diff --git a/_sources/index.md.txt b/_sources/index.md.txt index 2c18816..201b48e 100644 --- a/_sources/index.md.txt +++ b/_sources/index.md.txt @@ -9,13 +9,10 @@ Package](https://img.shields.io/pypi/v/parsedmarc.svg)](https://pypi.org/project [![PyPI - Downloads](https://img.shields.io/pypi/dm/parsedmarc?color=blue)](https://pypistats.org/packages/parsedmarc) :::{note} -**Help Wanted** +*Sponsors* This is a project is maintained by one developer. -Please consider reviewing the open [issues] to see how you can contribute code, documentation, or user support. -Assistance on the pinned issues would be particularly helpful. - -Thanks to all [contributors]! +Please consider [sponsoring my work](https://github.com/sponsors/seanthegeek) if you or your organization benefit from it. ::: ```{image} _static/screenshots/dmarc-summary-charts.png @@ -79,6 +76,3 @@ dmarc contributing api ``` - -[contributors]: https://github.com/domainaware/parsedmarc/graphs/contributors -[issues]: https://github.com/domainaware/parsedmarc/issues diff --git a/build/lib/parsedmarc/__init__.py b/build/lib/parsedmarc/__init__.py index baaa1fa..b1cee16 100644 --- a/build/lib/parsedmarc/__init__.py +++ b/build/lib/parsedmarc/__init__.py @@ -49,8 +49,8 @@ logger.setLevel(logging.INFO) feedback_report_regex = re.compile(r"^([\w\-]+): (.+)$", re.MULTILINE) -MAGIC_ZIP = b"\x50\x4B\x03\x04" -MAGIC_GZIP = b"\x1F\x8B" +MAGIC_ZIP = b"\x50\x4b\x03\x04" +MAGIC_GZIP = b"\x1f\x8b" MAGIC_XML = b"\x3c\x3f\x78\x6d\x6c\x20" @@ -108,8 +108,7 @@ def _get_base_domain(domain): if not os.path.exists(psl_path): psl = download_psl() else: - psl_age = datetime.now() - datetime.fromtimestamp( - os.stat(psl_path).st_mtime) + psl_age = datetime.now() - datetime.fromtimestamp(os.stat(psl_path).st_mtime) if psl_age > timedelta(hours=24): psl = download_psl() else: @@ -136,15 +135,21 @@ def _query_dns(domain, record_type, nameservers=None, timeout=6.0): resolver = dns.resolver.Resolver() timeout = float(timeout) if nameservers is None: - nameservers = ["1.1.1.1", "1.0.0.1", - "2606:4700:4700::1111", "2606:4700:4700::1001", - ] + nameservers = [ + "1.1.1.1", + "1.0.0.1", + "2606:4700:4700::1111", + "2606:4700:4700::1001", + ] resolver.nameservers = nameservers resolver.timeout = timeout resolver.lifetime = timeout - return list(map( - lambda r: r.to_text().replace(' "', '').replace('"', '').rstrip("."), - resolver.query(domain, record_type, tcp=True))) + return list( + map( + lambda r: r.to_text().replace(' "', "").replace('"', "").rstrip("."), + resolver.query(domain, record_type, tcp=True), + ) + ) def _get_reverse_dns(ip_address, nameservers=None, timeout=6.0): @@ -163,9 +168,9 @@ def _get_reverse_dns(ip_address, nameservers=None, timeout=6.0): hostname = None try: address = dns.reversename.from_address(ip_address) - hostname = _query_dns(address, "PTR", - nameservers=nameservers, - timeout=timeout)[0] + hostname = _query_dns(address, "PTR", nameservers=nameservers, timeout=timeout)[ + 0 + ] except dns.exception.DNSException: pass @@ -231,8 +236,10 @@ def _get_ip_address_country(ip_address): Args: location (str): Local location for the database file """ - url = "https://geolite.maxmind.com/download/geoip/database/" \ - "GeoLite2-Country.tar.gz" + url = ( + "https://geolite.maxmind.com/download/geoip/database/" + "GeoLite2-Country.tar.gz" + ) original_filename = "GeoLite2-Country.mmdb" tar_file = tarfile.open(fileobj=BytesIO(get(url).content), mode="r:gz") tar_dir = tar_file.getnames()[0] @@ -241,8 +248,10 @@ def _get_ip_address_country(ip_address): shutil.move(tar_path, location) shutil.rmtree(tar_dir) - system_paths = ["/usr/local/share/GeoIP/GeoLite2-Country.mmdb", - "/usr/share/GeoIP/GeoLite2-Country.mmdb"] + system_paths = [ + "/usr/local/share/GeoIP/GeoLite2-Country.mmdb", + "/usr/share/GeoIP/GeoLite2-Country.mmdb", + ] db_path = "" for system_path in system_paths: @@ -255,7 +264,8 @@ def _get_ip_address_country(ip_address): download_country_database(db_filename) else: db_age = datetime.now() - datetime.fromtimestamp( - os.stat(db_filename).st_mtime) + os.stat(db_filename).st_mtime + ) if db_age > timedelta(days=60): download_country_database() db_path = db_filename @@ -289,9 +299,7 @@ def _get_ip_address_info(ip_address, nameservers=None, timeout=6.0): ip_address = ip_address.lower() info = OrderedDict() info["ip_address"] = ip_address - reverse_dns = _get_reverse_dns(ip_address, - nameservers=nameservers, - timeout=timeout) + reverse_dns = _get_reverse_dns(ip_address, nameservers=nameservers, timeout=timeout) country = _get_ip_address_country(ip_address) info["country"] = country info["reverse_dns"] = reverse_dns @@ -321,16 +329,19 @@ def _parse_report_record(record, nameservers=None, timeout=6.0): nameservers = ["8.8.8.8", "4.4.4.4"] record = record.copy() new_record = OrderedDict() - new_record["source"] = _get_ip_address_info(record["row"]["source_ip"], - nameservers=nameservers, - timeout=timeout) + new_record["source"] = _get_ip_address_info( + record["row"]["source_ip"], nameservers=nameservers, timeout=timeout + ) new_record["count"] = int(record["row"]["count"]) policy_evaluated = record["row"]["policy_evaluated"].copy() - new_policy_evaluated = OrderedDict([("disposition", "none"), - ("dkim", "fail"), - ("spf", "fail"), - ("policy_override_reasons", []) - ]) + new_policy_evaluated = OrderedDict( + [ + ("disposition", "none"), + ("dkim", "fail"), + ("spf", "fail"), + ("policy_override_reasons", []), + ] + ) if "disposition" in policy_evaluated: new_policy_evaluated["disposition"] = policy_evaluated["disposition"] if "dkim" in policy_evaluated: @@ -428,8 +439,7 @@ def parse_aggregate_report_xml(xml, nameservers=None, timeout=6.0): new_report_metadata["org_extra_contact_info"] = extra new_report_metadata["report_id"] = report_metadata["report_id"] report_id = new_report_metadata["report_id"] - report_id = report_id.replace("<", - "").replace(">", "").split("@")[0] + report_id = report_id.replace("<", "").replace(">", "").split("@")[0] new_report_metadata["report_id"] = report_id date_range = report["report_metadata"]["date_range"] date_range["begin"] = _timestamp_to_human(date_range["begin"]) @@ -478,9 +488,11 @@ def parse_aggregate_report_xml(xml, nameservers=None, timeout=6.0): if type(report["record"]) == list: for record in report["record"]: - records.append(_parse_report_record(record, - nameservers=nameservers, - timeout=timeout)) + records.append( + _parse_report_record( + record, nameservers=nameservers, timeout=timeout + ) + ) else: records.append(_parse_report_record(report["record"])) @@ -490,8 +502,7 @@ def parse_aggregate_report_xml(xml, nameservers=None, timeout=6.0): return new_report except KeyError as error: - raise InvalidAggregateReport("Missing field: " - "{0}".format(error.__str__())) + raise InvalidAggregateReport("Missing field: {0}".format(error.__str__())) def extract_xml(input_): @@ -529,8 +540,7 @@ def extract_xml(input_): file_object.close() except UnicodeDecodeError: - raise InvalidAggregateReport("File objects must be opened in binary " - "(rb) mode") + raise InvalidAggregateReport("File objects must be opened in binary (rb) mode") return xml @@ -550,9 +560,7 @@ def parse_aggregate_report_file(_input, nameservers=None, timeout=6.0): """ xml = extract_xml(_input) - return parse_aggregate_report_xml(xml, - nameservers=nameservers, - timeout=timeout) + return parse_aggregate_report_xml(xml, nameservers=nameservers, timeout=timeout) def parsed_aggregate_reports_to_csv(reports): @@ -566,15 +574,42 @@ def parsed_aggregate_reports_to_csv(reports): Returns: str: Parsed aggregate report data in flat CSV format, including headers """ - fields = ["xml_schema", "org_name", "org_email", - "org_extra_contact_info", "report_id", "begin_date", "end_date", - "errors", "domain", "adkim", "aspf", "p", "sp", "pct", "fo", - "source_ip_address", "source_country", "source_reverse_dns", - "source_base_domain", "count", "disposition", "dkim_alignment", - "spf_alignment", "policy_override_reasons", - "policy_override_comments", "envelope_from", "header_from", - "envelope_to", "dkim_domains", "dkim_selectors", "dkim_results", - "spf_domains", "spf_scopes", "spf_results"] + fields = [ + "xml_schema", + "org_name", + "org_email", + "org_extra_contact_info", + "report_id", + "begin_date", + "end_date", + "errors", + "domain", + "adkim", + "aspf", + "p", + "sp", + "pct", + "fo", + "source_ip_address", + "source_country", + "source_reverse_dns", + "source_base_domain", + "count", + "disposition", + "dkim_alignment", + "spf_alignment", + "policy_override_reasons", + "policy_override_comments", + "envelope_from", + "header_from", + "envelope_to", + "dkim_domains", + "dkim_selectors", + "dkim_results", + "spf_domains", + "spf_scopes", + "spf_results", + ] csv_file_object = StringIO() writer = DictWriter(csv_file_object, fields) @@ -600,12 +635,23 @@ def parsed_aggregate_reports_to_csv(reports): pct = report["policy_published"]["pct"] fo = report["policy_published"]["fo"] - report_dict = dict(xml_schema=xml_schema, org_name=org_name, - org_email=org_email, - org_extra_contact_info=org_extra_contact, - report_id=report_id, begin_date=begin_date, - end_date=end_date, errors=errors, domain=domain, - adkim=adkim, aspf=aspf, p=p, sp=sp, pct=pct, fo=fo) + report_dict = dict( + xml_schema=xml_schema, + org_name=org_name, + org_email=org_email, + org_extra_contact_info=org_extra_contact, + report_id=report_id, + begin_date=begin_date, + end_date=end_date, + errors=errors, + domain=domain, + adkim=adkim, + aspf=aspf, + p=p, + sp=sp, + pct=pct, + fo=fo, + ) for record in report["records"]: row = report_dict @@ -617,16 +663,20 @@ def parsed_aggregate_reports_to_csv(reports): row["disposition"] = record["policy_evaluated"]["disposition"] row["spf_alignment"] = record["policy_evaluated"]["spf"] row["dkim_alignment"] = record["policy_evaluated"]["dkim"] - policy_override_reasons = list(map(lambda r: r["type"], - record["policy_evaluated"] - ["policy_override_reasons"])) - policy_override_comments = list(map(lambda r: r["comment"], - record["policy_evaluated"] - ["policy_override_reasons"])) - row["policy_override_reasons"] = ",".join( - policy_override_reasons) - row["policy_override_comments"] = "|".join( - policy_override_comments) + policy_override_reasons = list( + map( + lambda r: r["type"], + record["policy_evaluated"]["policy_override_reasons"], + ) + ) + policy_override_comments = list( + map( + lambda r: r["comment"], + record["policy_evaluated"]["policy_override_reasons"], + ) + ) + row["policy_override_reasons"] = ",".join(policy_override_reasons) + row["policy_override_comments"] = "|".join(policy_override_comments) row["envelope_from"] = record["identifiers"]["envelope_from"] row["header_from"] = record["identifiers"]["header_from"] envelope_to = record["identifiers"]["envelope_to"] @@ -659,8 +709,9 @@ def parsed_aggregate_reports_to_csv(reports): return csv_file_object.getvalue() -def parse_forensic_report(feedback_report, sample, sample_headers_only, - nameservers=None, timeout=6.0): +def parse_forensic_report( + feedback_report, sample, sample_headers_only, nameservers=None, timeout=6.0 +): """ Converts a DMARC forensic report and sample to a ``OrderedDict`` @@ -683,8 +734,7 @@ def parse_forensic_report(feedback_report, sample, sample_headers_only, display_name = original_address[0] address = original_address[1] - return OrderedDict([("display_name", display_name), - ("address", address)]) + return OrderedDict([("display_name", display_name), ("address", address)]) def get_filename_safe_subject(_subject): """ @@ -695,8 +745,7 @@ def parse_forensic_report(feedback_report, sample, sample_headers_only, Returns: str: A string safe for a filename """ - invalid_filename_chars = ['\\', '/', ':', '"', '*', '?', '|', '\n', - '\r'] + invalid_filename_chars = ["\\", "/", ":", '"', "*", "?", "|", "\n", "\r"] if _subject is None: _subject = "No Subject" for char in invalid_filename_chars: @@ -712,15 +761,16 @@ def parse_forensic_report(feedback_report, sample, sample_headers_only, key = report_value[0].lower().replace("-", "_") parsed_report[key] = report_value[1] if key == "arrival_date": - arrival_utc = dateparser.parse(parsed_report["arrival_date"], - settings={"TO_TIMEZONE": "UTC"}) + arrival_utc = dateparser.parse( + parsed_report["arrival_date"], settings={"TO_TIMEZONE": "UTC"} + ) arrival_utc = arrival_utc.strftime("%Y-%m-%d %H:%M:%S") parsed_report["arrival_date_utc"] = arrival_utc ip_address = parsed_report["source_ip"] - parsed_report["source"] = _get_ip_address_info(ip_address, - nameservers=nameservers, - timeout=timeout) + parsed_report["source"] = _get_ip_address_info( + ip_address, nameservers=nameservers, timeout=timeout + ) del parsed_report["source_ip"] if "identity_alignment" not in parsed_report: @@ -739,8 +789,12 @@ def parse_forensic_report(feedback_report, sample, sample_headers_only, auth_failure = parsed_report["auth_failure"].split(",") parsed_report["auth_failure"] = auth_failure - optional_fields = ["original_envelope_id", "dkim_domain", - "original_mail_from", "original_rcpt_to"] + optional_fields = [ + "original_envelope_id", + "dkim_domain", + "original_mail_from", + "original_rcpt_to", + ] for optional_field in optional_fields: if optional_field not in parsed_report: parsed_report[optional_field] = None @@ -756,34 +810,36 @@ def parse_forensic_report(feedback_report, sample, sample_headers_only, if "received" in parsed_message: for received in parsed_message["received"]: if "date_utc" in received: - received["date_utc"] = received["date_utc"].replace("T", - " ") + received["date_utc"] = received["date_utc"].replace("T", " ") parsed_sample["from"] = convert_address(parsed_sample["from"][0]) if "reply_to" in parsed_sample: - parsed_sample["reply_to"] = list(map(lambda x: convert_address(x), - parsed_sample["reply_to"])) + parsed_sample["reply_to"] = list( + map(lambda x: convert_address(x), parsed_sample["reply_to"]) + ) else: parsed_sample["reply_to"] = [] - parsed_sample["to"] = list(map(lambda x: convert_address(x), - parsed_sample["to"])) + parsed_sample["to"] = list( + map(lambda x: convert_address(x), parsed_sample["to"]) + ) if "cc" in parsed_sample: - parsed_sample["cc"] = list(map(lambda x: convert_address(x), - parsed_sample["cc"])) + parsed_sample["cc"] = list( + map(lambda x: convert_address(x), parsed_sample["cc"]) + ) else: parsed_sample["cc"] = [] if "bcc" in parsed_sample: - parsed_sample["bcc"] = list(map(lambda x: convert_address(x), - parsed_sample["bcc"])) + parsed_sample["bcc"] = list( + map(lambda x: convert_address(x), parsed_sample["bcc"]) + ) else: parsed_sample["bcc"] = [] if "delivered_to" in parsed_sample: parsed_sample["delivered_to"] = list( - map(lambda x: convert_address(x), - parsed_sample["delivered_to"]) + map(lambda x: convert_address(x), parsed_sample["delivered_to"]) ) if "attachments" not in parsed_sample: @@ -793,7 +849,8 @@ def parse_forensic_report(feedback_report, sample, sample_headers_only, parsed_sample["subject"] = None parsed_sample["filename_safe_subject"] = get_filename_safe_subject( - parsed_sample["subject"]) + parsed_sample["subject"] + ) if "body" not in parsed_sample: parsed_sample["body"] = None @@ -809,8 +866,7 @@ def parse_forensic_report(feedback_report, sample, sample_headers_only, return parsed_report except KeyError as error: - raise InvalidForensicReport("Missing value: {0}".format( - error.__str__())) + raise InvalidForensicReport("Missing value: {0}".format(error.__str__())) def parsed_forensic_reports_to_csv(reports): @@ -823,14 +879,30 @@ def parsed_forensic_reports_to_csv(reports): Returns: str: Parsed forensic report data in flat CSV format, including headers - """ - fields = ["feedback_type", "user_agent", "version", "original_envelope_id", - "original_mail_from", "original_rcpt_to", "arrival_date", - "arrival_date_utc", "subject", "message_id", - "authentication_results", "dkim_domain", "source_ip_address", - "source_country", "source_reverse_dns", "source_base_domain", - "delivery_result", "auth_failure", "reported_domain", - "authentication_mechanisms", "sample_headers_only"] + """ + fields = [ + "feedback_type", + "user_agent", + "version", + "original_envelope_id", + "original_mail_from", + "original_rcpt_to", + "arrival_date", + "arrival_date_utc", + "subject", + "message_id", + "authentication_results", + "dkim_domain", + "source_ip_address", + "source_country", + "source_reverse_dns", + "source_base_domain", + "delivery_result", + "auth_failure", + "reported_domain", + "authentication_mechanisms", + "sample_headers_only", + ] if type(reports) == OrderedDict: reports = [reports] @@ -847,8 +919,7 @@ def parsed_forensic_reports_to_csv(reports): row["subject"] = report["parsed_sample"]["subject"] row["auth_failure"] = ",".join(report["auth_failure"]) authentication_mechanisms = report["authentication_mechanisms"] - row["authentication_mechanisms"] = ",".join( - authentication_mechanisms) + row["authentication_mechanisms"] = ",".join(authentication_mechanisms) del row["sample"] del row["parsed_sample"] csv_writer.writerow(row) @@ -873,7 +944,7 @@ def parse_report_email(input_, nameservers=None, timeout=6.0): def is_outlook_msg(suspect_bytes): """Checks if the given content is a Outlook msg OLE file""" - return suspect_bytes.startswith(b"\xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1") + return suspect_bytes.startswith(b"\xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1") def convert_outlook_msg(msg_bytes): """ @@ -903,7 +974,8 @@ def parse_report_email(input_, nameservers=None, timeout=6.0): "Error running msgconvert. Please ensure it is installed\n" "sudo apt install libemail-outlook-message-perl\n" "https://github.com/mvz/email-outlook-message-perl\n\n" - "{0}".format(e)) + "{0}".format(e) + ) finally: os.chdir(orig_dir) shutil.rmtree(tmp_dir) @@ -918,8 +990,7 @@ def parse_report_email(input_, nameservers=None, timeout=6.0): for header_part in decoded_header: if type(header_part[0]) == bytes: encoding = header_part[1] or "ascii" - header_part = header_part[0].decode(encoding=encoding, - errors="replace") + header_part = header_part[0].decode(encoding=encoding, errors="replace") else: header_part = header_part[0] header += header_part @@ -953,32 +1024,37 @@ def parse_report_email(input_, nameservers=None, timeout=6.0): sample = payload sample_headers_only = False if feedback_report and sample: - forensic_report = parse_forensic_report(feedback_report, - sample, - sample_headers_only, - nameservers=nameservers, - timeout=timeout) + forensic_report = parse_forensic_report( + feedback_report, + sample, + sample_headers_only, + nameservers=nameservers, + timeout=timeout, + ) - result = OrderedDict([("report_type", "forensic"), - ("report", forensic_report)]) + result = OrderedDict( + [("report_type", "forensic"), ("report", forensic_report)] + ) return result try: payload = b64decode(payload) - if payload.startswith(MAGIC_ZIP) or \ - payload.startswith(MAGIC_GZIP) or \ - payload.startswith(MAGIC_XML): + if ( + payload.startswith(MAGIC_ZIP) + or payload.startswith(MAGIC_GZIP) + or payload.startswith(MAGIC_XML) + ): ns = nameservers - aggregate_report = parse_aggregate_report_file(payload, - nameservers=ns, - timeout=timeout) - result = OrderedDict([("report_type", "aggregate"), - ("report", aggregate_report)]) + aggregate_report = parse_aggregate_report_file( + payload, nameservers=ns, timeout=timeout + ) + result = OrderedDict( + [("report_type", "aggregate"), ("report", aggregate_report)] + ) except (TypeError, binascii.Error): pass if result is None: - error = 'Message with subject "{0}" is ' \ - 'not a valid DMARC report'.format(subject) + error = 'Message with subject "{0}" is not a valid DMARC report'.format(subject) raise InvalidDMARCReport(error) return result @@ -1006,27 +1082,31 @@ def parse_report_file(input_, nameservers=None, timeout=6.0): content = file_object.read() try: - report = parse_aggregate_report_file(content, nameservers=nameservers, - timeout=timeout) - results = OrderedDict([("report_type", "aggregate"), - ("report", report)]) + report = parse_aggregate_report_file( + content, nameservers=nameservers, timeout=timeout + ) + results = OrderedDict([("report_type", "aggregate"), ("report", report)]) except InvalidAggregateReport: try: - results = parse_report_email(content, - nameservers=nameservers, - timeout=timeout) + results = parse_report_email( + content, nameservers=nameservers, timeout=timeout + ) except InvalidDMARCReport: - raise InvalidDMARCReport("Not a valid aggregate or forensic " - "report") + raise InvalidDMARCReport("Not a valid aggregate or forensic report") return results -def get_dmarc_reports_from_inbox(host, user, password, - reports_folder="INBOX", - archive_folder="Archive", - delete=False, test=False, - nameservers=None, - dns_timeout=6.0): +def get_dmarc_reports_from_inbox( + host, + user, + password, + reports_folder="INBOX", + archive_folder="Archive", + delete=False, + test=False, + nameservers=None, + dns_timeout=6.0, +): """ Fetches and parses DMARC reports from sn inbox @@ -1048,7 +1128,7 @@ def get_dmarc_reports_from_inbox(host, user, password, def chunks(l, n): """Yield successive n-sized chunks from l.""" for i in range(0, len(l), n): - yield l[i:i + n] + yield l[i : i + n] if delete and test: raise ValueError("delete and test options are mutually exclusive") @@ -1072,14 +1152,13 @@ def get_dmarc_reports_from_inbox(host, user, password, server.create_folder(forensic_reports_folder) messages = server.search() for message_uid in messages: - raw_msg = server.fetch(message_uid, - ["RFC822"])[message_uid][b"RFC822"] + raw_msg = server.fetch(message_uid, ["RFC822"])[message_uid][b"RFC822"] msg_content = raw_msg.decode("utf-8", errors="replace") try: - parsed_email = parse_report_email(msg_content, - nameservers=nameservers, - timeout=dns_timeout) + parsed_email = parse_report_email( + msg_content, nameservers=nameservers, timeout=dns_timeout + ) if parsed_email["report_type"] == "aggregate": aggregate_reports.append(parsed_email["report"]) aggregate_report_msg_uids.append(message_uid) @@ -1091,22 +1170,25 @@ def get_dmarc_reports_from_inbox(host, user, password, if not test: if delete: - processed_messages = aggregate_report_msg_uids + \ - forensic_report_msg_uids + processed_messages = ( + aggregate_report_msg_uids + forensic_report_msg_uids + ) server.add_flags(processed_messages, [imapclient.DELETED]) server.expunge() else: if len(aggregate_report_msg_uids) > 0: for chunk in chunks(aggregate_report_msg_uids, 100): - server.move(chunk, - aggregate_reports_folder) + server.move(chunk, aggregate_reports_folder) if len(forensic_report_msg_uids) > 0: for chunk in chunks(forensic_report_msg_uids, 100): - server.move(chunk, - forensic_reports_folder) + server.move(chunk, forensic_reports_folder) - results = OrderedDict([("aggregate_reports", aggregate_reports), - ("forensic_reports", forensic_reports)]) + results = OrderedDict( + [ + ("aggregate_reports", aggregate_reports), + ("forensic_reports", forensic_reports), + ] + ) return results except imapclient.exceptions.IMAPClientError as error: @@ -1146,23 +1228,37 @@ def save_output(results, output_directory="output"): else: os.makedirs(output_directory) - with open("{0}".format(os.path.join(output_directory, "aggregate.json")), - "w", newline="\n", encoding="utf-8") as agg_json: - agg_json.write(json.dumps(aggregate_reports, ensure_ascii=False, - indent=2)) + with open( + "{0}".format(os.path.join(output_directory, "aggregate.json")), + "w", + newline="\n", + encoding="utf-8", + ) as agg_json: + agg_json.write(json.dumps(aggregate_reports, ensure_ascii=False, indent=2)) - with open("{0}".format(os.path.join(output_directory, "aggregate.csv")), - "w", newline="\n", encoding="utf-8") as agg_csv: + with open( + "{0}".format(os.path.join(output_directory, "aggregate.csv")), + "w", + newline="\n", + encoding="utf-8", + ) as agg_csv: csv = parsed_aggregate_reports_to_csv(aggregate_reports) agg_csv.write(csv) - with open("{0}".format(os.path.join(output_directory, "forensic.json")), - "w", newline="\n", encoding="utf-8") as for_json: - for_json.write(json.dumps(forensic_reports, ensure_ascii=False, - indent=2)) + with open( + "{0}".format(os.path.join(output_directory, "forensic.json")), + "w", + newline="\n", + encoding="utf-8", + ) as for_json: + for_json.write(json.dumps(forensic_reports, ensure_ascii=False, indent=2)) - with open("{0}".format(os.path.join(output_directory, "forensic.csv")), - "w", newline="\n", encoding="utf-8") as for_csv: + with open( + "{0}".format(os.path.join(output_directory, "forensic.csv")), + "w", + newline="\n", + encoding="utf-8", + ) as for_csv: csv = parsed_forensic_reports_to_csv(forensic_reports) for_csv.write(csv) @@ -1200,6 +1296,7 @@ def get_report_zip(results): Returns: bytes: zip file bytes """ + def add_subdir(root_path, subdir): subdir_path = os.path.join(root_path, subdir) for subdir_root, subdir_dirs, subdir_files in os.walk(subdir_path): @@ -1216,13 +1313,12 @@ def get_report_zip(results): tmp_dir = tempfile.mkdtemp() try: save_output(results, tmp_dir) - with zipfile.ZipFile(storage, 'w', zipfile.ZIP_DEFLATED) as zip_file: + with zipfile.ZipFile(storage, "w", zipfile.ZIP_DEFLATED) as zip_file: for root, dirs, files in os.walk(tmp_dir): for file in files: file_path = os.path.join(root, file) if os.path.isfile(file_path): - arcname = os.path.join(os.path.relpath(root, tmp_dir), - file) + arcname = os.path.join(os.path.relpath(root, tmp_dir), file) zip_file.write(file_path, arcname) for directory in dirs: dir_path = os.path.join(root, directory) @@ -1235,9 +1331,21 @@ def get_report_zip(results): return storage.getvalue() -def email_results(results, host, mail_from, mail_to, port=0, starttls=True, - use_ssl=False, user=None, password=None, subject=None, - attachment_filename=None, message=None, ssl_context=None): +def email_results( + results, + host, + mail_from, + mail_to, + port=0, + starttls=True, + use_ssl=False, + user=None, + password=None, + subject=None, + attachment_filename=None, + message=None, + ssl_context=None, +): """ Emails parsing results as a zip file @@ -1267,10 +1375,10 @@ def email_results(results, host, mail_from, mail_to, port=0, starttls=True, assert isinstance(mail_to, list) msg = MIMEMultipart() - msg['From'] = mail_from - msg['To'] = COMMASPACE.join(mail_to) - msg['Date'] = formatdate(localtime=True) - msg['Subject'] = subject or "DMARC results for {0}".format(date_string) + msg["From"] = mail_from + msg["To"] = COMMASPACE.join(mail_to) + msg["Date"] = formatdate(localtime=True) + msg["Subject"] = subject or "DMARC results for {0}".format(date_string) text = message or "Please see the attached zip file\n" msg.attach(MIMEText(text)) @@ -1278,7 +1386,7 @@ def email_results(results, host, mail_from, mail_to, port=0, starttls=True, zip_bytes = get_report_zip(results) part = MIMEApplication(zip_bytes, Name=filename) - part['Content-Disposition'] = 'attachment; filename="{0}"'.format(filename) + part["Content-Disposition"] = 'attachment; filename="{0}"'.format(filename) msg.attach(part) try: @@ -1315,9 +1423,19 @@ def email_results(results, host, mail_from, mail_to, port=0, starttls=True, raise SMTPError("Certificate error: {0}".format(error.__str__())) -def watch_inbox(host, username, password, callback, reports_folder="INBOX", - archive_folder="Archive", delete=False, test=False, wait=30, - nameservers=None, dns_timeout=6.0): +def watch_inbox( + host, + username, + password, + callback, + reports_folder="INBOX", + archive_folder="Archive", + delete=False, + test=False, + wait=30, + nameservers=None, + dns_timeout=6.0, +): """ Use an IDLE IMAP connection to parse incoming emails, and pass the results to a callback function @@ -1379,15 +1497,18 @@ def watch_inbox(host, username, password, callback, reports_folder="INBOX", responses = server.idle_check(timeout=wait) if responses is not None: for response in responses: - if response[1] == b'RECENT' and response[0] > 0: - res = get_dmarc_reports_from_inbox(host, username, - password, - reports_folder=rf, - archive_folder=af, - delete=delete, - test=test, - nameservers=ns, - dns_timeout=dt) + if response[1] == b"RECENT" and response[0] > 0: + res = get_dmarc_reports_from_inbox( + host, + username, + password, + reports_folder=rf, + archive_folder=af, + delete=delete, + test=test, + nameservers=ns, + dns_timeout=dt, + ) callback(res) break except imapclient.exceptions.IMAPClientError as error: diff --git a/build/lib/parsedmarc/cli.py b/build/lib/parsedmarc/cli.py index 831d13a..a0949c6 100644 --- a/build/lib/parsedmarc/cli.py +++ b/build/lib/parsedmarc/cli.py @@ -3,7 +3,6 @@ """A CLI for parsing DMARC reports""" - from argparse import ArgumentParser from glob import glob import logging @@ -12,17 +11,26 @@ import json from elasticsearch.exceptions import ElasticsearchException -from parsedmarc import logger, IMAPError, get_dmarc_reports_from_inbox, \ - parse_report_file, elastic, save_output, watch_inbox, email_results, \ - SMTPError, ParserError, __version__ +from parsedmarc import ( + logger, + IMAPError, + get_dmarc_reports_from_inbox, + parse_report_file, + elastic, + save_output, + watch_inbox, + email_results, + SMTPError, + ParserError, + __version__, +) def _main(): """Called when the module is executed""" + def process_reports(reports_): - output_str = "{0}\n".format(json.dumps(reports_, - ensure_ascii=False, - indent=2)) + output_str = "{0}\n".format(json.dumps(reports_, ensure_ascii=False, indent=2)) if not args.silent: print(output_str) if args.save_aggregate: @@ -32,8 +40,7 @@ def _main(): except elastic.AlreadySaved as warning: logger.warning(warning.__str__()) except ElasticsearchException as error_: - logger.error("Elasticsearch Error: {0}".format( - error_.__str__())) + logger.error("Elasticsearch Error: {0}".format(error_.__str__())) exit(1) if args.save_forensic: for report in reports_["forensic_reports"]: @@ -42,77 +49,120 @@ def _main(): except elastic.AlreadySaved as warning: logger.warning(warning.__str__()) except ElasticsearchException as error_: - logger.error("Elasticsearch Error: {0}".format( - error_.__str__())) + logger.error("Elasticsearch Error: {0}".format(error_.__str__())) arg_parser = ArgumentParser(description="Parses DMARC reports") - arg_parser.add_argument("file_path", nargs="*", - help="one or more paths to aggregate or forensic " - "report files or emails") - arg_parser.add_argument("-o", "--output", - help="Write output files to the given directory") - arg_parser.add_argument("-n", "--nameservers", nargs="+", - help="nameservers to query " - "(Default is Cloudflare's)") - arg_parser.add_argument("-t", "--timeout", - help="number of seconds to wait for an answer " - "from DNS (default 6.0)", - type=float, - default=6.0) + arg_parser.add_argument( + "file_path", + nargs="*", + help="one or more paths to aggregate or forensic report files or emails", + ) + arg_parser.add_argument( + "-o", "--output", help="Write output files to the given directory" + ) + arg_parser.add_argument( + "-n", + "--nameservers", + nargs="+", + help="nameservers to query (Default is Cloudflare's)", + ) + arg_parser.add_argument( + "-t", + "--timeout", + help="number of seconds to wait for an answer from DNS (default 6.0)", + type=float, + default=6.0, + ) arg_parser.add_argument("-H", "--host", help="IMAP hostname or IP address") arg_parser.add_argument("-u", "--user", help="IMAP user") arg_parser.add_argument("-p", "--password", help="IMAP password") - arg_parser.add_argument("-r", "--reports-folder", default="INBOX", - help="The IMAP folder containing the reports\n" - "Default: INBOX") - arg_parser.add_argument("-a", "--archive-folder", - help="Specifies the IMAP folder to move " - "messages to after processing them\n" - "Default: Archive", - default="Archive") - arg_parser.add_argument("-d", "--delete", - help="Delete the reports after processing them", - action="store_true", default=False) + arg_parser.add_argument( + "-r", + "--reports-folder", + default="INBOX", + help="The IMAP folder containing the reports\nDefault: INBOX", + ) + arg_parser.add_argument( + "-a", + "--archive-folder", + help="Specifies the IMAP folder to move " + "messages to after processing them\n" + "Default: Archive", + default="Archive", + ) + arg_parser.add_argument( + "-d", + "--delete", + help="Delete the reports after processing them", + action="store_true", + default=False, + ) - arg_parser.add_argument("-E", "--elasticsearch-host", nargs="*", - help="A list of one or more Elasticsearch " - "hostnames or URLs to use (Default " - "localhost:9200)", - default=["localhost:9200"]) - arg_parser.add_argument("--save-aggregate", action="store_true", - default=False, - help="Save aggregate reports to Elasticsearch") - arg_parser.add_argument("--save-forensic", action="store_true", - default=False, - help="Save forensic reports to Elasticsearch") - arg_parser.add_argument("-O", "--outgoing-host", - help="Email the results using this host") - arg_parser.add_argument("-U", "--outgoing-user", - help="Email the results using this user") - arg_parser.add_argument("-P", "--outgoing-password", - help="Email the results using this password") - arg_parser.add_argument("-F", "--outgoing-from", - help="Email the results using this from address") - arg_parser.add_argument("-T", "--outgoing-to", nargs="+", - help="Email the results to these addresses") - arg_parser.add_argument("-S", "--outgoing-subject", - help="Email the results using this subject") - arg_parser.add_argument("-A", "--outgoing-attachment", - help="Email the results using this filename") - arg_parser.add_argument("-M", "--outgoing-message", - help="Email the results using this message") - arg_parser.add_argument("-w", "--watch", action="store_true", - help="Use an IMAP IDLE connection to process " - "reports as they arrive in the inbox") - arg_parser.add_argument("--test", - help="Do not move or delete IMAP messages", - action="store_true", default=False) - arg_parser.add_argument("-s", "--silent", action="store_true", - help="Only print errors") - arg_parser.add_argument("--debug", action="store_true", - help="Print debugging information") - arg_parser.add_argument("-v", "--version", action="version", - version=__version__) + arg_parser.add_argument( + "-E", + "--elasticsearch-host", + nargs="*", + help="A list of one or more Elasticsearch " + "hostnames or URLs to use (Default " + "localhost:9200)", + default=["localhost:9200"], + ) + arg_parser.add_argument( + "--save-aggregate", + action="store_true", + default=False, + help="Save aggregate reports to Elasticsearch", + ) + arg_parser.add_argument( + "--save-forensic", + action="store_true", + default=False, + help="Save forensic reports to Elasticsearch", + ) + arg_parser.add_argument( + "-O", "--outgoing-host", help="Email the results using this host" + ) + arg_parser.add_argument( + "-U", "--outgoing-user", help="Email the results using this user" + ) + arg_parser.add_argument( + "-P", "--outgoing-password", help="Email the results using this password" + ) + arg_parser.add_argument( + "-F", "--outgoing-from", help="Email the results using this from address" + ) + arg_parser.add_argument( + "-T", "--outgoing-to", nargs="+", help="Email the results to these addresses" + ) + arg_parser.add_argument( + "-S", "--outgoing-subject", help="Email the results using this subject" + ) + arg_parser.add_argument( + "-A", "--outgoing-attachment", help="Email the results using this filename" + ) + arg_parser.add_argument( + "-M", "--outgoing-message", help="Email the results using this message" + ) + arg_parser.add_argument( + "-w", + "--watch", + action="store_true", + help="Use an IMAP IDLE connection to process " + "reports as they arrive in the inbox", + ) + arg_parser.add_argument( + "--test", + help="Do not move or delete IMAP messages", + action="store_true", + default=False, + ) + arg_parser.add_argument( + "-s", "--silent", action="store_true", help="Only print errors" + ) + arg_parser.add_argument( + "--debug", action="store_true", help="Print debugging information" + ) + arg_parser.add_argument("-v", "--version", action="version", version=__version__) aggregate_reports = [] forensic_reports = [] @@ -143,33 +193,33 @@ def _main(): for file_path in file_paths: try: - file_results = parse_report_file(file_path, - nameservers=args.nameservers, - timeout=args.timeout) + file_results = parse_report_file( + file_path, nameservers=args.nameservers, timeout=args.timeout + ) if file_results["report_type"] == "aggregate": aggregate_reports.append(file_results["report"]) elif file_results["report_type"] == "forensic": forensic_reports.append(file_results["report"]) except ParserError as error: - logger.error("Failed to parse {0} - {1}".format(file_path, - error)) + logger.error("Failed to parse {0} - {1}".format(file_path, error)) if args.host: try: if args.user is None or args.password is None: - logger.error("user and password must be specified if" - "host is specified") + logger.error("user and password must be specified ifhost is specified") rf = args.reports_folder af = args.archive_folder - reports = get_dmarc_reports_from_inbox(args.host, - args.user, - args.password, - reports_folder=rf, - archive_folder=af, - delete=args.delete, - test=args.test) + reports = get_dmarc_reports_from_inbox( + args.host, + args.user, + args.password, + reports_folder=rf, + archive_folder=af, + delete=args.delete, + test=args.test, + ) aggregate_reports += reports["aggregate_reports"] forensic_reports += reports["forensic_reports"] @@ -178,8 +228,12 @@ def _main(): logger.error("IMAP Error: {0}".format(error.