U @6^$@sPddlZddlmZddlZddlmZddlmZmZmZGdddeZ dS)N)datetime) IPNetwork) SpiderFootSpiderFootPluginSpiderFootEventc @sreZdZdZdddddddddZdd d d d d dddZdZdZefddZ ddZ ddZ ddZ ddZ dS)sfp_alienvaultzzAlienVault OTX:Investigate,Passive:Reputation Systems:apikey:Obtain information from AlienVault Open Threat Exchange (OTX)T)api_keyage_limit_daysthreat_score_minnetblocklookup maxnetblock subnetlookup maxsubnetcheckaffiliateszAlienVault OTX API Key.z r"rr$rrZ NETBLOCK_r!CO_HOSTED_SITEZ passve_dnszNo Passive DNS info for z+Found passive DNS results in AlienVault OTXr.r*lastz%Y-%m-%d %H:%M:%SiQr rz#Record found but too old, skipping.z8Couldn't parse date from AlienVault so assuming it's OK.r'r(r/z'Found reputation info in AlienVault OTXZ activitiesZ threat_scorerzAlienVault Threat Score: r+namez - Z last_datez%Y-%m-%dT%H:%M:%S) eventTypemoduledatar;rdebugrr:rr prefixlenstrgetr startswithappendrEr<rstrptimeinttimemktime timetuple BaseExceptionr__name__notifyListeners checkForStop)revent eventName srcModuleName eventDataZqrylistipaddrevtTyperArCrechostrGZlast_dtZlast_tsZ age_limit_tsrDaddrZ rec_historydescrresultnmcreatedZ created_dtZ created_tsrrr handleEventps                                  "zsfp_alienvault.handleEvent)rX __module__ __qualname____doc__roptdescsrr;dictr r&r)rErhrrrrrs4  )r) r=rrTnetaddrrsflibrrrrrrrr s