MozDef/examples/notebooks/ES--Put sample events.ipynb

159 строки
3.7 KiB
Plaintext

{
"cells": [
{
"cell_type": "code",
"execution_count": 16,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"import requests\n",
"import json\n",
"from datetime import datetime"
]
},
{
"cell_type": "code",
"execution_count": 18,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"#put a doc in to test\n",
"anevent=json.loads(r'''{\n",
" \"category\": \"syslog\",\n",
" \"processid\": \"0\",\n",
" \"severity\": \"ERROR\",\n",
" \"utctimestamp\": \"\",\n",
" \"timestamp\": \"\",\n",
" \"hostname\": \"testhost.somewhere.com\",\n",
" \"summary\": \"Failed none for invalid user janitor from 10.2.7.203 port 53524 ssh2\\n\",\n",
" \"eventsource\": \"systemslogs\",\n",
" \"details\": {\n",
" \"processid\": \"14148\",\n",
" \"hostname\": \"testvictim.somewhere.com\",\n",
" \"program\": \"sshd\",\n",
" \"sourceipaddress\": \"10.2.7.203\"\n",
" }\n",
" }''')"
]
},
{
"cell_type": "code",
"execution_count": 19,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"anevent['timestamp']=datetime.now().isoformat()"
]
},
{
"cell_type": "code",
"execution_count": 20,
"metadata": {
"collapsed": false
},
"outputs": [
{
"data": {
"text/plain": [
"'{\"category\": \"syslog\", \"processid\": \"0\", \"severity\": \"ERROR\", \"utctimestamp\": \"\", \"timestamp\": \"2015-05-27T15:44:19.179687\", \"hostname\": \"testhost.somewhere.com\", \"summary\": \"Failed none for invalid user janitor from 10.2.7.203 port 53524 ssh2\\\\n\", \"eventsource\": \"systemslogs\", \"details\": {\"sourceipaddress\": \"10.2.7.203\", \"processid\": \"14148\", \"program\": \"sshd\", \"hostname\": \"testvictim.somewhere.com\"}}'"
]
},
"execution_count": 20,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"json.dumps(anevent)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"#es.index(adoc,'events','event')"
]
},
{
"cell_type": "code",
"execution_count": 24,
"metadata": {
"collapsed": false
},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n",
"<Response [200]>\n"
]
}
],
"source": [
"for i in range(1,20):\n",
" anevent['timestamp']=datetime.now().isoformat()\n",
" r=requests.put(url=\"http://servername.goes.here:8080/events\",data=json.dumps(anevent))\n",
" print(r)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": []
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 2",
"language": "python",
"name": "python2"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 2
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython2",
"version": "2.7.5"
}
},
"nbformat": 4,
"nbformat_minor": 0
}