зеркало из https://github.com/mozilla/MozDef.git
159 строки
3.7 KiB
Plaintext
159 строки
3.7 KiB
Plaintext
{
|
|
"cells": [
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": 16,
|
|
"metadata": {
|
|
"collapsed": true
|
|
},
|
|
"outputs": [],
|
|
"source": [
|
|
"import requests\n",
|
|
"import json\n",
|
|
"from datetime import datetime"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": 18,
|
|
"metadata": {
|
|
"collapsed": false
|
|
},
|
|
"outputs": [],
|
|
"source": [
|
|
"#put a doc in to test\n",
|
|
"anevent=json.loads(r'''{\n",
|
|
" \"category\": \"syslog\",\n",
|
|
" \"processid\": \"0\",\n",
|
|
" \"severity\": \"ERROR\",\n",
|
|
" \"utctimestamp\": \"\",\n",
|
|
" \"timestamp\": \"\",\n",
|
|
" \"hostname\": \"testhost.somewhere.com\",\n",
|
|
" \"summary\": \"Failed none for invalid user janitor from 10.2.7.203 port 53524 ssh2\\n\",\n",
|
|
" \"eventsource\": \"systemslogs\",\n",
|
|
" \"details\": {\n",
|
|
" \"processid\": \"14148\",\n",
|
|
" \"hostname\": \"testvictim.somewhere.com\",\n",
|
|
" \"program\": \"sshd\",\n",
|
|
" \"sourceipaddress\": \"10.2.7.203\"\n",
|
|
" }\n",
|
|
" }''')"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": 19,
|
|
"metadata": {
|
|
"collapsed": false
|
|
},
|
|
"outputs": [],
|
|
"source": [
|
|
"anevent['timestamp']=datetime.now().isoformat()"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": 20,
|
|
"metadata": {
|
|
"collapsed": false
|
|
},
|
|
"outputs": [
|
|
{
|
|
"data": {
|
|
"text/plain": [
|
|
"'{\"category\": \"syslog\", \"processid\": \"0\", \"severity\": \"ERROR\", \"utctimestamp\": \"\", \"timestamp\": \"2015-05-27T15:44:19.179687\", \"hostname\": \"testhost.somewhere.com\", \"summary\": \"Failed none for invalid user janitor from 10.2.7.203 port 53524 ssh2\\\\n\", \"eventsource\": \"systemslogs\", \"details\": {\"sourceipaddress\": \"10.2.7.203\", \"processid\": \"14148\", \"program\": \"sshd\", \"hostname\": \"testvictim.somewhere.com\"}}'"
|
|
]
|
|
},
|
|
"execution_count": 20,
|
|
"metadata": {},
|
|
"output_type": "execute_result"
|
|
}
|
|
],
|
|
"source": [
|
|
"json.dumps(anevent)"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": null,
|
|
"metadata": {
|
|
"collapsed": true
|
|
},
|
|
"outputs": [],
|
|
"source": [
|
|
"#es.index(adoc,'events','event')"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": 24,
|
|
"metadata": {
|
|
"collapsed": false
|
|
},
|
|
"outputs": [
|
|
{
|
|
"name": "stdout",
|
|
"output_type": "stream",
|
|
"text": [
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n",
|
|
"<Response [200]>\n"
|
|
]
|
|
}
|
|
],
|
|
"source": [
|
|
"for i in range(1,20):\n",
|
|
" anevent['timestamp']=datetime.now().isoformat()\n",
|
|
" r=requests.put(url=\"http://servername.goes.here:8080/events\",data=json.dumps(anevent))\n",
|
|
" print(r)"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": null,
|
|
"metadata": {
|
|
"collapsed": true
|
|
},
|
|
"outputs": [],
|
|
"source": []
|
|
}
|
|
],
|
|
"metadata": {
|
|
"kernelspec": {
|
|
"display_name": "Python 2",
|
|
"language": "python",
|
|
"name": "python2"
|
|
},
|
|
"language_info": {
|
|
"codemirror_mode": {
|
|
"name": "ipython",
|
|
"version": 2
|
|
},
|
|
"file_extension": ".py",
|
|
"mimetype": "text/x-python",
|
|
"name": "python",
|
|
"nbconvert_exporter": "python",
|
|
"pygments_lexer": "ipython2",
|
|
"version": "2.7.5"
|
|
}
|
|
},
|
|
"nbformat": 4,
|
|
"nbformat_minor": 0
|
|
}
|