Source code for parsedmarc.splunk
-from urllib.parse import urlparse
+# -*- coding: utf-8 -*-
+
+from __future__ import annotations
+
+from typing import Any
+
+from collections import OrderedDict
+
+from urllib.parse import urlparse
import socket
import json
@@ -110,7 +118,13 @@
# http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector
def __init__(
- self, url, access_token, index, source="parsedmarc", verify=True, timeout=60
+ self,
+ url: str,
+ access_token: str,
+ index: str,
+ source: bool = "parsedmarc",
+ verify=True,
+ timeout=60,
):
"""
Initializes the HECClient
@@ -144,7 +158,9 @@
[docs]
- def save_aggregate_reports_to_splunk(self, aggregate_reports):
+ def save_aggregate_reports_to_splunk(
+ self, aggregate_reports: list[OrderedDict[str, Any]]
+ ):
"""
Saves aggregate DMARC reports to Splunk
@@ -210,7 +226,9 @@
[docs]
- def save_forensic_reports_to_splunk(self, forensic_reports):
+ def save_forensic_reports_to_splunk(
+ self, forensic_reports: list[OrderedDict[str, Any]]
+ ):
"""
Saves forensic DMARC reports to Splunk
@@ -247,7 +265,7 @@
[docs]
- def save_smtp_tls_reports_to_splunk(self, reports):
+ def save_smtp_tls_reports_to_splunk(self, reports: OrderedDict[str, Any]):
"""
Saves aggregate DMARC reports to Splunk
diff --git a/_modules/parsedmarc/utils.html b/_modules/parsedmarc/utils.html
index 7e7e543..f5f5c5c 100644
--- a/_modules/parsedmarc/utils.html
+++ b/_modules/parsedmarc/utils.html
@@ -80,7 +80,13 @@
Source code for parsedmarc.utils
-"""Utility functions that might be useful for other projects"""
+# -*- coding: utf-8 -*-
+
+"""Utility functions that might be useful for other projects"""
+
+from __future__ import annotations
+
+from typing import Optional, Union
import logging
import os
@@ -88,6 +94,7 @@
from datetime import timezone
from datetime import timedelta
from collections import OrderedDict
+from expiringdict import ExpiringDict
import tempfile
import subprocess
import shutil
@@ -150,12 +157,12 @@
[docs]
-def decode_base64(data):
+def decode_base64(data: str) -> bytes:
"""
Decodes a base64 string, with padding being optional
Args:
- data: A base64 encoded string
+ data (str): A base64 encoded string
Returns:
bytes: The decoded bytes
@@ -171,7 +178,7 @@
[docs]
-def get_base_domain(domain):
+def get_base_domain(domain: str) -> str:
"""
Gets the base domain name for the given domain
@@ -198,7 +205,14 @@
[docs]
-def query_dns(domain, record_type, cache=None, nameservers=None, timeout=2.0):
+def query_dns(
+ domain: str,
+ record_type: str,
+ *,
+ cache: Optional[ExpiringDict] = None,
+ nameservers: list[str] = None,
+ timeout: int = 2.0,
+) -> list[str]:
"""
Queries DNS
@@ -262,7 +276,13 @@
[docs]
-def get_reverse_dns(ip_address, cache=None, nameservers=None, timeout=2.0):
+def get_reverse_dns(
+ ip_address,
+ *,
+ cache: Optional[ExpiringDict] = None,
+ nameservers: list[str] = None,
+ timeout: int = 2.0,
+) -> str:
"""
Resolves an IP address to a hostname using a reverse DNS query
@@ -293,7 +313,7 @@
[docs]
-def timestamp_to_datetime(timestamp):
+def timestamp_to_datetime(timestamp: int) -> datetime:
"""
Converts a UNIX/DMARC timestamp to a Python ``datetime`` object
@@ -309,7 +329,7 @@
[docs]
-def timestamp_to_human(timestamp):
+def timestamp_to_human(timestamp: int) -> str:
"""
Converts a UNIX/DMARC timestamp to a human-readable string
@@ -325,7 +345,9 @@
[docs]
-def human_timestamp_to_datetime(human_timestamp, to_utc=False):
+def human_timestamp_to_datetime(
+ human_timestamp: str, *, to_utc: Optional[bool] = False
+) -> datetime:
"""
Converts a human-readable timestamp into a Python ``datetime`` object
@@ -347,7 +369,7 @@
[docs]
-def human_timestamp_to_unix_timestamp(human_timestamp):
+def human_timestamp_to_unix_timestamp(human_timestamp: str) -> int:
"""
Converts a human-readable timestamp into a UNIX timestamp
@@ -364,7 +386,7 @@
[docs]
-def get_ip_address_country(ip_address, db_path=None):
+def get_ip_address_country(ip_address: str, *, db_path: Optional[str] = None) -> str:
"""
Returns the ISO code for the country associated
with the given IPv4 or IPv6 address
@@ -431,12 +453,13 @@
[docs]
def get_service_from_reverse_dns_base_domain(
base_domain,
- always_use_local_file=False,
- local_file_path=None,
- url=None,
- offline=False,
- reverse_dns_map=None,
-):
+ *,
+ always_use_local_file: Optional[bool] = False,
+ local_file_path: Optional[bool] = None,
+ url: Optional[bool] = None,
+ offline: Optional[bool] = False,
+ reverse_dns_map: Optional[bool] = None,
+) -> str:
"""
Returns the service name of a given base domain name from reverse DNS.
@@ -509,16 +532,17 @@
[docs]
def get_ip_address_info(
ip_address,
- ip_db_path=None,
- reverse_dns_map_path=None,
- always_use_local_files=False,
- reverse_dns_map_url=None,
- cache=None,
- reverse_dns_map=None,
- offline=False,
- nameservers=None,
- timeout=2.0,
-):
+ *,
+ ip_db_path: Optional[str] = None,
+ reverse_dns_map_path: Optional[str] = None,
+ always_use_local_files: Optional[bool] = False,
+ reverse_dns_map_url: Optional[bool] = None,
+ cache: Optional[ExpiringDict] = None,
+ reverse_dns_map: Optional[bool] = None,
+ offline: Optional[bool] = False,
+ nameservers: Optional[list[str]] = None,
+ timeout: Optional[float] = 2.0,
+) -> OrderedDict[str, str]:
"""
Returns reverse DNS and country information for the given IP address
@@ -536,7 +560,7 @@
timeout (float): Sets the DNS timeout in seconds
Returns:
- OrderedDict: ``ip_address``, ``reverse_dns``
+ OrderedDict: ``ip_address``, ``reverse_dns``, ``country``
"""
ip_address = ip_address.lower()
@@ -584,7 +608,7 @@
-def parse_email_address(original_address):
+def parse_email_address(original_address: str) -> OrderedDict[str, str]:
if original_address[0] == "":
display_name = None
else:
@@ -609,7 +633,7 @@
[docs]
-def get_filename_safe_string(string):
+def get_filename_safe_string(string: str) -> str:
"""
Converts a string to a string that is safe for a filename
@@ -634,7 +658,7 @@
[docs]
-def is_mbox(path):
+def is_mbox(path: str) -> bool:
"""
Checks if the given content is an MBOX mailbox file
@@ -658,7 +682,7 @@
[docs]
-def is_outlook_msg(content):
+def is_outlook_msg(content) -> bool:
"""
Checks if the given content is an Outlook msg OLE/MSG file
@@ -676,7 +700,7 @@
[docs]
-def convert_outlook_msg(msg_bytes):
+def convert_outlook_msg(msg_bytes: bytes) -> str:
"""
Uses the ``msgconvert`` Perl utility to convert an Outlook MS file to
standard RFC 822 format
@@ -715,7 +739,9 @@
[docs]
-def parse_email(data, strip_attachment_payloads=False):
+def parse_email(
+ data: Union[bytes, str], *, strip_attachment_payloads: Optional[bool] = False
+):
"""
A simplified email parser
diff --git a/api.html b/api.html
index 660f546..1b28d84 100644
--- a/api.html
+++ b/api.html
@@ -98,9 +98,9 @@
OpenSearchError
create_indexes()
migrate_indexes()
-save_aggregate_report_to_opensearch()
-save_forensic_report_to_opensearch()
-save_smtp_tls_report_to_opensearch()
+save_aggregate_report_to_elasticsearch()
+save_forensic_report_to_elasticsearch()
+save_smtp_tls_report_to_elasticsearch()
set_hosts()
@@ -201,13 +201,13 @@
-
-parsedmarc.email_results(results, host, mail_from, mail_to, mail_cc=None, mail_bcc=None, port=0, require_encryption=False, verify=True, username=None, password=None, subject=None, attachment_filename=None, message=None)[source]
+parsedmarc.email_results(results: OrderedDict, *, host: str, mail_from: str, mail_to: str, mail_cc: list = None, mail_bcc: list = None, port: int = 0, require_encryption: bool = False, verify: bool = True, username: str = None, password: str = None, subject: str = None, attachment_filename: str = None, message: str = None)[source]
Emails parsing results as a zip file
- Parameters:
results (OrderedDict) – Parsing results
-host – Mail server hostname or IP address
+host (str) – Mail server hostname or IP address
mail_from – The value of the message from header
mail_to (list) – A list of addresses to mail to
mail_cc (list) – A list of addresses to CC
@@ -227,7 +227,7 @@
-
-parsedmarc.extract_report(content: bytes | str | IO[Any])[source]
+parsedmarc.extract_report(content: bytes | str | IO[Any]) str[source]
Extracts text from a zip or gzip file, as a base64-encoded string,
file-like object, or bytes.
@@ -248,20 +248,20 @@ file-like object, or bytes.
-
-parsedmarc.extract_report_from_file_path(file_path)[source]
+parsedmarc.extract_report_from_file_path(file_path: str)[source]
Extracts report from a file at the given file_path
-
-parsedmarc.get_dmarc_reports_from_mailbox(connection: MailboxConnection, reports_folder: str = 'INBOX', archive_folder: str = 'Archive', delete: bool = False, test: bool = False, ip_db_path: str = None, always_use_local_files: str = False, reverse_dns_map_path: str = None, reverse_dns_map_url: str = None, offline: bool = False, nameservers: list[str] = None, dns_timeout: float = 6.0, strip_attachment_payloads: bool = False, results: dict = None, batch_size: int = 10, since: datetime = None, create_folders: bool = True, normalize_timespan_threshold_hours: float = 24)[source]
+parsedmarc.get_dmarc_reports_from_mailbox(connection: MailboxConnection, *, reports_folder: str | None = 'INBOX', archive_folder: str | None = 'Archive', delete: bool | None = False, test: bool | None = False, ip_db_path: str | None = None, always_use_local_files: str | None = False, reverse_dns_map_path: str | None = None, reverse_dns_map_url: str | None = None, offline: bool | None = False, nameservers: list[str] | None = None, dns_timeout: float | None = 6.0, strip_attachment_payloads: bool | None = False, results: OrderedDict[str, any] | None = None, batch_size: int | None = 10, since: datetime | None = None, create_folders: bool | None = True, normalize_timespan_threshold_hours: float | None = 24) OrderedDict[str, OrderedDict[str, Any]][source]
Fetches and parses DMARC reports from a mailbox
- Parameters:
connection – A Mailbox connection object
-reports_folder – The folder where reports can be found
-archive_folder – The folder to move processed mail to
+reports_folder (str) – The folder where reports can be found
+archive_folder (str) – The folder to move processed mail to
delete (bool) – Delete messages after processing them
test (bool) – Do not move or delete messages after processing them
ip_db_path (str) – Path to a MMDB file from MaxMind or DBIP
@@ -284,7 +284,7 @@ forensic report results
- Returns:
-Lists of aggregate_reports and forensic_reports
+Lists of aggregate_reports, forensic_reports, and smtp_tls_reports
- Return type:
OrderedDict
@@ -294,13 +294,13 @@ forensic report results
-
-parsedmarc.get_dmarc_reports_from_mbox(input_: str, nameservers: list[str] = None, dns_timeout: float = 2.0, strip_attachment_payloads: bool = False, ip_db_path: str = None, always_use_local_files: bool = False, reverse_dns_map_path: str = None, reverse_dns_map_url: str = None, offline: bool = False, normalize_timespan_threshold_hours: float = 24.0)[source]
+parsedmarc.get_dmarc_reports_from_mbox(input_: str, *, nameservers: list[str] | None = None, dns_timeout: float | None = 2.0, strip_attachment_payloads: bool | None = False, ip_db_path: str | None = None, always_use_local_files: bool | None = False, reverse_dns_map_path: str | None = None, reverse_dns_map_url: str | None = None, offline: bool | None = False, normalize_timespan_threshold_hours: float | None = 24.0) OrderedDict[str, OrderedDict[str, Any]][source]
Parses a mailbox in mbox format containing e-mails with attached
DMARC reports
- Parameters:
-input – A path to a mbox file
+input (str) – A path to a mbox file
nameservers (list) – A list of one or more nameservers to use
(Cloudflare’s public DNS resolvers by default)
dns_timeout (float) – Sets the DNS timeout in seconds
@@ -315,7 +315,7 @@ forensic report results
- Returns:
-Lists of aggregate_reports and forensic_reports
+Lists of aggregate_reports, forensic_reports, and smtp_tls_reports
- Return type:
OrderedDict
@@ -325,7 +325,7 @@ forensic report results
-
-parsedmarc.get_report_zip(results: OrderedDict)[source]
+parsedmarc.get_report_zip(results: OrderedDict[str, Any]) bytes[source]
Creates a zip file of parsed report output
- Parameters:
@@ -342,13 +342,13 @@ forensic report results
-
-parsedmarc.parse_aggregate_report_file(_input: str | bytes | IO[Any], offline: bool = False, always_use_local_files: bool = None, reverse_dns_map_path: str = None, reverse_dns_map_url: str = None, ip_db_path: str = None, nameservers: list[str] = None, dns_timeout: float = 2.0, keep_alive: Callable = None, normalize_timespan_threshold_hours: float = 24.0)[source]
+parsedmarc.parse_aggregate_report_file(_input: str | bytes | IO[Any], *, offline: bool | None = False, always_use_local_files: bool | None = None, reverse_dns_map_path: str | None = None, reverse_dns_map_url: str | None = None, ip_db_path: str | None = None, nameservers: list[str] | None = None, dns_timeout: float | None = 2.0, keep_alive: Callable | None = None, normalize_timespan_threshold_hours: float | None = 24.0) OrderedDict[str, any][source]
Parses a file at the given path, a file-like object. or bytes as an
aggregate DMARC report
- Parameters:
-_input – A path to a file, a file like object, or bytes
+_input (str | bytes | IO) – A path to a file, a file like object, or bytes
offline (bool) – Do not query online for geolocation or DNS
always_use_local_files (bool) – Do not download files
reverse_dns_map_path (str) – Path to a reverse DNS map file
@@ -372,7 +372,7 @@ aggregate DMARC report
-
-parsedmarc.parse_aggregate_report_xml(xml: str, ip_db_path: bool = None, always_use_local_files: bool = False, reverse_dns_map_path: bool = None, reverse_dns_map_url: bool = None, offline: bool = False, nameservers: bool = None, timeout: float = 2.0, keep_alive: callable = None, normalize_timespan_threshold_hours: float = 24.0)[source]
+parsedmarc.parse_aggregate_report_xml(xml: str, *, ip_db_path: bool | None = None, always_use_local_files: bool | None = False, reverse_dns_map_path: bool | None = None, reverse_dns_map_url: bool | None = None, offline: bool | None = False, nameservers: list[str] | None = None, timeout: float | None = 2.0, keep_alive: callable | None = None, normalize_timespan_threshold_hours: float | None = 24.0) OrderedDict[str, Any][source]
Parses a DMARC XML report string and returns a consistent OrderedDict
- Parameters:
@@ -401,7 +401,7 @@ aggregate DMARC report
-
-parsedmarc.parse_forensic_report(feedback_report: str, sample: str, msg_date: datetime, always_use_local_files: bool = False, reverse_dns_map_path: str = None, reverse_dns_map_url: str = None, offline: bool = False, ip_db_path: str = None, nameservers: list[str] = None, dns_timeout: float = 2.0, strip_attachment_payloads: bool = False)[source]
+parsedmarc.parse_forensic_report(feedback_report: str, sample: str, msg_date: datetime, *, always_use_local_files: bool | None = False, reverse_dns_map_path: str | None = None, reverse_dns_map_url: str = None, offline: bool | None = False, ip_db_path: str | None = None, nameservers: list[str] | None = None, dns_timeout: float | None = 2.0, strip_attachment_payloads: bool | None = False) OrderedDict[str, Any][source]
Converts a DMARC forensic report and sample to a OrderedDict
- Parameters:
@@ -432,7 +432,7 @@ forensic report results
-
-parsedmarc.parse_report_email(input_: bytes | str, offline: bool = False, ip_db_path: str = None, always_use_local_files: bool = False, reverse_dns_map_path: str = None, reverse_dns_map_url: str = None, nameservers: list[str] = None, dns_timeout: float = 2.0, strip_attachment_payloads: bool = False, keep_alive: callable = None, normalize_timespan_threshold_hours: float = 24.0)[source]
+parsedmarc.parse_report_email(input_: bytes | str, *, offline: bool | None = False, ip_db_path: str | None = None, always_use_local_files: bool | None = False, reverse_dns_map_path: str | None = None, reverse_dns_map_url: str | None = None, nameservers: list[str] = None, dns_timeout: float | None = 2.0, strip_attachment_payloads: bool | None = False, keep_alive: callable | None = None, normalize_timespan_threshold_hours: float | None = 24.0) OrderedDict[str, Any][source]
Parses a DMARC report from an email
- Parameters:
@@ -466,13 +466,13 @@ forensic report results
-
-parsedmarc.parse_report_file(input_: bytes | str | IO[Any], nameservers: list[str] = None, dns_timeout: float = 2.0, strip_attachment_payloads: bool = False, ip_db_path: str = None, always_use_local_files: bool = False, reverse_dns_map_path: str = None, reverse_dns_map_url: str = None, offline: bool = False, keep_alive: Callable = None, normalize_timespan_threshold_hours: float = 24)[source]
+parsedmarc.parse_report_file(input_: bytes | str | IO[Any], *, nameservers: list[str] | None = None, dns_timeout: float | None = 2.0, strip_attachment_payloads: bool | None = False, ip_db_path: str | None = None, always_use_local_files: bool | None = False, reverse_dns_map_path: str | None = None, reverse_dns_map_url: str | None = None, offline: bool | None = False, keep_alive: Callable | None = None, normalize_timespan_threshold_hours: float | None = 24) OrderedDict[str, Any][source]
Parses a DMARC aggregate or forensic file at the given path, a
file-like object. or bytes
- Parameters:
-input – A path to a file, a file like object, or bytes
+input (str | bytes | IO) – A path to a file, a file like object, or bytes
nameservers (list) – A list of one or more nameservers to use
(Cloudflare’s public DNS resolvers by default)
dns_timeout (float) – Sets the DNS timeout in seconds
@@ -497,13 +497,13 @@ forensic report results
-
-parsedmarc.parse_smtp_tls_report_json(report: dict)[source]
+parsedmarc.parse_smtp_tls_report_json(report: dict[str, Any])[source]
Parses and validates an SMTP TLS report
-
-parsedmarc.parsed_aggregate_reports_to_csv(reports: list[OrderedDict])[source]
+parsedmarc.parsed_aggregate_reports_to_csv(reports: list[OrderedDict[str, Any]]) str[source]
Converts one or more parsed aggregate reports to flat CSV format, including
headers
@@ -521,7 +521,7 @@ headers
-
-parsedmarc.parsed_aggregate_reports_to_csv_rows(reports: list[dict])[source]
+parsedmarc.parsed_aggregate_reports_to_csv_rows(reports: list[OrderedDict[str, Any]]) list[dict[str, Any]][source]
Converts one or more parsed aggregate reports to list of dicts in flat CSV
format
@@ -540,7 +540,7 @@ format
-
-parsedmarc.parsed_forensic_reports_to_csv(reports: list[dict])[source]
+parsedmarc.parsed_forensic_reports_to_csv(reports: list[dict[str, Any]]) str[source]
Converts one or more parsed forensic reports to flat CSV format, including
headers
@@ -558,7 +558,7 @@ headers
-
-parsedmarc.parsed_forensic_reports_to_csv_rows(reports: list[OrderedDict])[source]
+parsedmarc.parsed_forensic_reports_to_csv_rows(reports: list[OrderedDict[str, Any]])[source]
Converts one or more parsed forensic reports to a list of dicts in flat CSV
format
@@ -576,7 +576,7 @@ format
-
-parsedmarc.parsed_smtp_tls_reports_to_csv(reports: dict)[source]
+parsedmarc.parsed_smtp_tls_reports_to_csv(reports: OrderedDict[str, Any]) str[source]
Converts one or more parsed SMTP TLS reports to flat CSV format, including
headers
@@ -594,14 +594,14 @@ headers
-
-parsedmarc.parsed_smtp_tls_reports_to_csv_rows(reports: dict)[source]
+parsedmarc.parsed_smtp_tls_reports_to_csv_rows(reports: OrderedDict[str, Any])[source]
Converts one oor more parsed SMTP TLS reports into a list of single
layer OrderedDict objects suitable for use in a CSV
-
-parsedmarc.save_output(results: OrderedDict, output_directory: str = 'output', aggregate_json_filename: str = 'aggregate.json', forensic_json_filename: str = 'forensic.json', smtp_tls_json_filename: str = 'smtp_tls.json', aggregate_csv_filename: str = 'aggregate.csv', forensic_csv_filename: str = 'forensic.csv', smtp_tls_csv_filename: str = 'smtp_tls.csv')[source]
+parsedmarc.save_output(results: OrderedDict[str, Any], *, output_directory: str | None = 'output', aggregate_json_filename: str | None = 'aggregate.json', forensic_json_filename: str | None = 'forensic.json', smtp_tls_json_filename: str | None = 'smtp_tls.json', aggregate_csv_filename: str | None = 'aggregate.csv', forensic_csv_filename: str | None = 'forensic.csv', smtp_tls_csv_filename: str | None = 'smtp_tls.csv')[source]
Save report data in the given directory
- Parameters:
@@ -621,7 +621,7 @@ layer OrderedDict objects suitable for use in a CSV
-
-parsedmarc.watch_inbox(mailbox_connection: MailboxConnection, callback: Callable, reports_folder: str = 'INBOX', archive_folder: str = 'Archive', delete: bool = False, test: bool = False, check_timeout: int = 30, ip_db_path: str = None, always_use_local_files: bool = False, reverse_dns_map_path: str = None, reverse_dns_map_url: str = None, offline: bool = False, nameservers: list[str] = None, dns_timeout: float = 6.0, strip_attachment_payloads: bool = False, batch_size: int = None, normalize_timespan_threshold_hours: float = 24)[source]
+parsedmarc.watch_inbox(mailbox_connection: MailboxConnection, callback: Callable, *, reports_folder: str | None = 'INBOX', archive_folder: str | None = 'Archive', delete: bool | None = False, test: bool | None = False, check_timeout: int | None = 30, ip_db_path: str | None = None, always_use_local_files: bool | None = False, reverse_dns_map_path: str | None = None, reverse_dns_map_url: str | None = None, offline: bool | None = False, nameservers: list[str] | None = None, dns_timeout: float | None = 6.0, strip_attachment_payloads: bool | None = False, batch_size: int | None = None, normalize_timespan_threshold_hours: float | None = 24)[source]
- Watches the mailbox for new messages and
sends the results to a callback function
@@ -631,8 +631,8 @@ layer OrderedDict objects suitable for use in a CSV
mailbox_connection – The mailbox connection object
callback – The callback function to receive the parsing results
-reports_folder – The IMAP folder where reports can be found
-archive_folder – The folder to move processed mail to
+reports_folder (str) – The IMAP folder where reports can be found
+archive_folder (str) – The folder to move processed mail to
delete (bool) – Delete messages after processing them
test (bool) – Do not move or delete messages after processing them
check_timeout (int) – Number of seconds to wait for a IMAP IDLE response
@@ -671,7 +671,7 @@ forensic report samples with None
-
-parsedmarc.elastic.create_indexes(names, settings=None)[source]
+parsedmarc.elastic.create_indexes(names: list[str], settings: dict[str, Any] | None = None)[source]
Create Elasticsearch indexes
- Parameters:
@@ -685,7 +685,7 @@ forensic report samples with None
-
-parsedmarc.elastic.migrate_indexes(aggregate_indexes=None, forensic_indexes=None)[source]
+parsedmarc.elastic.migrate_indexes(aggregate_indexes: list[str] | None = None, forensic_indexes: list[str] | None = None)[source]
Updates index mappings
- Parameters:
@@ -699,7 +699,7 @@ forensic report samples with None
-
-parsedmarc.elastic.save_aggregate_report_to_elasticsearch(aggregate_report, index_suffix=None, index_prefix=None, monthly_indexes=False, number_of_shards=1, number_of_replicas=0)[source]
+parsedmarc.elastic.save_aggregate_report_to_elasticsearch(aggregate_report: OrderedDict[str, Any], index_suffix: str | None = None, index_prefix: str | None = None, monthly_indexes: bool | None = False, number_of_shards: int | None = 1, number_of_replicas: int | None = 0)[source]
Saves a parsed DMARC aggregate report to Elasticsearch
- Parameters:
@@ -720,7 +720,7 @@ forensic report samples with None
-
-parsedmarc.elastic.save_forensic_report_to_elasticsearch(forensic_report, index_suffix=None, index_prefix=None, monthly_indexes=False, number_of_shards=1, number_of_replicas=0)[source]
+parsedmarc.elastic.save_forensic_report_to_elasticsearch(forensic_report: OrderedDict[str, Any], index_suffix: any | None = None, index_prefix: str | None = None, monthly_indexes: bool | None = False, number_of_shards: int = 1, number_of_replicas: int = 0)[source]
Saves a parsed DMARC forensic report to Elasticsearch
- Parameters:
@@ -743,7 +743,7 @@ index
-
-parsedmarc.elastic.save_smtp_tls_report_to_elasticsearch(report, index_suffix=None, index_prefix=None, monthly_indexes=False, number_of_shards=1, number_of_replicas=0)[source]
+parsedmarc.elastic.save_smtp_tls_report_to_elasticsearch(report: OrderedDict[str, Any], index_suffix: str = None, index_prefix: str = None, monthly_indexes: bool | None = False, number_of_shards: int | None = 1, number_of_replicas: int | None = 0)[source]
Saves a parsed SMTP TLS report to Elasticsearch
- Parameters:
@@ -764,13 +764,13 @@ index
-
-parsedmarc.elastic.set_hosts(hosts, use_ssl=False, ssl_cert_path=None, username=None, password=None, api_key=None, timeout=60.0)[source]
+parsedmarc.elastic.set_hosts(hosts: str | list[str], *, use_ssl: bool | None = False, ssl_cert_path: str | None = None, username: str | None = None, password: str | None = None, api_key: str | None = None, timeout: float | None = 60.0)[source]
Sets the Elasticsearch hosts to use
- Parameters:
-hosts (str) – A single hostname or URL, or list of hostnames or URLs
-use_ssl (bool) – Use a HTTPS connection to the server
+hosts (str | list[str]) – A single hostname or URL, or list of hostnames or URLs
+use_ssl (bool) – Use an HTTPS connection to the server
ssl_cert_path (str) – Path to the certificate chain
username (str) – The username to use for authentication
password (str) – The password to use for authentication
@@ -798,7 +798,7 @@ index
-
-parsedmarc.opensearch.create_indexes(names, settings=None)[source]
+parsedmarc.opensearch.create_indexes(names: list[str], settings: dict[str, Any] | None = None)[source]
Create OpenSearch indexes
- Parameters:
@@ -812,7 +812,7 @@ index
-
-parsedmarc.opensearch.migrate_indexes(aggregate_indexes=None, forensic_indexes=None)[source]
+parsedmarc.opensearch.migrate_indexes(aggregate_indexes: list[str] | None = None, forensic_indexes: list[str] | None = None)[source]
Updates index mappings
- Parameters:
@@ -825,8 +825,8 @@ index
--
-parsedmarc.opensearch.save_aggregate_report_to_opensearch(aggregate_report, index_suffix=None, index_prefix=None, monthly_indexes=False, number_of_shards=1, number_of_replicas=0)[source]
+-
+parsedmarc.opensearch.save_aggregate_report_to_elasticsearch(aggregate_report: OrderedDict[str, Any], index_suffix: str | None = None, index_prefix: str | None = None, monthly_indexes: bool | None = False, number_of_shards: int | None = 1, number_of_replicas: int | None = 0)[source]
Saves a parsed DMARC aggregate report to OpenSearch
- Parameters:
@@ -846,8 +846,8 @@ index
--
-parsedmarc.opensearch.save_forensic_report_to_opensearch(forensic_report, index_suffix=None, index_prefix=None, monthly_indexes=False, number_of_shards=1, number_of_replicas=0)[source]
+-
+parsedmarc.opensearch.save_forensic_report_to_elasticsearch(forensic_report: OrderedDict[str, Any], index_suffix: any | None = None, index_prefix: str | None = None, monthly_indexes: bool | None = False, number_of_shards: int = 1, number_of_replicas: int = 0)[source]
Saves a parsed DMARC forensic report to OpenSearch
- Parameters:
@@ -869,8 +869,8 @@ index
--
-parsedmarc.opensearch.save_smtp_tls_report_to_opensearch(report, index_suffix=None, index_prefix=None, monthly_indexes=False, number_of_shards=1, number_of_replicas=0)[source]
+-
+parsedmarc.opensearch.save_smtp_tls_report_to_elasticsearch(report: OrderedDict[str, Any], index_suffix: str = None, index_prefix: str = None, monthly_indexes: bool | None = False, number_of_shards: int | None = 1, number_of_replicas: int | None = 0)[source]
Saves a parsed SMTP TLS report to OpenSearch
- Parameters:
@@ -891,12 +891,12 @@ index
-
-parsedmarc.opensearch.set_hosts(hosts, use_ssl=False, ssl_cert_path=None, username=None, password=None, api_key=None, timeout=60.0)[source]
+parsedmarc.opensearch.set_hosts(hosts: str | list[str], *, use_ssl: bool | None = False, ssl_cert_path: str | None = None, username: str | None = None, password: str | None = None, api_key: str | None = None, timeout: float | None = 60.0)[source]
Sets the OpenSearch hosts to use
- Parameters:
-hosts (str|list) – A hostname or URL, or list of hostnames or URLs
+hosts (str|list[str]) – A single hostname or URL, or list of hostnames or URLs
use_ssl (bool) – Use an HTTPS connection to the server
ssl_cert_path (str) – Path to the certificate chain
username (str) – The username to use for authentication
@@ -913,7 +913,7 @@ index
parsedmarc.splunk
-
-class parsedmarc.splunk.HECClient(url, access_token, index, source='parsedmarc', verify=True, timeout=60)[source]
+class parsedmarc.splunk.HECClient(url: str, access_token: str, index: str, source: bool = 'parsedmarc', verify=True, timeout=60)[source]
Initializes the HECClient
- Parameters:
@@ -930,7 +930,7 @@ data before giving up
-
-save_aggregate_reports_to_splunk(aggregate_reports)[source]
+save_aggregate_reports_to_splunk(aggregate_reports: list[OrderedDict[str, Any]])[source]
Saves aggregate DMARC reports to Splunk
- Parameters:
@@ -942,7 +942,7 @@ to save in Splunk
-
-save_forensic_reports_to_splunk(forensic_reports)[source]
+save_forensic_reports_to_splunk(forensic_reports: list[OrderedDict[str, Any]])[source]
Saves forensic DMARC reports to Splunk
- Parameters:
@@ -954,7 +954,7 @@ to save in Splunk
-
-save_smtp_tls_reports_to_splunk(reports)[source]
+save_smtp_tls_reports_to_splunk(reports: OrderedDict[str, Any])[source]
Saves aggregate DMARC reports to Splunk
- Parameters:
@@ -990,7 +990,7 @@ to save in Splunk
-
-parsedmarc.utils.convert_outlook_msg(msg_bytes)[source]
+parsedmarc.utils.convert_outlook_msg(msg_bytes: bytes) str[source]
Uses the msgconvert Perl utility to convert an Outlook MS file to
standard RFC 822 format
@@ -1005,11 +1005,11 @@ standard RFC 822 format
-
-parsedmarc.utils.decode_base64(data)[source]
+parsedmarc.utils.decode_base64(data: str) bytes[source]
Decodes a base64 string, with padding being optional
- Parameters:
-data – A base64 encoded string
+data (str) – A base64 encoded string
- Returns:
The decoded bytes
@@ -1022,7 +1022,7 @@ standard RFC 822 format
-
-parsedmarc.utils.get_base_domain(domain)[source]
+parsedmarc.utils.get_base_domain(domain: str) str[source]
Gets the base domain name for the given domain
Note
@@ -1045,7 +1045,7 @@ parsedmarc.resources.maps.psl_overrides.txt
-
-parsedmarc.utils.get_filename_safe_string(string)[source]
+parsedmarc.utils.get_filename_safe_string(string: str) str[source]
Converts a string to a string that is safe for a filename
- Parameters:
@@ -1062,7 +1062,7 @@ parsedmarc.resources.maps.psl_overrides.txt
-
-parsedmarc.utils.get_ip_address_country(ip_address, db_path=None)[source]
+parsedmarc.utils.get_ip_address_country(ip_address: str, *, db_path: str | None = None) str[source]
Returns the ISO code for the country associated
with the given IPv4 or IPv6 address
@@ -1083,7 +1083,7 @@ with the given IPv4 or IPv6 address
-
-parsedmarc.utils.get_ip_address_info(ip_address, ip_db_path=None, reverse_dns_map_path=None, always_use_local_files=False, reverse_dns_map_url=None, cache=None, reverse_dns_map=None, offline=False, nameservers=None, timeout=2.0)[source]
+parsedmarc.utils.get_ip_address_info(ip_address, *, ip_db_path: str | None = None, reverse_dns_map_path: str | None = None, always_use_local_files: bool | None = False, reverse_dns_map_url: bool | None = None, cache: ExpiringDict | None = None, reverse_dns_map: bool | None = None, offline: bool | None = False, nameservers: list[str] | None = None, timeout: float | None = 2.0) OrderedDict[str, str][source]
Returns reverse DNS and country information for the given IP address
- Parameters:
@@ -1102,7 +1102,7 @@ with the given IPv4 or IPv6 address
- Returns:
-ip_address, reverse_dns
+ip_address, reverse_dns, country
- Return type:
OrderedDict
@@ -1112,7 +1112,7 @@ with the given IPv4 or IPv6 address
-
-parsedmarc.utils.get_reverse_dns(ip_address, cache=None, nameservers=None, timeout=2.0)[source]
+parsedmarc.utils.get_reverse_dns(ip_address, *, cache: ExpiringDict | None = None, nameservers: list[str] = None, timeout: int = 2.0) str[source]
Resolves an IP address to a hostname using a reverse DNS query
- Parameters:
@@ -1135,7 +1135,7 @@ with the given IPv4 or IPv6 address
-
-parsedmarc.utils.get_service_from_reverse_dns_base_domain(base_domain, always_use_local_file=False, local_file_path=None, url=None, offline=False, reverse_dns_map=None)[source]
+parsedmarc.utils.get_service_from_reverse_dns_base_domain(base_domain, *, always_use_local_file: bool | None = False, local_file_path: bool | None = None, url: bool | None = None, offline: bool | None = False, reverse_dns_map: bool | None = None) str[source]
Returns the service name of a given base domain name from reverse DNS.
- Parameters:
@@ -1161,7 +1161,7 @@ the supplied reverse_dns_base_domain and the type will be None
-
-parsedmarc.utils.human_timestamp_to_datetime(human_timestamp, to_utc=False)[source]
+parsedmarc.utils.human_timestamp_to_datetime(human_timestamp: str, *, to_utc: bool | None = False) datetime[source]
Converts a human-readable timestamp into a Python datetime object
- Parameters:
@@ -1181,7 +1181,7 @@ the supplied reverse_dns_base_domain and the type will be None
-
-parsedmarc.utils.human_timestamp_to_unix_timestamp(human_timestamp)[source]
+parsedmarc.utils.human_timestamp_to_unix_timestamp(human_timestamp: str) int[source]
Converts a human-readable timestamp into a UNIX timestamp
- Parameters:
@@ -1198,7 +1198,7 @@ the supplied reverse_dns_base_domain and the type will be None
-
-parsedmarc.utils.is_mbox(path)[source]
+parsedmarc.utils.is_mbox(path: str) bool[source]
Checks if the given content is an MBOX mailbox file
- Parameters:
@@ -1215,7 +1215,7 @@ the supplied reverse_dns_base_domain and the type will be None
-
-parsedmarc.utils.is_outlook_msg(content)[source]
+parsedmarc.utils.is_outlook_msg(content) bool[source]
Checks if the given content is an Outlook msg OLE/MSG file
- Parameters:
@@ -1232,7 +1232,7 @@ the supplied reverse_dns_base_domain and the type will be None
-
-parsedmarc.utils.parse_email(data, strip_attachment_payloads=False)[source]
+parsedmarc.utils.parse_email(data: bytes | str, *, strip_attachment_payloads: bool | None = False)[source]
A simplified email parser
- Parameters:
@@ -1252,7 +1252,7 @@ the supplied reverse_dns_base_domain and the type will be None
-
-parsedmarc.utils.query_dns(domain, record_type, cache=None, nameservers=None, timeout=2.0)[source]
+parsedmarc.utils.query_dns(domain: str, record_type: str, *, cache: ExpiringDict | None = None, nameservers: list[str] = None, timeout: int = 2.0) list[str][source]
Queries DNS
- Parameters:
@@ -1276,7 +1276,7 @@ the supplied reverse_dns_base_domain and the type will be None
-
-parsedmarc.utils.timestamp_to_datetime(timestamp)[source]
+parsedmarc.utils.timestamp_to_datetime(timestamp: int) datetime[source]
Converts a UNIX/DMARC timestamp to a Python datetime object
- Parameters:
@@ -1293,7 +1293,7 @@ the supplied reverse_dns_base_domain and the type will be None
-
-parsedmarc.utils.timestamp_to_human(timestamp)[source]
+parsedmarc.utils.timestamp_to_human(timestamp: int) str[source]
Converts a UNIX/DMARC timestamp to a human-readable string
- Parameters:
diff --git a/genindex.html b/genindex.html
index ba0b0b3..18fd4b6 100644
--- a/genindex.html
+++ b/genindex.html
@@ -329,15 +329,19 @@
@@ -345,9 +349,11 @@
- save_output() (in module parsedmarc)
- save_smtp_tls_report_to_elasticsearch() (in module parsedmarc.elastic)
+
+
- save_smtp_tls_reports_to_splunk() (parsedmarc.splunk.HECClient method)
- set_hosts() (in module parsedmarc.elastic)
diff --git a/objects.inv b/objects.inv
index 4ec7155..f7ee535 100644
Binary files a/objects.inv and b/objects.inv differ
diff --git a/searchindex.js b/searchindex.js
index 24662a2..4eea79a 100644
--- a/searchindex.js
+++ b/searchindex.js
@@ -1 +1 @@
