4.2.0 - Save each aggregate report record as a separate Splunk event

This commit is contained in:
Sean Whalen
2018-10-08 14:22:43 -04:00
parent 66af8e6090
commit f235149863
4 changed files with 13 additions and 7 deletions
+5
View File
@@ -1,3 +1,8 @@
4.2.0
------
- Save each aggregate report record as a separate Splunk event
4.1.9
-----
+1 -1
View File
@@ -44,7 +44,7 @@ import imapclient.exceptions
import dateparser
import mailparser
__version__ = "4.1.9"
__version__ = "4.2.0"
logger = logging.getLogger(__name__)
logger.setLevel(logging.ERROR)
+6 -5
View File
@@ -93,11 +93,12 @@ class HECClient(object):
new_report["spf_results"] = record["auth_results"][
"spf"]
data["sourcetype"] = "dmarc:aggregate"
timestamp = human_timestamp_to_timestamp(new_report["begin_date"])
data["time"] = timestamp
data["event"] = new_report.copy()
json_str += "{0}\n".format(json.dumps(data))
data["sourcetype"] = "dmarc:aggregate"
timestamp = human_timestamp_to_timestamp(
new_report["begin_date"])
data["time"] = timestamp
data["event"] = new_report.copy()
json_str += "{0}\n".format(json.dumps(data))
try:
response = self.session.post(self.url, data=json_str).json()
except Exception as e:
+1 -1
View File
@@ -14,7 +14,7 @@ from setuptools import setup
from codecs import open
from os import path
__version__ = "4.1.9"
__version__ = "4.2.0"
description = "A Python package and CLI for parsing aggregate and " \
"forensic DMARC reports"