amorfo77/parsedmarc
1
0
Fork 0
mirror of https://github.com/domainaware/parsedmarc.git synced 2026-05-07 04:25:25 +00:00
Code Issues Projects Releases Wiki Activity

Include interval_begin in splunk output for accurate timestamping

Browse Source
This commit is contained in:
Sean Whalen
2025-11-29 20:50:13 -05:00
parent 6270468d30
commit 044aa9e9a0
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
parsedmarc/splunk.py
+2 -1
View File
@@ -78,6 +78,7 @@ class HECClient(object):
new_report = dict()
for metadata in report["report_metadata"]:
new_report[metadata] = report["report_metadata"][metadata]
new_report["interval_begin"] = report ["interval_begin"]
new_report["published_policy"] = report["policy_published"]
new_report["source_ip_address"] = record["source"]["ip_address"]
new_report["source_country"] = record["source"]["country"]
@@ -98,7 +99,7 @@ class HECClient(object):
new_report["spf_results"] = record["auth_results"]["spf"]
data["sourcetype"] = "dmarc:aggregate"
timestamp = human_timestamp_to_unix_timestamp(new_report["begin_date"])
timestamp = human_timestamp_to_unix_timestamp(new_report["interval_begin"])
data["time"] = timestamp
data["event"] = new_report.copy()
json_str += "{0}\n".format(json.dumps(data))