-Search.setIndex({"alltitles":{"API reference":[[0,null]],"Accessing an inbox using OWA/EWS":[[2,null]],"Bug reports":[[1,"bug-reports"]],"CLI help":[[12,"cli-help"]],"CSV aggregate report":[[10,"csv-aggregate-report"]],"CSV forensic report":[[10,"csv-forensic-report"]],"Configuration file":[[12,"configuration-file"]],"Configuring parsedmarc for DavMail":[[2,"configuring-parsedmarc-for-davmail"]],"Contents":[[5,null]],"Contributing to parsedmarc":[[1,null]],"DMARC Alignment Guide":[[3,"dmarc-alignment-guide"]],"DMARC Forensic Samples":[[7,"dmarc-forensic-samples"]],"DMARC Summary":[[7,"dmarc-summary"]],"DMARC guides":[[3,"dmarc-guides"]],"Do":[[3,"do"],[8,"do"]],"Do not":[[3,"do-not"],[8,"do-not"]],"Elasticsearch and Kibana":[[4,null]],"Features":[[5,"features"]],"Indices and tables":[[0,"indices-and-tables"]],"Installation":[[4,"installation"],[6,null],[9,"installation"]],"Installing parsedmarc":[[6,"installing-parsedmarc"]],"JSON SMTP TLS report":[[10,"json-smtp-tls-report"]],"JSON aggregate report":[[10,"json-aggregate-report"]],"JSON forensic report":[[10,"json-forensic-report"]],"LISTSERV":[[3,"listserv"],[8,"listserv"]],"Lookalike domains":[[3,"lookalike-domains"]],"Mailing list best practices":[[3,"mailing-list-best-practices"],[8,"mailing-list-best-practices"]],"Mailman 2":[[3,"mailman-2"],[3,"id1"],[8,"mailman-2"],[8,"id1"]],"Mailman 3":[[3,"mailman-3"],[3,"id2"],[8,"mailman-3"],[8,"id2"]],"Multi-tenant support":[[12,"multi-tenant-support"]],"OpenSearch and Grafana":[[9,null]],"Optional dependencies":[[6,"optional-dependencies"]],"Prerequisites":[[6,"prerequisites"]],"Python Compatibility":[[5,"python-compatibility"]],"Records retention":[[4,"records-retention"],[9,"records-retention"]],"Resources":[[3,"resources"]],"Running DavMail as a systemd service":[[2,"running-davmail-as-a-systemd-service"]],"Running parsedmarc as a systemd service":[[12,"running-parsedmarc-as-a-systemd-service"]],"SPF and DMARC record validation":[[3,"spf-and-dmarc-record-validation"]],"Sample aggregate report output":[[10,"sample-aggregate-report-output"]],"Sample forensic report output":[[10,"sample-forensic-report-output"]],"Sample outputs":[[10,null]],"Splunk":[[11,null]],"Testing multiple report analyzers":[[6,"testing-multiple-report-analyzers"]],"Understanding DMARC":[[3,null]],"Upgrading Kibana index patterns":[[4,"upgrading-kibana-index-patterns"]],"Using Microsoft Exchange":[[6,"using-microsoft-exchange"]],"Using a web proxy":[[6,"using-a-web-proxy"]],"Using parsedmarc":[[12,null]],"Using the Kibana dashboards":[[7,null]],"What about mailing lists?":[[3,"what-about-mailing-lists"],[8,null]],"What if a sender won\u2019t support DKIM/DMARC?":[[3,"what-if-a-sender-wont-support-dkim-dmarc"]],"Workarounds":[[3,"workarounds"],[8,"workarounds"]],"geoipupdate setup":[[6,"geoipupdate-setup"]],"parsedmarc":[[0,"module-parsedmarc"]],"parsedmarc documentation - Open source DMARC report analyzer and visualizer":[[5,null]],"parsedmarc.elastic":[[0,"module-parsedmarc.elastic"]],"parsedmarc.opensearch":[[0,"module-parsedmarc.opensearch"]],"parsedmarc.splunk":[[0,"module-parsedmarc.splunk"]],"parsedmarc.utils":[[0,"module-parsedmarc.utils"]]},"docnames":["api","contributing","davmail","dmarc","elasticsearch","index","installation","kibana","mailing-lists","opensearch","output","splunk","usage"],"envversion":{"sphinx":65,"sphinx.domains.c":3,"sphinx.domains.changeset":1,"sphinx.domains.citation":1,"sphinx.domains.cpp":9,"sphinx.domains.index":1,"sphinx.domains.javascript":3,"sphinx.domains.math":2,"sphinx.domains.python":4,"sphinx.domains.rst":2,"sphinx.domains.std":2,"sphinx.ext.todo":2,"sphinx.ext.viewcode":1},"filenames":["api.md","contributing.md","davmail.md","dmarc.md","elasticsearch.md","index.md","installation.md","kibana.md","mailing-lists.md","opensearch.md","output.md","splunk.md","usage.md"],"indexentries":{"alreadysaved":[[0,"parsedmarc.elastic.AlreadySaved",false],[0,"parsedmarc.opensearch.AlreadySaved",false]],"convert_outlook_msg() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.convert_outlook_msg",false]],"create_indexes() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.create_indexes",false]],"create_indexes() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.create_indexes",false]],"decode_base64() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.decode_base64",false]],"downloaderror":[[0,"parsedmarc.utils.DownloadError",false]],"elasticsearcherror":[[0,"parsedmarc.elastic.ElasticsearchError",false]],"email_results() (in module parsedmarc)":[[0,"parsedmarc.email_results",false]],"emailparsererror":[[0,"parsedmarc.utils.EmailParserError",false]],"extract_report() (in module parsedmarc)":[[0,"parsedmarc.extract_report",false]],"extract_report_from_file_path() (in module parsedmarc)":[[0,"parsedmarc.extract_report_from_file_path",false]],"get_base_domain() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_base_domain",false]],"get_dmarc_reports_from_mailbox() (in module parsedmarc)":[[0,"parsedmarc.get_dmarc_reports_from_mailbox",false]],"get_dmarc_reports_from_mbox() (in module parsedmarc)":[[0,"parsedmarc.get_dmarc_reports_from_mbox",false]],"get_filename_safe_string() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_filename_safe_string",false]],"get_ip_address_country() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_ip_address_country",false]],"get_ip_address_info() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_ip_address_info",false]],"get_report_zip() (in module parsedmarc)":[[0,"parsedmarc.get_report_zip",false]],"get_reverse_dns() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_reverse_dns",false]],"get_service_from_reverse_dns_base_domain() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_service_from_reverse_dns_base_domain",false]],"hecclient (class in parsedmarc.splunk)":[[0,"parsedmarc.splunk.HECClient",false]],"human_timestamp_to_datetime() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.human_timestamp_to_datetime",false]],"human_timestamp_to_unix_timestamp() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.human_timestamp_to_unix_timestamp",false]],"invalidaggregatereport":[[0,"parsedmarc.InvalidAggregateReport",false]],"invaliddmarcreport":[[0,"parsedmarc.InvalidDMARCReport",false]],"invalidforensicreport":[[0,"parsedmarc.InvalidForensicReport",false]],"invalidsmtptlsreport":[[0,"parsedmarc.InvalidSMTPTLSReport",false]],"is_mbox() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.is_mbox",false]],"is_outlook_msg() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.is_outlook_msg",false]],"migrate_indexes() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.migrate_indexes",false]],"migrate_indexes() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.migrate_indexes",false]],"module":[[0,"module-parsedmarc",false],[0,"module-parsedmarc.elastic",false],[0,"module-parsedmarc.opensearch",false],[0,"module-parsedmarc.splunk",false],[0,"module-parsedmarc.utils",false]],"opensearcherror":[[0,"parsedmarc.opensearch.OpenSearchError",false]],"parse_aggregate_report_file() (in module parsedmarc)":[[0,"parsedmarc.parse_aggregate_report_file",false]],"parse_aggregate_report_xml() (in module parsedmarc)":[[0,"parsedmarc.parse_aggregate_report_xml",false]],"parse_email() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.parse_email",false]],"parse_forensic_report() (in module parsedmarc)":[[0,"parsedmarc.parse_forensic_report",false]],"parse_report_email() (in module parsedmarc)":[[0,"parsedmarc.parse_report_email",false]],"parse_report_file() (in module parsedmarc)":[[0,"parsedmarc.parse_report_file",false]],"parse_smtp_tls_report_json() (in module parsedmarc)":[[0,"parsedmarc.parse_smtp_tls_report_json",false]],"parsed_aggregate_reports_to_csv() (in module parsedmarc)":[[0,"parsedmarc.parsed_aggregate_reports_to_csv",false]],"parsed_aggregate_reports_to_csv_rows() (in module parsedmarc)":[[0,"parsedmarc.parsed_aggregate_reports_to_csv_rows",false]],"parsed_forensic_reports_to_csv() (in module parsedmarc)":[[0,"parsedmarc.parsed_forensic_reports_to_csv",false]],"parsed_forensic_reports_to_csv_rows() (in module parsedmarc)":[[0,"parsedmarc.parsed_forensic_reports_to_csv_rows",false]],"parsed_smtp_tls_reports_to_csv() (in module parsedmarc)":[[0,"parsedmarc.parsed_smtp_tls_reports_to_csv",false]],"parsed_smtp_tls_reports_to_csv_rows() (in module parsedmarc)":[[0,"parsedmarc.parsed_smtp_tls_reports_to_csv_rows",false]],"parsedmarc":[[0,"module-parsedmarc",false]],"parsedmarc.elastic":[[0,"module-parsedmarc.elastic",false]],"parsedmarc.opensearch":[[0,"module-parsedmarc.opensearch",false]],"parsedmarc.splunk":[[0,"module-parsedmarc.splunk",false]],"parsedmarc.utils":[[0,"module-parsedmarc.utils",false]],"parsererror":[[0,"parsedmarc.ParserError",false]],"query_dns() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.query_dns",false]],"save_aggregate_report_to_elasticsearch() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.save_aggregate_report_to_elasticsearch",false]],"save_aggregate_report_to_opensearch() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.save_aggregate_report_to_opensearch",false]],"save_aggregate_reports_to_splunk() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.save_aggregate_reports_to_splunk",false]],"save_forensic_report_to_elasticsearch() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.save_forensic_report_to_elasticsearch",false]],"save_forensic_report_to_opensearch() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.save_forensic_report_to_opensearch",false]],"save_forensic_reports_to_splunk() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.save_forensic_reports_to_splunk",false]],"save_output() (in module parsedmarc)":[[0,"parsedmarc.save_output",false]],"save_smtp_tls_report_to_elasticsearch() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.save_smtp_tls_report_to_elasticsearch",false]],"save_smtp_tls_report_to_opensearch() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.save_smtp_tls_report_to_opensearch",false]],"save_smtp_tls_reports_to_splunk() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.save_smtp_tls_reports_to_splunk",false]],"set_hosts() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.set_hosts",false]],"set_hosts() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.set_hosts",false]],"splunkerror":[[0,"parsedmarc.splunk.SplunkError",false]],"timestamp_to_datetime() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.timestamp_to_datetime",false]],"timestamp_to_human() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.timestamp_to_human",false]],"watch_inbox() (in module parsedmarc)":[[0,"parsedmarc.watch_inbox",false]]},"objects":{"":[[0,0,0,"-","parsedmarc"]],"parsedmarc":[[0,1,1,"","InvalidAggregateReport"],[0,1,1,"","InvalidDMARCReport"],[0,1,1,"","InvalidForensicReport"],[0,1,1,"","InvalidSMTPTLSReport"],[0,1,1,"","ParserError"],[0,0,0,"-","elastic"],[0,2,1,"","email_results"],[0,2,1,"","extract_report"],[0,2,1,"","extract_report_from_file_path"],[0,2,1,"","get_dmarc_reports_from_mailbox"],[0,2,1,"","get_dmarc_reports_from_mbox"],[0,2,1,"","get_report_zip"],[0,0,0,"-","opensearch"],[0,2,1,"","parse_aggregate_report_file"],[0,2,1,"","parse_aggregate_report_xml"],[0,2,1,"","parse_forensic_report"],[0,2,1,"","parse_report_email"],[0,2,1,"","parse_report_file"],[0,2,1,"","parse_smtp_tls_report_json"],[0,2,1,"","parsed_aggregate_reports_to_csv"],[0,2,1,"","parsed_aggregate_reports_to_csv_rows"],[0,2,1,"","parsed_forensic_reports_to_csv"],[0,2,1,"","parsed_forensic_reports_to_csv_rows"],[0,2,1,"","parsed_smtp_tls_reports_to_csv"],[0,2,1,"","parsed_smtp_tls_reports_to_csv_rows"],[0,2,1,"","save_output"],[0,0,0,"-","splunk"],[0,0,0,"-","utils"],[0,2,1,"","watch_inbox"]],"parsedmarc.elastic":[[0,1,1,"","AlreadySaved"],[0,1,1,"","ElasticsearchError"],[0,2,1,"","create_indexes"],[0,2,1,"","migrate_indexes"],[0,2,1,"","save_aggregate_report_to_elasticsearch"],[0,2,1,"","save_forensic_report_to_elasticsearch"],[0,2,1,"","save_smtp_tls_report_to_elasticsearch"],[0,2,1,"","set_hosts"]],"parsedmarc.opensearch":[[0,1,1,"","AlreadySaved"],[0,1,1,"","OpenSearchError"],[0,2,1,"","create_indexes"],[0,2,1,"","migrate_indexes"],[0,2,1,"","save_aggregate_report_to_opensearch"],[0,2,1,"","save_forensic_report_to_opensearch"],[0,2,1,"","save_smtp_tls_report_to_opensearch"],[0,2,1,"","set_hosts"]],"parsedmarc.splunk":[[0,3,1,"","HECClient"],[0,1,1,"","SplunkError"]],"parsedmarc.splunk.HECClient":[[0,4,1,"","save_aggregate_reports_to_splunk"],[0,4,1,"","save_forensic_reports_to_splunk"],[0,4,1,"","save_smtp_tls_reports_to_splunk"]],"parsedmarc.utils":[[0,1,1,"","DownloadError"],[0,1,1,"","EmailParserError"],[0,2,1,"","convert_outlook_msg"],[0,2,1,"","decode_base64"],[0,2,1,"","get_base_domain"],[0,2,1,"","get_filename_safe_string"],[0,2,1,"","get_ip_address_country"],[0,2,1,"","get_ip_address_info"],[0,2,1,"","get_reverse_dns"],[0,2,1,"","get_service_from_reverse_dns_base_domain"],[0,2,1,"","human_timestamp_to_datetime"],[0,2,1,"","human_timestamp_to_unix_timestamp"],[0,2,1,"","is_mbox"],[0,2,1,"","is_outlook_msg"],[0,2,1,"","parse_email"],[0,2,1,"","query_dns"],[0,2,1,"","timestamp_to_datetime"],[0,2,1,"","timestamp_to_human"]]},"objnames":{"0":["py","module","Python