
response = json.loads(response.text)
DateKey = response['API']['response']['operation']['Details']['field-names']['name']
DataValue = response['API']['response']['operation']['Details']['field-values']['record']['value']
i = 0
Dict = {}
while i < 6:
Dict[DateKey[i]['content']] = DataValue[i]
i += 1
DataValueJSON = json.dumps(Dict)
print DataValueJSON
threatbook_tip.py
# -*- coding: utf-8 -*-
import urllib2
import json
import sys
import logging
reload(sys);
sys.setdefaultencoding("utf8")
level = logging.DEBUG
DATE_FORMAT = '[%(asctime)s] %(levelname)s %(message)s'
LOG_FORMAT = '%Y-%m-%d %H:%M:%S'
filename = "/data/rizhiyi/logs/splserver/threat_ip_query.log"
logging.basicConfig(filename=filename,level=level,filemode='a',format=DATE_FORMAT,datefmt=LOG_FORMAT)
apikey = "1d5feb0fa35f47659d07b01292d5f696d3c941a36ae240498777777a5a40a828"
apiurl = "https://api.threatbook.cn/v3/ip/query"
def TiSearch(data):
url = apiurl+"?apikey="+apikey+"&resource="+data
proxy = urllib2.ProxyHandler({"http":"proxyinygsc.huawei.com:8080","https":"proxyin.gsc.huawei.com:8080"})
opener = urllib2.build_opener(proxy)
urllib2.install_opener(opener)
req = urllib2.Request(url)
conn = urllib2.urlopen(req)
ti = conn.read()
logging.info("query ip:"+data+",query source:siem")
result = json.loads(ti)
ti = {}
if result["response_code"] == 0:
content = []
data = {}
ip = result['data'].keys()[0]
data['ip'] = ip
result['data'][ip]['judgments'] = ",".join(result['data'][ip]['judgments'])
data['data'] = result['data'][ip]
content.append(data)
ti['content'] = content
else:
content = []
data = {}
data['response_code'] = result['response_code']
data['verbose_msg'] = result['verbose_msg']
content.append(data)
ti['content'] = content
return ti
if __name__ == '__main__':
query_data = sys.argv[1]
result = TiSearch(query_data)
print json.dumps(result)
[splunklib]
(https://www.hesc.info/upload/2020/11/splunklib-46c6cfb2c20e4c6dbd028cdb562f1689.tgz)
-d2979772834f4346a961b123d2a49447.jpg)
评论区