Skip to content

Instantly share code, notes, and snippets.

Created October 18, 2019 15:14
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save Sawaba/05a1c5924b5ac99df82da3a66b6bc935 to your computer and use it in GitHub Desktop.
# Create a CSV with the last week's worth of alerts from your Canary console
# Requires curl and jq to be in the path
# Set this variable to your API token
export token=deadbeef12345678
# Customize this variable to match your console URL
# Date format (one week ago)
export dateformat=`date -v-1w "+%Y-%m-%d-%H:%M:%S"`
# Filename date (right now)
export filedate=`date "+%Y%m%d%H%M%S"`
# Complete Filename
export filename=$filedate-$console-1week-alert-export.csv
# Base URL
export baseurl="https://$console/api/v1/incidents/all?auth_token=$token&shrink=true&newer_than"
# Run the jewels
echo Datetime,Alert Description,Target,Target Port,Attacker,Attacker RevDNS > $filename
curl "$baseurl=$dateformat" | jq -r '.incidents[] | [.description | .created_std, .description, .dst_host, .dst_port, .src_host, .src_host_reverse | tostring] | @csv' >> $filename
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment