· 8 years ago · Jan 26, 2018, 02:36 PM
1progToRun = 'python ' + ScriptDir + '/bin/panafapi.py -K ' + secretkey + ' --samples -j -r "{\\"query\\":{\\"operator\\":\\"all\\",\\"children\\":[{\\"field\\":\\"alias.ip_address\\",\\"operator\\":\\"contains\\",\\"value\\":\\"' + ResultFile + '\\"},{\\"operator\\":\\"any\\",\\"children\\":[{\\"field\\":\\"sample.update_date\\",\\"operator\\":\\"is in the range\\",\\"value\\":[\\"' + CheckDATE + 'T00:00:00\\",\\"' + NOWDATE + 'T23:59:59\\"]},{\\"field\\":\\"sample.create_date\\",\\"operator\\":\\"is in the range\\",\\"value\\":[\\"' + CheckDATE + 'T00:00:00\\",\\"' + NOWDATE + 'T23:59:59\\"]},{\\"operator\\":\\"any\\",\\"children\\":[{\\"field\\":\\"sample.malware\\",\\"operator\\":\\"is\\",\\"value\\":1},{\\"field\\":\\"sample.malware\\",\\"operator\\":\\"is\\",\\"value\\":4}]}]}]},\\"scope\\":\\"global\\",\\"size\\":1,\\"from\\":0,\\"sort\\":{\\"create_date\\":{\\"order\\":\\"desc\\"}}}" > ' + ResultDir + 'srciplist-' + ToDay + '.json'
2
3# Run the panafpi
4subprocess.check_output(progToRun, shell=True)
5
6# Using pyjq to filter
7filteredResultData = pyjq.all('.hits[]._source | .create_date + "," + .sha256')
8# 1.1.1.1,2018-01-25T11:32:35,31f03b00061206d213472bd741f6b9e2e33d94c4300f529ef2b818e40a6cf083 (hasil dari kode diatas)
9
10file_to_open=sys.argv[1]
11df=pd.read_csv(file_to_open)
12df.to_csv(ResultDir + "/srciplist-" + ToDay + ".csv", sep=',')