diff --git a/parsedmarc/resources/maps/README.md b/parsedmarc/resources/maps/README.md index faaaceb..24845cd 100644 --- a/parsedmarc/resources/maps/README.md +++ b/parsedmarc/resources/maps/README.md @@ -72,11 +72,11 @@ A list of reverse DNS base domains that could not be identified as belonging to ## base_reverse_dns.csv -A CSV with the fields `base_reverse_dns` and optionally `count`. This CSV can be generated byy exporting the base DNS data from the Kibana on Splunk dashboards provided by parsedmarc. This file is not tracked by Git. +A CSV with the fields `source_name` and optionally `message_countcount`. This CSV can be generated byy exporting the base DNS data from the Kibana on Splunk dashboards provided by parsedmarc. This file is not tracked by Git. ## unknown_base_reverse_dns.csv -A CSV file with the fields `base_reverse_dns` and `count`. This file is not tracked by Git. +A CSV file with the fields `source_name` and `message_count`. This file is not tracked by Git. ## find_unknown_base_reverse_dns.py diff --git a/parsedmarc/resources/maps/find_unknown_base_reverse_dns.py b/parsedmarc/resources/maps/find_unknown_base_reverse_dns.py index a5568ca..83c85fd 100755 --- a/parsedmarc/resources/maps/find_unknown_base_reverse_dns.py +++ b/parsedmarc/resources/maps/find_unknown_base_reverse_dns.py @@ -11,7 +11,7 @@ def _main(): known_unknown_list_file_path = "known_unknown_base_reverse_dns.txt" output_csv_file_path = "unknown_base_reverse_dns.csv" - csv_headers = ["base_reverse_dns", "count"] + csv_headers = ["source_name", "message_count"] output_rows = [] @@ -54,7 +54,7 @@ def _main(): logger.info(f"Checking domains against {base_reverse_dns_map_file_path}") with open(input_csv_file_path) as f: for row in csv.DictReader(f): - domain = row["base_reverse_dns"].lower().strip() + domain = row["source_name"].lower().strip() if domain not in known_domains or known_unknown_domains: logger.info(f"New unknown domain found: {domain}") output_rows.append(row)