diff --git a/_modules/index.html b/_modules/index.html index 1b8f2a5..065e334 100644 --- a/_modules/index.html +++ b/_modules/index.html @@ -1,11 +1,13 @@ - +
-InvalidAggregateReportInvalidDMARCReportInvalidForensicReportInvalidSMTPTLSReportParserErroremail_results()extract_xml()extract_report()get_dmarc_reports_from_mailbox()get_dmarc_reports_from_mbox()get_report_zip()parse_forensic_report()parse_report_email()parse_report_file()parse_smtp_tls_report_json()parsed_aggregate_reports_to_csv()parsed_aggregate_reports_to_csv_rows()parsed_forensic_reports_to_csv()parsed_forensic_reports_to_csv_rows()parsed_smtp_tls_reports_to_csv()parsed_smtp_tls_reports_to_csv_rows()save_output()watch_inbox()migrate_indexes()save_aggregate_report_to_elasticsearch()save_forensic_report_to_elasticsearch()save_smtp_tls_report_to_elasticsearch()set_hosts()HECClient
SplunkErrorget_ip_address_info()get_reverse_dns()human_timestamp_to_datetime()human_timestamp_to_timestamp()human_timestamp_to_unix_timestamp()is_mbox()is_outlook_msg()parse_email()Raised when an invalid DMARC forensic report is encountered
Raised when an invalid SMTP TLS report is encountered
+Extracts xml from a zip or gzip file at the given path, file-like object, +
Extracts text from a zip or gzip file at the given path, file-like object, or bytes.
input – A path to a file, a file like object, or bytes
The extracted XML
+The extracted text
str
@@ -442,6 +456,12 @@ forensic report resultsParses and validates an SMTP TLS report
+Converts one or more parsed SMTP TLS reports to flat CSV format, including +headers
+reports – A parsed aggregate report or list of parsed aggregate reports
+Parsed aggregate report data in flat CSV format, including headers
+str
+Converts one oor more parsed SMTP TLS reports into a list of single +layer OrderedDict objects suitable for use in a CSV
+Save report data in the given directory
output_directory (str) – The path to the directory to save in
aggregate_json_filename (str) – Filename for the aggregate JSON file
forensic_json_filename (str) – Filename for the forensic JSON file
smtp_tls_json_filename (str) – Filename for the SMTP TLS JSON file
aggregate_csv_filename (str) – Filename for the aggregate CSV file
forensic_csv_filename (str) – Filename for the forensic CSV file
smtp_tls_csv_filename (str) – Filename for the SMTP TLS CSV file
Saves a parsed SMTP TLS report to elasticSearch
+report (OrderedDict) – A parsed SMTP TLS report
index_suffix (str) – The suffix of the name of the index to save to
monthly_indexes (bool) – Use monthly indexes instead of daily indexes
number_of_shards (int) – The number of shards to use in the index
number_of_replicas (int) – The number of replicas to use in the index
Sets the Elasticsearch hosts to use
ssl_cert_path (str) – Path to the certificate chain
username (str) – The username to use for authentication
password (str) – The password to use for authentication
apiKey (str) – The Base64 encoded API key to use for authentication
timeout (float) – Timeout in seconds
Saves aggregate DMARC reports to Splunk
+reports – A list of SMTP TLS report dictionaries +to save in Splunk
+Converts a human-readable timestamp into a UNIX timestamp
Starting in version 5.0.0, parsedmarc stores data in a separate
index for each day to make it easy to comply with records
-retention regulations such as GDPR. For fore information,
+retention regulations such as GDPR. For more information,
check out the Elastic guide to managing time-based indexes efficiently.
[
+ {
+ "organization_name": "Example Inc.",
+ "begin_date": "2024-01-09T00:00:00Z",
+ "end_date": "2024-01-09T23:59:59Z",
+ "report_id": "2024-01-09T00:00:00Z_example.com",
+ "policies": [
+ {
+ "policy_domain": "example.com",
+ "policy_type": "sts",
+ "policy_strings": [
+ "version: STSv1",
+ "mode: testing",
+ "mx: example.com",
+ "max_age: 86400"
+ ],
+ "successful_session_count": 0,
+ "failed_session_count": 3,
+ "failure_details": [
+ {
+ "result_type": "validation-failure",
+ "failed_session_count": 2,
+ "sending_mta_ip": "209.85.222.201",
+ "receiving_ip": "173.212.201.41",
+ "receiving_mx_hostname": "example.com"
+ },
+ {
+ "result_type": "validation-failure",
+ "failed_session_count": 1,
+ "sending_mta_ip": "209.85.208.176",
+ "receiving_ip": "173.212.201.41",
+ "receiving_mx_hostname": "example.com"
+ }
+ ]
+ }
+ ]
+ }
+]
+INBOX)
archive_folder - str: The mailbox folder (or label for
Gmail) to sort processed emails into (Default: Archive)
watch - bool: Use the IMAP IDLE command to process
messages as they arrive or poll MS Graph for new messages
delete - bool: Delete messages after processing them,
instead of archiving them
watch - bool: Use the IMAP IDLE command to process
+messages as they arrive or poll MS Graph for new messages
delete - bool: Delete messages after processing them,
+instead of archiving them
test - bool: Do not move or delete messages
batch_size - int: Number of messages to read and process
before saving. Default 10. Use 0 for no limit.
127.0
URL encoded.
user - str: Basic auth username
password - str: Basic auth password
apiKey - str: API key
ssl - bool: Use an encrypted SSL/TLS connection
(Default: True)
timeout - float: Timeout in seconds (Default: 60)
cert_path - str: Path to a trusted certificates
index_suffix - str: A suffix to apply to the index names
monthly_indexes - bool: Use monthly indexes instead of daily indexes
https://www.googleapis.com/auth/gmail.modify)
oauth2_port - int: The TCP port for the local server to
listen on for the OAuth2 response (Default: 8080)
paginate_messages - bool: When True, fetch all applicable Gmail messages.
+When False, only fetch up to 100 new messages per run (Default: True)
log_analytics
dcr_immutable_id - str: The immutable ID of the Data Collection Rule (DCR)dcr_aggregate_stream - str: The stream name for aggregate reports in the DCR
dcr_forensic_stream - str: The stream name for the forensic reports in the DCR
dcr_smtp_tls_stream - str: The stream name for the SMTP TLS reports in the DCR
Note