matrix-webhook/matrix_webhook/formatters/crowdsec.py

import requests


def get_abuse_confidence(ip):
    """get abuseipdb's confidence level on an ip passed in, and return that value"""
    base_url = "https://api.abuseipdb.com/api/v2/check"
    api_key = "YOUR API KEY"
    headers = {"Key": api_key, "Accept": "application/json"}
    data = {"ipAddress": ip, "maxAgeInDays": 90}
    r = requests.get(base_url, headers=headers, json=data)
    confidence = r.json()["data"]["abuseConfidenceScore"]
    whitelist = r.json()["data"]["isWhitelisted"]
    return [confidence, whitelist]


def formatter(data, headers):
    """format a message sent with crowdsec http endpoints"""
    data_out = ""
    for row in data["body"]:
        ip = row["host"]
        duration = row["duration"]
        confidence, whitelisted = get_abuse_confidence(ip)
        if "crowdsecurity" in row["scenario"]:
            source, scenario, *_ = row["scenario"].split("/")
            row[
                "scenario"
            ] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"
        data_out += f"{ip} has been banned {duration} due to {row['scenario']}\n\n"
        if whitelisted:
            data_out += "**Note: AbuseIPDB has whitelisted this address\n\n"
        data_out += (
            f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})({confidence}%) | "
            f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"
        )
    data["body"] = data_out
    return data
Add abuseipdb lookup to link, fix differences in version running in prod 2022-12-02 18:03:25 -05:00			`import requests`

add whitelist check to AbuseIPDB check 2022-12-08 20:29:01 -05:00
Add abuseipdb lookup to link, fix differences in version running in prod 2022-12-02 18:03:25 -05:00			`def get_abuse_confidence(ip):`
add whitelist check to AbuseIPDB check 2022-12-08 20:29:01 -05:00			`"""get abuseipdb's confidence level on an ip passed in, and return that value"""`
Add abuseipdb lookup to link, fix differences in version running in prod 2022-12-02 18:03:25 -05:00			`base_url = "https://api.abuseipdb.com/api/v2/check"`
add whitelist check to AbuseIPDB check 2022-12-08 20:29:01 -05:00			`api_key = "YOUR API KEY"`
			`headers = {"Key": api_key, "Accept": "application/json"}`
			`data = {"ipAddress": ip, "maxAgeInDays": 90}`
Add abuseipdb lookup to link, fix differences in version running in prod 2022-12-02 18:03:25 -05:00			`r = requests.get(base_url, headers=headers, json=data)`
add whitelist check to AbuseIPDB check 2022-12-08 20:29:01 -05:00			`confidence = r.json()["data"]["abuseConfidenceScore"]`
			`whitelist = r.json()["data"]["isWhitelisted"]`
			`return [confidence, whitelist]`

Add abuseipdb lookup to link, fix differences in version running in prod 2022-12-02 18:03:25 -05:00
add crowdsec formatter 2022-11-29 22:12:42 -05:00			`def formatter(data, headers):`
add whitelist check to AbuseIPDB check 2022-12-08 20:29:01 -05:00			`"""format a message sent with crowdsec http endpoints"""`
add crowdsec formatter 2022-11-29 22:12:42 -05:00			`data_out = ""`
			`for row in data["body"]:`
add whitelist check to AbuseIPDB check 2022-12-08 20:29:01 -05:00			`ip = row["host"]`
			`duration = row["duration"]`
			`confidence, whitelisted = get_abuse_confidence(ip)`
			`if "crowdsecurity" in row["scenario"]:`
			`source, scenario, *_ = row["scenario"].split("/")`
			`row[`
			`"scenario"`
			`] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"`
			`data_out += f"{ip} has been banned {duration} due to {row['scenario']}\n\n"`
			`if whitelisted:`
			`data_out += "**Note: AbuseIPDB has whitelisted this address\n\n"`
			`data_out += (`
			`f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})({confidence}%) \| "`
			`f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"`
			`)`
add crowdsec formatter 2022-11-29 22:12:42 -05:00			`data["body"] = data_out`
			`return data`