hw中配合告警平台自动微信群告警

Posted on |

在hw中,防守方可能要实时的看着监控设备,发现攻击流量ip要实时的汇报,重复工作,脚本就能解决。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import requests
import json
import time
import re
import itchat
import IPy

def group_id(name):
 	df = itchat.search_chatrooms(name=name)
 	return df[0]['UserName']

allow_ip = ['2.2.2.2'] //允许ip白名单
allow_host = ['www.baidu.com'] //被访问域名白名单
itchat.auto_login(True)
while True:
	time1 = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
	headers = {'Content-Type':'application/json','Accept':'application/json'}
	cookies = dict(session='eb509c5d-4443-4a74-acf8-7dfafdc22cc5')
	payload = {'start_datetime':time1,'end_datetime':time1}
	r = requests.post('https://1.1.1.1/api/discover/search',data=json.dumps(payload),headers=headers,cookies=cookies,verify=False)
	t = r.json()
	ip_list = []
	for i in t['data']['hits']:
		for d in allow_host:
			if d in i['_source']['other_info']['host']:
				print('bad:'+i['_source']['other_info']['host'])
				print('bad:'+i['_source']['attack_ip'])
				break
		else:
			print('allow:'+i['_source']['attack_ip'])
			ip_list.append(i['_source']['attack_ip'])
	s = list(set(ip_list))
	bad_ip = []
	for i in s:
		if i in IPy.IP('10.0.0.0/8'):
			print(i) 
		else:
			for s in allow_ip:
				if i in s:
					print(i+'allow_ip')
				else:
					bad_ip.append(i)
					print('-----'+i+'--------')
					break
	if bad_ip:
		str_bad_ip="\r\n".join(bad_ip)
		chatroomName='HW'  //群名称
		item = group_id(chatroomName)
		itchat.send(str_bad_ip, item)
	time.sleep(60)