__str__())) exit(1) - results = OrderedDict([("aggregate_reports", aggregate_reports), - ("forensic_reports", forensic_reports)]) + results = OrderedDict( + [ + ("aggregate_reports", aggregate_reports), + ("forensic_reports", forensic_reports), + ] + ) if args.output: save_output(results, output_directory=args.output) @@ -188,15 +242,22 @@ def _main(): if args.outgoing_host: if args.outgoing_from is None or args.outgoing_to is None: - logger.error("--outgoing-from and --outgoing-to must " - "be provided if --outgoing-host is used") + logger.error( + "--outgoing-from and --outgoing-to must " + "be provided if --outgoing-host is used" + ) exit(1) try: - email_results(results, args.outgoing_host, args.outgoing_from, - args.outgoing_to, user=args.outgoing_user, - password=args.outgoing_password, - subject=args.outgoing_subject) + email_results( + results, + args.outgoing_host, + args.outgoing_from, + args.outgoing_to, + user=args.outgoing_user, + password=args.outgoing_password, + subject=args.outgoing_subject, + ) except SMTPError as error: logger.error("SMTP Error: {0}".format(error.__str__())) exit(1) @@ -204,11 +265,18 @@ def _main(): if args.host and args.watch: logger.info("Watching for email - Quit with ^c") try: - watch_inbox(args.host, args.user, args.password, process_reports, - reports_folder=args.reports_folder, - archive_folder=args.archive_folder, delete=args.delete, - test=args.test, nameservers=args.nameservers, - dns_timeout=args.timeout) + watch_inbox( + args.host, + args.user, + args.password, + process_reports, + reports_folder=args.reports_folder, + archive_folder=args.archive_folder, + delete=args.delete, + test=args.test, + nameservers=args.nameservers, + dns_timeout=args.timeout, + ) except IMAPError as error: logger.error("IMAP Error: {0}".format(error.__str__())) exit(1) diff --git a/build/lib/parsedmarc/elastic.py b/build/lib/parsedmarc/elastic.py index 731db11..20ee007 100644 --- a/build/lib/parsedmarc/elastic.py +++ b/build/lib/parsedmarc/elastic.py @@ -4,8 +4,20 @@ from collections import OrderedDict import parsedmarc from elasticsearch_dsl.search import Q -from elasticsearch_dsl import connections, Object, DocType, Index, Nested, \ - InnerDoc, Integer, Text, Boolean, DateRange, Ip, Date +from elasticsearch_dsl import ( + connections, + Object, + DocType, + Index, + Nested, + InnerDoc, + Integer, + Text, + Boolean, + DateRange, + Ip, + Date, +) aggregate_index = Index("dmarc_aggregate") forensic_index = Index("dmarc_forensic") @@ -67,24 +79,21 @@ class _AggregateReportDoc(DocType): spf_results = Nested(_SPFResult) def add_policy_override(self, type_, comment): - self.policy_overrides.append(_PolicyOverride(type=type_, - comment=comment)) + self.policy_overrides.append(_PolicyOverride(type=type_, comment=comment)) def add_dkim_result(self, domain, selector, result): - self.dkim_results.append(_DKIMResult(domain=domain, - selector=selector, - result=result)) + self.dkim_results.append( + _DKIMResult(domain=domain, selector=selector, result=result) + ) def add_spf_result(self, domain, scope, result): - self.spf_results.append(_SPFResult(domain=domain, - scope=scope, - result=result)) + self.spf_results.append(_SPFResult(domain=domain, scope=scope, result=result)) - def save(self, ** kwargs): + def save(self, **kwargs): self.passed_dmarc = False self.passed_dmarc = self.spf_aligned or self.dkim_aligned - return super().save(** kwargs) + return super().save(**kwargs) class _EmailAddressDoc(InnerDoc): @@ -113,24 +122,21 @@ class _ForensicSampleDoc(InnerDoc): attachments = Nested(_EmailAttachmentDoc) def add_to(self, display_name, address): - self.to.append(_EmailAddressDoc(display_name=display_name, - address=address)) + self.to.append(_EmailAddressDoc(display_name=display_name, address=address)) def add_reply_to(self, display_name, address): - self.reply_to.append(_EmailAddressDoc(display_name=display_name, - address=address)) + self.reply_to.append( + _EmailAddressDoc(display_name=display_name, address=address) + ) def add_cc(self, display_name, address): - self.cc.append(_EmailAddressDoc(display_name=display_name, - address=address)) + self.cc.append(_EmailAddressDoc(display_name=display_name, address=address)) def add_bcc(self, display_name, address): - self.bcc.append(_EmailAddressDoc(display_name=display_name, - address=address)) + self.bcc.append(_EmailAddressDoc(display_name=display_name, address=address)) def add_attachment(self, filename, content_type): - self.attachments.append(filename=filename, - content_type=content_type) + self.attachments.append(filename=filename, content_type=content_type) class _ForensicReportDoc(DocType): @@ -201,8 +207,7 @@ def save_aggregate_report_to_elasticsearch(aggregate_report): end_date_human = end_date.strftime("%Y-%m-%d %H:%M:%S") aggregate_report["begin_date"] = begin_date aggregate_report["end_date"] = end_date - date_range = (aggregate_report["begin_date"], - aggregate_report["end_date"]) + date_range = (aggregate_report["begin_date"], aggregate_report["end_date"]) org_name_query = Q(dict(match=dict(org_name=org_name))) report_id_query = Q(dict(match=dict(report_id=report_id))) @@ -211,26 +216,31 @@ def save_aggregate_report_to_elasticsearch(aggregate_report): end_date_query = Q(dict(match=dict(date_range=end_date))) search = aggregate_index.search() - search.query = org_name_query & report_id_query & domain_query & \ - begin_date_query & end_date_query + search.query = ( + org_name_query + & report_id_query + & domain_query + & begin_date_query + & end_date_query + ) existing = search.execute() if len(existing) > 0: - raise AlreadySaved("An aggregate report ID {0} from {1} about {2} " - "with a date range of {3} UTC to {4} UTC already " - "exists in " - "Elasticsearch".format(report_id, - org_name, - domain, - begin_date_human, - end_date_human)) + raise AlreadySaved( + "An aggregate report ID {0} from {1} about {2} " + "with a date range of {3} UTC to {4} UTC already " + "exists in " + "Elasticsearch".format( + report_id, org_name, domain, begin_date_human, end_date_human + ) + ) published_policy = _PublishedPolicy( adkim=aggregate_report["policy_published"]["adkim"], aspf=aggregate_report["policy_published"]["aspf"], p=aggregate_report["policy_published"]["p"], sp=aggregate_report["policy_published"]["sp"], pct=aggregate_report["policy_published"]["pct"], - fo=aggregate_report["policy_published"]["fo"] + fo=aggregate_report["policy_published"]["fo"], ) for record in aggregate_report["records"]: @@ -254,36 +264,41 @@ def save_aggregate_report_to_elasticsearch(aggregate_report): spf_aligned=record["policy_evaluated"]["spf"] == "pass", header_from=record["identifiers"]["header_from"], envelope_from=record["identifiers"]["envelope_from"], - envelope_to=record["identifiers"]["envelope_to"] + envelope_to=record["identifiers"]["envelope_to"], ) for override in record["policy_evaluated"]["policy_override_reasons"]: - agg_doc.add_policy_override(type_=override["type"], - comment=override["comment"]) + agg_doc.add_policy_override( + type_=override["type"], comment=override["comment"] + ) for dkim_result in record["auth_results"]["dkim"]: - agg_doc.add_dkim_result(domain=dkim_result["domain"], - selector=dkim_result["selector"], - result=dkim_result["result"]) + agg_doc.add_dkim_result( + domain=dkim_result["domain"], + selector=dkim_result["selector"], + result=dkim_result["result"], + ) for spf_result in record["auth_results"]["spf"]: - agg_doc.add_spf_result(domain=spf_result["domain"], - scope=spf_result["scope"], - result=spf_result["result"]) + agg_doc.add_spf_result( + domain=spf_result["domain"], + scope=spf_result["scope"], + result=spf_result["result"], + ) agg_doc.save() def save_forensic_report_to_elasticsearch(forensic_report): """ - Saves a parsed DMARC forensic report to ElasticSearch + Saves a parsed DMARC forensic report to ElasticSearch - Args: - forensic_report (OrderedDict): A parsed forensic report + Args: + forensic_report (OrderedDict): A parsed forensic report - Raises: - AlreadySaved + Raises: + AlreadySaved - """ + """ forensic_report = forensic_report.copy() sample_date = forensic_report["parsed_sample"]["date"] sample_date = parsedmarc.human_timestamp_to_datetime(sample_date) @@ -299,21 +314,20 @@ def save_forensic_report_to_elasticsearch(forensic_report): to_query = {"match": {"sample.headers.to": headers["to"]}} from_query = {"match": {"sample.headers.from": headers["from"]}} subject_query = {"match": {"sample.headers.subject": headers["subject"]}} - arrival_date_query = {"match": {"sample.headers.arrival_date": arrival_date - }} + arrival_date_query = {"match": {"sample.headers.arrival_date": arrival_date}} q = Q(to_query) & Q(from_query) & Q(subject_query) & Q(arrival_date_query) search.query = q existing = search.execute() if len(existing) > 0: - raise AlreadySaved("A forensic sample to {0} from {1} " - "with a subject of {2} and arrival date of {3} " - "already exists in " - "Elasticsearch".format(headers["to"], - headers["from"], - headers["subject"], - arrival_date_human - )) + raise AlreadySaved( + "A forensic sample to {0} from {1} " + "with a subject of {2} and arrival date of {3} " + "already exists in " + "Elasticsearch".format( + headers["to"], headers["from"], headers["subject"], arrival_date_human + ) + ) parsed_sample = forensic_report["parsed_sample"] sample = _ForensicSampleDoc( @@ -323,24 +337,24 @@ def save_forensic_report_to_elasticsearch(forensic_report): date=sample_date, subject=forensic_report["parsed_sample"]["subject"], filename_safe_subject=parsed_sample["filename_safe_subject"], - body=forensic_report["parsed_sample"]["body"] + body=forensic_report["parsed_sample"]["body"], ) for address in forensic_report["parsed_sample"]["to"]: - sample.add_to(display_name=address["display_name"], - address=address["address"]) + sample.add_to(display_name=address["display_name"], address=address["address"]) for address in forensic_report["parsed_sample"]["reply_to"]: - sample.add_reply_to(display_name=address["display_name"], - address=address["address"]) + sample.add_reply_to( + display_name=address["display_name"], address=address["address"] + ) for address in forensic_report["parsed_sample"]["cc"]: - sample.add_cc(display_name=address["display_name"], - address=address["address"]) + sample.add_cc(display_name=address["display_name"], address=address["address"]) for address in forensic_report["parsed_sample"]["bcc"]: - sample.add_bcc(display_name=address["display_name"], - address=address["address"]) + sample.add_bcc(display_name=address["display_name"], address=address["address"]) for attachment in forensic_report["parsed_sample"]["attachments"]: - sample.add_attachment(filename=attachment["filename"], - content_type=attachment["mail_content_type"]) + sample.add_attachment( + filename=attachment["filename"], + content_type=attachment["mail_content_type"], + ) forensic_doc = _ForensicReportDoc( feedback_type=forensic_report["feedback_type"], @@ -360,7 +374,7 @@ def save_forensic_report_to_elasticsearch(forensic_report): auth_failure=forensic_report["auth_failure"], dkim_domain=forensic_report["dkim_domain"], original_rcpt_to=forensic_report["original_rcpt_to"], - sample=sample + sample=sample, ) forensic_doc.save() diff --git a/index.html b/index.html index e7b4e58..6b814b3 100644 --- a/index.html +++ b/index.html @@ -88,11 +88,9 @@ PyPI - Downloads

Note

-

Help Wanted

+

Sponsors

This is a project is maintained by one developer. -Please consider reviewing the open issues to see how you can contribute code, documentation, or user support. -Assistance on the pinned issues would be particularly helpful.

-

Thanks to all contributors!

+Please consider sponsoring my work if you or your organization benefit from it.

A screenshot of DMARC summary charts in Kibana diff --git a/searchindex.js b/searchindex.js index 829dba2..9da2172 100644 --- a/searchindex.js +++ b/searchindex.js @@ -1 +1 @@ -Search.setIndex({"alltitles":{"API reference":[[0,null]],"Accessing an inbox using OWA/EWS":[[2,null]],"Bug reports":[[1,"bug-reports"]],"CLI help":[[12,"cli-help"]],"CSV aggregate report":[[10,"csv-aggregate-report"]],"CSV forensic report":[[10,"csv-forensic-report"]],"Configuration file":[[12,"configuration-file"]],"Configuring parsedmarc for DavMail":[[2,"configuring-parsedmarc-for-davmail"]],"Contents":[[5,null]],"Contributing to parsedmarc":[[1,null]],"DMARC Alignment Guide":[[3,"dmarc-alignment-guide"]],"DMARC Forensic Samples":[[7,"dmarc-forensic-samples"]],"DMARC Summary":[[7,"dmarc-summary"]],"DMARC guides":[[3,"dmarc-guides"]],"Do":[[3,"do"],[8,"do"]],"Do not":[[3,"do-not"],[8,"do-not"]],"Docker Compose example":[[12,"docker-compose-example"]],"Elasticsearch and Kibana":[[4,null]],"Environment variable configuration":[[12,"environment-variable-configuration"]],"Examples":[[12,"examples"]],"Features":[[5,"features"]],"Indices and tables":[[0,"indices-and-tables"]],"Installation":[[4,"installation"],[6,null],[9,"installation"]],"Installing parsedmarc":[[6,"installing-parsedmarc"]],"JSON SMTP TLS report":[[10,"json-smtp-tls-report"]],"JSON aggregate report":[[10,"json-aggregate-report"]],"JSON forensic report":[[10,"json-forensic-report"]],"LISTSERV":[[3,"listserv"],[8,"listserv"]],"Lookalike domains":[[3,"lookalike-domains"]],"Mailing list best practices":[[3,"mailing-list-best-practices"],[8,"mailing-list-best-practices"]],"Mailman 2":[[3,"mailman-2"],[3,"id1"],[8,"mailman-2"],[8,"id1"]],"Mailman 3":[[3,"mailman-3"],[3,"id2"],[8,"mailman-3"],[8,"id2"]],"Multi-tenant support":[[12,"multi-tenant-support"]],"OpenSearch and Grafana":[[9,null]],"Optional dependencies":[[6,"optional-dependencies"]],"Performance tuning":[[12,"performance-tuning"]],"Prerequisites":[[6,"prerequisites"]],"Python Compatibility":[[5,"python-compatibility"]],"Records retention":[[4,"records-retention"],[9,"records-retention"]],"Reloading configuration without restarting":[[12,"reloading-configuration-without-restarting"]],"Resources":[[3,"resources"]],"Running DavMail as a systemd service":[[2,"running-davmail-as-a-systemd-service"]],"Running parsedmarc as a systemd service":[[12,"running-parsedmarc-as-a-systemd-service"]],"Running without a config file (env-only mode)":[[12,"running-without-a-config-file-env-only-mode"]],"SPF and DMARC record validation":[[3,"spf-and-dmarc-record-validation"]],"Sample aggregate report output":[[10,"sample-aggregate-report-output"]],"Sample forensic report output":[[10,"sample-forensic-report-output"]],"Sample outputs":[[10,null]],"Section name mapping":[[12,"section-name-mapping"]],"Specifying the config file via environment variable":[[12,"specifying-the-config-file-via-environment-variable"]],"Splunk":[[11,null]],"Testing multiple report analyzers":[[6,"testing-multiple-report-analyzers"]],"Understanding DMARC":[[3,null]],"Upgrading Kibana index patterns":[[4,"upgrading-kibana-index-patterns"]],"Using Microsoft Exchange":[[6,"using-microsoft-exchange"]],"Using a web proxy":[[6,"using-a-web-proxy"]],"Using parsedmarc":[[12,null]],"Using the Kibana dashboards":[[7,null]],"What about mailing lists?":[[3,"what-about-mailing-lists"],[8,null]],"What if a sender won\u2019t support DKIM/DMARC?":[[3,"what-if-a-sender-wont-support-dkim-dmarc"]],"Workarounds":[[3,"workarounds"],[8,"workarounds"]],"geoipupdate setup":[[6,"geoipupdate-setup"]],"parsedmarc":[[0,"module-parsedmarc"]],"parsedmarc documentation - Open source DMARC report analyzer and visualizer":[[5,null]],"parsedmarc.elastic":[[0,"module-parsedmarc.elastic"]],"parsedmarc.opensearch":[[0,"module-parsedmarc.opensearch"]],"parsedmarc.splunk":[[0,"module-parsedmarc.splunk"]],"parsedmarc.types":[[0,"module-parsedmarc.types"]],"parsedmarc.utils":[[0,"module-parsedmarc.utils"]]},"docnames":["api","contributing","davmail","dmarc","elasticsearch","index","installation","kibana","mailing-lists","opensearch","output","splunk","usage"],"envversion":{"sphinx":65,"sphinx.domains.c":3,"sphinx.domains.changeset":1,"sphinx.domains.citation":1,"sphinx.domains.cpp":9,"sphinx.domains.index":1,"sphinx.domains.javascript":3,"sphinx.domains.math":2,"sphinx.domains.python":4,"sphinx.domains.rst":2,"sphinx.domains.std":2,"sphinx.ext.todo":2,"sphinx.ext.viewcode":1},"filenames":["api.md","contributing.md","davmail.md","dmarc.md","elasticsearch.md","index.md","installation.md","kibana.md","mailing-lists.md","opensearch.md","output.md","splunk.md","usage.md"],"indexentries":{"aggregatealignment (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateAlignment",false]],"aggregateauthresultdkim (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateAuthResultDKIM",false]],"aggregateauthresults (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateAuthResults",false]],"aggregateauthresultspf (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateAuthResultSPF",false]],"aggregateidentifiers (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateIdentifiers",false]],"aggregateparsedreport (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateParsedReport",false]],"aggregatepolicyevaluated (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregatePolicyEvaluated",false]],"aggregatepolicyoverridereason (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregatePolicyOverrideReason",false]],"aggregatepolicypublished (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregatePolicyPublished",false]],"aggregaterecord (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateRecord",false]],"aggregatereport (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateReport",false]],"aggregatereportmetadata (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateReportMetadata",false]],"alreadysaved":[[0,"parsedmarc.elastic.AlreadySaved",false],[0,"parsedmarc.opensearch.AlreadySaved",false]],"close() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.close",false]],"convert_outlook_msg() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.convert_outlook_msg",false]],"create_indexes() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.create_indexes",false]],"create_indexes() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.create_indexes",false]],"decode_base64() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.decode_base64",false]],"downloaderror":[[0,"parsedmarc.utils.DownloadError",false]],"elasticsearcherror":[[0,"parsedmarc.elastic.ElasticsearchError",false]],"email_results() (in module parsedmarc)":[[0,"parsedmarc.email_results",false]],"emailaddress (class in parsedmarc.types)":[[0,"parsedmarc.types.EmailAddress",false]],"emailattachment (class in parsedmarc.types)":[[0,"parsedmarc.types.EmailAttachment",false]],"emailparsererror":[[0,"parsedmarc.utils.EmailParserError",false]],"extract_report() (in module parsedmarc)":[[0,"parsedmarc.extract_report",false]],"extract_report_from_file_path() (in module parsedmarc)":[[0,"parsedmarc.extract_report_from_file_path",false]],"forensicparsedreport (class in parsedmarc.types)":[[0,"parsedmarc.types.ForensicParsedReport",false]],"forensicreport (class in parsedmarc.types)":[[0,"parsedmarc.types.ForensicReport",false]],"get_base_domain() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_base_domain",false]],"get_dmarc_reports_from_mailbox() (in module parsedmarc)":[[0,"parsedmarc.get_dmarc_reports_from_mailbox",false]],"get_dmarc_reports_from_mbox() (in module parsedmarc)":[[0,"parsedmarc.get_dmarc_reports_from_mbox",false]],"get_filename_safe_string() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_filename_safe_string",false]],"get_ip_address_country() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_ip_address_country",false]],"get_ip_address_info() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_ip_address_info",false]],"get_report_zip() (in module parsedmarc)":[[0,"parsedmarc.get_report_zip",false]],"get_reverse_dns() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_reverse_dns",false]],"get_service_from_reverse_dns_base_domain() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_service_from_reverse_dns_base_domain",false]],"hecclient (class in parsedmarc.splunk)":[[0,"parsedmarc.splunk.HECClient",false]],"human_timestamp_to_datetime() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.human_timestamp_to_datetime",false]],"human_timestamp_to_unix_timestamp() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.human_timestamp_to_unix_timestamp",false]],"invalidaggregatereport":[[0,"parsedmarc.InvalidAggregateReport",false]],"invaliddmarcreport":[[0,"parsedmarc.InvalidDMARCReport",false]],"invalidforensicreport":[[0,"parsedmarc.InvalidForensicReport",false]],"invalidsmtptlsreport":[[0,"parsedmarc.InvalidSMTPTLSReport",false]],"ipaddressinfo (class in parsedmarc.utils)":[[0,"parsedmarc.utils.IPAddressInfo",false]],"ipsourceinfo (class in parsedmarc.types)":[[0,"parsedmarc.types.IPSourceInfo",false]],"is_mbox() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.is_mbox",false]],"is_outlook_msg() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.is_outlook_msg",false]],"load_reverse_dns_map() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.load_reverse_dns_map",false]],"migrate_indexes() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.migrate_indexes",false]],"migrate_indexes() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.migrate_indexes",false]],"module":[[0,"module-parsedmarc",false],[0,"module-parsedmarc.elastic",false],[0,"module-parsedmarc.opensearch",false],[0,"module-parsedmarc.splunk",false],[0,"module-parsedmarc.types",false],[0,"module-parsedmarc.utils",false]],"opensearcherror":[[0,"parsedmarc.opensearch.OpenSearchError",false]],"parse_aggregate_report_file() (in module parsedmarc)":[[0,"parsedmarc.parse_aggregate_report_file",false]],"parse_aggregate_report_xml() (in module parsedmarc)":[[0,"parsedmarc.parse_aggregate_report_xml",false]],"parse_email() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.parse_email",false]],"parse_forensic_report() (in module parsedmarc)":[[0,"parsedmarc.parse_forensic_report",false]],"parse_report_email() (in module parsedmarc)":[[0,"parsedmarc.parse_report_email",false]],"parse_report_file() (in module parsedmarc)":[[0,"parsedmarc.parse_report_file",false]],"parse_smtp_tls_report_json() (in module parsedmarc)":[[0,"parsedmarc.parse_smtp_tls_report_json",false]],"parsed_aggregate_reports_to_csv() (in module parsedmarc)":[[0,"parsedmarc.parsed_aggregate_reports_to_csv",false]],"parsed_aggregate_reports_to_csv_rows() (in module parsedmarc)":[[0,"parsedmarc.parsed_aggregate_reports_to_csv_rows",false]],"parsed_forensic_reports_to_csv() (in module parsedmarc)":[[0,"parsedmarc.parsed_forensic_reports_to_csv",false]],"parsed_forensic_reports_to_csv_rows() (in module parsedmarc)":[[0,"parsedmarc.parsed_forensic_reports_to_csv_rows",false]],"parsed_smtp_tls_reports_to_csv() (in module parsedmarc)":[[0,"parsedmarc.parsed_smtp_tls_reports_to_csv",false]],"parsed_smtp_tls_reports_to_csv_rows() (in module parsedmarc)":[[0,"parsedmarc.parsed_smtp_tls_reports_to_csv_rows",false]],"parsedemail (class in parsedmarc.types)":[[0,"parsedmarc.types.ParsedEmail",false]],"parsedmarc":[[0,"module-parsedmarc",false]],"parsedmarc.elastic":[[0,"module-parsedmarc.elastic",false]],"parsedmarc.opensearch":[[0,"module-parsedmarc.opensearch",false]],"parsedmarc.splunk":[[0,"module-parsedmarc.splunk",false]],"parsedmarc.types":[[0,"module-parsedmarc.types",false]],"parsedmarc.utils":[[0,"module-parsedmarc.utils",false]],"parsererror":[[0,"parsedmarc.ParserError",false]],"parsingresults (class in parsedmarc.types)":[[0,"parsedmarc.types.ParsingResults",false]],"query_dns() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.query_dns",false]],"reversednsservice (class in parsedmarc.utils)":[[0,"parsedmarc.utils.ReverseDNSService",false]],"save_aggregate_report_to_elasticsearch() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.save_aggregate_report_to_elasticsearch",false]],"save_aggregate_report_to_opensearch() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.save_aggregate_report_to_opensearch",false]],"save_aggregate_reports_to_splunk() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.save_aggregate_reports_to_splunk",false]],"save_forensic_report_to_elasticsearch() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.save_forensic_report_to_elasticsearch",false]],"save_forensic_report_to_opensearch() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.save_forensic_report_to_opensearch",false]],"save_forensic_reports_to_splunk() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.save_forensic_reports_to_splunk",false]],"save_output() (in module parsedmarc)":[[0,"parsedmarc.save_output",false]],"save_smtp_tls_report_to_elasticsearch() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.save_smtp_tls_report_to_elasticsearch",false]],"save_smtp_tls_report_to_opensearch() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.save_smtp_tls_report_to_opensearch",false]],"save_smtp_tls_reports_to_splunk() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.save_smtp_tls_reports_to_splunk",false]],"set_hosts() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.set_hosts",false]],"set_hosts() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.set_hosts",false]],"smtptlsfailuredetails (class in parsedmarc.types)":[[0,"parsedmarc.types.SMTPTLSFailureDetails",false]],"smtptlsfailuredetailsoptional (class in parsedmarc.types)":[[0,"parsedmarc.types.SMTPTLSFailureDetailsOptional",false]],"smtptlsparsedreport (class in parsedmarc.types)":[[0,"parsedmarc.types.SMTPTLSParsedReport",false]],"smtptlspolicy (class in parsedmarc.types)":[[0,"parsedmarc.types.SMTPTLSPolicy",false]],"smtptlspolicysummary (class in parsedmarc.types)":[[0,"parsedmarc.types.SMTPTLSPolicySummary",false]],"smtptlsreport (class in parsedmarc.types)":[[0,"parsedmarc.types.SMTPTLSReport",false]],"splunkerror":[[0,"parsedmarc.splunk.SplunkError",false]],"timestamp_to_datetime() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.timestamp_to_datetime",false]],"timestamp_to_human() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.timestamp_to_human",false]],"watch_inbox() (in module parsedmarc)":[[0,"parsedmarc.watch_inbox",false]]},"objects":{"":[[0,0,0,"-","parsedmarc"]],"parsedmarc":[[0,1,1,"","InvalidAggregateReport"],[0,1,1,"","InvalidDMARCReport"],[0,1,1,"","InvalidForensicReport"],[0,1,1,"","InvalidSMTPTLSReport"],[0,1,1,"","ParserError"],[0,0,0,"-","elastic"],[0,2,1,"","email_results"],[0,2,1,"","extract_report"],[0,2,1,"","extract_report_from_file_path"],[0,2,1,"","get_dmarc_reports_from_mailbox"],[0,2,1,"","get_dmarc_reports_from_mbox"],[0,2,1,"","get_report_zip"],[0,0,0,"-","opensearch"],[0,2,1,"","parse_aggregate_report_file"],[0,2,1,"","parse_aggregate_report_xml"],[0,2,1,"","parse_forensic_report"],[0,2,1,"","parse_report_email"],[0,2,1,"","parse_report_file"],[0,2,1,"","parse_smtp_tls_report_json"],[0,2,1,"","parsed_aggregate_reports_to_csv"],[0,2,1,"","parsed_aggregate_reports_to_csv_rows"],[0,2,1,"","parsed_forensic_reports_to_csv"],[0,2,1,"","parsed_forensic_reports_to_csv_rows"],[0,2,1,"","parsed_smtp_tls_reports_to_csv"],[0,2,1,"","parsed_smtp_tls_reports_to_csv_rows"],[0,2,1,"","save_output"],[0,0,0,"-","splunk"],[0,0,0,"-","types"],[0,0,0,"-","utils"],[0,2,1,"","watch_inbox"]],"parsedmarc.elastic":[[0,1,1,"","AlreadySaved"],[0,1,1,"","ElasticsearchError"],[0,2,1,"","create_indexes"],[0,2,1,"","migrate_indexes"],[0,2,1,"","save_aggregate_report_to_elasticsearch"],[0,2,1,"","save_forensic_report_to_elasticsearch"],[0,2,1,"","save_smtp_tls_report_to_elasticsearch"],[0,2,1,"","set_hosts"]],"parsedmarc.opensearch":[[0,1,1,"","AlreadySaved"],[0,1,1,"","OpenSearchError"],[0,2,1,"","create_indexes"],[0,2,1,"","migrate_indexes"],[0,2,1,"","save_aggregate_report_to_opensearch"],[0,2,1,"","save_forensic_report_to_opensearch"],[0,2,1,"","save_smtp_tls_report_to_opensearch"],[0,2,1,"","set_hosts"]],"parsedmarc.splunk":[[0,3,1,"","HECClient"],[0,1,1,"","SplunkError"]],"parsedmarc.splunk.HECClient":[[0,4,1,"","close"],[0,4,1,"","save_aggregate_reports_to_splunk"],[0,4,1,"","save_forensic_reports_to_splunk"],[0,4,1,"","save_smtp_tls_reports_to_splunk"]],"parsedmarc.types":[[0,3,1,"","AggregateAlignment"],[0,3,1,"","AggregateAuthResultDKIM"],[0,3,1,"","AggregateAuthResultSPF"],[0,3,1,"","AggregateAuthResults"],[0,3,1,"","AggregateIdentifiers"],[0,3,1,"","AggregateParsedReport"],[0,3,1,"","AggregatePolicyEvaluated"],[0,3,1,"","AggregatePolicyOverrideReason"],[0,3,1,"","AggregatePolicyPublished"],[0,3,1,"","AggregateRecord"],[0,3,1,"","AggregateReport"],[0,3,1,"","AggregateReportMetadata"],[0,3,1,"","EmailAddress"],[0,3,1,"","EmailAttachment"],[0,3,1,"","ForensicParsedReport"],[0,3,1,"","ForensicReport"],[0,3,1,"","IPSourceInfo"],[0,3,1,"","ParsedEmail"],[0,3,1,"","ParsingResults"],[0,3,1,"","SMTPTLSFailureDetails"],[0,3,1,"","SMTPTLSFailureDetailsOptional"],[0,3,1,"","SMTPTLSParsedReport"],[0,3,1,"","SMTPTLSPolicy"],[0,3,1,"","SMTPTLSPolicySummary"],[0,3,1,"","SMTPTLSReport"]],"parsedmarc.utils":[[0,1,1,"","DownloadError"],[0,1,1,"","EmailParserError"],[0,3,1,"","IPAddressInfo"],[0,3,1,"","ReverseDNSService"],[0,2,1,"","convert_outlook_msg"],[0,2,1,"","decode_base64"],[0,2,1,"","get_base_domain"],[0,2,1,"","get_filename_safe_string"],[0,2,1,"","get_ip_address_country"],[0,2,1,"","get_ip_address_info"],[0,2,1,"","get_reverse_dns"],[0,2,1,"","get_service_from_reverse_dns_base_domain"],[0,2,1,"","human_timestamp_to_datetime"],[0,2,1,"","human_timestamp_to_unix_timestamp"],[0,2,1,"","is_mbox"],[0,2,1,"","is_outlook_msg"],[0,2,1,"","load_reverse_dns_map"],[0,2,1,"","parse_email"],[0,2,1,"","query_dns"],[0,2,1,"","timestamp_to_datetime"],[0,2,1,"","timestamp_to_human"]]},"objnames":{"0":["py","module","Python module"],"1":["py","exception","Python exception"],"2":["py","function","Python function"],"3":["py","class","Python class"],"4":["py","method","Python method"]},"objtypes":{"0":"py:module","1":"py:exception","2":"py:function","3":"py:class","4":"py:method"},"terms":{"":[0,2,3,4,6,8,10,12],"0":[0,2,3,4,5,6,8,9,10,11,12],"00":10,"003":10,"00z":10,"00z_exampl":10,"01":10,"0200":10,"0240":10,"04":10,"08":10,"09":10,"09t00":10,"09t23":10,"1":[0,2,4,5,6,10,12],"10":[0,5,6,10,12],"100":[10,12],"1000":12,"11":[5,6,10],"1143":2,"12":5,"12201":12,"127":[2,4,12],"13":5,"14":5,"150":10,"16":[3,8],"173":10,"176":10,"19":[10,12],"1d":12,"1g":4,"1w":12,"2":[0,4,10,12],"20":10,"2000":12,"201":10,"2010":[6,10],"2012":10,"2013":6,"2016":6,"2017a":[3,8],"2018":10,"2019":6,"2024":10,"2028":5,"2030":5,"2035":5,"208":10,"209":10,"21":6,"212":10,"22":6,"222":10,"23":10,"2369":[3,8],"24":0,"241":10,"25":12,"27":10,"28":10,"2919":[3,8],"2d":12,"2k":12,"3":[5,6,10,11,12],"30":[0,12],"300":2,"30937":10,"30th":6,"3128":6,"365":[2,4],"38":10,"3d":10,"3h":12,"4":[4,6,11],"4096":4,"41":10,"5":[2,4,9,12],"500":12,"514":12,"5601":4,"59":10,"59z":10,"5m":[2,12],"6":[0,4,5,6,12],"60":[0,12],"6514":12,"660":4,"7":[4,5,6],"72":10,"7480":10,"7d":12,"8":[2,4,5,6,10,12],"8080":12,"822":0,"85":10,"86399":10,"86400":10,"9":5,"9200":[4,12],"932":12,"9391651994964116463":10,"94":10,"993":12,"A":[0,3,12],"And":0,"As":[4,7],"Be":6,"By":[7,12],"For":[4,12],"If":[0,3,4,6,7,8,12],"In":[2,3,7,8,12],"It":[2,4,7,10,12],"No":[3,8],"On":[3,4,6,7,8,12],"Or":[4,6],"That":7,"The":[0,3,6,7,11,12],"Then":[2,3,4,6,8,12],"These":[7,12],"To":[2,4,6,7,9,10,12],"With":7,"_":12,"_cluster":12,"_input":0,"abl":6,"abort":12,"about":[0,5,6],"abov":[2,12],"accept":[3,4,8,12],"access":[0,4,5,6,12],"access_key_id":12,"access_token":0,"accessright":12,"accident":[3,8],"account":[6,7,12],"acm":10,"acquir":12,"across":7,"action":[3,8],"activ":[4,5,6,12],"active_primary_shard":12,"active_shard":12,"actual":[3,10],"ad":[3,6,8,12],"add":[2,3,4,6,7,8,12],"addit":[3,8,12],"address":[0,2,3,4,7,8,10,12],"addresse":7,"adkim":10,"admin":[3,8,12],"administr":[3,8],"after":[0,2,4,12],"against":[3,8],"agari":5,"agent":4,"aggreg":[0,5,7,11,12],"aggregate_csv_filenam":[0,12],"aggregate_index":0,"aggregate_json_filenam":[0,12],"aggregate_report":0,"aggregate_top":12,"aggregate_url":12,"aggregatealign":0,"aggregateauthresult":0,"aggregateauthresultdkim":0,"aggregateauthresultspf":0,"aggregateidentifi":0,"aggregateparsedreport":0,"aggregatepolicyevalu":0,"aggregatepolicyoverridereason":0,"aggregatepolicypublish":0,"aggregaterecord":0,"aggregatereport":0,"aggregatereportmetadata":0,"aggress":12,"alia":12,"align":[5,7,10],"aliv":0,"all":[3,5,7,8,11,12],"allow":[2,3,8,12],"allow_unencrypted_storag":12,"allowremot":2,"alreadi":12,"alreadysav":0,"also":[2,3,7,8,12],"alter":[3,8],"altern":[5,12],"although":11,"alwai":[0,2,4,12],"always_use_local_fil":[0,12],"amount":12,"an":[0,3,5,7,8,10,12],"analyt":12,"analyz":12,"ani":[0,3,7,8,12],"anonym":10,"anoth":[6,12],"answer":[0,12],"apach":5,"api":[2,4,5,12],"api_kei":[0,12],"app":12,"appear":12,"appendix":10,"appid":12,"appli":12,"applic":12,"applicationaccesspolici":12,"approach":12,"approxim":2,"apt":[2,4,6],"ar":[0,2,3,4,5,6,7,8,10,12],"archiv":[0,12],"archive_fold":[0,12],"argument":12,"arriv":12,"arrival_d":10,"arrival_date_utc":10,"artifact":4,"ask":3,"asmx":2,"asn":6,"aspf":10,"assign":4,"assist":5,"associ":0,"attach":[0,3,8,10,12],"attachment_filenam":0,"attempt":12,"attribut":6,"auth":[0,2,10,12],"auth_failur":10,"auth_method":12,"auth_mod":12,"auth_result":10,"auth_typ":[0,12],"authent":[0,2,3,4,7,12],"authentication_mechan":10,"authentication_result":10,"authentication_typ":12,"auto":2,"avoid":[7,12],"aw":[0,12],"aws_region":[0,12],"aws_servic":[0,12],"awssigv4":[0,12],"azur":12,"b":[6,10],"b2c":7,"back":12,"backfil":12,"backlog":12,"backward":12,"base":[0,2,3,4,7,8,10],"base64":0,"base_domain":[0,10],"basic":[0,2,12],"batch":12,"batch_siz":[0,12],"bcc":[0,10],"bd6e1bb5":10,"becaus":[2,3,7,8,12],"becom":12,"been":[0,7,12],"befor":[0,12],"begin_d":10,"behind":6,"being":0,"below":[3,8,12],"best":7,"between":[4,7,12],"beyond":0,"bin":[2,4,6,12],"binari":0,"binaryio":0,"bind":2,"bindaddress":2,"blank":[3,8],"block":[2,12],"bodi":[0,3,8,10,12],"bool":[0,12],"both":