Python SDK - csirtgadgets/csirtg GitHub Wiki

Examples

Install

$ pip install csirtgsdk
$ export CSIRTG_TOKEN=646cc6d029998c702f1a377260e5f6a0

Table

$ csirtg --user csirtgadgets --feed port-scanners --limit 5

+--------------+---------------+-----------------+-------------------------+-------------------------+-------+----------+----------+----------+--------------+-------------------+-----+---------+--------------------------+
|     user     |      feed     |    indicator    |        firsttime        |         lasttime        | count | comments | protocol | portlist |     tags     |    description    |  cc |   asn   |         asn_desc         |
+--------------+---------------+-----------------+-------------------------+-------------------------+-------+----------+----------+----------+--------------+-------------------+-----+---------+--------------------------+
| csirtgadgets | port-scanners |  159.203.240.25 | 2017-10-06 12:17:29 UTC | 2017-10-06 12:17:29 UTC |   1   |          |          |   9000   |   scanner    | iptable drop logs | US  | 14061.0 |   DIGITAL OCEAN, INC.    |
| csirtgadgets | port-scanners |  183.131.83.224 | 2017-10-06 12:16:57 UTC | 2017-10-06 12:16:57 UTC |   1   |          |          |   8090   |   scanner    | iptable drop logs | CN  | 58461.0 |   NO.288,FU-CHUN ROAD    |
| csirtgadgets | port-scanners |  192.241.216.57 | 2017-10-06 12:14:31 UTC | 2017-10-06 12:14:31 UTC |   1   |          |          |    80    | http,scanner | iptable drop logs | --  | 14061.0 |   DIGITAL OCEAN, INC.    |
| csirtgadgets | port-scanners | 184.105.139.122 | 2017-10-06 12:09:51 UTC | 2017-10-06 12:09:51 UTC |   1   |          |          |    80    | http,scanner | iptable drop logs | US  |  6939.0 | HURRICANE ELECTRIC, INC. |
| csirtgadgets | port-scanners |  106.45.231.97  | 2017-10-06 12:08:41 UTC | 2017-10-06 12:08:41 UTC |   1   |          |          |   1433   |   scanner    | iptable drop logs | CN  |  4134.0 |  NO.31,JIN-RONG STREET   |
+--------------+---------------+-----------------+-------------------------+-------------------------+-------+----------+----------+----------+--------------+-------------------+-----+---------+--------------------------+

CSV

$ csirtg --user csirtgadgets --feed port-scanners --limit 5 --format csv

API

Search

from csirtgsdk.client.http import HTTP as Client
from csirtgsdk.feed import Feed
from csirtgsdk.search import Search
import json

q = 'evilbit.com'

cli = Client(token=os.getenv('CSIRTG_TOKEN'))
ret = Search(cli).search(q)
print(json.dumps(ret), indent=4)