module"],"1":["py","exception","Python exception"],"2":["py","function","Python function"],"3":["py","class","Python class"],"4":["py","method","Python method"]},"objtypes":{"0":"py:module","1":"py:exception","2":"py:function","3":"py:class","4":"py:method"},"terms":{"":[0,2,3,4,6,8,10,12],"0":[0,2,3,4,5,6,8,9,10,11,12],"00":10,"003":10,"00z":10,"00z_exampl":10,"01":10,"0200":10,"0240":10,"04":10,"08":10,"09":10,"09t00":10,"09t23":10,"1":[0,2,4,5,6,10,12],"10":[0,5,6,10,12],"100":[10,12],"1000":12,"11":[5,6,10],"1143":2,"12":5,"12201":12,"127":[2,4,12],"13":5,"14":5,"150":10,"16":[3,8],"173":10,"176":10,"19":[10,12],"1d":12,"1g":4,"1w":12,"2":[0,4,10,12],"20":10,"2000":12,"201":10,"2010":[6,10],"2012":10,"2013":6,"2016":6,"2017a":[3,8],"2018":10,"2019":6,"2024":10,"2026":5,"2028":5,"2030":5,"2032":5,"2035":5,"208":10,"209":10,"21":6,"212":10,"22":6,"222":10,"23":10,"2369":[3,8],"24":0,"241":10,"25":12,"27":10,"28":10,"2919":[3,8],"2d":12,"2k":12,"3":[5,6,10,11,12],"30":[0,12],"300":2,"30937":10,"30th":6,"3128":6,"365":[2,4],"38":10,"3d":10,"3h":12,"4":[4,6,11],"4096":4,"41":10,"5":[2,4,9],"514":12,"5601":4,"59":10,"59z":10,"5m":[2,12],"6":[0,4,5,6,12],"60":[0,12],"660":4,"7":[4,5,6],"72":10,"7480":10,"8":[2,4,5,6,10,12],"8080":12,"822":0,"85":10,"86399":10,"86400":10,"9":[5,6],"9200":[4,12],"932":12,"9391651994964116463":10,"94":10,"993":12,"A":[0,3,12],"And":0,"As":[4,7],"Be":6,"By":[7,12],"For":[4,12],"If":[0,3,4,6,7,8,12],"In":[2,3,7,8,12],"It":[2,4,7,10,12],"No":[3,8],"On":[3,4,6,7,8],"Or":[4,6],"That":7,"The":[0,3,6,7,11,12],"Then":[2,3,4,6,8,12],"These":7,"To":[2,4,6,7,9,10,12],"With":7,"_cluster":12,"_input":0,"abl":6,"about":[0,5,6],"abov":[2,12],"accept":[3,4,8,12],"access":[0,4,5,6,12],"access_key_id":12,"access_token":0,"accessright":12,"accident":[3,8],"account":[6,7],"acm":10,"acquir":12,"across":7,"action":[3,8],"activ":[4,5,6],"active_primary_shard":12,"active_shard":12,"actual":[3,10],"ad":[3,6,8,12],"add":[2,3,4,6,7,8,12],"addit":[3,8,12],"address":[0,2,3,4,7,8,10,12],"addresse":7,"adkim":10,"admin":[3,8,12],"administr":[3,8],"after":[0,2,4,12],"against":[3,8],"agari":5,"agent":4,"aggreg":[0,5,7,11,12],"aggregate_csv_filenam":[0,12],"aggregate_index":0,"aggregate_json_filenam":[0,12],"aggregate_report":0,"aggregate_top":12,"aggregate_url":12,"align":[5,7,10],"aliv":0,"all":[3,5,7,8,11,12],"allow":[2,3,8,12],"allow_unencrypted_storag":12,"allowremot":2,"alreadysav":0,"also":[2,3,7,8,12],"alter":[3,8],"altern":[5,12],"although":11,"alwai":[0,2,4,12],"always_use_local_fil":[0,12],"an":[0,3,5,7,8,10,12],"analyz":12,"ani":[0,3,7,8,12],"anonym":10,"anoth":[6,12],"answer":[0,12],"apach":5,"api":[2,4,5,12],"api_kei":[0,12],"app":12,"appear":12,"appendix":10,"appid":12,"appli":12,"applic":12,"applicationaccesspolici":12,"approach":12,"approxim":2,"apt":[2,4,6],"ar":[0,2,3,4,5,6,7,8,10,12],"archiv":[0,12],"archive_fold":[0,12],"argument":12,"arriv":12,"arrival_d":10,"arrival_date_utc":10,"artifact":4,"ask":3,"asmx":2,"asn":6,"aspf":10,"assign":4,"assist":5,"associ":0,"attach":[0,3,8,10,12],"attachment_filenam":0,"attribut":6,"august":5,"auth":[2,10,12],"auth_failur":10,"auth_method":12,"auth_result":10,"authent":[0,2,3,4,7,12],"authentication_mechan":10,"authentication_result":10,"auto":2,"avoid":7,"azur":12,"b":[6,10],"b2c":7,"back":12,"base":[0,2,3,4,7,8,10],"base64":0,"base_domain":[0,10],"basic":[2,12],"batch_siz":[0,12],"bcc":[0,10],"bd6e1bb5":10,"becaus":[2,3,7,8,12],"been":[7,12],"befor":[0,12],"begin_d":10,"behind":6,"being":0,"below":[3,8,12],"best":7,"between":[4,7],"beyond":0,"bin":[2,4,6,12],"binari":0,"bind":2,"bindaddress":2,"blank":[3,8],"block":[2,12],"bodi":[0,3,8,10,12],"bool":[0,12],"brand":[5,7],"break":[3,4,8],"browser":4,"bucket":12,"bug":5,"build":6,"built":0,"busi":7,"buster":6,"button":[3,8],"byte":0,"c":[10,12],"ca":4,"cach":[0,12],"call":[7,12],"callabl":0,"callback":0,"came":[3,8],"can":[0,2,3,4,5,6,7,8,12],"cannot":[6,12],"case":[2,3,8],"caus":[3,4,7,8],"cc":[0,10],"center":7,"cento":[4,6],"cert":4,"cert_path":12,"certain":[0,12],"certif":[0,4,12],"cest":10,"chain":0,"chang":[4,7,11,12],"charact":[2,12],"charset":10,"chart":7,"check":[0,2,3,4,6,12],"check_timeout":[0,12],"checkbox":4,"checkdmarc":3,"chines":7,"chmod":[2,4,12],"choos":[3,8],"chown":[2,12],"cisco":12,"citi":6,"class":0,"cli":5,"click":[4,7],"client":[2,3,4,8,12],"client_id":12,"client_secret":12,"clientsecret":12,"clientsotimeout":2,"cloud":12,"cloudflar":[0,12],"cluster":[4,12],"co":4,"code":[0,4,5],"collect":[7,12],"collector":[11,12],"com":[1,2,3,8,9,10,12],"come":7,"comma":[6,12],"command":[2,3,8,12],"comment":12,"commerci":[4,5],"common":[3,4,6,8],"commun":[3,8],"complet":[3,4],"compli":[3,4,6,8,9],"compliant":[3,8],"compon":6,"compress":5,"conf":6,"config":[2,6,12],"config_fil":12,"configur":[3,4,5,6,7,8,9],"conform":4,"connect":[0,2,4,12],"connexion":4,"consid":[5,7],"consist":[0,5,10],"consol":[4,12],"consolid":7,"consum":7,"contact":7,"contain":[0,7,11,12],"content":[0,3,8,10,11],"contrib":6,"contribut":5,"contributor":5,"control":4,"convert":[0,3,8],"convert_outlook_msg":0,"copi":[0,6,11],"core":[3,8],"correct":6,"correctli":[7,12],"could":[3,4,8,12],"count":[2,10],"countri":[0,6,7,10],"crash":[2,4,12],"creat":[0,2,3,4,6,8,12],"create_fold":0,"create_index":0,"creativ":6,"credenti":[6,12],"credentials_fil":12,"cron":6,"crt":4,"csr":4,"csv":[0,5,12],"cumul":6,"current":[2,4,12],"custom":[7,12],"d":[0,4,12],"daemon":[2,4,12],"dai":[0,4,9,12],"daili":[0,12],"dashboard":[4,5,9,11],"dat":0,"data":[0,4,5,7,9,11,12],"databas":6,"date":[0,3,8,10],"date_utc":10,"datetim":0,"davmail":5,"db_path":0,"dbip":[0,12],"dce":12,"dcr":12,"dcr_aggregate_stream":12,"dcr_forensic_stream":12,"dcr_immutable_id":12,"dcr_smtp_tls_stream":12,"dd":0,"de":10,"dearmor":4,"deb":4,"debian":[4,5,6],"debug":12,"decemb":6,"decod":0,"decode_base64":0,"default":[0,2,4,5,6,7,12],"defens":5,"delai":[2,10],"deleg":12,"delet":[0,2,4,12],"delivery_result":10,"demystifi":3,"depend":[4,5,12],"deploi":[3,8],"describ":12,"descript":[2,6,12],"destin":0,"detail":[6,7],"dev":[6,12],"devel":6,"develop":5,"devicecod":12,"di":10,"dict":0,"dictionari":0,"differ":[6,7,12],"digest":[3,8],"directori":[0,12],"disabl":[2,12],"disclaim":[3,8],"disk":12,"displai":[3,7,11],"display_nam":10,"disposit":[7,10],"distribut":6,"dkim":[5,7,8,10],"dkim_align":10,"dkim_domain":10,"dkim_result":10,"dkim_selector":10,"dkm":3,"dmarc":[0,4,6,8,9,10,11,12],"dmarc_aggreg":4,"dmarc_align":10,"dmarc_forens":4,"dmarc_moderation_act":[3,8],"dmarc_none_moderation_act":[3,8],"dmarc_quarantine_moderation_act":[3,8],"dmarcian":5,"dmarcresport":12,"dn":[0,3,7,12],"dnf":6,"dns_test_address":12,"dns_timeout":[0,12],"do":[0,2,6,7,12],"doc":9,"doctyp":10,"document":[2,12],"doe":[3,8],"domain":[0,4,7,8,10,12],"domainawar":[1,3,12],"don":3,"down":7,"download":[0,2,4,6,12],"downloaderror":0,"draft":[5,10],"dtd":10,"dummi":12,"dure":2,"e":[0,2,3,4,6,8,12],"e7":10,"each":[4,6,9,11,12],"earlier":7,"easi":[4,9],"easier":11,"echo":4,"edit":[2,6,12],"editor":11,"effici":4,"either":[5,12],"elast":[4,5],"elasticsearch":[0,5,12],"elasticsearcherror":0,"elk":12,"els":4,"email":[0,3,5,6,7,8,10,11,12],"email_result":0,"emailparsererror":0,"empti":[3,8],"en":[3,4,8,10],"enabl":[2,4,12],"enableew":2,"enablekeepal":2,"enableproxi":2,"encod":[0,10,12],"encount":0,"encrypt":[4,12],"encryptedsavedobject":4,"encryptionkei":4,"end":[3,4,5],"end_dat":10,"endpoint":12,"endpoint_url":12,"enforc":[3,8],"enrol":4,"ensur":[3,6,8],"entir":[3,7,8],"envelop":3,"envelope_from":10,"envelope_to":10,"environ":6,"eol":5,"error":[0,10,12],"escap":12,"especi":7,"etc":[2,3,4,6,8,12],"even":[2,3,8,12],"event":[2,11,12],"everi":[2,6,12],"ew":5,"ex":12,"exactli":[3,8],"exampl":[3,4,6,8,10,12],"except":[0,12],"exchang":[2,10,12],"exclud":2,"execstart":[2,12],"exist":[0,3,4,8],"exit":12,"expiringdict":0,"explain":[3,8],"explicit":[3,8],"explicitli":6,"export":4,"extract":[0,2],"extract_report":0,"extract_report_from_file_path":0,"ey":[2,12],"f":4,"factor":2,"fail":[0,3,7,8,10,12],"failed_session_count":10,"failur":[5,7,10,12],"failure_detail":10,"fall":12,"fallback":6,"fals":[0,2,6,10,12],"fantast":[3,8],"faster":12,"featur":[4,12],"feedback":0,"feedback_report":0,"feedback_typ":10,"fetch":[0,12],"few":[7,12],"field":4,"file":[0,2,5,6,11],"file_path":[0,12],"filenam":[0,12],"filename_safe_subject":10,"filepath":12,"fill":[4,6],"filter":[3,7,8,11],"financ":12,"find":[3,7,8,12],"fine":[3,8],"first":[3,6,8,12],"first_strip_reply_to":[3,8],"fit":[3,8],"fix":4,"flag":[0,2],"flat":0,"flexibl":11,"flight":12,"float":[0,12],"fo":10,"folder":[0,2,12],"foldersizelimit":2,"follow":[2,4,5],"footer":[3,8],"forens":[0,5,11,12],"forensic_csv_filenam":[0,12],"forensic_index":0,"forensic_json_filenam":[0,12],"forensic_report":0,"forensic_top":12,"forensic_url":12,"format":[0,6,12],"forward":[3,7,8],"found":[0,6,12],"foundat":10,"fqdn":4,"fraud":5,"free":6,"friendli":7,"from":[0,2,3,4,5,6,7,8,10,12],"from_is_list":[3,8],"ftp_proxi":6,"full":12,"fulli":[3,8],"function":0,"further":7,"g":[2,3,4,8,12],"gatewai":2,"gb":4,"gdpr":[4,9],"gelf":12,"gener":[3,4,6,8,10,12],"geoip":6,"geolite2":6,"geoloc":[0,12],"get":[0,2,4,6,12],"get_base_domain":0,"get_dmarc_reports_from_mailbox":0,"get_dmarc_reports_from_mbox":0,"get_filename_safe_str":0,"get_ip_address_countri":0,"get_ip_address_info":0,"get_report_zip":0,"get_reverse_dn":0,"get_service_from_reverse_dns_base_domain":0,"github":[1,6,10,12],"give":[0,4],"given":[0,12],"glass":7,"gmail":[5,7,12],"gmail_api":12,"go":[3,8],"goe":[3,8],"googl":[7,12],"googleapi":12,"got":12,"gov":12,"gpg":4,"grafana":5,"grant":12,"graph":[2,5,7,12],"graph_url":12,"group":[2,7,12],"guid":[4,5],"gzip":[0,5],"h":[0,12],"ha":[4,7,12],"hamburg":4,"hand":[3,8],"handl":[5,12],"has_defect":10,"have":[3,4,6,7,8,11,12],"head":10,"header":[0,3,7,8,10,12],"header_from":10,"headless":2,"health":12,"healthcar":12,"heap":4,"heavi":4,"hec":[0,11,12],"hecclient":0,"hectokengoesher":12,"help":5,"here":[3,8,10,12],"hh":0,"hi":[3,8],"high":7,"higher":[3,8],"highli":12,"hop":10,"host":[0,2,3,4,5,8,12],"hostnam":[0,12],"hour":[0,12],"hover":7,"how":5,"howev":6,"href":10,"html":[3,4,8,10],"http":[0,1,2,3,4,6,8,9,10,11,12],"http_proxi":6,"https_proxi":6,"human":[0,7],"human_timestamp":0,"human_timestamp_to_datetim":0,"human_timestamp_to_unix_timestamp":0,"i":[0,2,3,4,5,6,7,8,10,12],"icon":7,"id":[3,8,10,12],"ideal":[3,8],"ident":[3,8,12],"identifi":10,"idl":[0,2,12],"imap":[0,2,5,12],"imapalwaysapproxmsgs":2,"imapautoexpung":2,"imapidledelai":2,"imapport":2,"immedi":2,"immut":12,"impli":12,"import":[4,7],"improv":12,"inbox":[0,3,5,8,12],"inc":10,"includ":[0,3,6,7,8,12],"include_list_post_head":[3,8],"include_rfc2369_head":[3,8],"include_sender_head":[3,8],"include_spam_trash":12,"incom":[7,12],"incorrect":12,"increas":[4,12],"indent":12,"index":[0,5,9,11,12],"index_prefix":[0,12],"index_prefix_domain_map":12,"index_suffix":[0,12],"indic":[3,5],"individu":12,"industri":12,"inform":[0,4,6,7,12],"ingest":12,"ini":[2,12],"initi":0,"input":0,"input_":0,"insid":6,"instal":[2,5,12],"instanc":12,"instead":[0,3,6,8,12],"int":[0,12],"intend":[3,8],"interact":[2,4],"interakt":10,"interfer":[3,8],"intern":6,"interv":12,"interval_begin":10,"interval_end":10,"invalid":0,"invalidaggregatereport":0,"invaliddmarcreport":0,"invalidforensicreport":0,"invalidsmtptlsreport":0,"io":[0,12],"ip":[0,3,4,6,7,12],"ip_address":[0,10],"ip_db_path":[0,6,12],"ipdb":6,"ipv4":0,"ipv6":0,"is_mbox":0,"is_outlook_msg":0,"iso":0,"issu":[1,5],"java":2,"job":[3,6,8],"joe":[3,8],"journalctl":[2,12],"jre":2,"json":[0,5,12],"june":5,"just":7,"jvm":4,"kafka":[5,12],"kb4099855":6,"kb4134118":6,"kb4295699":6,"keep":0,"keep_al":0,"keepal":2,"kei":[0,3,4,6,12],"keyout":4,"keyr":4,"keystor":4,"kibana":[5,11],"kind":12,"know":3,"known":[3,7,8,12],"label":12,"languag":[3,8],"larg":2,"larger":12,"later":[4,6,12],"latest":[2,4,6,9],"layer":0,"layout":11,"leak":7,"least":[4,6,12],"leav":3,"left":7,"legal":[3,8],"legitim":[7,12],"level":[3,4],"libemail":6,"libxml2":6,"libxslt":6,"licens":6,"life":5,"like":[0,3,6,8,12],"limit":[0,2,12],"line":[3,8,12],"link":[3,4,7,8],"linux":[3,6,8],"list":[0,2,4,5,7,12],