12,"brand":[5,7],"break":[3,4,8],"browser":4,"bucket":12,"bug":5,"build":6,"built":0,"bundl":0,"busi":7,"buster":6,"button":[3,8],"byte":0,"c":[10,12],"ca":[4,12],"cach":[0,12],"cafile_path":12,"call":[7,12],"callabl":0,"callback":0,"came":[3,8],"can":[0,2,3,4,5,6,7,8,12],"cannot":[6,12],"case":[2,3,8],"catch":12,"caus":[3,4,7,8],"cc":[0,10],"center":7,"cento":[4,6],"cert":[4,12],"cert_path":12,"certain":[0,12],"certfile_path":12,"certif":[0,4,12],"certificate_password":12,"certificate_path":12,"cest":10,"chain":0,"chang":[4,7,11,12],"charact":[2,12],"charset":10,"chart":7,"check":[0,2,3,4,6,12],"check_timeout":[0,12],"checkbox":4,"checkdmarc":3,"chines":7,"chmod":[2,4,12],"choos":[3,8],"chown":[2,12],"cisco":12,"citi":6,"class":0,"clear":0,"cli":5,"click":[4,7],"client":[2,3,4,8,12],"client_id":12,"client_secret":12,"clientsecret":12,"clientsotimeout":2,"close":[0,12],"cloud":12,"cloudflar":[0,12],"cluster":[4,12],"co":4,"code":[0,4,5,12],"collect":[7,12],"collector":[11,12],"com":[1,2,3,8,9,10,12],"come":7,"comma":[6,12],"command":[2,3,8,12],"comment":12,"commerci":[4,5],"common":[3,4,6,8],"commun":[3,8],"compat":12,"complet":[3,4,12],"compli":[3,4,6,8,9],"compliant":[3,8],"compon":6,"compress":5,"conf":6,"config":[0,2,6],"config_fil":12,"config_reload":0,"configur":[3,4,5,6,7,8,9],"conform":4,"connect":[0,2,4,12],"connexion":4,"consid":[5,7],"consist":[0,5,10],"consol":[4,12],"consolid":7,"consum":[7,12],"contact":7,"contain":[0,7,11,12],"content":[0,3,8,10,11],"contrib":6,"contribut":5,"contributor":5,"control":4,"convent":12,"convert":[0,3,8],"convert_outlook_msg":0,"copi":[0,6,11],"core":[3,8],"correct":6,"correctli":[7,12],"could":[3,4,8,12],"count":[2,10],"countri":[0,6,7,10],"crash":[2,4,12],"creat":[0,2,3,4,6,8,12],"create_fold":0,"create_index":0,"creativ":6,"credenti":[6,12],"credentials_fil":12,"cron":6,"crt":4,"csr":4,"csv":[0,5,12],"cumul":6,"current":[2,4,12],"custom":[7,12],"d":[0,4,12],"daemon":[2,4,12],"dai":[0,4,9,12],"daili":[0,12],"dashboard":[4,5,9,11],"dat":0,"data":[0,4,5,7,9,11,12],"databas":6,"date":[0,3,8,10],"date_utc":10,"datetim":0,"davmail":5,"db_path":0,"dbip":[0,12],"dce":12,"dcr":12,"dcr_aggregate_stream":12,"dcr_forensic_stream":12,"dcr_immutable_id":12,"dcr_smtp_tls_stream":12,"dd":0,"de":10,"dearmor":4,"deb":4,"debian":[4,5,6],"debug":12,"decemb":6,"decod":0,"decode_base64":0,"default":[0,2,4,5,6,7,12],"defens":5,"delai":[2,10,12],"deleg":12,"delegated_us":12,"delet":[0,2,4,12],"delivery_result":10,"demystifi":3,"depend":[4,5,12],"deploi":[3,8],"deploy":12,"describ":12,"descript":[2,6,12],"destin":[0,12],"detail":[6,7,12],"dev":[6,12],"devel":6,"develop":5,"devicecod":12,"di":10,"dict":0,"dictionari":0,"differ":[6,7,12],"difficult":12,"digest":[3,8],"directori":[0,12],"disabl":[2,12],"disclaim":[3,8],"disk":12,"displai":[3,7,11],"display_nam":10,"disposit":[7,10],"distribut":6,"dkim":[5,7,8,10],"dkim_align":10,"dkim_domain":10,"dkim_result":10,"dkim_selector":10,"dkm":3,"dmarc":[0,4,6,8,9,10,11,12],"dmarc_aggreg":4,"dmarc_align":10,"dmarc_forens":4,"dmarc_moderation_act":[3,8],"dmarc_none_moderation_act":[3,8],"dmarc_quarantine_moderation_act":[3,8],"dmarcian":5,"dmarcresport":12,"dn":[0,3,7,12],"dnf":6,"dns_test_address":12,"dns_timeout":[0,12],"do":[0,2,6,7,12],"doc":9,"doctyp":10,"document":[2,12],"doe":[3,8],"domain":[0,4,7,8,10,12],"domainawar":[1,3,12],"don":3,"down":[7,12],"download":[0,2,4,6,12],"downloaderror":0,"draft":[5,10],"dtd":10,"dummi":12,"dure":[2,12],"e":[0,2,3,4,6,8,12],"e7":10,"each":[4,6,9,11,12],"earlier":7,"easi":[4,9],"easier":[11,12],"echo":4,"edit":[2,6,12],"editor":11,"effect":12,"effici":4,"either":[5,12],"elast":[4,5],"elasticsearch":[0,5,12],"elasticsearcherror":0,"elk":12,"els":4,"email":[0,3,5,6,7,8,10,11,12],"email_result":0,"emailaddress":0,"emailattach":0,"emailparsererror":0,"empti":[3,8],"en":[3,4,8,10],"enabl":[2,4,12],"enableew":2,"enablekeepal":2,"enableproxi":2,"encod":[0,10,12],"encount":0,"encrypt":[4,12],"encryptedsavedobject":4,"encryptionkei":4,"end":[3,4,5],"end_dat":10,"endpoint":12,"endpoint_url":12,"enforc":[3,8],"enough":12,"enrol":4,"ensur":[3,6,8],"entir":[3,7,8,12],"envelop":3,"envelope_from":10,"envelope_to":10,"environ":[5,6],"eol":5,"error":[0,10,12],"escap":12,"especi":[7,12],"etc":[2,3,4,6,8,12],"even":[2,3,8,12],"event":[2,11,12],"everi":[2,6,12],"ew":5,"ex":12,"exactli":[3,8],"exampl":[3,4,6,8,10],"except":[0,12],"exchang":[2,10,12],"exclud":2,"execreload":12,"execstart":[2,12],"exist":[0,3,4,8,12],"exit":12,"expiringdict":0,"explain":[3,8],"explicit":[3,8],"explicitli":6,"export":[4,12],"extract":[0,2],"extract_report":0,"extract_report_from_file_path":0,"ey":[2,12],"f":4,"factor":2,"fail":[0,3,7,8,10,12],"fail_on_output_error":12,"failed_session_count":10,"failur":[0,5,7,10,12],"failure_detail":10,"fall":12,"fallback":[0,6],"fals":[0,2,6,10,12],"fantast":[3,8],"faster":12,"featur":[4,12],"feedback":0,"feedback_report":0,"feedback_typ":10,"fetch":[0,12],"few":[7,12],"field":4,"file":[0,2,5,6,11],"file_path":[0,12],"filenam":[0,12],"filename_safe_subject":10,"filepath":12,"fill":[4,6],"filter":[3,7,8,11],"financ":12,"find":[3,7,8,12],"fine":[3,8],"finish":12,"first":[0,3,6,8,12],"first_strip_reply_to":[3,8],"fit":[3,8,12],"fix":4,"flag":[0,2,12],"flat":0,"flexibl":11,"flight":12,"float":[0,12],"fo":10,"folder":[0,2,12],"foldersizelimit":2,"follow":[2,4,5,12],"footer":[3,8],"forens":[0,5,11,12],"forensic_csv_filenam":[0,12],"forensic_index":0,"forensic_json_filenam":[0,12],"forensic_report":0,"forensic_top":12,"forensic_url":12,"forensicparsedreport":0,"forensicreport":0,"format":[0,6,12],"forward":[3,7,8],"found":[0,6,12],"foundat":10,"fqdn":4,"fraud":5,"free":6,"friendli":7,"from":[0,2,3,4,5,6,7,8,10,12],"from_is_list":[3,8],"ftp_proxi":6,"full":12,"fulli":[3,8,12],"function":0,"further":7,"g":[0,2,3,4,8,12],"gatewai":2,"gb":4,"gdpr":[4,9],"gelf":12,"gener":[3,4,6,8,10,12],"geoip":[6,12],"geolite2":6,"geoloc":[0,12],"get":[0,2,4,6,12],"get_base_domain":0,"get_dmarc_reports_from_mailbox":0,"get_dmarc_reports_from_mbox":0,"get_filename_safe_str":0,"get_ip_address_countri":0,"get_ip_address_info":0,"get_report_zip":0,"get_reverse_dn":0,"get_service_from_reverse_dns_base_domain":0,"github":[1,6,10,12],"give":[0,4],"given":[0,12],"glass":7,"gmail":[5,7,12],"gmail_api":12,"go":[3,8],"goe":[3,8],"googl":[7,12],"googleapi":12,"got":12,"gov":12,"gpg":4,"grafana":5,"grant":12,"graph":[2,5,7,12],"graph_url":12,"group":[2,7,12],"guid":[4,5],"guidanc":12,"gzip":[0,5],"h":[0,12],"ha":[0,4,7,12],"hamburg":4,"hand":[3,8],"handl":[5,12],"hard":12,"has_defect":10,"have":[3,4,6,7,8,11,12],"head":10,"header":[0,3,7,8,10,12],"header_from":10,"headless":2,"health":12,"healthcar":12,"heap":4,"heavi":[4,12],"hec":[0,11,12],"hecclient":0,"hectokengoesher":12,"help":5,"here":[3,8,10],"hh":0,"hi":[3,8],"high":[7,12],"higher":[3,8],"highli":12,"histori":12,"hop":10,"host":[0,2,3,4,5,8,12],"hostnam":[0,12],"hour":[0,12],"hover":7,"how":5,"howev":6,"href":10,"html":[3,4,8,10],"http":[0,1,2,3,4,6,8,9,10,11,12],"http_proxi":6,"https_proxi":6,"human":[0,7],"human_timestamp":0,"human_timestamp_to_datetim":0,"human_timestamp_to_unix_timestamp":0,"hup":12,"i":[0,2,3,4,5,6,7,8,10,12],"icon":7,"id":[3,8,10,12],"ideal":[3,8],"ident":[3,8,12],"identifi":10,"idl":[0,2,12],"imag":12,"imap":[0,2,5,12],"imap_password":12,"imapalwaysapproxmsgs":2,"imapautoexpung":2,"imapcli":5,"imapidledelai":2,"imapport":2,"immedi":2,"immut":12,"impli":12,"import":[4,7,12],"improv":12,"inbox":[0,3,5,8,12],"inc":10,"includ":[0,3,6,7,8,12],"include_list_post_head":[3,8],"include_rfc2369_head":[3,8],"include_sender_head":[3,8],"include_spam_trash":12,"incom":[7,12],"incorrect":12,"increas":[4,12],"increment":12,"indent":12,"index":[0,5,9,11,12],"index_prefix":[0,12],"index_prefix_domain_map":12,"index_suffix":[0,12],"indic":[3,5],"individu":12,"industri":12,"inform":[0,4,6,7,12],"infrequ":12,"ingest":12,"ini":[2,12],"initi":0,"input":0,"input_":0,"insid":6,"instal":[2,5,12],"installed_app":12,"instanc":12,"instead":[0,3,6,8,12],"int":[0,12],"intend":[3,8],"interact":[2,4],"interakt":10,"interfer":[3,8],"intern":6,"interrupt":12,"interv":12,"interval_begin":10,"interval_end":10,"invalid":0,"invalidaggregatereport":0,"invaliddmarcreport":0,"invalidforensicreport":0,"invalidsmtptlsreport":0,"io":[0,12],"ip":[0,3,4,6,7,12],"ip_address":[0,10],"ip_db_path":[0,6,12],"ipaddressinfo":0,"ipdb":6,"ipsourceinfo":0,"ipv4":0,"ipv6":0,"is_mbox":0,"is_outlook_msg":0,"iso":0,"issu":[1,5],"its":12,"java":2,"job":[3,6,8],"joe":[3,8],"journalctl":[2,12],"jre":2,"json":[0,5,12],"june":5,"just":7,"jvm":4,"kafka":[5,12],"kb4099855":6,"kb4134118":6,"kb4295699":6,"keep":[0,12],"keep_al":0,"keepal":2,"kei":[0,3,4,6,12],"keyfile_path":12,"keyout":4,"keyr":4,"keystor":4,"kibana":[5,11],"kill":12,"kind":12,"know":3,"known":[3,7,8,12],"label":12,"languag":[3,8],"larg":[2,12],"larger":12,"later":[4,6,12],"latest":[2,4,6,9,12],"layer":0,"layout":11,"leak":7,"least":[4,6,12],"leav":3,"left":7,"legal":[3,8],"legitim":[7,12],"less":12,"level":[3,4,12],"libemail":6,"libxml2":6,"libxslt":6,"licens":6,"life":5,"like":[0,3,6,8,12],"limit":[0,2,12],"line":[3,8,12],"link":[3,4,7,8],"linux":[3,6,8],"list":[0,2,4,5,7,12],"listen":[2,12],"lite":6,"ll":[3,8],"load":[0,4,12],"load_reverse_dns_map":0,"local":[0,2,4,10,12],"local_file_path":0,"local_reverse_dns_map_path":12,"localhost":12,"locat":[6,7,12],"log":[2,12],"log_analyt":12,"log_fil":12,"logger":12,"login":4,"logstash":4,"long":[3,12],"longer":[3,8],"look":[3,7],"lookup":0,"loopback":2,"lot":7,"low":12,"lower":12,"lua":10,"m":[0,6,10,12],"m365":12,"maco":6,"magnifi":7,"mai":[5,7,12],"maidir":12,"mail":[0,5,6,10,12],"mail_bcc":0,"mail_cc":0,"mail_from":0,"mail_to":0,"mailbox":[0,7,12],"mailbox_connect":0,"mailboxconnect":0,"maildir":12,"maildir_cr":12,"maildir_path":12,"mailer":10,"mailrelai":10,"mailto":6,"main":4,"mainpid":12,"maintain":5,"make":[0,3,4,8,9,12],"malici":[7,12],"manag":[4,12],"manual":12,"map":0,"market":7,"massiv":12,"match":[0,4,11,12],"max_ag":10,"max_shards_per_nod":12,"maximum":4,"maxmind":[0,6,12],"mbox":[0,12],"mean":12,"mechan":3,"member":[3,8],"memori":12,"mention":7,"menu":[4,7],"messag":[0,2,3,4,6,7,8,10,12],"message_id":10,"meta":10,"method":12,"mfrom":10,"microsoft":[2,5,10,12],"might":[0,3,7,8],"migrate_index":0,"mime":10,"minimum":4,"minut":[0,2,12],"miss":12,"mitig":[3,8],"mkdir":6,"mm":0,"mmdb":[0,12],"mobil":[3,8],"mode":[0,2,4,10],"modern":[2,3,8],"modifi":[0,3,8,12],"modul":[0,5,12],"mon":10,"monitor":[3,12],"monthli":[0,12],"monthly_index":[0,12],"more":[0,4,6,11,12],"most":[3,4,7,8,12],"mous":7,"move":[0,4,12],"msg":[0,6],"msg_byte":0,"msg_date":0,"msg_footer":[3,8],"msg_header":[3,8],"msgconvert":[0,6],"msgraph":12,"much":12,"multi":[2,5],"multipl":12,"mung":[3,8],"must":[2,3,8,12],"mutual":[4,12],"mv":4,"mx":10,"my":12,"n":[10,12],"n_proc":12,"name":[0,3,4,7,10,11],"nameserv":[0,12],"nano":[2,12],"nation":12,"navig":[3,6,8],"ncontent":10,"ndate":10,"ndjson":4,"need":[2,3,4,6,7,8,12],"neither":12,"nelson":[3,8],"net":[2,12],"network":[2,4,12],"new":[0,2,3,6,7,12],"newer":6,"newest":[2,12],"newkei":4,"next":[0,12],"nfrom":10,"nmessag":10,"nmime":10,"node":4,"non":[3,8,12],"none":[0,3,10,12],"noproxyfor":2,"nor":12,"norepli":[3,10],"normal":[0,10,12],"normalize_timespan_threshold_hour":0,"normalized_timespan":10,"nosecureimap":2,"notabl":7,"note":12,"notic":12,"now":[4,7],"nsubject":10,"nto":10,"null":10,"number":[0,12],"number_of_replica":[0,12],"number_of_shard":[0,12],"nwettbewerb":10,"nx":10,"o":[0,2,4,12],"oauth2":12,"oauth2_port":12,"object":[0,4],"observ":7,"occur":[0,7],"occurr":11,"oct":10,"offic":2,"office365":2,"offlin":[0,12],"often":[7,12],"ol":[0,6],"old":7,"older":[6,10],"oldest":[2,12],"onc":[6,12],"ondmarc":5,"one":[0,3,5,8,12],"ones":12,"onli":[2,3,6,7,8],"onlin":[0,2,12],"oor":0,"open":3,"opendn":12,"opensearch":[5,12],"opensearcherror":0,"openssl":4,"oper":12,"opt":[2,6,12],"option":[0,2,3,4,5,8,11,12],"order":[6,12],"org":[0,6,9,10,12],"org_email":10,"org_extra_contact_info":10,"org_nam":10,"organ":[2,7,12],"organization_nam":10,"origin":[3,8,12],"original_envelope_id":10,"original_mail_from":10,"original_rcpt_to":10,"original_timespan_second":10,"other":[0,3,4,7,8],"otherwis":12,"our":7,"out":[3,4,7],"outdat":7,"outgo":[3,8,12],"outlook":[0,2,6],"output":[0,5,12],"output_directori":0,"outsid":12,"over":[2,5,7,12],"overrid":[0,12],"overridden":6,"overwrit":4,"owa":5,"own":[7,11],"p":[3,6,10],"p12":4,"pack":4,"packag":[0,4],"pad":0,"page":[3,4,6,7,8],"paginate_messag":12,"pan":10,"parallel":12,"paramet":0,"parent":7,"pars":[0,3,5,6,10,12],"parse_aggregate_report_fil":0,"parse_aggregate_report_xml":0,"parse_email":0,"parse_forensic_report":0,"parse_report_email":0,"parse_report_fil":0,"parse_smtp_tls_report_json":0,"parsed_aggregate_reports_to_csv":0,"parsed_aggregate_reports_to_csv_row":0,"parsed_forensic_reports_to_csv":0,"parsed_forensic_reports_to_csv_row":0,"parsed_sampl":10,"parsed_smtp_tls_reports_to_csv":0,"parsed_smtp_tls_reports_to_csv_row":0,"parsedemail":0,"parsedmarc":[4,9,10,11],"parsedmarc_":12,"parsedmarc_config_fil":12,"parsedmarc_elasticsearch_":12,"parsedmarc_elasticsearch_host":12,"parsedmarc_elasticsearch_ssl":12,"parsedmarc_gelf_":12,"parsedmarc_general_":12,"parsedmarc_general_debug":12,"parsedmarc_general_offlin":12,"parsedmarc_general_save_aggreg":12,"parsedmarc_general_save_forens":12,"parsedmarc_gmail_api_":12,"parsedmarc_imap_":12,"parsedmarc_imap_host":12,"parsedmarc_imap_password":12,"parsedmarc_imap_us":12,"parsedmarc_kafka_":12,"parsedmarc_log_analytics_":12,"parsedmarc_mailbox_":12,"parsedmarc_mailbox_watch":12,"parsedmarc_maildir_":12,"parsedmarc_msgraph_":12,"parsedmarc_opensearch_":12,"parsedmarc_s3_":12,"parsedmarc_smtp_":12,"parsedmarc_splunk_hec_":12,"parsedmarc_splunk_hec_index":12,"parsedmarc_splunk_hec_token":12,"parsedmarc_splunk_hec_url":12,"parsedmarc_syslog_":12,"parsedmarc_webhook_":12,"parser":0,"parsererror":0,"parsingresult":0,"part":[3,4,7,8],"particular":7,"particularli":[5,12],"pass":[3,7,10],"passag":7,"passsword":12,"password":[0,4,6,12],"past":[4,11],"patch":6,"path":[0,4,12],"pathlik":0,"pattern":[5,7],"payload":[0,12],"pct":10,"peak":12,"pem":12,"per":12,"percentag":7,"perform":[2,5],"period":12,"perl":[0,6],"permiss":[4,12],"persist":12,"peter":10,"pick":12,"pie":7,"pin":5,"pip":6,"pkcs12":12,"place":[0,4,7,12],"plain":0,"plaintext":[3,8],"platform":[3,8],"pleas":[1,5,12],"plu":7,"point":12,"polici":[3,8,10,12],"policy_domain":10,"policy_evalu":10,"policy_override_com":10,"policy_override_reason":10,"policy_publish":10,"policy_str":10,"policy_typ":10,"policyscopegroupid":12,"poll":[2,12],"popul":0,"port":[0,2,12],"posit":12,"possibl":12,"post":[3,8,12],"poster":[3,8],"postoriu":[3,8],"powershel":12,"ppa":6,"practic":12,"pre":[6,12],"predict":12,"prefer":[2,6,12],"prefix":[0,3,8,12],"premad":[5,11],"prerequisit":5,"present":12,"pressur":12,"pretti":12,"prettifi":12,"previou":[0,2,4,12],"previous":[4,7],"print":12,"printabl":10,"prioriti":12,"privaci":[3,6,7,8,12],"privat":12,"process":[0,2,5,6,12],"produc":10,"program":12,"programdata":6,"progress":12,"project":[0,2,3,5,11],"prompt":4,"proofpoint":5,"properti":2,"protect":[2,3,5,8,12],"protocol":12,"provid":[4,7,12],"prox":6,"proxi":2,"proxyhost":2,"proxypassword":2,"proxyport":2,"proxyus":2,"pry":[2,12],"psl_overrid":0,"public":[0,3,10,12],"public_suffix_list":0,"publicbaseurl":4,"publicsuffix":0,"publish":[3,12],"put":[4,12],"python":[0,6],"python3":6,"python39":6,"qo":4,"quarantin":[3,8],"queri":[0,12],"query_dn":0,"quickstart":12,"quot":10,"r":[2,6,10,12],"rais":0,"ram":[4,12],"rather":[3,8,12],"raw":12,"re":12,"read":[0,12],"readabl":0,"readwrit":12,"realli":3,"reason":[0,2,4,5,12],"receiv":[0,10,12],"receiving_ip":10,"receiving_mx_hostnam":10,"recipi":7,"recogn":7,"recommend":12,"record":[0,5,6,10],"record_typ":0,"reduc":12,"refer":[4,5],"referenc":12,"regard":12,"regardless":10,"region":[0,12],"region_nam":12,"regist":6,"registr":12,"regul":[4,6,9,12],"regular":[3,8],"reject":[3,8],"relai":[3,8],"relat":[3,12],"releas":[4,6],"reli":7,"reliabl":12,"reload":[0,2,4],"remain":[7,12],"remot":2,"remov":[0,3,4,8,12],"repeat":[3,8],"replac":[0,3,4,8,12],"repli":[2,3,8],"replica":[0,12],"reply_goes_to_list":[3,8],"reply_to":10,"replyto":[3,8],"repopul":0,"report":[0,4,7,11,12],"report_id":10,"report_metadata":10,"report_typ":0,"reported_domain":10,"reports_fold":[0,12],"repositori":[6,11],"req":4,"request":[0,2,4,12],"requir":[0,2,3,4,5,6,8,12],"require_encrypt":0,"reserv":12,"resid":12,"resolv":[0,12],"resourc":[0,4,5,12],"respons":[0,12],"restart":[2,3,4,8],"restartsec":[2,12],"restor":4,"restrict":12,"restrictaccess":12,"result":[0,5,7,10,12],"result_typ":10,"resum":12,"retain":[3,8,12],"retent":5,"retri":12,"retriev":2,"retry_attempt":12,"retry_delai":12,"return":0,"revers":[0,7,12],"reverse_dn":[0,10],"reverse_dns_base_domain":0,"reverse_dns_map":0,"reverse_dns_map_path":0,"reverse_dns_map_url":[0,12],"reversednsservic":0,"review":[5,7],"rewrit":[3,8],"rfc":[0,3,8,10],"rfc2369":[3,8],"rfc822":2,"rhel":[4,5,6],"right":[4,7],"rm":4,"ro":0,"rollup":6,"root":[2,12],"rpm":4,"rsa":4,"rua":[5,6],"ruf":[5,6,7,12],"rule":[7,12],"run":[0,4,5,6],"rw":[2,12],"s3":12,"safe":0,"safer":12,"same":[3,4,6,7,11,12],"sampl":[0,5,12],"sample_headers_onli":10,"save":[0,4,6,12],"save_aggreg":12,"save_aggregate_report_to_elasticsearch":0,"save_aggregate_report_to_opensearch":0,"save_aggregate_reports_to_splunk":0,"save_forens":12,"save_forensic_report_to_elasticsearch":0,"save_forensic_report_to_opensearch":0,"save_forensic_reports_to_splunk":0,"save_output":0,"save_smtp_tl":12,"save_smtp_tls_report_to_elasticsearch":0,"save_smtp_tls_report_to_opensearch":0,"save_smtp_tls_reports_to_splunk":0,"schedul":[6,12],"schema":10,"scope":[10,12],"scrub_nondigest":[3,8],"search":[0,3,8,12],"second":[0,2,12],"secret":12,"secret_access_kei":12,"secur":[0,4,12],"see":[2,3,4,5,7,12],"segment":7,