Skip to content

cray-uc/pycert-splunk

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
main.py
main.py
 
 
readme.md
readme.md
 
 

Repository files navigation

CRT.SH API Data Retrieval and Splunk Integration

This Python script is designed to retrieve data from an crt.sh in JSON format, filter the certificate data based on a specific condition (entries within the last 30 days), and send the filtered data to Splunk using the HTTP Event Collector (HEC).

Prerequisites

Before running the script, make sure you have the following:

  • Python 3.x installed
  • requests library installed (you can install it using pip install requests)

Configuration

  1. Open the script in a text editor.
  2. Replace "[url_here]" with the actual URL of the API you want to query.
  3. Replace "YOUR_SPLUNK_TOKEN" with your Splunk HTTP Event Collector (HEC) token.
  4. Update "https://your-splunk-instance.com:8088/services/collector/event" with the correct URL for your Splunk HEC endpoint.

Usage

  1. Save the script with a .py extension (e.g., api_data_retrieval.py).
  2. Open a terminal or command prompt and navigate to the directory where the script is saved.
  3. Run the script by executing the following command:

python api_data_retrieval.py

The script will perform the following actions:

  1. Query the specified API and retrieve the data in JSON format.
  2. Filter the data to include only entries within the last 30 days.
  3. Create a list of dictionaries containing the common name and entry timestamp for the filtered entries.
  4. Write the filtered data to a JSON file named domain_check_results.json in the same directory.
  5. Send the filtered data to Splunk using the HTTP Event Collector (HEC).

Troubleshooting

If you encounter any errors while running the script, check the following:

  • Ensure that you have replaced the placeholders ("[url_here]", "YOUR_SPLUNK_TOKEN", and "https://your-splunk-instance.com:8088/services/collector/event") with the correct values.
  • Verify that the API URL is accessible and returns valid JSON data.
  • Check that your Splunk HEC endpoint URL and token are correct, and that you have the necessary permissions to send data to Splunk.
  • If you receive an error message related to the requests library, make sure it is installed correctly by running pip install requests.

Dependencies

This script relies on the following Python libraries:

  • requests: A library for making HTTP requests.
  • json: A built-in Python library for working with JSON data.
  • datetime: A built-in Python library for working with dates and times.

License

This script is provided under the MIT License.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages