kellya/matrix-webhook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add whitelist check to AbuseIPDB check

Browse source
This commit is contained in:
Alex Kelly 2022-12-08 20:29:01 -05:00
parent 66df6e56e2
commit fc1552304f
1 changed files with 25 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
matrix_webhook/formatters/crowdsec.py
View file

@ -1,29 +1,36 @@
import requests import requests
def get_abuse_confidence(ip): def get_abuse_confidence(ip):
""" get abuseipdb's confidence level on an ip passed in, and return that value""" """get abuseipdb's confidence level on an ip passed in, and return that value"""
base_url = "https://api.abuseipdb.com/api/v2/check" base_url = "https://api.abuseipdb.com/api/v2/check"
api_key = "<YOUR API KEY> api_key = "YOUR API KEY"
headers = { 'Key': api_key, 'Accept': 'application/json' } headers = {"Key": api_key, "Accept": "application/json"}
data = { 'ipAddress': ip, 'maxAgeInDays': 90 } data = {"ipAddress": ip, "maxAgeInDays": 90}
r = requests.get(base_url, headers=headers, json=data) r = requests.get(base_url, headers=headers, json=data)
return r.json()['data']['abuseConfidenceScore'] confidence = r.json()["data"]["abuseConfidenceScore"]
whitelist = r.json()["data"]["isWhitelisted"]
return [confidence, whitelist]
def formatter(data, headers): def formatter(data, headers):
""" format a message sent with crowdsec http endpoints""" """format a message sent with crowdsec http endpoints"""
data_out = "" data_out = ""
for row in data["body"]: for row in data["body"]:
ip = row['host'] ip = row["host"]
duration = row['duration'] duration = row["duration"]
confidence = get_abuse_confidence(ip) confidence, whitelisted = get_abuse_confidence(ip)
if "crowdsecurity" in row['scenario']: if "crowdsecurity" in row["scenario"]:
source, scenario, *_ = row['scenario'].split('/') source, scenario, *_ = row["scenario"].split("/")
row['scenario'] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})" row[
data_out += ( "scenario"
f"{ip} has been banned {duration} due to {row['scenario']}\n\n" ] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"
f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})({confidence}%) | " data_out += f"{ip} has been banned {duration} due to {row['scenario']}\n\n"
f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n" if whitelisted:
) data_out += "**Note: AbuseIPDB has whitelisted this address\n\n"
data_out += (
f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})({confidence}%) | "
f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"
)
data["body"] = data_out data["body"] = data_out
return data return data