matrix-webhook/matrix_webhook/formatters/crowdsec.py

import requests

def get_abuse_confidence(ip):
    """ get abuseipdb's confidence level on an ip passed in, and return that value"""
    base_url = "https://api.abuseipdb.com/api/v2/check"
    api_key = "<YOUR API KEY>
    headers = { 'Key': api_key, 'Accept': 'application/json' }
    data = { 'ipAddress': ip, 'maxAgeInDays': 90 }
    r = requests.get(base_url, headers=headers, json=data)
    return r.json()['data']['abuseConfidenceScore']

def formatter(data, headers):
    """ format a message sent with crowdsec http endpoints"""
    data_out = ""
    for row in data["body"]:
       ip = row['host']
       duration = row['duration']
       confidence = get_abuse_confidence(ip)
       if "crowdsecurity" in row['scenario']:
          source, scenario, *_ = row['scenario'].split('/')
          row['scenario'] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"
       data_out += (
                     f"{ip} has been banned {duration} due to {row['scenario']}\n\n"
                     f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})({confidence}%) | "
                     f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"
       )
    data["body"] = data_out
    return data
Add abuseipdb lookup to link, fix differences in version running in prod 2022-12-02 18:03:25 -05:00			`import requests`

			`def get_abuse_confidence(ip):`
			`""" get abuseipdb's confidence level on an ip passed in, and return that value"""`
			`base_url = "https://api.abuseipdb.com/api/v2/check"`
			`api_key = "<YOUR API KEY>`
			`headers = { 'Key': api_key, 'Accept': 'application/json' }`
			`data = { 'ipAddress': ip, 'maxAgeInDays': 90 }`
			`r = requests.get(base_url, headers=headers, json=data)`
			`return r.json()['data']['abuseConfidenceScore']`

add crowdsec formatter 2022-11-29 22:12:42 -05:00			`def formatter(data, headers):`
Add abuseipdb lookup to link, fix differences in version running in prod 2022-12-02 18:03:25 -05:00			`""" format a message sent with crowdsec http endpoints"""`
add crowdsec formatter 2022-11-29 22:12:42 -05:00			`data_out = ""`
			`for row in data["body"]:`
Add abuseipdb lookup to link, fix differences in version running in prod 2022-12-02 18:03:25 -05:00			`ip = row['host']`
			`duration = row['duration']`
			`confidence = get_abuse_confidence(ip)`
			`if "crowdsecurity" in row['scenario']:`
			`source, scenario, *_ = row['scenario'].split('/')`
			`row['scenario'] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"`
			`data_out += (`
			`f"{ip} has been banned {duration} due to {row['scenario']}\n\n"`
			`f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})({confidence}%) \| "`
			`f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"`
			`)`
add crowdsec formatter 2022-11-29 22:12:42 -05:00			`data["body"] = data_out`
			`return data`
Add abuseipdb lookup to link, fix differences in version running in prod 2022-12-02 18:03:25 -05:00