"listen":[2,12],"lite":6,"ll":[3,8],"load":4,"local":[0,2,4,10,12],"local_file_path":0,"local_reverse_dns_map_path":12,"localhost":12,"locat":[6,7,12],"log":[2,12],"log_analyt":12,"log_fil":12,"logger":12,"login":4,"logstash":4,"long":3,"longer":[3,8],"look":[3,7],"lookup":0,"loopback":2,"lot":7,"lua":10,"m":[0,6,10,12],"m365":12,"maco":6,"magnifi":7,"mai":[5,7,12],"maidir":12,"mail":[0,5,6,10,12],"mail_bcc":0,"mail_cc":0,"mail_from":0,"mail_to":0,"mailbox":[0,7,12],"mailbox_connect":0,"mailboxconnect":0,"maildir":12,"maildir_cr":12,"maildir_path":12,"mailer":10,"mailrelai":10,"mailto":6,"main":4,"maintain":5,"make":[0,3,4,8,9,12],"malici":[7,12],"manag":[4,12],"manual":12,"map":[0,12],"market":7,"match":[0,4,11,12],"max_ag":10,"max_shards_per_nod":12,"maximum":4,"maxmind":[0,6,12],"mbox":[0,12],"mechan":3,"member":[3,8],"mention":7,"menu":[4,7],"messag":[0,2,3,4,6,7,8,10,12],"message_id":10,"meta":10,"method":12,"mfrom":10,"microsoft":[2,5,10,12],"might":[0,3,7,8],"migrate_index":0,"mime":10,"minimum":4,"minut":[0,2,12],"mitig":[3,8],"mkdir":6,"mm":0,"mmdb":[0,12],"mobil":[3,8],"mode":[2,4,10,12],"modern":[2,3,8],"modifi":[3,8,12],"modul":[0,5,12],"mon":10,"monitor":[3,12],"monthli":[0,12],"monthly_index":[0,12],"more":[0,4,6,11,12],"most":[3,4,7,8,12],"mous":7,"move":[0,4,12],"msg":[0,6],"msg_byte":0,"msg_date":0,"msg_footer":[3,8],"msg_header":[3,8],"msgconvert":[0,6],"msgraph":12,"much":12,"multi":[2,5],"multipl":12,"mung":[3,8],"must":[2,3,8,12],"mutual":4,"mv":4,"mx":10,"my":12,"n":[10,12],"n_proc":12,"name":[0,3,4,7,10,11,12],"nameserv":[0,12],"nano":[2,12],"nation":12,"navig":[3,6,8],"ncontent":10,"ndate":10,"ndjson":4,"need":[2,3,4,6,7,8,12],"nelson":[3,8],"net":[2,12],"network":[2,4,12],"new":[0,2,3,6,7,12],"newer":6,"newest":[2,12],"newkei":4,"next":[0,12],"nfrom":10,"nmessag":10,"nmime":10,"node":4,"non":[3,8,12],"none":[0,3,10,12],"noproxyfor":2,"norepli":[3,10],"normal":[0,10,12],"normalize_timespan_threshold_hour":0,"normalized_timespan":10,"nosecureimap":2,"notabl":7,"now":[4,7],"nsubject":10,"nto":10,"null":10,"number":[0,12],"number_of_replica":[0,12],"number_of_shard":[0,12],"nwettbewerb":10,"nx":10,"o":[2,4,12],"oauth2":12,"oauth2_port":12,"object":[0,4],"observ":7,"occur":[0,7],"occurr":11,"oct":10,"offic":2,"office365":2,"offlin":[0,12],"often":7,"ol":[0,6],"old":7,"older":[6,10],"oldest":[2,12],"onc":6,"ondmarc":5,"one":[0,3,5,8,12],"onli":[2,3,6,7,8,12],"onlin":[0,2,12],"oor":0,"open":3,"opendn":12,"opensearch":[5,12],"opensearcherror":0,"openssl":4,"opt":[2,6,12],"option":[0,2,3,4,5,8,11,12],"order":6,"ordereddict":0,"org":[0,6,9,10,12],"org_email":10,"org_extra_contact_info":10,"org_nam":10,"organ":[2,7,12],"organization_nam":10,"origin":[3,8,12],"original_envelope_id":10,"original_mail_from":10,"original_rcpt_to":10,"original_timespan_second":10,"other":[0,3,4,7,8],"our":7,"out":[3,4,7],"outdat":7,"outgo":[3,8,12],"outlook":[0,2,6],"output":[0,5,12],"output_directori":0,"outsid":12,"over":[2,5,7],"overrid":[0,12],"overridden":6,"overwrit":4,"owa":5,"own":[7,11],"p":[3,6,10],"p12":4,"pack":4,"packag":[0,4],"pad":0,"page":[3,4,6,7,8],"paginate_messag":12,"pan":10,"parallel":12,"paramet":0,"parent":7,"pars":[0,3,5,6,10,12],"parse_aggregate_report_fil":0,"parse_aggregate_report_xml":0,"parse_email":0,"parse_forensic_report":0,"parse_report_email":0,"parse_report_fil":0,"parse_smtp_tls_report_json":0,"parsed_aggregate_reports_to_csv":0,"parsed_aggregate_reports_to_csv_row":0,"parsed_forensic_reports_to_csv":0,"parsed_forensic_reports_to_csv_row":0,"parsed_sampl":10,"parsed_smtp_tls_reports_to_csv":0,"parsed_smtp_tls_reports_to_csv_row":0,"parsedmarc":[4,9,10,11],"parser":0,"parsererror":0,"part":[3,4,7,8],"particular":7,"particularli":[5,12],"pass":[3,7,10],"passag":7,"passsword":12,"password":[0,4,6,12],"past":[4,11],"patch":6,"path":[0,4,12],"pattern":[5,7],"payload":[0,12],"pct":10,"per":12,"percentag":7,"perform":[2,12],"period":12,"perl":[0,6],"permiss":[4,12],"persist":12,"peter":10,"pie":7,"pin":5,"pip":6,"place":[4,7,12],"plain":0,"plaintext":[3,8],"platform":[3,8],"pleas":[1,5,12],"plu":7,"polici":[3,8,10,12],"policy_domain":10,"policy_evalu":10,"policy_override_com":10,"policy_override_reason":10,"policy_publish":10,"policy_str":10,"policy_typ":10,"policyscopegroupid":12,"poll":[2,12],"port":[0,2,12],"posit":12,"possibl":12,"post":[3,8,12],"poster":[3,8],"postoriu":[3,8],"powershel":12,"ppa":6,"pre":[6,12],"prefer":[2,6],"prefix":[0,3,8,12],"premad":[5,11],"prerequisit":5,"present":12,"pretti":12,"prettifi":12,"previou":[0,2,4,12],"previous":[4,7],"print":12,"printabl":10,"privaci":[3,6,7,8,12],"process":[0,2,5,6,12],"produc":10,"program":12,"programdata":6,"project":[0,2,3,5,11],"prompt":4,"proofpoint":5,"properti":2,"protect":[2,3,5,8,12],"provid":[4,7,12],"prox":6,"proxi":2,"proxyhost":2,"proxypassword":2,"proxyport":2,"proxyus":2,"pry":[2,12],"psl_overrid":0,"public":[0,3,10,12],"public_suffix_list":0,"publicbaseurl":4,"publicsuffix":0,"publish":3,"put":[4,12],"python":[0,6],"python3":6,"python39":6,"qo":4,"quarantin":[3,8],"queri":[0,12],"query_dn":0,"quickstart":12,"quot":10,"r":[2,6,10,12],"rais":0,"ram":4,"rather":[3,8],"read":[0,12],"readabl":0,"readwrit":12,"realli":3,"reason":[0,2,4,5,12],"receiv":[0,10,12],"receiving_ip":10,"receiving_mx_hostnam":10,"recipi":7,"recogn":7,"recommend":12,"record":[0,5,6,10],"record_typ":0,"refer":[4,5],"regard":12,"regardless":10,"region":12,"region_nam":12,"regist":6,"registr":12,"regul":[4,6,9,12],"regular":[3,8],"reject":[3,8],"relai":[3,8],"relat":[3,12],"releas":[4,6],"reli":7,"reliabl":12,"reload":[2,4,12],"remain":7,"remot":2,"remov":[0,3,4,8,12],"repeat":[3,8],"replac":[0,3,4,8],"repli":[2,3,8],"replica":[0,12],"reply_goes_to_list":[3,8],"reply_to":10,"replyto":[3,8],"report":[0,4,7,11,12],"report_id":10,"report_metadata":10,"report_typ":0,"reported_domain":10,"reports_fold":[0,12],"repositori":[6,11],"req":4,"request":[2,4,12],"requir":[0,2,3,4,6,8,12],"require_encrypt":0,"resid":12,"resolv":[0,12],"resourc":[0,4,5,12],"respons":[0,12],"restart":[2,3,4,8,12],"restartsec":[2,12],"restor":4,"restrict":12,"restrictaccess":12,"result":[0,5,7,10,12],"result_typ":10,"retain":[3,8],"retent":5,"retriev":2,"return":0,"revers":[0,7,12],"reverse_dn":[0,10],"reverse_dns_base_domain":0,"reverse_dns_map":0,"reverse_dns_map_path":0,"reverse_dns_map_url":[0,12],"review":[5,7],"rewrit":[3,8],"rfc":[0,3,8,10],"rfc2369":[3,8],"rfc822":2,"rhel":[4,5,6],"rhhel":5,"right":[4,7],"rm":4,"ro":0,"rollup":6,"root":[2,12],"rpm":4,"rsa":4,"rua":[5,6],"ruf":[5,6,7,12],"rule":[7,12],"run":[0,4,5,6],"rw":[2,12],"s3":12,"safe":0,"same":[3,4,6,7,11],"sampl":[0,5,12],"sample_headers_onli":10,"save":[0,4,6,12],"save_aggreg":12,"save_aggregate_report_to_elasticsearch":0,"save_aggregate_report_to_opensearch":0,"save_aggregate_reports_to_splunk":0,"save_forens":12,"save_forensic_report_to_elasticsearch":0,"save_forensic_report_to_opensearch":0,"save_forensic_reports_to_splunk":0,"save_output":0,"save_smtp_tl":12,"save_smtp_tls_report_to_elasticsearch":0,"save_smtp_tls_report_to_opensearch":0,"save_smtp_tls_reports_to_splunk":0,"schedul":6,"schema":10,"scope":[10,12],"scrub_nondigest":[3,8],"search":[0,3,8,12],"second":[0,2,12],"secret":12,"secret_access_kei":12,"section":12,"secur":[0,4,12],"see":[2,3,4,5,7,12],"segment":7,"select":6,"selector":10,"self":[4,5],"send":[0,2,3,4,5,7,8,11,12],"sender":[5,7,8],"sending_mta_ip":10,"sensit":12,"sent":[3,8,12],"separ":[3,4,6,7,9,11,12],"server":[0,2,3,4,6,7,10,12],"server_ip":4,"servernameon":10,"servic":[0,3,4,5,7,8],"session":7,"set":[0,2,3,4,6,7,8,9,12],"set_host":0,"setup":[4,9,12],"setuptool":6,"shard":[0,12],"share":[4,12],"sharepoint":10,"should":[3,6,7,8,12],"shouldn":[3,8],"show":[2,7,12],"side":7,"sign":[3,4,6],"signatur":[3,7,8],"silent":12,"similar":7,"simpl":5,"simplifi":0,"sinc":[0,12],"singl":[0,12],"sister":3,"size":[2,4],"skip":12,"skip_certificate_verif":12,"slightli":11,"small":4,"smtp":[0,3,5,7,12],"smtp_tl":[0,12],"smtp_tls_csv_filenam":[0,12],"smtp_tls_json_filenam":[0,12],"smtp_tls_url":12,"so":[3,6,7,8,12],"socket":2,"solut":6,"some":[0,2,3,4,7,8],"someon":4,"sometim":12,"sort":[7,12],"sourc":[0,3,4,6,7,10],"source_base_domain":10,"source_countri":10,"source_ip_address":10,"source_nam":10,"source_reverse_dn":10,"source_typ":10,"sourceforg":2,"sp":[3,10],"spam":12,"special":12,"specif":[3,12],"specifi":[2,3],"spf":[7,10],"spf_align":10,"spf_domain":10,"spf_result":10,"spf_scope":10,"splunk":[5,12],"splunk_hec":12,"splunkerror":0,"splunkhec":12,"spoof":[3,8],"ss":0,"ssl":[0,2,4,12],"ssl_cert_path":0,"st":[10,12],"stabl":4,"stack":[4,12],"standard":[0,5,10],"start":[0,2,4,6,7,9,11,12],"starttl":12,"static":6,"statu":[2,12],"stdout":12,"step":[3,4,8],"still":[3,6,8,10,12],"storag":[0,12],"store":[2,4,9],"str":[0,12],"stream":12,"string":0,"strip":[3,8,12],"strip_attachment_payload":[0,12],"strongli":12,"structur":5,"stsv1":10,"subdomain":[0,3,12],"subject":[0,3,8,10,12],"subject_prefix":[3,8],"subsidiari":7,"successful_session_count":10,"sudo":[2,4,6,12],"suffix":[0,12],"suggest":7,"suitabl":0,"summari":[3,5,8],"suppli":[0,7,12],"support":[2,5,10,11],"sure":[4,6],"sw50zxjha3rpdmugv2v0dgjld2vyymvylcocymvyc2ljahq":10,"switch":7,"syslog":[2,12],"system":[2,3,4,6,8,12],"systemctl":[2,4,12],"systemd":5,"systemdr":6,"t":[5,8,12],"tab":[3,4,8],"tabl":[5,7],"tag":6,"target":[2,12],"task":6,"tby":10,"tcp":12,"tee":4,"tell":[3,6,7,8],"templat":[3,8],"temporari":7,"tenant":5,"tenant_id":12,"term":6,"test":[0,10,12],"text":[0,10],"than":[3,4,8,12],"thank":[5,10],"thei":[3,6,7,8,12],"theirs":3,"them":[0,4,7,12],"therebi":[3,8],"thi":[0,2,3,4,5,6,7,8,10,12],"those":6,"thousand":12,"three":7,"through":3,"time":[0,2,4,6,7,12],"timeout":[0,2,12],"timespan":0,"timespan_requires_norm":10,"timestamp":0,"timestamp_to_datetim":0,"timestamp_to_human":0,"timezon":10,"tl":[0,5,12],"tld":3,"to_domain":10,"to_utc":0,"token":[0,4,12],"token_fil":12,"tool":[6,12],"top":[3,7],"topic":12,"touch":[3,8],"tracker":1,"tradit":[3,8],"trail":12,"transfer":10,"transpar":5,"transport":[4,12],"trash":12,"true":[0,2,4,10,12],"trust":12,"truststor":4,"try":12,"tuesdai":6,"two":6,"txt":0,"type":[0,10,12],"u":[2,6,10,12],"ubuntu":[4,6],"udp":12,"ui":[3,8],"uncondition":[3,8],"under":[4,6,7],"underneath":7,"underscor":12,"understand":[5,7],"unencrypt":12,"unfortun":[3,8],"unit":[0,2,12],"unix":0,"unknown":0,"unsubscrib":[3,8],"until":[0,5,12],"unzip":2,"up":[0,2,4,6,7,9,12],"updat":[0,4,6,12],"upersecur":12,"upgrad":[2,5,6,12],"upload":12,"upper":7,"uri":6,"url":[0,2,12],"us":[0,3,4,5,8,10],"usag":12,"use_ssl":0,"user":[2,3,4,5,6,8,10,12],"user_ag":10,"useradd":[2,6],"usernam":[0,12],"usernamepassword":12,"usesystemproxi":2,"usr":4,"utc":0,"utf":10,"util":5,"v":[6,12],"valid":[0,7,10,12],"valimail":5,"valu":[0,3,4,7,8,12],"var":[3,8],"variou":6,"vendor":3,"venv":[6,12],"verbos":12,"veri":[4,7,12],"verif":[4,12],"verifi":0,"verification_mod":4,"version":[2,4,5,6,9,10,11,12],"vew":2,"via":2,"view":[7,12],"vim":4,"virtualenv":6,"visual":[4,9],"volum":7,"vulner":3,"w":[0,12],"w3c":10,"wa":[3,4,6,8],"wai":[4,7],"wait":[0,12],"want":[2,5,12],"wantedbi":[2,12],"warn":12,"watch":[0,2,4,12],"watch_inbox":0,"watcher":12,"web":[2,4],"webdav":2,"webhook":12,"webmail":[3,7,8],"week":[0,12],"weekli":6,"well":[2,12],"were":[7,12],"wettbewerb":10,"wget":4,"whalensolut":12,"what":5,"when":[0,3,5,7,8,12],"whenev":[0,2,12],"where":[0,2,3,8,12],"wherea":7,"wherev":12,"whether":0,"which":[2,4,5,7,12],"while":[7,12],"who":7,"why":[3,7],"wide":[6,10],"wiki":10,"window":6,"without":[3,4,7,8,12],"won":5,"work":[2,3,5,6,7,8],"workstat":2,"worst":3,"would":[3,5,6,8],"wrap":[3,8],"write":12,"www":[4,6,12],"x":[4,10],"x509":4,"xennn":10,"xml":[0,11],"xml_schema":10,"xms4g":4,"xmx4g":4,"xpack":4,"xxxx":4,"y":[4,6],"yahoo":7,"yaml":12,"ye":[3,8],"year":12,"yet":3,"yml":4,"you":[2,3,4,5,6,7,8,12],"your":[3,4,6,7,8,11,12],"yyyi":0,"zip":[0,2,5,12],"\u00fcbersicht":10},"titles":["API reference","Contributing to parsedmarc","Accessing an inbox using OWA/EWS","Understanding DMARC","Elasticsearch and Kibana","parsedmarc documentation - Open source DMARC report analyzer and visualizer","Installation","Using the Kibana dashboards","What about mailing lists?","OpenSearch and Grafana","Sample outputs","Splunk","Using parsedmarc"],"titleterms":{"2":[3,8],"3":[3,8],"about":[3,8],"access":2,"aggreg":10,"align":3,"an":2,"analyz":[5,6],"api":0,"best":[3,8],"bug":1,"cli":12,"compat":5,"configur":[2,12],"content":5,"contribut":1,"csv":10,"dashboard":7,"davmail":2,"depend":6,"dkim":3,"dmarc":[3,5,7],"do":[3,8],"document":5,"domain":3,"elast":0,"elasticsearch":4,"ew":2,"exchang":6,"featur":5,"file":12,"forens":[7,10],"geoipupd":6,"grafana":9,"guid":3,"help":12,"inbox":2,"index":4,"indic":0,"instal":[4,6,9],"json":10,"kibana":[4,7],"list":[3,8],"listserv":[3,8],"lookalik":3,"mail":[3,8],"mailman":[3,8],"microsoft":6,"multi":12,"multipl":6,"open":5,"opensearch":[0,9],"option":6,"output":10,"owa":2,"parsedmarc":[0,1,2,5,6,12],"pattern":4,"practic":[3,8],"prerequisit":6,"proxi":6,"python":5,"record":[3,4,9],"refer":0,"report":[1,5,6,10],"resourc":3,"retent":[4,9],"run":[2,12],"sampl":[7,10],"sender":3,"servic":[2,12],"setup":6,"smtp":10,"sourc":5,"spf":3,"splunk":[0,11],"summari":7,"support":[3,12],"systemd":[2,12],"t":3,"tabl":0,"tenant":12,"test":6,"tl":10,"understand":3,"upgrad":4,"us":[2,6,7,12],"util":0,"valid":3,"visual":5,"web":6,"what":[3,8],"won":3,"workaround":[3,8]}})
\ No newline at end of file
+Search.setIndex({"alltitles":{"API reference":[[0,null]],"Accessing an inbox using OWA/EWS":[[2,null]],"Bug reports":[[1,"bug-reports"]],"CLI help":[[12,"cli-help"]],"CSV aggregate report":[[10,"csv-aggregate-report"]],"CSV forensic report":[[10,"csv-forensic-report"]],"Configuration file":[[12,"configuration-file"]],"Configuring parsedmarc for DavMail":[[2,"configuring-parsedmarc-for-davmail"]],"Contents":[[5,null]],"Contributing to parsedmarc":[[1,null]],"DMARC Alignment Guide":[[3,"dmarc-alignment-guide"]],"DMARC Forensic Samples":[[7,"dmarc-forensic-samples"]],"DMARC Summary":[[7,"dmarc-summary"]],"DMARC guides":[[3,"dmarc-guides"]],"Do":[[3,"do"],[8,"do"]],"Do not":[[3,"do-not"],[8,"do-not"]],"Elasticsearch and Kibana":[[4,null]],"Features":[[5,"features"]],"Indices and tables":[[0,"indices-and-tables"]],"Installation":[[4,"installation"],[6,null],[9,"installation"]],"Installing parsedmarc":[[6,"installing-parsedmarc"]],"JSON SMTP TLS report":[[10,"json-smtp-tls-report"]],"JSON aggregate report":[[10,"json-aggregate-report"]],"JSON forensic report":[[10,"json-forensic-report"]],"LISTSERV":[[3,"listserv"],[8,"listserv"]],"Lookalike domains":[[3,"lookalike-domains"]],"Mailing list best practices":[[3,"mailing-list-best-practices"],[8,"mailing-list-best-practices"]],"Mailman 2":[[3,"mailman-2"],[3,"id1"],[8,"mailman-2"],[8,"id1"]],"Mailman 3":[[3,"mailman-3"],[3,"id2"],[8,"mailman-3"],[8,"id2"]],"Multi-tenant support":[[12,"multi-tenant-support"]],"OpenSearch and Grafana":[[9,null]],"Optional dependencies":[[6,"optional-dependencies"]],"Prerequisites":[[6,"prerequisites"]],"Python Compatibility":[[5,"python-compatibility"]],"Records retention":[[4,"records-retention"],[9,"records-retention"]],"Resources":[[3,"resources"]],"Running DavMail as a systemd service":[[2,"running-davmail-as-a-systemd-service"]],"Running parsedmarc as a systemd service":[[12,"running-parsedmarc-as-a-systemd-service"]],"SPF and DMARC record validation":[[3,"spf-and-dmarc-record-validation"]],"Sample aggregate report output":[[10,"sample-aggregate-report-output"]],"Sample forensic report output":[[10,"sample-forensic-report-output"]],"Sample outputs":[[10,null]],"Splunk":[[11,null]],"Testing multiple report analyzers":[[6,"testing-multiple-report-analyzers"]],"Understanding DMARC":[[3,null]],"Upgrading Kibana index patterns":[[4,"upgrading-kibana-index-patterns"]],"Using Microsoft Exchange":[[6,"using-microsoft-exchange"]],"Using a web proxy":[[6,"using-a-web-proxy"]],"Using parsedmarc":[[12,null]],"Using the Kibana dashboards":[[7,null]],"What about mailing lists?":[[3,"what-about-mailing-lists"],[8,null]],"What if a sender won\u2019t support DKIM/DMARC?":[[3,"what-if-a-sender-wont-support-dkim-dmarc"]],"Workarounds":[[3,"workarounds"],[8,"workarounds"]],"geoipupdate setup":[[6,"geoipupdate-setup"]],"parsedmarc":[[0,"module-parsedmarc"]],"parsedmarc documentation - Open source DMARC report analyzer and visualizer":[[5,null]],"parsedmarc.elastic":[[0,"module-parsedmarc.elastic"]],"parsedmarc.opensearch":[[0,"module-parsedmarc.opensearch"]],"parsedmarc.splunk":[[0,"module-parsedmarc.splunk"]],"parsedmarc.utils":[[0,"module-parsedmarc.utils"]]},"docnames":["api","contributing","davmail","dmarc","elasticsearch","index","installation","kibana","mailing-lists","opensearch","output","splunk","usage"],"envversion":{"sphinx":65,"sphinx.domains.c":3,"sphinx.domains.changeset":1,"sphinx.domains.citation":1,"sphinx.domains.cpp":9,"sphinx.domains.index":1,"sphinx.domains.javascript":3,"sphinx.domains.math":2,"sphinx.domains.python":4,"sphinx.domains.rst":2,"sphinx.domains.std":2,"sphinx.ext.todo":2,"sphinx.ext.viewcode":1},"filenames":["api.md","contributing.md","davmail.md","dmarc.md","elasticsearch.md","index.md","installation.md","kibana.md","mailing-lists.md","opensearch.md","output.md","splunk.md","usage.md"],"indexentries":{"alreadysaved":[[0,"parsedmarc.elastic.AlreadySaved",false],[0,"parsedmarc.opensearch.AlreadySaved",false]],"convert_outlook_msg() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.convert_outlook_msg",false]],"create_indexes() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.create_indexes",false]],"create_indexes() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.create_indexes",false]],"decode_base64() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.decode_base64",false]],"downloaderror":[[0,"parsedmarc.utils.DownloadError",false]],"elasticsearcherror":[[0,"parsedmarc.elastic.ElasticsearchError",false]],"email_results() (in module parsedmarc)":[[0,"parsedmarc.email_results",false]],"emailparsererror":[[0,"parsedmarc.utils.EmailParserError",false]],"extract_report() (in module parsedmarc)":[[0,"parsedmarc.extract_report",false]],"extract_report_from_file_path() (in module parsedmarc)":[[0,"parsedmarc.extract_report_from_file_path",false]],"get_base_domain() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_base_domain",false]],"get_dmarc_reports_from_mailbox() (in module parsedmarc)":[[0,"parsedmarc.get_dmarc_reports_from_mailbox",false]],"get_dmarc_reports_from_mbox() (in module parsedmarc)":[[0,"parsedmarc.get_dmarc_reports_from_mbox",false]],"get_filename_safe_string() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_filename_safe_string",false]],"get_ip_address_country() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_ip_address_country",false]],"get_ip_address_info() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_ip_address_info",false]],"get_report_zip() (in module parsedmarc)":[[0,"parsedmarc.get_report_zip",false]],"get_reverse_dns() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_reverse_dns",false]],"get_service_from_reverse_dns_base_domain() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.get_service_from_reverse_dns_base_domain",false]],"hecclient (class in parsedmarc.splunk)":[[0,"parsedmarc.splunk.HECClient",false]],"human_timestamp_to_datetime() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.human_timestamp_to_datetime",false]],"human_timestamp_to_unix_timestamp() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.human_timestamp_to_unix_timestamp",false]],"invalidaggregatereport":[[0,"parsedmarc.InvalidAggregateReport",false]],"invaliddmarcreport":[[0,"parsedmarc.InvalidDMARCReport",false]],"invalidforensicreport":[[0,"parsedmarc.InvalidForensicReport",false]],"invalidsmtptlsreport":[[0,"parsedmarc.InvalidSMTPTLSReport",false]],"is_mbox() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.is_mbox",false]],"is_outlook_msg() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.is_outlook_msg",false]],"migrate_indexes() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.migrate_indexes",false]],"migrate_indexes() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.migrate_indexes",false]],"module":[[0,"module-parsedmarc",false],[0,"module-parsedmarc.elastic",false],[0,"module-parsedmarc.opensearch",false],[0,"module-parsedmarc.splunk",false],[0,"module-parsedmarc.utils",false]],"opensearcherror":[[0,"parsedmarc.opensearch.OpenSearchError",false]],"parse_aggregate_report_file() (in module parsedmarc)":[[0,"parsedmarc.parse_aggregate_report_file",false]],"parse_aggregate_report_xml() (in module parsedmarc)":[[0,"parsedmarc.parse_aggregate_report_xml",false]],"parse_email() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.parse_email",false]],"parse_forensic_report() (in module parsedmarc)":[[0,"parsedmarc.parse_forensic_report",false]],"parse_report_email() (in module parsedmarc)":[[0,"parsedmarc.parse_report_email",false]],"parse_report_file() (in module parsedmarc)":[[0,"parsedmarc.parse_report_file",false]],"parse_smtp_tls_report_json() (in module parsedmarc)":[[0,"parsedmarc.parse_smtp_tls_report_json",false]],"parsed_aggregate_reports_to_csv() (in module parsedmarc)":[[0,"parsedmarc.parsed_aggregate_reports_to_csv",false]],"parsed_aggregate_reports_to_csv_rows() (in module parsedmarc)":[[0,"parsedmarc.parsed_aggregate_reports_to_csv_rows",false]],"parsed_forensic_reports_to_csv() (in module parsedmarc)":[[0,"parsedmarc.parsed_forensic_reports_to_csv",false]],"parsed_forensic_reports_to_csv_rows() (in module parsedmarc)":[[0,"parsedmarc.parsed_forensic_reports_to_csv_rows",false]],"parsed_smtp_tls_reports_to_csv() (in module parsedmarc)":[[0,"parsedmarc.parsed_smtp_tls_reports_to_csv",false]],"parsed_smtp_tls_reports_to_csv_rows() (in module parsedmarc)":[[0,"parsedmarc.parsed_smtp_tls_reports_to_csv_rows",false]],"parsedmarc":[[0,"module-parsedmarc",false]],"parsedmarc.elastic":[[0,"module-parsedmarc.elastic",false]],"parsedmarc.opensearch":[[0,"module-parsedmarc.opensearch",false]],"parsedmarc.splunk":[[0,"module-parsedmarc.splunk",false]],"parsedmarc.utils":[[0,"module-parsedmarc.utils",false]],"parsererror":[[0,"parsedmarc.ParserError",false]],"query_dns() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.query_dns",false]],"save_aggregate_report_to_elasticsearch() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.save_aggregate_report_to_elasticsearch",false]],"save_aggregate_report_to_elasticsearch() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.save_aggregate_report_to_elasticsearch",false]],"save_aggregate_reports_to_splunk() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.save_aggregate_reports_to_splunk",false]],"save_forensic_report_to_elasticsearch() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.save_forensic_report_to_elasticsearch",false]],"save_forensic_report_to_elasticsearch() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.save_forensic_report_to_elasticsearch",false]],"save_forensic_reports_to_splunk() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.save_forensic_reports_to_splunk",false]],"save_output() (in module parsedmarc)":[[0,"parsedmarc.save_output",false]],"save_smtp_tls_report_to_elasticsearch() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.save_smtp_tls_report_to_elasticsearch",false]],"save_smtp_tls_report_to_elasticsearch() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.save_smtp_tls_report_to_elasticsearch",false]],"save_smtp_tls_reports_to_splunk() (parsedmarc.splunk.hecclient method)":[[0,"parsedmarc.splunk.HECClient.save_smtp_tls_reports_to_splunk",false]],"set_hosts() (in module parsedmarc.elastic)":[[0,"parsedmarc.elastic.set_hosts",false]],"set_hosts() (in module parsedmarc.opensearch)":[[0,"parsedmarc.opensearch.set_hosts",false]],"splunkerror":[[0,"parsedmarc.splunk.SplunkError",false]],"timestamp_to_datetime() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.timestamp_to_datetime",false]],"timestamp_to_human() (in module parsedmarc.utils)":[[0,"parsedmarc.utils.timestamp_to_human",false]],"watch_inbox() (in module