"select":[0,6],"selector":10,"self":[4,5],"send":[0,2,3,4,5,7,8,11,12],"sender":[5,7,8],"sending_mta_ip":10,"sensit":12,"sent":[3,8,12],"separ":[3,4,6,7,9,11,12],"server":[0,2,3,4,6,7,10,12],"server_ip":4,"servernameon":10,"servic":[0,3,4,5,7,8],"service_account":12,"service_account_us":12,"session":[0,7],"set":[0,2,3,4,6,7,8,9,12],"set_host":0,"setup":[4,9,12],"setuptool":6,"shard":[0,12],"share":[4,12],"sharepoint":10,"should":[3,6,7,8,12],"shouldn":[3,8],"show":[2,7,12],"shown":12,"side":7,"sighup":[0,12],"sign":[0,3,4,6,12],"signal":12,"signatur":[3,7,8],"sigv4":[0,12],"silent":12,"similar":7,"simpl":5,"simplifi":0,"sinc":[0,12],"singl":[0,12],"sink":12,"sister":3,"size":[2,4],"skip":[0,12],"skip_certificate_verif":[0,12],"slightli":11,"small":4,"smaller":12,"smtp":[0,3,5,7,12],"smtp_tl":[0,12],"smtp_tls_csv_filenam":[0,12],"smtp_tls_json_filenam":[0,12],"smtp_tls_report":0,"smtp_tls_url":12,"smtptlsfailuredetail":0,"smtptlsfailuredetailsopt":0,"smtptlsparsedreport":0,"smtptlspolici":0,"smtptlspolicysummari":0,"smtptlsreport":0,"so":[3,6,7,8,12],"socket":2,"solut":6,"some":[0,2,3,4,7,8],"someon":4,"sometim":12,"sort":[7,12],"sourc":[0,3,4,6,7,10],"source_base_domain":10,"source_countri":10,"source_ip_address":10,"source_nam":10,"source_reverse_dn":10,"source_typ":10,"sourceforg":2,"sp":[3,10],"spam":12,"special":12,"specif":[3,12],"specifi":[2,3],"spf":[7,10],"spf_align":10,"spf_domain":10,"spf_result":10,"spf_scope":10,"splunk":[5,12],"splunk_hec":12,"splunkerror":0,"splunkhec":12,"spoof":[3,8],"ss":0,"ssl":[0,2,4,12],"ssl_cert_path":0,"st":[10,12],"stabl":4,"stack":[4,12],"standard":[0,5,10],"start":[0,2,4,6,7,9,11,12],"starttl":12,"static":6,"statu":[2,12],"stdout":12,"step":[3,4,8],"still":[3,6,8,10,12],"storag":[0,12],"store":[2,4,9],"str":[0,12],"stream":12,"string":0,"strip":[3,8,12],"strip_attachment_payload":[0,12],"strongli":12,"structur":5,"stsv1":10,"subdomain":[0,3,12],"subject":[0,3,8,10,12],"subject_prefix":[3,8],"subsidiari":7,"success":12,"successful_session_count":10,"sudo":[2,4,6,12],"suffix":[0,12],"suggest":7,"suitabl":0,"summari":[3,5,8],"supervis":12,"suppli":[0,7,12],"support":[2,5,10,11],"sure":[4,6],"sw50zxjha3rpdmugv2v0dgjld2vyymvylcocymvyc2ljahq":10,"switch":7,"syslog":[2,12],"system":[2,3,4,6,8,12],"systemctl":[2,4,12],"systemd":5,"systemdr":6,"t":[5,8,12],"tab":[3,4,8],"tabl":[5,7],"tag":6,"take":12,"target":[2,12],"task":6,"tby":10,"tcp":12,"tee":4,"tell":[3,6,7,8],"templat":[3,8],"temporari":7,"tenant":5,"tenant_id":12,"term":6,"test":[0,10,12],"text":[0,10],"than":[3,4,8,12],"thank":[5,10],"thei":[3,6,7,8,12],"theirs":3,"them":[0,4,7,12],"therebi":[3,8],"thi":[0,2,3,4,5,6,7,8,10,12],"those":[6,12],"thousand":12,"three":7,"through":3,"throughput":12,"time":[0,2,4,6,7,12],"timeout":[0,2,12],"timespan":0,"timespan_requires_norm":10,"timestamp":0,"timestamp_to_datetim":0,"timestamp_to_human":0,"timezon":10,"tl":[0,5,12],"tld":3,"to_domain":10,"to_utc":0,"token":[0,4,12],"token_fil":12,"tool":[6,12],"top":[3,7],"topic":12,"touch":[3,8],"tracker":1,"trade":12,"tradit":[3,8],"trail":12,"transfer":10,"transpar":5,"transport":[4,12],"trash":12,"tri":0,"true":[0,2,4,10,12],"trust":12,"truststor":4,"try":12,"tuesdai":6,"tune":5,"two":6,"txt":0,"type":[5,10,12],"typo":12,"u":[2,6,10,12],"ubuntu":[4,6],"udp":12,"ui":[3,8],"uncondition":[3,8],"under":[4,6,7],"underli":0,"underneath":7,"underscor":12,"understand":[5,7],"unencrypt":12,"unfortun":[3,8],"unit":[0,2,12],"unix":0,"unknown":0,"unreach":12,"unsubscrib":[3,8],"until":[0,5,12],"unzip":2,"up":[0,2,4,6,7,9,12],"updat":[0,4,6,12],"upersecur":12,"upgrad":[2,5,6,12],"upload":12,"upper":7,"uppercas":12,"uri":6,"url":[0,2,12],"us":[0,3,4,5,8,10],"usag":12,"use_ssl":0,"user":[2,3,4,5,6,8,10,12],"user_ag":10,"useradd":[2,6],"usernam":[0,12],"usernamepassword":12,"usesystemproxi":2,"usr":4,"utc":0,"utf":10,"util":5,"v":[6,12],"valid":[0,7,10,12],"valimail":5,"valu":[0,3,4,7,8,12],"var":[3,8,12],"variabl":5,"variou":6,"vendor":3,"venv":[6,12],"verbos":12,"veri":[4,7,12],"verif":[0,4,12],"verifi":0,"verification_mod":4,"version":[2,4,5,6,9,10,11,12],"vew":2,"via":[0,2],"view":[7,12],"vim":4,"virtualenv":6,"visual":[4,9],"volum":[7,12],"vulner":3,"w":[0,12],"w3c":10,"wa":[3,4,6,8],"wai":[4,7],"wait":[0,12],"want":[2,5,12],"wantedbi":[2,12],"warn":12,"watch":[0,2,4,12],"watch_inbox":0,"watcher":12,"web":[2,4],"webdav":2,"webhook":12,"webmail":[3,7,8],"week":[0,12],"weekli":6,"well":[2,12],"were":[7,12],"wettbewerb":10,"wget":4,"whalensolut":12,"what":5,"when":[0,3,5,7,8,12],"whenev":[0,2,12],"where":[0,2,3,8,12],"wherea":7,"wherev":12,"whether":0,"which":[2,4,5,7,12],"while":[7,12],"who":7,"why":[3,7],"wide":[6,10,12],"wiki":10,"window":[6,12],"without":[3,4,7,8],"won":5,"work":[2,3,5,6,7,8,12],"worker":12,"workstat":2,"worst":3,"would":[3,5,6,8],"wrap":[3,8],"write":12,"www":[4,6,12],"x":[4,10],"x509":4,"xennn":10,"xml":[0,11],"xml_schema":10,"xms4g":4,"xmx4g":4,"xpack":4,"xxxx":4,"y":[4,6],"yahoo":7,"yaml":12,"ye":[3,8],"year":12,"yet":3,"yml":4,"you":[2,3,4,5,6,7,8,12],"your":[3,4,6,7,8,11,12],"yyyi":0,"zero":12,"zip":[0,2,5,12],"\u00fcbersicht":10},"titles":["API reference","Contributing to parsedmarc","Accessing an inbox using OWA/EWS","Understanding DMARC","Elasticsearch and Kibana","parsedmarc documentation - Open source DMARC report analyzer and visualizer","Installation","Using the Kibana dashboards","What about mailing lists?","OpenSearch and Grafana","Sample outputs","Splunk","Using parsedmarc"],"titleterms":{"2":[3,8],"3":[3,8],"about":[3,8],"access":2,"aggreg":10,"align":3,"an":2,"analyz":[5,6],"api":0,"best":[3,8],"bug":1,"cli":12,"compat":5,"compos":12,"config":12,"configur":[2,12],"content":5,"contribut":1,"csv":10,"dashboard":7,"davmail":2,"depend":6,"dkim":3,"dmarc":[3,5,7],"do":[3,8],"docker":12,"document":5,"domain":3,"elast":0,"elasticsearch":4,"env":12,"environ":12,"ew":2,"exampl":12,"exchang":6,"featur":5,"file":12,"forens":[7,10],"geoipupd":6,"grafana":9,"guid":3,"help":12,"inbox":2,"index":4,"indic":0,"instal":[4,6,9],"json":10,"kibana":[4,7],"list":[3,8],"listserv":[3,8],"lookalik":3,"mail":[3,8],"mailman":[3,8],"map":12,"microsoft":6,"mode":12,"multi":12,"multipl":6,"name":12,"onli":12,"open":5,"opensearch":[0,9],"option":6,"output":10,"owa":2,"parsedmarc":[0,1,2,5,6,12],"pattern":4,"perform":12,"practic":[3,8],"prerequisit":6,"proxi":6,"python":5,"record":[3,4,9],"refer":0,"reload":12,"report":[1,5,6,10],"resourc":3,"restart":12,"retent":[4,9],"run":[2,12],"sampl":[7,10],"section":12,"sender":3,"servic":[2,12],"setup":6,"smtp":10,"sourc":5,"specifi":12,"spf":3,"splunk":[0,11],"summari":7,"support":[3,12],"systemd":[2,12],"t":3,"tabl":0,"tenant":12,"test":6,"tl":10,"tune":12,"type":0,"understand":3,"upgrad":4,"us":[2,6,7,12],"util":0,"valid":3,"variabl":12,"via":12,"visual":5,"web":6,"what":[3,8],"without":12,"won":3,"workaround":[3,8]}}) \ No newline at end of file +Search.setIndex({"alltitles":{"API reference":[[0,null]],"Accessing an inbox using OWA/EWS":[[2,null]],"Bug reports":[[1,"bug-reports"]],"CLI help":[[12,"cli-help"]],"CSV aggregate report":[[10,"csv-aggregate-report"]],"CSV forensic report":[[10,"csv-forensic-report"]],"Configuration file":[[12,"configuration-file"]],"Configuring parsedmarc for DavMail":[[2,"configuring-parsedmarc-for-davmail"]],"Contents":[[5,null]],"Contributing to parsedmarc":[[1,null]],"DMARC Alignment Guide":[[3,"dmarc-alignment-guide"]],"DMARC Forensic Samples":[[7,"dmarc-forensic-samples"]],"DMARC Summary":[[7,"dmarc-summary"]],"DMARC guides":[[3,"dmarc-guides"]],"Do":[[3,"do"],[8,"do"]],"Do not":[[3,"do-not"],[8,"do-not"]],"Docker Compose example":[[12,"docker-compose-example"]],"Elasticsearch and Kibana":[[4,null]],"Environment variable configuration":[[12,"environment-variable-configuration"]],"Examples":[[12,"examples"]],"Features":[[5,"features"]],"Indices and tables":[[0,"indices-and-tables"]],"Installation":[[4,"installation"],[6,null],[9,"installation"]],"Installing parsedmarc":[[6,"installing-parsedmarc"]],"JSON SMTP TLS report":[[10,"json-smtp-tls-report"]],"JSON aggregate report":[[10,"json-aggregate-report"]],"JSON forensic report":[[10,"json-forensic-report"]],"LISTSERV":[[3,"listserv"],[8,"listserv"]],"Lookalike domains":[[3,"lookalike-domains"]],"Mailing list best practices":[[3,"mailing-list-best-practices"],[8,"mailing-list-best-practices"]],"Mailman 2":[[3,"mailman-2"],[3,"id1"],[8,"mailman-2"],[8,"id1"]],"Mailman 3":[[3,"mailman-3"],[3,"id2"],[8,"mailman-3"],[8,"id2"]],"Multi-tenant support":[[12,"multi-tenant-support"]],"OpenSearch and Grafana":[[9,null]],"Optional dependencies":[[6,"optional-dependencies"]],"Performance tuning":[[12,"performance-tuning"]],"Prerequisites":[[6,"prerequisites"]],"Python Compatibility":[[5,"python-compatibility"]],"Records retention":[[4,"records-retention"],[9,"records-retention"]],"Reloading configuration without restarting":[[12,"reloading-configuration-without-restarting"]],"Resources":[[3,"resources"]],"Running DavMail as a systemd service":[[2,"running-davmail-as-a-systemd-service"]],"Running parsedmarc as a systemd service":[[12,"running-parsedmarc-as-a-systemd-service"]],"Running without a config file (env-only mode)":[[12,"running-without-a-config-file-env-only-mode"]],"SPF and DMARC record validation":[[3,"spf-and-dmarc-record-validation"]],"Sample aggregate report output":[[10,"sample-aggregate-report-output"]],"Sample forensic report output":[[10,"sample-forensic-report-output"]],"Sample outputs":[[10,null]],"Section name mapping":[[12,"section-name-mapping"]],"Specifying the config file via environment variable":[[12,"specifying-the-config-file-via-environment-variable"]],"Splunk":[[11,null]],"Testing multiple report analyzers":[[6,"testing-multiple-report-analyzers"]],"Understanding DMARC":[[3,null]],"Upgrading Kibana index patterns":[[4,"upgrading-kibana-index-patterns"]],"Using Microsoft Exchange":[[6,"using-microsoft-exchange"]],"Using a web proxy":[[6,"using-a-web-proxy"]],"Using parsedmarc":[[12,null]],"Using the Kibana dashboards":[[7,null]],"What about mailing lists?":[[3,"what-about-mailing-lists"],[8,null]],"What if a sender won\u2019t support DKIM/DMARC?":[[3,"what-if-a-sender-wont-support-dkim-dmarc"]],"Workarounds":[[3,"workarounds"],[8,"workarounds"]],"geoipupdate setup":[[6,"geoipupdate-setup"]],"parsedmarc":[[0,"module-parsedmarc"]],"parsedmarc documentation - Open source DMARC report analyzer and visualizer":[[5,null]],"parsedmarc.elastic":[[0,"module-parsedmarc.elastic"]],"parsedmarc.opensearch":[[0,"module-parsedmarc.opensearch"]],"parsedmarc.splunk":[[0,"module-parsedmarc.splunk"]],"parsedmarc.types":[[0,"module-parsedmarc.types"]],"parsedmarc.utils":[[0,"module-parsedmarc.utils"]]},"docnames":["api","contributing","davmail","dmarc","elasticsearch","index","installation","kibana","mailing-lists","opensearch","output","splunk","usage"],"envversion":{"sphinx":65,"sphinx.domains.c":3,"sphinx.domains.changeset":1,"sphinx.domains.citation":1,"sphinx.domains.cpp":9,"sphinx.domains.index":1,"sphinx.domains.javascript":3,"sphinx.domains.math":2,"sphinx.domains.python":4,"sphinx.domains.rst":2,"sphinx.domains.std":2,"sphinx.ext.todo":2,"sphinx.ext.viewcode":1},"filenames":["api.md","contributing.md","davmail.md","dmarc.md","elasticsearch.md","index.md","installation.md","kibana.md","mailing-lists.md","opensearch.md","output.md","splunk.md","usage.md"],"indexentries":{"aggregatealignment (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateAlignment",false]],"aggregateauthresultdkim (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateAuthResultDKIM",false]],"aggregateauthresults (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateAuthResults",false]],"aggregateauthresultspf (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateAuthResultSPF",false]],"aggregateidentifiers (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateIdentifiers",false]],"aggregateparsedreport (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateParsedReport",false]],"aggregatepolicyevaluated (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregatePolicyEvaluated",false]],"aggregatepolicyoverridereason (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregatePolicyOverrideReason",false]],"aggregatepolicypublished (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregatePolicyPublished",false]],"aggregaterecord (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateRecord",false]],"aggregatereport (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateReport",false]],"aggregatereportmetadata (class in parsedmarc.types)":[[0,"parsedmarc.types.AggregateReportMetadata",false]],"alreadysaved":[[0,"parsedmarc.elastic.AlreadySaved",false],[0,"parsedmarc.opensearch.AlreadySaved",false]],"close() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.close",false]],"convert_outlook_msg() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.convert_outlook_msg",false]],"create_indexes() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.create_indexes",false]],"create_indexes() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.create_indexes",false]],"decode_base64() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.decode_base64",false]],"downloaderror":[[0,"parsedmarc.utils.DownloadError",false]],"elasticsearcherror":[[0,"parsedmarc.elastic.ElasticsearchError",false]],"email_results() (in module parsedmarc)":[[0,"parsedmarc.email_results",false]],"emailaddress (class in parsedmarc.types)":[[0,"parsedmarc.types.EmailAddress",false]],"emailattachment (class in parsedmarc.types)":[[0,"parsedmarc.types.EmailAttachment",false]],"emailparsererror":[[0,"parsedmarc.utils.EmailParserError",false]],"extract_report() (in module parsedmarc)":[[0,"parsedmarc.extract_report",false]],"extract_report_from_file_path() (in module parsedmarc)":[[0,"parsedmarc.extract_report_from_file_path",false]],"forensicparsedreport (class in parsedmarc.types)":[[0,"parsedmarc.types.ForensicParsedReport",false]],"forensicreport (class in parsedmarc.types)":[[0,"parsedmarc.types.ForensicReport",false]],"get_base_domain() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_base_domain",false]],"get_dmarc_reports_from_mailbox() (in module parsedmarc)":[[0,"parsedmarc.get_dmarc_reports_from_mailbox",false]],"get_dmarc_reports_from_mbox() (in module parsedmarc)":[[0,"parsedmarc.get_dmarc_reports_from_mbox",false]],"get_filename_safe_string() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_filename_safe_string",false]],"get_ip_address_country() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_ip_address_country",false]],"get_ip_address_info() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_ip_address_info",false]],"get_report_zip() (in module parsedmarc)":[[0,"parsedmarc.get_report_zip",false]],"get_reverse_dns() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_reverse_dns",false]],"get_service_from_reverse_dns_base_domain() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_service_from_reverse_dns_base_domain",false]],"hecclient (class in parsedmarc.splunk)":[[0,"parsedmarc.splunk.HECClient",false]],"human_timestamp_to_datetime() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.human_timestamp_to_datetime",false]],"human_timestamp_to_unix_timestamp() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.human_timestamp_to_unix_timestamp",false]],"invalidaggregatereport":[[0,"parsedmarc.InvalidAggregateReport",false]],"invaliddmarcreport":[[0,"parsedmarc.InvalidDMARCReport",false]],"invalidforensicreport":[[0,"parsedmarc.InvalidForensicReport",false]],"invalidsmtptlsreport":[[0,"parsedmarc.InvalidSMTPTLSReport",false]],"ipaddressinfo (class in parsedmarc.utils)":[[0,"parsedmarc.utils.IPAddressInfo",false]],"ipsourceinfo (class in parsedmarc.types)":[[0,"parsedmarc.types.IPSourceInfo",false]],"is_mbox() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.is_mbox",false]],"is_outlook_msg() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.is_outlook_msg",false]],"load_reverse_dns_map() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.load_reverse_dns_map",false]],"migrate_indexes() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.migrate_indexes",false]],"migrate_indexes() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.migrate_indexes",false]],"module":[[0,"module-parsedmarc",false],[0,"module-parsedmarc.elastic",false],[0,"module-parsedmarc.opensearch",false],[0,"module-parsedmarc.splunk",false],[0,"module-parsedmarc.types",false],[0,"module-parsedmarc.utils",false]],"opensearcherror":[[0,"parsedmarc.opensearch.OpenSearchError",false]],"parse_aggregate_report_file() (in module parsedmarc)":[[0,"parsedmarc.parse_aggregate_report_file",false]],"parse_aggregate_report_xml() (in module parsedmarc)":[[0,"parsedmarc.parse_aggregate_report_xml",false]],"parse_email() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.parse_email",false]],"parse_forensic_report() (in module parsedmarc)":[[0,"parsedmarc.parse_forensic_report",false]],"parse_report_email() (in module parsedmarc)":[[0,"parsedmarc.parse_report_email",false]],"parse_report_file() (in module parsedmarc)":[[0,"parsedmarc.parse_report_file",false]],"parse_smtp_tls_report_json() (in module parsedmarc)":[[0,"parsedmarc.parse_smtp_tls_report_json",false]],"parsed_aggregate_reports_to_csv() (in module parsedmarc)":[[0,"parsedmarc.parsed_aggregate_reports_to_csv",false]],"parsed_aggregate_reports_to_csv_rows() (in module parsedmarc)":[[0,"parsedmarc.parsed_aggregate_reports_to_csv_rows",false]],"parsed_forensic_reports_to_csv() (in module parsedmarc)":[[0,"parsedmarc.parsed_forensic_reports_to_csv",false]],"parsed_forensic_reports_to_csv_rows() (in module parsedmarc)":[[0,"parsedmarc.parsed_forensic_reports_to_csv_rows",false]],"parsed_smtp_tls_reports_to_csv() (in module parsedmarc)":[[0,"parsedmarc.parsed_smtp_tls_reports_to_csv",false]],"parsed_smtp_tls_reports_to_csv_rows() (in module