know-how:threat_intel
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende ÜberarbeitungLetzte ÜberarbeitungBeide Seiten der Revision | ||
know-how:threat_intel [2023/03/29 11:55] – [Schnittstelle f. Datebank / Input der Daten] cc | know-how:threat_intel [2024/03/05 10:42] – [Schnittstelle f. Datebank / Input der Daten] cc | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ~~ODT~~ | ||
====== Threat Intelligence ====== | ====== Threat Intelligence ====== | ||
FIXME work in progress / Analyse der gesammelten Firewall Drops / Datenbank Design usw.. | FIXME work in progress / Analyse der gesammelten Firewall Drops / Datenbank Design usw.. | ||
Zeile 28: | Zeile 29: | ||
< | < | ||
+ | |||
<?php | <?php | ||
// Shouldn' | // Shouldn' | ||
Zeile 92: | Zeile 94: | ||
$matches=$matches[0]; | $matches=$matches[0]; | ||
- | for($i=0; $i< | + | $wrongCommit=false; |
+ | |||
+ | for($i=0; $i< | ||
{ | { | ||
$cut_array=explode(" | $cut_array=explode(" | ||
if(count($cut_array)== 2) | if(count($cut_array)== 2) | ||
{ | { | ||
- | $inputMaster[$cut_array[0]]=$cut_array[1]; | + | if(!isset($inputMaster[$cut_array[0]])) |
+ | { | ||
+ | $inputMaster[$cut_array[0]]=$cut_array[1]; | ||
+ | |||
+ | if(isset($inputMaster[" | ||
+ | { | ||
+ | $wrongCommit=true; | ||
+ | } | ||
+ | |||
+ | |||
+ | } | ||
+ | else | ||
+ | { | ||
+ | # | ||
+ | if(isset($inputMaster[" | ||
+ | { | ||
+ | $wrongCommit=true; | ||
+ | } | ||
+ | } | ||
} | } | ||
Zeile 103: | Zeile 125: | ||
- | //Jan 26 01:46:54 | + | if($wrongCommit===false) |
- | if(preg_match('/ | + | |
{ | { | ||
- | $inputMaster[" | ||
- | $inputMaster[" | ||
- | $inputMaster[" | ||
- | } | ||
- | else | ||
- | { | ||
- | $inputMaster[" | ||
- | $inputMaster[" | ||
- | $inputMaster[" | ||
- | } | + | //Jan 26 01:46:54 |
+ | if(preg_match('/ | ||
+ | { | ||
+ | $inputMaster[" | ||
+ | $inputMaster[" | ||
+ | $inputMaster[" | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $inputMaster[" | ||
+ | $inputMaster[" | ||
+ | $inputMaster[" | ||
+ | } | ||
- | $inputMaster[" | ||
- | $inputMaster[" | ||
- | if(isset($inputMaster[" | ||
- | { | ||
- | | ||
- | + | $inputMaster[" | |
- | } | + | $inputMaster[" |
- | else | + | if(isset($inputMaster["SRC"])) |
- | { | + | { |
- | $inputMaster[" | + | $inputMaster[" |
- | $inputMaster[" | + | |
- | } | + | |
+ | // | ||
+ | // | ||
+ | |||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $inputMaster[" | ||
+ | $inputMaster[" | ||
+ | } | ||
- | if(isset($inputMaster[" | ||
- | { | ||
- | $inputMaster[" | ||
- | } | + | if(isset($inputMaster[" |
- | else | + | { |
- | { | + | $inputMaster[" |
- | $inputMaster[" | + | |
- | } | + | |
+ | } | ||
+ | else | ||
+ | { | ||
+ | $inputMaster[" | ||
+ | } | ||
- | if(!isset($inputMaster[" | ||
- | { | ||
- | $inputMaster[" | ||
- | } | ||
- | if(!isset($inputMaster[" | + | if(!isset($inputMaster[" |
- | { | + | { |
- | $inputMaster[" | + | $inputMaster[" |
- | } | + | } |
+ | if(!isset($inputMaster[" | ||
+ | { | ||
+ | $inputMaster[" | ||
+ | } | ||
- | $entriesOk++; | ||
- | $insert_statement-> | + | $entriesOk++; |
+ | |||
+ | $insert_statement-> | ||
// | // | ||
- | if($insert_statement-> | + | if($insert_statement-> |
- | { | + | { |
- | $entriesOk++; | + | $entriesOk++; |
+ | } | ||
+ | else | ||
+ | { | ||
+ | $entriesFail++; | ||
+ | echo "MYSQL Failure: " | ||
+ | print_r($inputMaster); | ||
+ | } | ||
} | } | ||
else | else | ||
{ | { | ||
+ | echo " | ||
+ | |||
+ | // | ||
+ | // | ||
+ | |||
$entriesFail++; | $entriesFail++; | ||
- | echo "MYSQL Failure: " | ||
- | print_r($inputMaster); | ||
} | } | ||
Zeile 225: | Zeile 262: | ||
?> | ?> | ||
+ | |||
</ | </ | ||
Zeile 247: | Zeile 285: | ||
.. | .. | ||
</ | </ | ||
+ | |||
+ | ===== API ===== | ||
+ | * API unter: https:// | ||
+ | * Parameter: **requestIP** -> IPv4 oder IPv6 IP Adresse | ||
+ | * Parameter: **apiKey** -> API Key von Pannonia IT Results ohne Delay | ||
+ | * Paramter: **format** -> **csv** - Results im CSV Format / optional per Default im json Format | ||
+ | * Beispiel: https:// | ||
+ | * Ergebnisse als JSON Results: | ||
+ | < | ||
+ | [{" | ||
+ | </ | ||
+ | |||
+ | |||
+ |
know-how/threat_intel.txt · Zuletzt geändert: 2024/03/26 08:24 von cc