splunk-malware-filter/bin/getpupfilter.py

#!/usr/bin/env python

"""
Get lookup csv from pup-filter
Usage: "| getpupfilter | outputlookup override_if_empty=false pup-filter-splunk.csv"
"""

import sys
from os import path

sys.path.insert(0, path.join(path.dirname(__file__), "..", "lib"))
from splunklib.searchcommands import Configuration, GeneratingCommand, Option, dispatch
from utils import Utility

DOWNLOAD_URL = "https://malware-filter.gitlab.io/malware-filter/pup-filter-splunk.csv"


@Configuration()
class GetPupFilter(Utility, GeneratingCommand):
    """Defines a search command that generates event records"""

    wildcard_prefix = Option(name="wildcard_prefix")
    wildcard_suffix = Option(name="wildcard_suffix")
    wildcard_affix = Option(name="wildcard_affix")
    custom_message = Option(name="message")

    def generate(self):
        dl_csv = self.download(DOWNLOAD_URL)
        for row in self.csv_reader(dl_csv):
            if isinstance(self.custom_message, str) and len(self.custom_message) >= 1:
                row["custom_message"] = self.custom_message
            affixed_row = self.insert_affix(
                row, self.wildcard_prefix, self.wildcard_suffix, self.wildcard_affix
            )
            yield self.gen_record(**affixed_row)


if __name__ == "__main__":
    dispatch(GetPupFilter, sys.argv, sys.stdin, sys.stdout, __name__)
Initial commit 2023-01-27 09:47:59 +00:00			`#!/usr/bin/env python`

			`"""`
			`Get lookup csv from pup-filter`
			`Usage: "\| getpupfilter \| outputlookup override_if_empty=false pup-filter-splunk.csv"`
			`"""`

			`import sys`
			`from os import path`

			`sys.path.insert(0, path.join(path.dirname(__file__), "..", "lib"))`
			`from splunklib.searchcommands import Configuration, GeneratingCommand, Option, dispatch`
			`from utils import Utility`

			`DOWNLOAD_URL = "https://malware-filter.gitlab.io/malware-filter/pup-filter-splunk.csv"`


			`@Configuration()`
			`class GetPupFilter(Utility, GeneratingCommand):`
			`"""Defines a search command that generates event records"""`

			`wildcard_prefix = Option(name="wildcard_prefix")`
			`wildcard_suffix = Option(name="wildcard_suffix")`
			`wildcard_affix = Option(name="wildcard_affix")`
			`custom_message = Option(name="message")`

			`def generate(self):`
			`dl_csv = self.download(DOWNLOAD_URL)`
			`for row in self.csv_reader(dl_csv):`
			`if isinstance(self.custom_message, str) and len(self.custom_message) >= 1:`
			`row["custom_message"] = self.custom_message`
			`affixed_row = self.insert_affix(`
			`row, self.wildcard_prefix, self.wildcard_suffix, self.wildcard_affix`
			`)`
			`yield self.gen_record(**affixed_row)`


			`if __name__ == "__main__":`
			`dispatch(GetPupFilter, sys.argv, sys.stdin, sys.stdout, __name__)`