Skip to content
/ IOC-Search Public

Takes input list, parses input, and outputs Splunk and Netwitness searches

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fullsendben/IOC-Search

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
IOCSearch.py
IOCSearch.py
 
 
README.md
README.md
 
 

Repository files navigation

Input:

  • ioc.txt

Processing:

  • Opens the IOC file, reads through each line and re-fangs the IOCs if they have been de-fanged
  • Uses regex to look for IP addresses and add them to finalIPList
  • Call curl_tld function to look for the TLD file or create a new one, then look for domains with those TLDs
  • Use regex to look for hash values of types MD5, SHA1, or SHA256 and add matches to respective lists
  • Add previous findings to fullList
  • Create file IOCsearch_syntax.txt

Output:

  • Send output of previously created lists to respective print functions and print RSA Netwitness formatted searches and Splunk searches, in addition to appending searches to IOCsearch_syntax.txt
  • Finally, zip IOCsearch_syntax.txt

About

Takes input list, parses input, and outputs Splunk and Netwitness searches

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages