針對入站場景的IP進行分析, 能夠提供IP的地理位置、ASN信息,通過判定規則精准判別IP是否惡意、風險嚴重級別、可信度級別;識別威脅類型,如:漏洞利用(exploit)、傀儡機(Zombie)、代理(Proxy)、可疑(Suspicious)等及相關安全事件或團伙標簽。
微步官方API 調用文檔:https://x.threatbook.com/v5/apiDocs
import requests
from jsonpath import jsonpath
import openpyxl
file_name="ips.xlsx" # execl文件需要自己創建
read_xlsx = openpyxl.load_workbook(file_name) # 讀取文件
readSheet1 = read_xlsx["Sheet1"] # 使用Sheet1工作表
readSheet1.delete_rows(readSheet1.min_row, readSheet1.max_row) # 清空文件內容
readSheet1.append(['IP地址', '嚴重級別', '是否惡意IP', '可信度', '威脅類型', 'IP歸屬地', '最近更新時間', '應用場景'])
url = "https://api.threatbook.cn/v3/scene/ip_reputation"
# 待查ip列表
strs=''' 37.44.238.161 141.98.83.139 39.100.73.242 40.118.131.195 167.99.190.147 192.241.219.240 104.248.136.93 121.40.210.60 128.1.91.205 '''
ips = [i for i in strs.strip().split("\n")]
for ip in ips:
query = {
"apikey": "", # <=====你的api內容
"resource": ip,
"lang": "zh"
}
response = requests.request("GET", url, params=query)
result = response.json()
a2 = jsonpath(result, "$..severity")
a3 = jsonpath(result, "$..is_malicious")
a4 = jsonpath(result, "$..confidence_level")
a5 = ",".join(jsonpath(result, "$..judgments")[0])
a6 = "-".join(jsonpath(result, "$..location.*")[0:3])
a7 = jsonpath(result, "$..update_time")
a8 = jsonpath(result, "$..scene")
l = [ip, *a2, *a3, *a4, a5, a6, *a7, *a8]
readSheet1.append(l)
read_xlsx.save(file_name)