diff --git a/README.md b/README.md index cb3df5c..8c1bc5f 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ Provide custom search commands to update [malware-filter](https://gitlab.com/mal Releases are available at https://gitlab.com/malware-filter/splunk-malware-filter/-/releases -Instruction to build the latest commit is available at the [Build](#build) section. +Instruction to build the main branch is available at the [Build](#build) section. ## Usage @@ -141,7 +141,7 @@ Recommend to update the lookup file "opendbl_ip.csv" every 15 minutes (cron `*/1 | outputlookup override_if_empty=false opendbl_ip.csv ``` -| start | end | netmask | cidr | name | updated | +| start | end | netmask | cidr_range | name | updated | | --------------- | --------------- | ------- | ------------------ | ----------------------------------------- | -------------------- | | 187.190.252.167 | 187.190.252.167 | 32 | 187.190.252.167/32 | Emerging Threats: Known Compromised Hosts | 2023-01-30T08:03:00Z | | 89.248.163.0 | 89.248.163.255 | 24 | 89.248.163.0/24 | Dshield | 2023-01-30T08:01:00Z | diff --git a/bin/getopendbl.py b/bin/getopendbl.py index d822d8a..5ad402d 100644 --- a/bin/getopendbl.py +++ b/bin/getopendbl.py @@ -56,7 +56,7 @@ class GetOpenDBL(Utility, GeneratingCommand): "start": line, "end": line, "netmask": "32", - "cidr": f"{line}/32", + "cidr_range": f"{line}/32", "name": name, "updated": updated, } @@ -64,7 +64,7 @@ class GetOpenDBL(Utility, GeneratingCommand): if "-" in line: row["start"], row["end"] = line.split("-") row["netmask"] = 24 - row["cidr"] = f"{row['start']}/{row['netmask']}" + row["cidr_range"] = f"{row['start']}/{row['netmask']}" if ( isinstance(self.custom_message, str) diff --git a/build.py b/build.py index 2386971..ea8b93a 100644 --- a/build.py +++ b/build.py @@ -50,7 +50,7 @@ def exclusion(tarinfo): # exclude certain folders/files pathname = tarinfo.name if search( - r"/\.|\\\.|__pycache__|pyproject.toml|requirements-dev.txt|build.py", pathname + r"/\.|\\\.|__pycache__|pyproject.toml|requirements-dev.txt|build.py|tar.gz", pathname ): return None diff --git a/lookups/botnet-filter-splunk.csv b/lookups/botnet-filter-splunk.csv index e69de29..92110b8 100644 --- a/lookups/botnet-filter-splunk.csv +++ b/lookups/botnet-filter-splunk.csv @@ -0,0 +1 @@ +ip,message,updated diff --git a/lookups/botnet_ip.csv b/lookups/botnet_ip.csv index e69de29..7ae239d 100644 --- a/lookups/botnet_ip.csv +++ b/lookups/botnet_ip.csv @@ -0,0 +1 @@ +first_seen_utc,dst_ip,dst_port,c2_status,last_online,malware,updated diff --git a/lookups/opendbl_ip.csv b/lookups/opendbl_ip.csv index e69de29..d712cca 100644 --- a/lookups/opendbl_ip.csv +++ b/lookups/opendbl_ip.csv @@ -0,0 +1 @@ +start,end,netmask,cidr_range,name,updated diff --git a/lookups/phishing-filter-splunk.csv b/lookups/phishing-filter-splunk.csv index e69de29..eaf0e60 100644 --- a/lookups/phishing-filter-splunk.csv +++ b/lookups/phishing-filter-splunk.csv @@ -0,0 +1 @@ +host,path,message,updated diff --git a/lookups/pup-filter-splunk.csv b/lookups/pup-filter-splunk.csv index e69de29..eaf0e60 100644 --- a/lookups/pup-filter-splunk.csv +++ b/lookups/pup-filter-splunk.csv @@ -0,0 +1 @@ +host,path,message,updated diff --git a/lookups/urlhaus-filter-splunk-online.csv b/lookups/urlhaus-filter-splunk-online.csv index e69de29..eaf0e60 100644 --- a/lookups/urlhaus-filter-splunk-online.csv +++ b/lookups/urlhaus-filter-splunk-online.csv @@ -0,0 +1 @@ +host,path,message,updated diff --git a/lookups/vn-badsite-filter-splunk.csv b/lookups/vn-badsite-filter-splunk.csv index e69de29..eaf0e60 100644 --- a/lookups/vn-badsite-filter-splunk.csv +++ b/lookups/vn-badsite-filter-splunk.csv @@ -0,0 +1 @@ +host,path,message,updated