This Python script is designed to retrieve data from an crt.sh in JSON format, filter the certificate data based on a specific condition (entries within the last 30 days), and send the filtered data to Splunk using the HTTP Event Collector (HEC).
Before running the script, make sure you have the following:
- Python 3.x installed
requests
library installed (you can install it usingpip install requests
)
- Open the script in a text editor.
- Replace
"[url_here]"
with the actual URL of the API you want to query. - Replace
"YOUR_SPLUNK_TOKEN"
with your Splunk HTTP Event Collector (HEC) token. - Update
"https://your-splunk-instance.com:8088/services/collector/event"
with the correct URL for your Splunk HEC endpoint.
- Save the script with a
.py
extension (e.g.,api_data_retrieval.py
). - Open a terminal or command prompt and navigate to the directory where the script is saved.
- Run the script by executing the following command:
python api_data_retrieval.py
The script will perform the following actions:
- Query the specified API and retrieve the data in JSON format.
- Filter the data to include only entries within the last 30 days.
- Create a list of dictionaries containing the common name and entry timestamp for the filtered entries.
- Write the filtered data to a JSON file named
domain_check_results.json
in the same directory. - Send the filtered data to Splunk using the HTTP Event Collector (HEC).
If you encounter any errors while running the script, check the following:
- Ensure that you have replaced the placeholders (
"[url_here]"
,"YOUR_SPLUNK_TOKEN"
, and"https://your-splunk-instance.com:8088/services/collector/event"
) with the correct values. - Verify that the API URL is accessible and returns valid JSON data.
- Check that your Splunk HEC endpoint URL and token are correct, and that you have the necessary permissions to send data to Splunk.
- If you receive an error message related to the
requests
library, make sure it is installed correctly by runningpip install requests
.
This script relies on the following Python libraries:
requests
: A library for making HTTP requests.json
: A built-in Python library for working with JSON data.datetime
: A built-in Python library for working with dates and times.
This script is provided under the MIT License.