最近業(yè)務(wù)中使用了一個(gè)入侵檢測(cè)系統(tǒng)队秩,其前端使用flash實(shí)現(xiàn),查詢和導(dǎo)出數(shù)據(jù)功能非常的不友好昼浦。因此馍资,我寫(xiě)一個(gè)腳本來(lái)實(shí)現(xiàn)報(bào)警數(shù)據(jù)的導(dǎo)出和過(guò)濾,提高分析的效率关噪。
環(huán)境
- windows7 x64
- vscode
- pandas鸟蟹,requests
- python2.7
代碼
#-*- coding:utf-8 -*-
import requests
from requests.packages import urllib3
import time,csv
import pandas as pd
urllib3.disable_warnings()
#全局變量
session_id=''
s = requests.Session()
#需要防護(hù)的目標(biāo)地址
targets = [
'x.x.x.x',
]
#合法的安全測(cè)試地址
exclude_ips=[
'y.y.y.y',
]
#設(shè)備的IP地址
server_ip = "xx.xx.xx.xx"
#獲取表
def get_table(table_name):
global session_id,s,server_ip
#cookies
cookies = {"JSESSIONID":session_id}
page_num=0 #page頁(yè)碼
total_page = 0 #頁(yè)碼總數(shù) 從0開(kāi)始算
page_size = 1000 #單頁(yè)返回的記錄數(shù)
table_data = [] #用來(lái)保存表中的數(shù)據(jù)
while page_num <= total_page: #基當(dāng)前的頁(yè)碼小于頁(yè)碼總數(shù)
#請(qǐng)求數(shù)據(jù)的url
url = 'https://%s/query/query%s.action?currentTime=%d' % (server_ip,table_name,int(time.time()))
#提交的參數(shù)
data = {"pageSize":page_size,
"endDate":"2020-02-18 14:00:00",
"beginDate":"2020-02-18 00:00:00",
"sessionID":session_id,
"queryType":"0",
"userId":"1",
"pageNumber":page_num}
#請(qǐng)求表格的數(shù)據(jù)
r = s.post(url,data=data,cookies=cookies,verify=False)
if r.status_code == 200:
if page_num == 0:#若是第一頁(yè)
#計(jì)算總頁(yè)碼
total_page = int(r.json()['total'])/page_size
print('total_page',total_page)
#將數(shù)據(jù)存儲(chǔ)table_data
table_data += r.json()['data']
#頁(yè)碼加1
page_num += 1
#如果表內(nèi)數(shù)據(jù)不為空
if table_data:
#使用pandas處理數(shù)據(jù)
df = pd.DataFrame(table_data)
#過(guò)濾函數(shù)
filter_condition = lambda x: (x['saddr'] in targets or x['daddr'] in targets) and x['saddr'] not in exclude_ips and x['daddr'] not in exclude_ips
df = df[df.apply(filter_condition,axis=1)]
#導(dǎo)出為csv文件
df.to_csv('%s.csv'% table_name,encoding='utf-8')
def main():
global session_id,s,server_ip
#headers
headers = {
'Host': server_ip,
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0',
'Accept': '*/*',
'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
'Accept-Encoding': 'gzip, deflate, br',
'Origin': 'https://%s' % server_ip,
'Connection': 'keep-alive',
'Referer': 'https://%s/index.swf/[[DYNAMIC]]/4' % server_ip,
'Content-type': 'application/x-www-form-urlencoded'
}
#提交的認(rèn)證信息
data = {"username":"admin","password":"****","isNeed":False}
#登陸
url = 'https://%s/login/login.action?currentTime=%d' % (server_ip,int(time.time()))
r = s.post(url,headers = headers,data=data,verify=False)
if r.status_code == 200:
#獲取會(huì)話id
session_id = r.json()['sessionID']
print session_id
#系統(tǒng)中表的名字
table_names = [
'MaliciousCodeInfectionEvent',
'WebEvent',
'CommunicationBehaviorEvent',
'SpreadMaliciousCodeEvent',
'MaliciousUrlAccessEvent',
'AttackAttemptEvent',
'OtherEvent'
]
for table_name in table_names:
print table_name
#獲取表的內(nèi)容
get_table(table_name)
main()