parsedmarc)":[[0,"parsedmarc.parsed_smtp_tls_reports_to_csv_rows",false]],"parsedemail (class in parsedmarc.types)":[[0,"parsedmarc.types.ParsedEmail",false]],"parsedmarc":[[0,"module-parsedmarc",false]],"parsedmarc.elastic":[[0,"module-parsedmarc.elastic",false]],"parsedmarc.opensearch":[[0,"module-parsedmarc.opensearch",false]],"parsedmarc.splunk":[[0,"module-parsedmarc.splunk",false]],"parsedmarc.types":[[0,"module-parsedmarc.types",false]],"parsedmarc.utils":[[0,"module-parsedmarc.utils",false]],"parsererror":[[0,"parsedmarc.ParserError",false]],"parsingresults (class in parsedmarc.types)":[[0,"parsedmarc.types.ParsingResults",false]],"query_dns() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.query_dns",false]],"reversednsservice (class in parsedmarc.utils)":[[0,"parsedmarc.utils.ReverseDNSService",false]],"save_aggregate_report_to_elasticsearch() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.save_aggregate_report_to_elasticsearch",false]],"save_aggregate_report_to_opensearch() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.save_aggregate_report_to_opensearch",false]],"save_aggregate_reports_to_splunk() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.save_aggregate_reports_to_splunk",false]],"save_forensic_report_to_elasticsearch() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.save_forensic_report_to_elasticsearch",false]],"save_forensic_report_to_opensearch() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.save_forensic_report_to_opensearch",false]],"save_forensic_reports_to_splunk() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.save_forensic_reports_to_splunk",false]],"save_output() (in module parsedmarc)":[[0,"parsedmarc.save_output",false]],"save_smtp_tls_report_to_elasticsearch() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.save_smtp_tls_report_to_elasticsearch",false]],"save_smtp_tls_report_to_opensearch() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.save_smtp_tls_report_to_opensearch",false]],"save_smtp_tls_reports_to_splunk() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.save_smtp_tls_reports_to_splunk",false]],"set_hosts() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.set_hosts",false]],"set_hosts() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.set_hosts",false]],"smtptlsfailuredetails (class in parsedmarc.types)":[[0,"parsedmarc.types.SMTPTLSFailureDetails",false]],"smtptlsfailuredetailsoptional (class in parsedmarc.types)":[[0,"parsedmarc.types.SMTPTLSFailureDetailsOptional",false]],"smtptlsparsedreport (class in parsedmarc.types)":[[0,"parsedmarc.types.SMTPTLSParsedReport",false]],"smtptlspolicy (class in parsedmarc.types)":[[0,"parsedmarc.types.SMTPTLSPolicy",false]],"smtptlspolicysummary (class in parsedmarc.types)":[[0,"parsedmarc.types.SMTPTLSPolicySummary",false]],"smtptlsreport (class in parsedmarc.types)":[[0,"parsedmarc.types.SMTPTLSReport",false]],"splunkerror":[[0,"parsedmarc.splunk.SplunkError",false]],"timestamp_to_datetime() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.timestamp_to_datetime",false]],"timestamp_to_human() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.timestamp_to_human",false]],"watch_inbox() (in module parsedmarc)":[[0,"parsedmarc.watch_inbox",false]]},"objects":{"":[[0,0,0,"-","parsedmarc"]],"parsedmarc":[[0,1,1,"","InvalidAggregateReport"],[0,1,1,"","InvalidDMARCReport"],[0,1,1,"","InvalidForensicReport"],[0,1,1,"","InvalidSMTPTLSReport"],[0,1,1,"","ParserError"],[0,0,0,"-","elastic"],[0,2,1,"","email_results"],[0,2,1,"","extract_report"],[0,2,1,"","extract_report_from_file_path"],[0,2,1,"","get_dmarc_reports_from_mailbox"],[0,2,1,"","get_dmarc_reports_from_mbox"],[0,2,1,"","get_report_zip"],[0,0,0,"-","opensearch"],[0,2,1,"","parse_aggregate_report_file"],[0,2,1,"","parse_aggregate_report_xml"],[0,2,1,"","parse_forensic_report"],[0,2,1,"","parse_report_email"],[0,2,1,"","parse_report_file"],[0,2,1,"","parse_smtp_tls_report_json"],[0,2,1,"","parsed_aggregate_reports_to_csv"],[0,2,1,"","parsed_aggregate_reports_to_csv_rows"],[0,2,1,"","parsed_forensic_reports_to_csv"],[0,2,1,"","parsed_forensic_reports_to_csv_rows"],[0,2,1,"","parsed_smtp_tls_reports_to_csv"],[0,2,1,"","parsed_smtp_tls_reports_to_csv_rows"],[0,2,1,"","save_output"],[0,0,0,"-","splunk"],[0,0,0,"-","types"],[0,0,0,"-","utils"],[0,2,1,"","watch_inbox"]],"parsedmarc.elastic":[[0,1,1,"","AlreadySaved"],[0,1,1,"","ElasticsearchError"],[0,2,1,"","create_indexes"],[0,2,1,"","migrate_indexes"],[0,2,1,"","save_aggregate_report_to_elasticsearch"],[0,2,1,"","save_forensic_report_to_elasticsearch"],[0,2,1,"","save_smtp_tls_report_to_elasticsearch"],[0,2,1,"","set_hosts"]],"parsedmarc.opensearch":[[0,1,1,"","AlreadySaved"],[0,1,1,"","OpenSearchError"],[0,2,1,"","create_indexes"],[0,2,1,"","migrate_indexes"],[0,2,1,"","save_aggregate_report_to_opensearch"],[0,2,1,"","save_forensic_report_to_opensearch"],[0,2,1,"","save_smtp_tls_report_to_opensearch"],[0,2,1,"","set_hosts"]],"parsedmarc.splunk":[[0,3,1,"","HECClient"],[0,1,1,"","SplunkError"]],"parsedmarc.splunk.HECClient":[[0,4,1,"","close"],[0,4,1,"","save_aggregate_reports_to_splunk"],[0,4,1,"","save_forensic_reports_to_splunk"],[0,4,1,"","save_smtp_tls_reports_to_splunk"]],"parsedmarc.types":[[0,3,1,"","AggregateAlignment"],[0,3,1,"","AggregateAuthResultDKIM"],[0,3,1,"","AggregateAuthResultSPF"],[0,3,1,"","AggregateAuthResults"],[0,3,1,"","AggregateIdentifiers"],[0,3,1,"","AggregateParsedReport"],[0,3,1,"","AggregatePolicyEvaluated"],[0,3,1,"","AggregatePolicyOverrideReason"],[0,3,1,"","AggregatePolicyPublished"],[0,3,1,"","AggregateRecord"],[0,3,1,"","AggregateReport"],[0,3,1,"","AggregateReportMetadata"],[0,3,1,"","EmailAddress"],[0,3,1,"","EmailAttachment"],[0,3,1,"","ForensicParsedReport"],[0,3,1,"","ForensicReport"],[0,3,1,"","IPSourceInfo"],[0,3,1,"","ParsedEmail"],[0,3,1,"","ParsingResults"],[0,3,1,"","SMTPTLSFailureDetails"],[0,3,1,"","SMTPTLSFailureDetailsOptional"],[0,3,1,"","SMTPTLSParsedReport"],[0,3,1,"","SMTPTLSPolicy"],[0,3,1,"","SMTPTLSPolicySummary"],[0,3,1,"","SMTPTLSReport"]],"parsedmarc.utils":[[0,1,1,"","DownloadError"],[0,1,1,"","EmailParserError"],[0,3,1,"","IPAddressInfo"],[0,3,1,"","ReverseDNSService"],[0,2,1,"","convert_outlook_msg"],[0,2,1,"","decode_base64"],[0,2,1,"","get_base_domain"],[0,2,1,"","get_filename_safe_string"],[0,2,1,"","get_ip_address_country"],[0,2,1,"","get_ip_address_info"],[0,2,1,"","get_reverse_dns"],[0,2,1,"","get_service_from_reverse_dns_base_domain"],[0,2,1,"","human_timestamp_to_datetime"],[0,2,1,"","human_timestamp_to_unix_timestamp"],[0,2,1,"","is_mbox"],[0,2,1,"","is_outlook_msg"],[0,2,1,"","load_reverse_dns_map"],[0,2,1,"","parse_email"],[0,2,1,"","query_dns"],[0,2,1,"","timestamp_to_datetime"],[0,2,1,"","timestamp_to_human"]]},"objnames":{"0":["py","module","Python module"],"1":["py","exception","Python exception"],"2":["py","function","Python function"],"3":["py","class","Python class"],"4":["py","method","Python method"]},"objtypes":{"0":"py:module","1":"py:exception","2":"py:function","3":"py:class","4":"py:method"},"terms":{"":[0,2,3,4,6,8,10,12],"0":[0,2,3,4,5,6,8,9,10,11,12],"00":10,"003":10,"00z":10,"00z_exampl":10,"01":10,"0200":10,"0240":10,"04":10,"08":10,"09":10,"09t00":10,"09t23":10,"1":[0,2,4,5,6,10,12],"10":[0,5,6,10,12],"100":[10,12],"1000":12,"11":[5,6,10],"1143":2,"12":5,"12201":12,"127":[2,4,12],"13":5,"14":5,"150":10,"16":[3,8],"173":10,"176":10,"19":[10,12],"1d":12,"1g":4,"1w":12,"2":[0,4,10,12],"20":10,"2000":12,"201":10,"2010":[6,10],"2012":10,"2013":6,"2016":6,"2017a":[3,8],"2018":10,"2019":6,"2024":10,"2028":5,"2030":5,"2035":5,"208":10,"209":10,"21":6,"212":10,"22":6,"222":10,"23":10,"2369":[3,8],"24":0,"241":10,"25":12,"27":10,"28":10,"2919":[3,8],"2d":12,"2k":12,"3":[5,6,10,11,12],"30":[0,12],"300":2,"30937":10,"30th":6,"3128":6,"365":[2,4],"38":10,"3d":10,"3h":12,"4":[4,6,11],"4096":4,"41":10,"5":[2,4,9,12],"500":12,"514":12,"5601":4,"59":10,"59z":10,"5m":[2,12],"6":[0,4,5,6,12],"60":[0,12],"6514":12,"660":4,"7":[4,5,6],"72":10,"7480":10,"7d":12,"8":[2,4,5,6,10,12],"8080":12,"822":0,"85":10,"86399":10,"86400":10,"9":5,"9200":[4,12],"932":12,"9391651994964116463":10,"94":10,"993":12,"A":[0,3,12],"And":0,"As":[4,7],"Be":6,"By":[7,12],"For":[4,12],"If":[0,3,4,6,7,8,12],"In":[2,3,7,8,12],"It":[2,4,7,10,12],"No":[3,8],"On":[3,4,6,7,8,12],"Or":[4,6],"That":7,"The":[0,3,6,7,11,12],"Then":[2,3,4,6,8,12],"These":[7,12],"To":[2,4,6,7,9,10,12],"With":7,"_":12,"_cluster":12,"_input":0,"abl":6,"abort":12,"about":[0,5,6],"abov":[2,12],"accept":[3,4,8,12],"access":[0,4,5,6,12],"access_key_id":12,"access_token":0,"accessright":12,"accident":[3,8],"account":[6,7,12],"acm":10,"acquir":12,"across":7,"action":[3,8],"activ":[4,5,6,12],"active_primary_shard":12,"active_shard":12,"actual":[3,10],"ad":[3,6,8,12],"add":[2,3,4,6,7,8,12],"addit":[3,8,12],"address":[0,2,3,4,7,8,10,12],"addresse":7,"adkim":10,"admin":[3,8,12],"administr":[3,8],"after":[0,2,4,12],"against":[3,8],"agari":5,"agent":4,"aggreg":[0,5,7,11,12],"aggregate_csv_filenam":[0,12],"aggregate_index":0,"aggregate_json_filenam":[0,12],"aggregate_report":0,"aggregate_top":12,"aggregate_url":12,"aggregatealign":0,"aggregateauthresult":0,"aggregateauthresultdkim":0,"aggregateauthresultspf":0,"aggregateidentifi":0,"aggregateparsedreport":0,"aggregatepolicyevalu":0,"aggregatepolicyoverridereason":0,"aggregatepolicypublish":0,"aggregaterecord":0,"aggregatereport":0,"aggregatereportmetadata":0,"aggress":12,"alia":12,"align":[5,7,10],"aliv":0,"all":[3,7,8,11,12],"allow":[2,3,8,12],"allow_unencrypted_storag":12,"allowremot":2,"alreadi":12,"alreadysav":0,"also":[2,3,7,8,12],"alter":[3,8],"altern":[5,12],"although":11,"alwai":[0,2,4,12],"always_use_local_fil":[0,12],"amount":12,"an":[0,3,5,7,8,10,12],"analyt":12,"analyz":12,"ani":[0,3,7,8,12],"anonym":10,"anoth":[6,12],"answer":[0,12],"apach":5,"api":[2,4,5,12],"api_kei":[0,12],"app":12,"appear":12,"appendix":10,"appid":12,"appli":12,"applic":12,"applicationaccesspolici":12,"approach":12,"approxim":2,"apt":[2,4,6],"ar":[0,2,3,4,5,6,7,8,10,12],"archiv":[0,12],"archive_fold":[0,12],"argument":12,"arriv":12,"arrival_d":10,"arrival_date_utc":10,"artifact":4,"ask":3,"asmx":2,"asn":6,"aspf":10,"assign":4,"associ":0,"attach":[0,3,8,10,12],"attachment_filenam":0,"attempt":12,"attribut":6,"auth":[0,2,10,12],"auth_failur":10,"auth_method":12,"auth_mod":12,"auth_result":10,"auth_typ":[0,12],"authent":[0,2,3,4,7,12],"authentication_mechan":10,"authentication_result":10,"authentication_typ":12,"auto":2,"avoid":[7,12],"aw":[0,12],"aws_region":[0,12],"aws_servic":[0,12],"awssigv4":[0,12],"azur":12,"b":[6,10],"b2c":7,"back":12,"backfil":12,"backlog":12,"backward":12,"base":[0,2,3,4,7,8,10],"base64":0,"base_domain":[0,10],"basic":[0,2,12],"batch":12,"batch_siz":[0,12],"bcc":[0,10],"bd6e1bb5":10,"becaus":[2,3,7,8,12],"becom":12,"been":[0,7,12],"befor":[0,12],"begin_d":10,"behind":6,"being":0,"below":[3,8,12],"benefit":5,"best":7,"between":[4,7,12],"beyond":0,"bin":[2,4,6,12],"binari":0,"binaryio":0,"bind":2,"bindaddress":2,"blank":[3,8],"block":[2,12],"bodi":[0,3,8,10,12],"bool":[0,12],"both":12,"brand":[5,7],"break":[3,4,8],"browser":4,"bucket":12,"bug":5,"build":6,"built":0,"bundl":0,"busi":7,"buster":6,"button":[3,8],"byte":0,"c":[10,12],"ca":[4,12],"cach":[0,12],"cafile_path":12,"call":[7,12],"callabl":0,"callback":0,"came":[3,8],"can":[0,2,3,4,5,6,7,8,12],"cannot":[6,12],"case":[2,3,8],"catch":12,"caus":[3,4,7,8],"cc":[0,10],"center":7,"cento":[4,6],"cert":[4,12],"cert_path":12,"certain":[0,12],"certfile_path":12,"certif":[0,4,12],"certificate_password":12,"certificate_path":12,"cest":10,"chain":0,"chang":[4,7,11,12],"charact":[2,12],"charset":10,"chart":7,"check":[0,2,3,4,6,12],"check_timeout":[0,12],"checkbox":4,"checkdmarc":3,"chines":7,"chmod":[2,4,12],"choos":[3,8],"chown":[2,12],"cisco":12,"citi":6,"class":0,"clear":0,"cli":5,"click":[4,7],"client":[2,3,4,8,12],"client_id":12,"client_secret":12,"clientsecret":12,"clientsotimeout":2,"close":[0,12],"cloud":12,"cloudflar":[0,12],"cluster":[4,12],"co":4,"code":[0,4,12],"collect":[7,12],"collector":[11,12],"com":[1,2,3,8,9,10,12],"come":7,"comma":[6,12],"command":[2,3,8,12],"comment":12,"commerci":[4,5],"common":[3,4,6,8],"commun":[3,8],"compat":12,"complet":[3,4,12],"compli":[3,4,6,8,9],"compliant":[3,8],"compon":6,"compress":5,"conf":6,"config":[0,2,6],"config_fil":12,"config_reload":0,"configur":[3,4,5,6,7,8,9],"conform":4,"connect":[0,2,4,12],"connexion":4,"consid":[5,7],"consist":[0,5,10],"consol":[4,12],"consolid":7,"consum":[7,12],"contact":7,"contain":[0,7,11,12],"content":[0,3,8,10,11],"contrib":6,"contribut":5,"control":4,"convent":12,"convert":[0,3,8],"convert_outlook_msg":0,"copi":[0,6,11],"core":[3,8],"correct":6,"correctli":[7,12],"could":[3,4,8,12],"count":[2,10],"countri":[0,6,7,10],"crash":[2,4,12],"creat":[0,2,3,4,6,8,12],"create_fold":0,"create_index":0,"creativ":6,"credenti":[6,12],"credentials_fil":12,"cron":6,"crt":4,"csr":4,"csv":[0,5,12],"cumul":6,"current":[2,4,12],"custom":[7,12],"d":[0,4,12],"daemon":[2,4,12],"dai":[0,4,9,12],"daili":[0,12],"dashboard":[4,5,9,11],"dat":0,"data":[0,4,5,7,9,11,12],"databas":6,"date":[0,3,8,10],"date_utc":10,"datetim":0,"davmail":5,"db_path":0,"dbip":[0,12],"dce":12,"dcr":12,"dcr_aggregate_stream":12,"dcr_forensic_stream":12,"dcr_immutable_id":12,"dcr_smtp_tls_stream":12,"dd":0,"de":10,"dearmor":4,"deb":4,"debian":[4,5,6],"debug":12,"decemb":6,"decod":0,"decode_base64":0,"default":[0,2,4,5,6,7,12],"defens":5,"delai":[2,10,12],"deleg":12,"delegated_us":12,"delet":[0,2,4,12],"delivery_result":10,"demystifi":3,"depend":[4,5,12],"deploi":[3,8],"deploy":12,"describ":12,"descript":[2,6,12],"destin":[0,12],"detail":[6,7,12],"dev":[6,12],"devel":6,"develop":5,"devicecod":12,"di":10,"dict":0,"dictionari":0,"differ":[6,7,12],"difficult":12,"digest":[3,8],"directori":[0,12],"disabl":[2,12],"disclaim":[3,8],"disk":12,"displai":[3,7,11],"display_nam":10,"disposit":[7,10],"distribut":6,"dkim":[5,7,8,10],"dkim_align":10,"dkim_domain":10,"dkim_result":10,"dkim_selector":10,"dkm":3,"dmarc":[0,4,6,8,9,10,11,12],"dmarc_aggreg":4,"dmarc_align":10,"dmarc_forens":4,"dmarc_moderation_act":[3,8],"dmarc_none_moderation_act":[3,8],"dmarc_quarantine_moderation_act":[3,8],"dmarcian":5,"dmarcresport":12,"dn":[0,3,7,12],"dnf":6,"dns_test_address":12,"dns_timeout":[0,12],"do":[0,2,6,7,12],"doc":9,"doctyp":10,"document":[2,12],"doe":[3,8],"domain":[0,4,7,8,10,12],"domainawar":[1,3,12],"don":3,"down":[7,12],"download":[0,2,4,6,12],"downloaderror":0,"draft":[5,10],"dtd":10,"dummi":12,"dure":[2,12],"e":[0,2,3,4,6,8,12],"e7":10,"each":[4,6,9,11,12],"earlier":7,"easi":[4,9],"easier":[11,12],"echo":4,"edit":[2,6,12],"editor":11,"effect":12,"effici":4,"either":[5,12],"elast":[4,5],"elasticsearch":[0,5,12],"elasticsearcherror":0,"elk":12,"els":4,"email":[0,3,5,6,7,8,10,11,12],"email_result":0,"emailaddress":0,"emailattach":0,"emailparsererror":0,"empti":[3,8],"en":[3,4,8,10],"enabl":[2,4,12],"enableew":2,"enablekeepal":2,"enableproxi":2,"encod":[0,10,12],"encount":0,"encrypt":[4,12],"encryptedsavedobject":4,"encryptionkei":4,"end":[3,4,5],"end_dat":10,"endpoint":12,"endpoint_url":12,"enforc":[3,8],"enough":12,"enrol":4,"ensur":[3,6,8],"entir":[3,7,8,12],"envelop":3,"envelope_from":10,"envelope_to":10,"environ":[5,6],"eol":5,"error":[0,10,12],"escap":12,"especi":[7,12],"etc":[2,3,4,6,8,12],"even":[2,3,8,12],"event":[2,11,12],"everi":[2,6,12],"ew":5,"ex":12,"exactli":[3,8],"exampl":[3,4,6,8,10],"except":[0,12],"exchang":[2,10,12],"exclud":2,"execreload":12,"execstart":[2,12],"exist":[0,3,4,8,12],"exit":12,"expiringdict":0,"explain":[3,8],"explicit":[3,8],"explicitli":6,"export":[4,12],"extract":[0,2],"extract_report":0,"extract_report_from_file_path":0,"ey":[2,12],"f":4,"factor":2,"fail":[0,3,7,8,10,12],"fail_on_output_error":12,"failed_session_count":10,"failur":[0,5,7,10,12],"failure_detail":10,"fall":12,"fallback":[0,6],"fals":[0,2,6,10,12],"fantast":[3,8],"faster":12,"featur":[4,12],"feedback":0,"feedback_report":0,"feedback_typ":10,"fetch":[0,12],"few":[7,12],"field":4,"file":[0,2,5,6,11],"file_path":[0,12],"filenam":[0,12],"filename_safe_subject":10,"filepath":12,"fill":[4,6],"filter":[3,7,8,11],"financ":12,"find":[3,7,8,12],"fine":[3,8],"finish":12,"first":[0,3,6,8,12],"first_strip_reply_to":[3,8],"fit":[3,8,12],"fix":4,"flag":[0,2,12],"flat":0,"flexibl":11,"flight":12,"float":[0,12],"fo":10,"folder":[0,2,12],"foldersizelimit":2,"follow":[2,4,5,12],"footer":[3,8],"forens":[0,5,11,12],"forensic_csv_filenam":[0,12],"forensic_index":0,"forensic_json_filenam":[0,12],"forensic_report":0,"forensic_top":12,"forensic_url":12,"forensicparsedreport":0,"forensicreport":0,"format":[0,6,12],"forward":[3,7,8],"found":[0,6,12],"foundat":10,"fqdn":4,"fraud":5,"free":6,"friendli":7,"from":[0,2,3,4,5,6,7,8,10,12],"from_is_list":[3,8],"ftp_proxi":6,"full":12,"fulli":[3,8,12],"function":0,"further":7,"g":[0,2,3,4,8,12],"gatewai":2,"gb":4,"gdpr":[4,9],"gelf":12,"gener":[3,4,6,8,10,12],"geoip":[6,12],"geolite2":6,"geoloc":[0,12],"get":[0,2,4,6,12],"get_base_domain":0,"get_dmarc_reports_from_mailbox":0,"get_dmarc_reports_from_mbox":0,"get_filename_safe_str":0,"get_ip_address_countri":0,"get_ip_address_info":0,"get_report_zip":0,"get_reverse_dn":0,"get_service_from_reverse_dns_base_domain":0,"github":[1,6,10,12],"give":[0,4],"given":[0,12],"glass":7,"gmail":[5,7,12],"gmail_api":12,"go":[3,8],"goe":[3,8],"googl":[7,12],"googleapi":12,"got":12,"gov":12,"gpg":4,"grafana":5,"grant":12,"graph":[2,5,7,12],"graph_url":12,"group":[2,7,12],"guid":[4,5],"guidanc":12,"gzip":[0,5],"h":[0,12],"ha":[0,4,7,12],"hamburg":4,"hand":[3,8],"handl":[5,12],"hard":12,"has_defect":10,"have":[3,4,6,7,8,11,12],"head":10,"header":[0,3,7,8,10,12],"header_from":10,"headless":2,"health":12,"healthcar":12,"heap":4,"heavi":[4,12],"hec":[0,11,12],"hecclient":0,"hectokengoesher":12,"help":5,"here":[3,8,10],"hh":0,"hi":[3,8],"high":[7,12],"higher":[3,8],"highli":12,"histori":12,"hop":10,