-
Notifications
You must be signed in to change notification settings - Fork 1
/
panostoblock.py
64 lines (33 loc) · 1.16 KB
/
panostoblock.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
import os
import untangle
import requests
import time
# Environment Specific Variables
Key = '&key=ADD YOUR API KEY HERE'
BaseUrl = 'ADD YOUR BASE URL HERE'
ThreatCall = 'ADD YOUR API CALL TO QUERY THE THREAT LOGS'
JobCall = '?type=log&action=get&job-id='
PathToBlackList = 'PATH TO THE BLACKLIST FILE'
FileName = 'NAME THE BLACKLIST FILE'
# Queue the Query and Parse the Job ID
JobId = requests.get(BaseUrl + ThreatCall + Key, verify=False)
JobCallResponse = untangle.parse(JobId.text)
GetJobId = JobCallResponse.response.result.job.cdata
# Give the job a bit to run
time.sleep(30)
# Pull the logs
XmlLogs = requests.get(BaseUrl + JobCall + GetJobId + Key, verify=False)
# Convert the text to XML
ParsedXmlLogs = untangle.parse(XmlLogs.text)
# Open the blacklist and clear the file
os.chdir(PathToBlackList)
NewBlackList = open(FileName, 'r+')
NewBlackList.truncate()
# Dedupe and write the ip addresses to the blacklist
Ips = set()
for entry in ParsedXmlLogs.response.result.log.logs.entry:
if entry.src.cdata not in Ips:
NewBlackList.write(entry.src.cdata + '\n')
Ips.add(entry.src.cdata)
# Close the blacklist
NewBlackList.close()