fix(getopendbl): rename "cidr" column to "cidr_range"

to avoid confusion with match_type CIDR() in lookup definition
2023-02-04 06:42:43 +00:00 · 2023-02-04 06:42:43 +00:00 · 7529622fb2
parent f0d9ad0ecb
commit 7529622fb2
10 changed files with 12 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -19,7 +19,7 @@ Provide custom search commands to update [malware-filter](https://gitlab.com/mal

 Releases are available at https://gitlab.com/malware-filter/splunk-malware-filter/-/releases

-Instruction to build the latest commit is available at the [Build](#build) section.
+Instruction to build the main branch is available at the [Build](#build) section.

 ## Usage

@ -141,7 +141,7 @@ Recommend to update the lookup file "opendbl_ip.csv" every 15 minutes (cron `*/1
 | outputlookup override_if_empty=false opendbl_ip.csv
 ```

-| start           | end             | netmask | cidr               | name                                      | updated              |
+| start           | end             | netmask | cidr_range         | name                                      | updated              |
 | --------------- | --------------- | ------- | ------------------ | ----------------------------------------- | -------------------- |
 | 187.190.252.167 | 187.190.252.167 | 32      | 187.190.252.167/32 | Emerging Threats: Known Compromised Hosts | 2023-01-30T08:03:00Z |
 | 89.248.163.0    | 89.248.163.255  | 24      | 89.248.163.0/24    | Dshield                                   | 2023-01-30T08:01:00Z |
--- a/bin/getopendbl.py
+++ b/bin/getopendbl.py
@ -56,7 +56,7 @@ class GetOpenDBL(Utility, GeneratingCommand):
                    "start": line,
                    "end": line,
                    "netmask": "32",
-                    "cidr": f"{line}/32",
+                    "cidr_range": f"{line}/32",
                    "name": name,
                    "updated": updated,
                }
@ -64,7 +64,7 @@ class GetOpenDBL(Utility, GeneratingCommand):
                if "-" in line:
                    row["start"], row["end"] = line.split("-")
                    row["netmask"] = 24
-                    row["cidr"] = f"{row['start']}/{row['netmask']}"
+                    row["cidr_range"] = f"{row['start']}/{row['netmask']}"

                if (
                    isinstance(self.custom_message, str)
--- a/build.py
+++ b/build.py
@ -50,7 +50,7 @@ def exclusion(tarinfo):
    # exclude certain folders/files
    pathname = tarinfo.name
    if search(
-        r"/\.|\\\.|__pycache__|pyproject.toml|requirements-dev.txt|build.py", pathname
+        r"/\.|\\\.|__pycache__|pyproject.toml|requirements-dev.txt|build.py|tar.gz", pathname
    ):
        return None

--- a/lookups/botnet-filter-splunk.csv
+++ b/lookups/botnet-filter-splunk.csv
@ -0,0 +1 @@
+ip,message,updated
--- a/lookups/botnet_ip.csv
+++ b/lookups/botnet_ip.csv
@ -0,0 +1 @@
+first_seen_utc,dst_ip,dst_port,c2_status,last_online,malware,updated
--- a/lookups/opendbl_ip.csv
+++ b/lookups/opendbl_ip.csv
@ -0,0 +1 @@
+start,end,netmask,cidr_range,name,updated
--- a/lookups/phishing-filter-splunk.csv
+++ b/lookups/phishing-filter-splunk.csv
@ -0,0 +1 @@
+host,path,message,updated
--- a/lookups/pup-filter-splunk.csv
+++ b/lookups/pup-filter-splunk.csv
@ -0,0 +1 @@
+host,path,message,updated
--- a/lookups/urlhaus-filter-splunk-online.csv
+++ b/lookups/urlhaus-filter-splunk-online.csv
@ -0,0 +1 @@
+host,path,message,updated
--- a/lookups/vn-badsite-filter-splunk.csv
+++ b/lookups/vn-badsite-filter-splunk.csv
@ -0,0 +1 @@
+host,path,message,updated
				`@ -0,0 +1 @@`
				`first_seen_utc,dst_ip,dst_port,c2_status,last_online,malware,updated`