Created
March 9, 2019 05:18
-
-
Save sshariff01/4b7d9bc724dfffe6e074ab0fcb33c379 to your computer and use it in GitHub Desktop.
processor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| snort_output_file = open("./snort_output.txt") | |
| valid_types = ["OTHER", "CNC", "INFECTION"] | |
| all_cxns = set() | |
| other_cxns = set() | |
| cnc_cxns = set() | |
| infection_cxns = set() | |
| print "Processing Snort output file contents..." | |
| for line in snort_output_file: | |
| try: | |
| if ("OTHER" not in line) and ("CNC" not in line) and ("INFECTION" not in line): | |
| continue | |
| words = line.strip().split(" ") | |
| category = words[4] | |
| src = words[-3] | |
| src_ip, src_port = src.split(":")[0], src.split(":")[1] | |
| dest = words[-1] | |
| dest_ip, dest_port = dest.split(":")[0], dest.split(":")[1] | |
| cxn = "|" + src_ip + "|" + src_port + "|" + dest_ip + "|" + dest_port + "|" | |
| cxn_reverse = "|" + dest_ip + "|" + dest_port + "|" + src_ip + "|" + src_port + "|" | |
| if (cxn in all_cxns) or (cxn_reverse in all_cxns): | |
| continue | |
| all_cxns.add(cxn) | |
| formatted_output_line = cxn + category + "|" | |
| if category == "CNC": | |
| cnc_cxns.add(formatted_output_line) | |
| elif category == "INFECTION": | |
| infection_cxns.add(formatted_output_line) | |
| elif category == "OTHER": | |
| other_cxns.add(formatted_output_line) | |
| except: | |
| print line | |
| snort_output_file.close() | |
| print "Processing results:" | |
| print "# of OTHER connections: %d" % len(other_cxns) | |
| print "# of CNC connections: %d" % len(cnc_cxns) | |
| print "# of INFECTION connections: %d" % len(infection_cxns) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment