3 @6^$@sPddlZddlmZddlZddlmZddlmZmZmZGdddeZ dS)N)datetime) IPNetwork) SpiderFootSpiderFootPluginSpiderFootEventc @sreZdZdZdddddddddZdd d d d d dddZdZdZefddZ ddZ ddZ ddZ ddZ dS)sfp_alienvaultzzAlienVault OTX:Investigate,Passive:Reputation Systems:apikey:Obtain information from AlienVault Open Threat Exchange (OTX)T)api_keyage_limit_daysthreat_score_minnetblocklookup maxnetblock subnetlookup maxsubnetcheckaffiliateszAlienVault OTX API Key.z r"rr$rrZ NETBLOCK_r!CO_HOSTED_SITEZ passve_dnszNo Passive DNS info for z+Found passive DNS results in AlienVault OTXr-r)lastz%Y-%m-%d %H:%M:%SiQr rz#Record found but too old, skipping.z8Couldn't parse date from AlienVault so assuming it's OK.r&r'r.z'Found reputation info in AlienVault OTXZ activitiesZ threat_scorerzAlienVault Threat Score: r*namez - Z last_datez%Y-%m-%dT%H:%M:%S) eventTypemoduledatar:rdebugrr9rr prefixlenstrgetr startswithappendrDr;rstrptimeinttimemktime timetuple BaseExceptionr__name__notifyListeners checkForStop)revent eventName srcModuleName eventDataZqrylistipaddrevtTyper@rBrechostrFZlast_dtZlast_tsZ age_limit_tsrCaddrZ rec_historydescrresultnmcreatedZ created_dtZ created_tsrrr handleEventps                            $zsfp_alienvault.handleEvent)rW __module__ __qualname____doc__roptdescsrr:dictr r%r(rDrgrrrrrs0 )r) r<rrSnetaddrrsflibrrrrrrrr s