"host":[0,2,3,4,5,8,12],"hostnam":[0,12],"hour":[0,12],"hover":7,"howev":6,"href":10,"html":[3,4,8,10],"http":[0,1,2,3,4,6,8,9,10,11,12],"http_proxi":6,"https_proxi":6,"human":[0,7],"human_timestamp":0,"human_timestamp_to_datetim":0,"human_timestamp_to_unix_timestamp":0,"hup":12,"i":[0,2,3,4,5,6,7,8,10,12],"icon":7,"id":[3,8,10,12],"ideal":[3,8],"ident":[3,8,12],"identifi":10,"idl":[0,2,12],"imag":12,"imap":[0,2,5,12],"imap_password":12,"imapalwaysapproxmsgs":2,"imapautoexpung":2,"imapcli":5,"imapidledelai":2,"imapport":2,"immedi":2,"immut":12,"impli":12,"import":[4,7,12],"improv":12,"inbox":[0,3,5,8,12],"inc":10,"includ":[0,3,6,7,8,12],"include_list_post_head":[3,8],"include_rfc2369_head":[3,8],"include_sender_head":[3,8],"include_spam_trash":12,"incom":[7,12],"incorrect":12,"increas":[4,12],"increment":12,"indent":12,"index":[0,5,9,11,12],"index_prefix":[0,12],"index_prefix_domain_map":12,"index_suffix":[0,12],"indic":[3,5],"individu":12,"industri":12,"inform":[0,4,6,7,12],"infrequ":12,"ingest":12,"ini":[2,12],"initi":0,"input":0,"input_":0,"insid":6,"instal":[2,5,12],"installed_app":12,"instanc":12,"instead":[0,3,6,8,12],"int":[0,12],"intend":[3,8],"interact":[2,4],"interakt":10,"interfer":[3,8],"intern":6,"interrupt":12,"interv":12,"interval_begin":10,"interval_end":10,"invalid":0,"invalidaggregatereport":0,"invaliddmarcreport":0,"invalidforensicreport":0,"invalidsmtptlsreport":0,"io":[0,12],"ip":[0,3,4,6,7,12],"ip_address":[0,10],"ip_db_path":[0,6,12],"ipaddressinfo":0,"ipdb":6,"ipsourceinfo":0,"ipv4":0,"ipv6":0,"is_mbox":0,"is_outlook_msg":0,"iso":0,"issu":1,"its":12,"java":2,"job":[3,6,8],"joe":[3,8],"journalctl":[2,12],"jre":2,"json":[0,5,12],"june":5,"just":7,"jvm":4,"kafka":[5,12],"kb4099855":6,"kb4134118":6,"kb4295699":6,"keep":[0,12],"keep_al":0,"keepal":2,"kei":[0,3,4,6,12],"keyfile_path":12,"keyout":4,"keyr":4,"keystor":4,"kibana":[5,11],"kill":12,"kind":12,"know":3,"known":[3,7,8,12],"label":12,"languag":[3,8],"larg":[2,12],"larger":12,"later":[4,6,12],"latest":[2,4,6,9,12],"layer":0,"layout":11,"leak":7,"least":[4,6,12],"leav":3,"left":7,"legal":[3,8],"legitim":[7,12],"less":12,"level":[3,4,12],"libemail":6,"libxml2":6,"libxslt":6,"licens":6,"life":5,"like":[0,3,6,8,12],"limit":[0,2,12],"line":[3,8,12],"link":[3,4,7,8],"linux":[3,6,8],"list":[0,2,4,5,7,12],"listen":[2,12],"lite":6,"ll":[3,8],"load":[0,4,12],"load_reverse_dns_map":0,"local":[0,2,4,10,12],"local_file_path":0,"local_reverse_dns_map_path":12,"localhost":12,"locat":[6,7,12],"log":[2,12],"log_analyt":12,"log_fil":12,"logger":12,"login":4,"logstash":4,"long":[3,12],"longer":[3,8],"look":[3,7],"lookup":0,"loopback":2,"lot":7,"low":12,"lower":12,"lua":10,"m":[0,6,10,12],"m365":12,"maco":6,"magnifi":7,"mai":[5,7,12],"maidir":12,"mail":[0,5,6,10,12],"mail_bcc":0,"mail_cc":0,"mail_from":0,"mail_to":0,"mailbox":[0,7,12],"mailbox_connect":0,"mailboxconnect":0,"maildir":12,"maildir_cr":12,"maildir_path":12,"mailer":10,"mailrelai":10,"mailto":6,"main":4,"mainpid":12,"maintain":5,"make":[0,3,4,8,9,12],"malici":[7,12],"manag":[4,12],"manual":12,"map":0,"market":7,"massiv":12,"match":[0,4,11,12],"max_ag":10,"max_shards_per_nod":12,"maximum":4,"maxmind":[0,6,12],"mbox":[0,12],"mean":12,"mechan":3,"member":[3,8],"memori":12,"mention":7,"menu":[4,7],"messag":[0,2,3,4,6,7,8,10,12],"message_id":10,"meta":10,"method":12,"mfrom":10,"microsoft":[2,5,10,12],"might":[0,3,7,8],"migrate_index":0,"mime":10,"minimum":4,"minut":[0,2,12],"miss":12,"mitig":[3,8],"mkdir":6,"mm":0,"mmdb":[0,12],"mobil":[3,8],"mode":[0,2,4,10],"modern":[2,3,8],"modifi":[0,3,8,12],"modul":[0,5,12],"mon":10,"monitor":[3,12],"monthli":[0,12],"monthly_index":[0,12],"more":[0,4,6,11,12],"most":[3,4,7,8,12],"mous":7,"move":[0,4,12],"msg":[0,6],"msg_byte":0,"msg_date":0,"msg_footer":[3,8],"msg_header":[3,8],"msgconvert":[0,6],"msgraph":12,"much":12,"multi":[2,5],"multipl":12,"mung":[3,8],"must":[2,3,8,12],"mutual":[4,12],"mv":4,"mx":10,"my":[5,12],"n":[10,12],"n_proc":12,"name":[0,3,4,7,10,11],"nameserv":[0,12],"nano":[2,12],"nation":12,"navig":[3,6,8],"ncontent":10,"ndate":10,"ndjson":4,"need":[2,3,4,6,7,8,12],"neither":12,"nelson":[3,8],"net":[2,12],"network":[2,4,12],"new":[0,2,3,6,7,12],"newer":6,"newest":[2,12],"newkei":4,"next":[0,12],"nfrom":10,"nmessag":10,"nmime":10,"node":4,"non":[3,8,12],"none":[0,3,10,12],"noproxyfor":2,"nor":12,"norepli":[3,10],"normal":[0,10,12],"normalize_timespan_threshold_hour":0,"normalized_timespan":10,"nosecureimap":2,"notabl":7,"note":12,"notic":12,"now":[4,7],"nsubject":10,"nto":10,"null":10,"number":[0,12],"number_of_replica":[0,12],"number_of_shard":[0,12],"nwettbewerb":10,"nx":10,"o":[0,2,4,12],"oauth2":12,"oauth2_port":12,"object":[0,4],"observ":7,"occur":[0,7],"occurr":11,"oct":10,"offic":2,"office365":2,"offlin":[0,12],"often":[7,12],"ol":[0,6],"old":7,"older":[6,10],"oldest":[2,12],"onc":[6,12],"ondmarc":5,"one":[0,3,5,8,12],"ones":12,"onli":[2,3,6,7,8],"onlin":[0,2,12],"oor":0,"open":3,"opendn":12,"opensearch":[5,12],"opensearcherror":0,"openssl":4,"oper":12,"opt":[2,6,12],"option":[0,2,3,4,5,8,11,12],"order":[6,12],"org":[0,6,9,10,12],"org_email":10,"org_extra_contact_info":10,"org_nam":10,"organ":[2,5,7,12],"organization_nam":10,"origin":[3,8,12],"original_envelope_id":10,"original_mail_from":10,"original_rcpt_to":10,"original_timespan_second":10,"other":[0,3,4,7,8],"otherwis":12,"our":7,"out":[3,4,7],"outdat":7,"outgo":[3,8,12],"outlook":[0,2,6],"output":[0,5,12],"output_directori":0,"outsid":12,"over":[2,5,7,12],"overrid":[0,12],"overridden":6,"overwrit":4,"owa":5,"own":[7,11],"p":[3,6,10],"p12":4,"pack":4,"packag":[0,4],"pad":0,"page":[3,4,6,7,8],"paginate_messag":12,"pan":10,"parallel":12,"paramet":0,"parent":7,"pars":[0,3,5,6,10,12],"parse_aggregate_report_fil":0,"parse_aggregate_report_xml":0,"parse_email":0,"parse_forensic_report":0,"parse_report_email":0,"parse_report_fil":0,"parse_smtp_tls_report_json":0,"parsed_aggregate_reports_to_csv":0,"parsed_aggregate_reports_to_csv_row":0,"parsed_forensic_reports_to_csv":0,"parsed_forensic_reports_to_csv_row":0,"parsed_sampl":10,"parsed_smtp_tls_reports_to_csv":0,"parsed_smtp_tls_reports_to_csv_row":0,"parsedemail":0,"parsedmarc":[4,9,10,11],"parsedmarc_":12,"parsedmarc_config_fil":12,"parsedmarc_elasticsearch_":12,"parsedmarc_elasticsearch_host":12,"parsedmarc_elasticsearch_ssl":12,"parsedmarc_gelf_":12,"parsedmarc_general_":12,"parsedmarc_general_debug":12,"parsedmarc_general_offlin":12,"parsedmarc_general_save_aggreg":12,"parsedmarc_general_save_forens":12,"parsedmarc_gmail_api_":12,"parsedmarc_imap_":12,"parsedmarc_imap_host":12,"parsedmarc_imap_password":12,"parsedmarc_imap_us":12,"parsedmarc_kafka_":12,"parsedmarc_log_analytics_":12,"parsedmarc_mailbox_":12,"parsedmarc_mailbox_watch":12,"parsedmarc_maildir_":12,"parsedmarc_msgraph_":12,"parsedmarc_opensearch_":12,"parsedmarc_s3_":12,"parsedmarc_smtp_":12,"parsedmarc_splunk_hec_":12,"parsedmarc_splunk_hec_index":12,"parsedmarc_splunk_hec_token":12,"parsedmarc_splunk_hec_url":12,"parsedmarc_syslog_":12,"parsedmarc_webhook_":12,"parser":0,"parsererror":0,"parsingresult":0,"part":[3,4,7,8],"particular":7,"particularli":12,"pass":[3,7,10],"passag":7,"passsword":12,"password":[0,4,6,12],"past":[4,11],"patch":6,"path":[0,4,12],"pathlik":0,"pattern":[5,7],"payload":[0,12],"pct":10,"peak":12,"pem":12,"per":12,"percentag":7,"perform":[2,5],"period":12,"perl":[0,6],"permiss":[4,12],"persist":12,"peter":10,"pick":12,"pie":7,"pip":6,"pkcs12":12,"place":[0,4,7,12],"plain":0,"plaintext":[3,8],"platform":[3,8],"pleas":[1,5,12],"plu":7,"point":12,"polici":[3,8,10,12],"policy_domain":10,"policy_evalu":10,"policy_override_com":10,"policy_override_reason":10,"policy_publish":10,"policy_str":10,"policy_typ":10,"policyscopegroupid":12,"poll":[2,12],"popul":0,"port":[0,2,12],"posit":12,"possibl":12,"post":[3,8,12],"poster":[3,8],"postoriu":[3,8],"powershel":12,"ppa":6,"practic":12,"pre":[6,12],"predict":12,"prefer":[2,6,12],"prefix":[0,3,8,12],"premad":[5,11],"prerequisit":5,"present":12,"pressur":12,"pretti":12,"prettifi":12,"previou":[0,2,4,12],"previous":[4,7],"print":12,"printabl":10,"prioriti":12,"privaci":[3,6,7,8,12],"privat":12,"process":[0,2,5,6,12],"produc":10,"program":12,"programdata":6,"progress":12,"project":[0,2,3,5,11],"prompt":4,"proofpoint":5,"properti":2,"protect":[2,3,5,8,12],"protocol":12,"provid":[4,7,12],"prox":6,"proxi":2,"proxyhost":2,"proxypassword":2,"proxyport":2,"proxyus":2,"pry":[2,12],"psl_overrid":0,"public":[0,3,10,12],"public_suffix_list":0,"publicbaseurl":4,"publicsuffix":0,"publish":[3,12],"put":[4,12],"python":[0,6],"python3":6,"python39":6,"qo":4,"quarantin":[3,8],"queri":[0,12],"query_dn":0,"quickstart":12,"quot":10,"r":[2,6,10,12],"rais":0,"ram":[4,12],"rather":[3,8,12],"raw":12,"re":12,"read":[0,12],"readabl":0,"readwrit":12,"realli":3,"reason":[0,2,4,5,12],"receiv":[0,10,12],"receiving_ip":10,"receiving_mx_hostnam":10,"recipi":7,"recogn":7,"recommend":12,"record":[0,5,6,10],"record_typ":0,"reduc":12,"refer":[4,5],"referenc":12,"regard":12,"regardless":10,"region":[0,12],"region_nam":12,"regist":6,"registr":12,"regul":[4,6,9,12],"regular":[3,8],"reject":[3,8],"relai":[3,8],"relat":[3,12],"releas":[4,6],"reli":7,"reliabl":12,"reload":[0,2,4],"remain":[7,12],"remot":2,"remov":[0,3,4,8,12],"repeat":[3,8],"replac":[0,3,4,8,12],"repli":[2,3,8],"replica":[0,12],"reply_goes_to_list":[3,8],"reply_to":10,"replyto":[3,8],"repopul":0,"report":[0,4,7,11,12],"report_id":10,"report_metadata":10,"report_typ":0,"reported_domain":10,"reports_fold":[0,12],"repositori":[6,11],"req":4,"request":[0,2,4,12],"requir":[0,2,3,4,5,6,8,12],"require_encrypt":0,"reserv":12,"resid":12,"resolv":[0,12],"resourc":[0,4,5,12],"respons":[0,12],"restart":[2,3,4,8],"restartsec":[2,12],"restor":4,"restrict":12,"restrictaccess":12,"result":[0,5,7,10,12],"result_typ":10,"resum":12,"retain":[3,8,12],"retent":5,"retri":12,"retriev":2,"retry_attempt":12,"retry_delai":12,"return":0,"revers":[0,7,12],"reverse_dn":[0,10],"reverse_dns_base_domain":0,"reverse_dns_map":0,"reverse_dns_map_path":0,"reverse_dns_map_url":[0,12],"reversednsservic":0,"review":7,"rewrit":[3,8],"rfc":[0,3,8,10],"rfc2369":[3,8],"rfc822":2,"rhel":[4,5,6],"right":[4,7],"rm":4,"ro":0,"rollup":6,"root":[2,12],"rpm":4,"rsa":4,"rua":[5,6],"ruf":[5,6,7,12],"rule":[7,12],"run":[0,4,5,6],"rw":[2,12],"s3":12,"safe":0,"safer":12,"same":[3,4,6,7,11,12],"sampl":[0,5,12],"sample_headers_onli":10,"save":[0,4,6,12],"save_aggreg":12,"save_aggregate_report_to_elasticsearch":0,"save_aggregate_report_to_opensearch":0,"save_aggregate_reports_to_splunk":0,"save_forens":12,"save_forensic_report_to_elasticsearch":0,"save_forensic_report_to_opensearch":0,"save_forensic_reports_to_splunk":0,"save_output":0,"save_smtp_tl":12,"save_smtp_tls_report_to_elasticsearch":0,"save_smtp_tls_report_to_opensearch":0,"save_smtp_tls_reports_to_splunk":0,"schedul":[6,12],"schema":10,"scope":[10,12],"scrub_nondigest":[3,8],"search":[0,3,8,12],"second":[0,2,12],"secret":12,"secret_access_kei":12,"secur":[0,4,12],"see":[2,3,4,7,12],"segment":7,"select":[0,6],"selector":10,"self":[4,5],"send":[0,2,3,4,5,7,8,11,12],"sender":[5,7,8],"sending_mta_ip":10,"sensit":12,"sent":[3,8,12],"separ":[3,4,6,7,9,11,12],"server":[0,2,3,4,6,7,10,12],"server_ip":4,"servernameon":10,"servic":[0,3,4,5,7,8],"service_account":12,"service_account_us":12,"session":[0,7],"set":[0,2,3,4,6,7,8,9,12],"set_host":0,"setup":[4,9,12],"setuptool":6,"shard":[0,12],"share":[4,12],"sharepoint":10,"should":[3,6,7,8,12],"shouldn":[3,8],"show":[2,7,12],"shown":12,"side":7,"sighup":[0,12],"sign":[0,3,4,6,12],"signal":12,"signatur":[3,7,8],"sigv4":[0,12],"silent":12,"similar":7,"simpl":5,"simplifi":0,"sinc":[0,12],"singl":[0,12],"sink":12,"sister":3,"size":[2,4],"skip":[0,12],"skip_certificate_verif":[0,12],"slightli":11,"small":4,"smaller":12,"smtp":[0,3,5,7,12],"smtp_tl":[0,12],"smtp_tls_csv_filenam":[0,12],"smtp_tls_json_filenam":[0,12],"smtp_tls_report":0,"smtp_tls_url":12,"smtptlsfailuredetail":0,"smtptlsfailuredetailsopt":0,"smtptlsparsedreport":0,"smtptlspolici":0,"smtptlspolicysummari":0,"smtptlsreport":0,"so":[3,6,7,8,12],"socket":2,"solut":6,"some":[0,2,3,4,7,8],"someon":4,"sometim":12,"sort":[7,12],"sourc":[0,3,4,6,7,10],"source_base_domain":10,"source_countri":10,"source_ip_address":10,"source_nam":10,"source_reverse_dn":10,"source_typ":10,"sourceforg":2,"sp":[3,10],"spam":12,"special":12,"specif":[3,12],"specifi":[2,3],"spf":[7,10],"spf_align":10,"spf_domain":10,"spf_result":10,"spf_scope":10,"splunk":[5,12],"splunk_hec":12,"splunkerror":0,"splunkhec":12,"sponsor":5,"spoof":[3,8],"ss":0,"ssl":[0,2,4,12],"ssl_cert_path":0,"st":[10,12],"stabl":4,"stack":[4,12],"standard":[0,5,10],"start":[0,2,4,6,7,9,11,12],"starttl":12,"static":6,"statu":[2,12],"stdout":12,"step":[3,4,8],"still":[3,6,8,10,12],"storag":[0,12],"store":[2,4,9],"str":[0,12],"stream":12,"string":0,"strip":[3,8,12],"strip_attachment_payload":[0,12],"strongli":12,"structur":5,"stsv1":10,"subdomain":[0,3,12],"subject":[0,3,8,10,12],"subject_prefix":[3,8],"subsidiari":7,"success":12,"successful_session_count":10,"sudo":[2,4,6,12],"suffix":[0,12],"suggest":7,"suitabl":0,"summari":[3,5,8],"supervis":12,"suppli":[0,7,12],"support":[2,5,10,11],"sure":[4,6],"sw50zxjha3rpdmugv2v0dgjld2vyymvylcocymvyc2ljahq":10,"switch":7,"syslog":[2,12],"system":[2,3,4,6,8,12],"systemctl":[2,4,12],"systemd":5,"systemdr":6,"t":[5,8,12],"tab":[3,4,8],"tabl":[5,7],"tag":6,"take":12,"target":[2,12],"task":6,"tby":10,"tcp":12,"tee":4,"tell":[3,6,7,8],"templat":[3,8],"temporari":7,"tenant":5,"tenant_id":12,"term":6,"test":[0,10,12],"text":[0,10],"than":[3,4,8,12],"thank":10,"thei":[3,6,7,8,12],"theirs":3,"them":[0,4,7,12],"therebi":[3,8],"thi":[0,2,3,4,5,6,7,8,10,12],"those":[6,12],"thousand":12,"three":7,"through":3,"throughput":12,"time":[0,2,4,6,7,12],"timeout":[0,2,12],"timespan":0,"timespan_requires_norm":10,"timestamp":0,"timestamp_to_datetim":0,"timestamp_to_human":0,"timezon":10,"tl":[0,5,12],"tld":3,"to_domain":10,"to_utc":0,"token":[0,4,12],"token_fil":12,"tool":[6,12],"top":[3,7],"topic":12,"touch":[3,8],"tracker":1,"trade":12,"tradit":[3,8],"trail":12,"transfer":10,"transpar":5,"transport":[4,12],"trash":12,"tri":0,"true":[0,2,4,10,12],"trust":12,"truststor":4,"try":12,"tuesdai":6,"tune":5,"two":6,"txt":0,"type":[5,10,12],"typo":12,"u":[2,6,10,12],"ubuntu":[4,6],"udp":12,"ui":[3,8],"uncondition":[3,8],"under":[4,6,7],"underli":0,"underneath":7,"underscor":12,"understand":[5,7],"unencrypt":12,"unfortun":[3,8],"unit":[0,2,12],"unix":0,"unknown":0,"unreach":12,"unsubscrib":[3,8],"until":[0,5,12],"unzip":2,"up":[0,2,4,6,7,9,12],"updat":[0,4,6,12],"upersecur":12,"upgrad":[2,5,6,12],"upload":12,"upper":7,"uppercas":12,"uri":6,"url":[0,2,12],"us":[0,3,4,5,8,10],"usag":12,"use_ssl":0,"user":[2,3,4,6,8,10,12],"user_ag":10,"useradd":[2,6],"usernam":[0,12],"usernamepassword":12,"usesystemproxi":2,"usr":4,"utc":0,"utf":10,"util":5,"v":[6,12],"valid":[0,7,10,12],"valimail":5,"valu":[0,3,4,7,8,12],"var":[3,8,12],"variabl":5,"variou":6,"vendor":3,"venv":[6,12],"verbos":12,"veri":[4,7,12],"verif":[0,4,12],"verifi":0,"verification_mod":4,"version":[2,4,5,6,9,10,11,12],"vew":2,"via":[0,2],"view":[7,12],"vim":4,"virtualenv":6,"visual":[4,9],"volum":[7,12],"vulner":3,"w":[0,12],"w3c":10,"wa":[3,4,6,8],"wai":[4,7],"wait":[0,12],"want":[2,12],"wantedbi":[2,12],"warn":12,"watch":[0,2,4,12],"watch_inbox":0,"watcher":12,"web":[2,4],"webdav":2,"webhook":12,"webmail":[3,7,8],"week":[0,12],"weekli":6,"well":[2,12],"were":[7,12],"wettbewerb":10,"wget":4,"whalensolut":12,"what":5,"when":[0,3,5,7,8,12],"whenev":[0,2,12],"where":[0,2,3,8,12],"wherea":7,"wherev":12,"whether":0,"which":[2,4,5,7,12],"while":[7,12],"who":7,"why":[3,7],"wide":[6,10,12],"wiki":10,"window":[6,12],"without":[3,4,7,8],"won":5,"work":[2,3,5,6,7,8,12],"worker":12,"workstat":2,"worst":3,"would":[3,6,8],"wrap":[3,8],"write":12,"www":[4,6,12],"x":[4,10],"x509":4,"xennn":10,"xml":[0,11],"xml_schema":10,"xms4g":4,"xmx4g":4,"xpack":4,"xxxx":4,"y":[4,6],"yahoo":7,"yaml":12,"ye":[3,8],"year":12,"yet":3,"yml":4,"you":[2,3,4,5,6,7,8,12],"your":[3,4,5,6,7,8,11,12],"yyyi":0,"zero":12,"zip":[0,2,5,12],"\u00fcbersicht":10},"titles":["API reference","Contributing to parsedmarc","Accessing an inbox using OWA/EWS","Understanding DMARC","Elasticsearch and Kibana","parsedmarc documentation - Open source DMARC report analyzer and visualizer","Installation","Using the Kibana dashboards","What about mailing lists?","OpenSearch and Grafana","Sample outputs","Splunk","Using parsedmarc"],"titleterms":{"2":[3,8],"3":[3,8],"about":[3,8],"access":2,"aggreg":10,"align":3,"an":2,"analyz":[5,6],"api":0,"best":[3,8],"bug":1,"cli":12,"compat":5,"compos":12,"config":12,"configur":[2,12],"content":5,"contribut":1,"csv":10,"dashboard":7,"davmail":2,"depend":6,"dkim":3,"dmarc":[3,5,7],"do":[3,8],"docker":12,"document":5,"domain":3,"elast":0,"elasticsearch":4,"env":12,"environ":12,"ew":2,"exampl":12,"exchang":6,"featur":5,"file":12,"forens":[7,10],"geoipupd":6,"grafana":9,"guid":3,"help":12,"inbox":2,"index":4,"indic":0,"instal":[4,6,9],"json":10,"kibana":[4,7],"list":[3,8],"listserv":[3,8],"lookalik":3,"mail":[3,8],"mailman":[3,8],"map":12,"microsoft":6,"mode":12,"multi":12,"multipl":6,"name":12,"onli":12,"open":5,"opensearch":[0,9],"option":6,"output":10,"owa":2,"parsedmarc":[0,1,2,5,6,12],"pattern":4,"perform":12,"practic":[3,8],"prerequisit":6,"proxi":6,"python":5,"record":[3,4,9],"refer":0,"reload":12,"report":[1,5,6,10],"resourc":3,"restart":12,"retent":[4,9],"run":[2,12],"sampl":[7,10],"section":12,"sender":3,"servic":[2,12],"setup":6,"smtp":10,"sourc":5,"specifi":12,"spf":3,"splunk":[0,11],"summari":7,"support":[3,12],"systemd":[2,12],"t":3,"tabl":0,"tenant":12,"test":6,"tl":10,"tune":12,"type":0,"understand":3,"upgrad":4,"us":[2,6,7,12],"util":0,"valid":3,"variabl":12,"via":12,"visual":5,"web":6,"what":[3,8],"without":12,"won":3,"workaround":[3,8]}}) \ No newline at end of file