parsedmarc)":[[0,"parsedmarc.watch_inbox",false]]},"objects":{"":[[0,0,0,"-","parsedmarc"]],"parsedmarc":[[0,1,1,"","InvalidAggregateReport"],[0,1,1,"","InvalidDMARCReport"],[0,1,1,"","InvalidForensicReport"],[0,1,1,"","InvalidSMTPTLSReport"],[0,1,1,"","ParserError"],[0,0,0,"-","elastic"],[0,2,1,"","email_results"],[0,2,1,"","extract_report"],[0,2,1,"","extract_report_from_file_path"],[0,2,1,"","get_dmarc_reports_from_mailbox"],[0,2,1,"","get_dmarc_reports_from_mbox"],[0,2,1,"","get_report_zip"],[0,0,0,"-","opensearch"],[0,2,1,"","parse_aggregate_report_file"],[0,2,1,"","parse_aggregate_report_xml"],[0,2,1,"","parse_forensic_report"],[0,2,1,"","parse_report_email"],[0,2,1,"","parse_report_file"],[0,2,1,"","parse_smtp_tls_report_json"],[0,2,1,"","parsed_aggregate_reports_to_csv"],[0,2,1,"","parsed_aggregate_reports_to_csv_rows"],[0,2,1,"","parsed_forensic_reports_to_csv"],[0,2,1,"","parsed_forensic_reports_to_csv_rows"],[0,2,1,"","parsed_smtp_tls_reports_to_csv"],[0,2,1,"","parsed_smtp_tls_reports_to_csv_rows"],[0,2,1,"","save_output"],[0,0,0,"-","splunk"],[0,0,0,"-","utils"],[0,2,1,"","watch_inbox"]],"parsedmarc.elastic":[[0,1,1,"","AlreadySaved"],[0,1,1,"","ElasticsearchError"],[0,2,1,"","create_indexes"],[0,2,1,"","migrate_indexes"],[0,2,1,"","save_aggregate_report_to_elasticsearch"],[0,2,1,"","save_forensic_report_to_elasticsearch"],[0,2,1,"","save_smtp_tls_report_to_elasticsearch"],[0,2,1,"","set_hosts"]],"parsedmarc.opensearch":[[0,1,1,"","AlreadySaved"],[0,1,1,"","OpenSearchError"],[0,2,1,"","create_indexes"],[0,2,1,"","migrate_indexes"],[0,2,1,"","save_aggregate_report_to_elasticsearch"],[0,2,1,"","save_forensic_report_to_elasticsearch"],[0,2,1,"","save_smtp_tls_report_to_elasticsearch"],[0,2,1,"","set_hosts"]],"parsedmarc.splunk":[[0,3,1,"","HECClient"],[0,1,1,"","SplunkError"]],"parsedmarc.splunk.HECClient":[[0,4,1,"","save_aggregate_reports_to_splunk"],[0,4,1,"","save_forensic_reports_to_splunk"],[0,4,1,"","save_smtp_tls_reports_to_splunk"]],"parsedmarc.utils":[[0,1,1,"","DownloadError"],[0,1,1,"","EmailParserError"],[0,2,1,"","convert_outlook_msg"],[0,2,1,"","decode_base64"],[0,2,1,"","get_base_domain"],[0,2,1,"","get_filename_safe_string"],[0,2,1,"","get_ip_address_country"],[0,2,1,"","get_ip_address_info"],[0,2,1,"","get_reverse_dns"],[0,2,1,"","get_service_from_reverse_dns_base_domain"],[0,2,1,"","human_timestamp_to_datetime"],[0,2,1,"","human_timestamp_to_unix_timestamp"],[0,2,1,"","is_mbox"],[0,2,1,"","is_outlook_msg"],[0,2,1,"","parse_email"],[0,2,1,"","query_dns"],[0,2,1,"","timestamp_to_datetime"],[0,2,1,"","timestamp_to_human"]]},"objnames":{"0":["py","module","Python module"],"1":["py","exception","Python exception"],"2":["py","function","Python function"],"3":["py","class","Python class"],"4":["py","method","Python method"]},"objtypes":{"0":"py:module","1":"py:exception","2":"py:function","3":"py:class","4":"py:method"},"terms":{"":[0,2,3,4,6,8,10,12],"0":[0,2,3,4,5,6,8,9,10,11,12],"00":10,"003":10,"00z":10,"00z_exampl":10,"01":10,"0200":10,"0240":10,"04":10,"08":10,"09":10,"09t00":10,"09t23":10,"1":[0,2,4,5,6,10,12],"10":[0,5,6,10,12],"100":[10,12],"1000":12,"11":[5,6,10],"1143":2,"12":5,"12201":12,"127":[2,4,12],"13":5,"14":5,"150":10,"16":[3,8],"173":10,"176":10,"19":[10,12],"1d":12,"1g":4,"1w":12,"2":[0,4,10,12],"20":10,"2000":12,"201":10,"2010":[6,10],"2012":10,"2013":6,"2016":6,"2017a":[3,8],"2018":10,"2019":6,"2024":10,"2026":5,"2028":5,"2030":5,"2032":5,"2035":5,"208":10,"209":10,"21":6,"212":10,"22":6,"222":10,"23":10,"2369":[3,8],"24":0,"241":10,"25":12,"27":10,"28":10,"2919":[3,8],"2d":12,"2k":12,"3":[5,6,10,11,12],"30":[0,12],"300":2,"30937":10,"30th":6,"3128":6,"365":[2,4],"38":10,"3d":10,"3h":12,"4":[4,6,11],"4096":4,"41":10,"5":[2,4,9],"514":12,"5601":4,"59":10,"59z":10,"5m":[2,12],"6":[0,4,5,6,12],"60":[0,12],"660":4,"7":[4,5,6],"72":10,"7480":10,"8":[2,4,5,6,10,12],"8080":12,"822":0,"85":10,"86399":10,"86400":10,"9":[5,6],"9200":[4,12],"932":12,"9391651994964116463":10,"94":10,"993":12,"A":[0,3,12],"And":0,"As":[4,7],"Be":6,"By":[7,12],"For":[4,12],"If":[0,3,4,6,7,8,12],"In":[2,3,7,8,12],"It":[2,4,7,10,12],"No":[3,8],"On":[3,4,6,7,8],"Or":[4,6],"That":7,"The":[0,3,6,7,11,12],"Then":[2,3,4,6,8,12],"These":7,"To":[2,4,6,7,9,10,12],"With":7,"_cluster":12,"_input":0,"abl":6,"about":[0,5,6],"abov":[2,12],"accept":[3,4,8,12],"access":[0,4,5,6,12],"access_key_id":12,"access_token":0,"accessright":12,"accident":[3,8],"account":[6,7],"acm":10,"acquir":12,"across":7,"action":[3,8],"activ":[4,5,6],"active_primary_shard":12,"active_shard":12,"actual":[3,10],"ad":[3,6,8,12],"add":[2,3,4,6,7,8,12],"addit":[3,8,12],"address":[0,2,3,4,7,8,10,12],"addresse":7,"adkim":10,"admin":[3,8,12],"administr":[3,8],"after":[0,2,4,12],"against":[3,8],"agari":5,"agent":4,"aggreg":[0,5,7,11,12],"aggregate_csv_filenam":[0,12],"aggregate_index":0,"aggregate_json_filenam":[0,12],"aggregate_report":0,"aggregate_top":12,"aggregate_url":12,"align":[5,7,10],"aliv":0,"all":[3,5,7,8,11,12],"allow":[2,3,8,12],"allow_unencrypted_storag":12,"allowremot":2,"alreadysav":0,"also":[2,3,7,8,12],"alter":[3,8],"altern":[5,12],"although":11,"alwai":[0,2,4,12],"always_use_local_fil":[0,12],"an":[0,3,5,7,8,10,12],"analyz":12,"ani":[0,3,7,8,12],"anonym":10,"anoth":[6,12],"answer":[0,12],"apach":5,"api":[2,4,5,12],"api_kei":[0,12],"app":12,"appear":12,"appendix":10,"appid":12,"appli":12,"applic":12,"applicationaccesspolici":12,"approach":12,"approxim":2,"apt":[2,4,6],"ar":[0,2,3,4,5,6,7,8,10,12],"archiv":[0,12],"archive_fold":[0,12],"argument":12,"arriv":12,"arrival_d":10,"arrival_date_utc":10,"artifact":4,"ask":3,"asmx":2,"asn":6,"aspf":10,"assign":4,"assist":5,"associ":0,"attach":[0,3,8,10,12],"attachment_filenam":0,"attribut":6,"august":5,"auth":[2,10,12],"auth_failur":10,"auth_method":12,"auth_result":10,"authent":[0,2,3,4,7,12],"authentication_mechan":10,"authentication_result":10,"auto":2,"avoid":7,"azur":12,"b":[6,10],"b2c":7,"back":12,"base":[0,2,3,4,7,8,10],"base64":0,"base_domain":[0,10],"basic":[2,12],"batch_siz":[0,12],"bcc":[0,10],"bd6e1bb5":10,"becaus":[2,3,7,8,12],"been":[7,12],"befor":[0,12],"begin_d":10,"behind":6,"being":0,"below":[3,8,12],"best":7,"between":[4,7],"beyond":0,"bin":[2,4,6,12],"binari":0,"bind":2,"bindaddress":2,"blank":[3,8],"block":[2,12],"bodi":[0,3,8,10,12],"bool":[0,12],"brand":[5,7],"break":[3,4,8],"browser":4,"bucket":12,"bug":5,"build":6,"built":0,"busi":7,"buster":6,"button":[3,8],"byte":0,"c":[10,12],"ca":4,"cach":[0,12],"call":[7,12],"callabl":0,"callback":0,"came":[3,8],"can":[0,2,3,4,5,6,7,8,12],"cannot":[6,12],"case":[2,3,8],"caus":[3,4,7,8],"cc":[0,10],"center":7,"cento":[4,6],"cert":4,"cert_path":12,"certain":[0,12],"certif":[0,4,12],"cest":10,"chain":0,"chang":[4,7,11,12],"charact":[2,12],"charset":10,"chart":7,"check":[0,2,3,4,6,12],"check_timeout":[0,12],"checkbox":4,"checkdmarc":3,"chines":7,"chmod":[2,4,12],"choos":[3,8],"chown":[2,12],"cisco":12,"citi":6,"class":0,"cli":5,"click":[4,7],"client":[2,3,4,8,12],"client_id":12,"client_secret":12,"clientsecret":12,"clientsotimeout":2,"cloud":12,"cloudflar":[0,12],"cluster":[4,12],"co":4,"code":[0,4,5],"collect":[7,12],"collector":[11,12],"com":[1,2,3,8,9,10,12],"come":7,"comma":[6,12],"command":[2,3,8,12],"comment":12,"commerci":[4,5],"common":[3,4,6,8],"commun":[3,8],"complet":[3,4],"compli":[3,4,6,8,9],"compliant":[3,8],"compon":6,"compress":5,"conf":6,"config":[2,6,12],"config_fil":12,"configur":[3,4,5,6,7,8,9],"conform":4,"connect":[0,2,4,12],"connexion":4,"consid":[5,7],"consist":[0,5,10],"consol":[4,12],"consolid":7,"consum":7,"contact":7,"contain":[0,7,11,12],"content":[0,3,8,10,11],"contrib":6,"contribut":5,"contributor":5,"control":4,"convert":[0,3,8],"convert_outlook_msg":0,"copi":[0,6,11],"core":[3,8],"correct":6,"correctli":[7,12],"could":[3,4,8,12],"count":[2,10],"countri":[0,6,7,10],"crash":[2,4,12],"creat":[0,2,3,4,6,8,12],"create_fold":0,"create_index":0,"creativ":6,"credenti":[6,12],"credentials_fil":12,"cron":6,"crt":4,"csr":4,"csv":[0,5,12],"cumul":6,"current":[2,4,12],"custom":[7,12],"d":[0,4,12],"daemon":[2,4,12],"dai":[0,4,9,12],"daili":[0,12],"dashboard":[4,5,9,11],"dat":0,"data":[0,4,5,7,9,11,12],"databas":6,"date":[0,3,8,10],"date_utc":10,"datetim":0,"davmail":5,"db_path":0,"dbip":[0,12],"dce":12,"dcr":12,"dcr_aggregate_stream":12,"dcr_forensic_stream":12,"dcr_immutable_id":12,"dcr_smtp_tls_stream":12,"dd":0,"de":10,"dearmor":4,"deb":4,"debian":[4,5,6],"debug":12,"decemb":6,"decod":0,"decode_base64":0,"default":[0,2,4,5,6,7,12],"defens":5,"delai":[2,10],"deleg":12,"delet":[0,2,4,12],"delivery_result":10,"demystifi":3,"depend":[4,5,12],"deploi":[3,8],"describ":12,"descript":[2,6,12],"destin":0,"detail":[6,7],"dev":[6,12],"devel":6,"develop":5,"devicecod":12,"di":10,"dict":0,"dictionari":0,"differ":[6,7,12],"digest":[3,8],"directori":[0,12],"disabl":[2,12],"disclaim":[3,8],"disk":12,"displai":[3,7,11],"display_nam":10,"disposit":[7,10],"distribut":6,"dkim":[5,7,8,10],"dkim_align":10,"dkim_domain":10,"dkim_result":10,"dkim_selector":10,"dkm":3,"dmarc":[0,4,6,8,9,10,11,12],"dmarc_aggreg":4,"dmarc_align":10,"dmarc_forens":4,"dmarc_moderation_act":[3,8],"dmarc_none_moderation_act":[3,8],"dmarc_quarantine_moderation_act":[3,8],"dmarcian":5,"dmarcresport":12,"dn":[0,3,7,12],"dnf":6,"dns_test_address":12,"dns_timeout":[0,12],"do":[0,2,6,7,12],"doc":9,"doctyp":10,"document":[2,12],"doe":[3,8],"domain":[0,4,7,8,10,12],"domainawar":[1,3,12],"don":3,"down":7,"download":[0,2,4,6,12],"downloaderror":0,"draft":[5,10],"dtd":10,"dummi":12,"dure":2,"e":[0,2,3,4,6,8,12],"e7":10,"each":[4,6,9,11,12],"earlier":7,"easi":[4,9],"easier":11,"echo":4,"edit":[2,6,12],"editor":11,"effici":4,"either":[5,12],"elast":[4,5],"elasticsearch":[0,5,12],"elasticsearcherror":0,"elk":12,"els":4,"email":[0,3,5,6,7,8,10,11,12],"email_result":0,"emailparsererror":0,"empti":[3,8],"en":[3,4,8,10],"enabl":[2,4,12],"enableew":2,"enablekeepal":2,"enableproxi":2,"encod":[0,10,12],"encount":0,"encrypt":[4,12],"encryptedsavedobject":4,"encryptionkei":4,"end":[3,4,5],"end_dat":10,"endpoint":12,"endpoint_url":12,"enforc":[3,8],"enrol":4,"ensur":[3,6,8],"entir":[3,7,8],"envelop":3,"envelope_from":10,"envelope_to":10,"environ":6,"eol":5,"error":[0,10,12],"escap":12,"especi":7,"etc":[2,3,4,6,8,12],"even":[2,3,8,12],"event":[2,11,12],"everi":[2,6,12],"ew":5,"ex":12,"exactli":[3,8],"exampl":[3,4,6,8,10,12],"except":[0,12],"exchang":[2,10,12],"exclud":2,"execstart":[2,12],"exist":[0,3,4,8],"exit":12,"expiringdict":0,"explain":[3,8],"explicit":[3,8],"explicitli":6,"export":4,"extract":[0,2],"extract_report":0,"extract_report_from_file_path":0,"ey":[2,12],"f":4,"factor":2,"fail":[0,3,7,8,10,12],"failed_session_count":10,"failur":[5,7,10,12],"failure_detail":10,"fall":12,"fallback":6,"fals":[0,2,6,10,12],"fantast":[3,8],"faster":12,"featur":[4,12],"feedback":0,"feedback_report":0,"feedback_typ":10,"fetch":[0,12],"few":[7,12],"field":4,"file":[0,2,5,6,11],"file_path":[0,12],"filenam":[0,12],"filename_safe_subject":10,"filepath":12,"fill":[4,6],"filter":[3,7,8,11],"financ":12,"find":[3,7,8,12],"fine":[3,8],"first":[3,6,8,12],"first_strip_reply_to":[3,8],"fit":[3,8],"fix":4,"flag":[0,2],"flat":0,"flexibl":11,"flight":12,"float":[0,12],"fo":10,"folder":[0,2,12],"foldersizelimit":2,"follow":[2,4,5],"footer":[3,8],"forens":[0,5,11,12],"forensic_csv_filenam":[0,12],"forensic_index":0,"forensic_json_filenam":[0,12],"forensic_report":0,"forensic_top":12,"forensic_url":12,"format":[0,6,12],"forward":[3,7,8],"found":[0,6,12],"foundat":10,"fqdn":4,"fraud":5,"free":6,"friendli":7,"from":[0,2,3,4,5,6,7,8,10,12],"from_is_list":[3,8],"ftp_proxi":6,"full":12,"fulli":[3,8],"function":0,"further":7,"g":[2,3,4,8,12],"gatewai":2,"gb":4,"gdpr":[4,9],"gelf":12,"gener":[3,4,6,8,10,12],"geoip":6,"geolite2":6,"geoloc":[0,12],"get":[0,2,4,6,12],"get_base_domain":0,"get_dmarc_reports_from_mailbox":0,"get_dmarc_reports_from_mbox":0,"get_filename_safe_str":0,"get_ip_address_countri":0,"get_ip_address_info":0,"get_report_zip":0,"get_reverse_dn":0,"get_service_from_reverse_dns_base_domain":0,"github":[1,6,10,12],"give":[0,4],"given":[0,12],"glass":7,"gmail":[5,7,12],"gmail_api":12,"go":[3,8],"goe":[3,8],"googl":[7,12],"googleapi":12,"got":12,"gov":12,"gpg":4,"grafana":5,"grant":12,"graph":[2,5,7,12],"graph_url":12,"group":[2,7,12],"guid":[4,5],"gzip":[0,5],"h":[0,12],"ha":[4,7,12],"hamburg":4,"hand":[3,8],"handl":[5,12],"has_defect":10,"have":[3,4,6,7,8,11,12],"head":10,"header":[0,3,7,8,10,12],"header_from":10,"headless":2,"health":12,"healthcar":12,"heap":4,"heavi":4,"hec":[0,11,12],"hecclient":0,"hectokengoesher":12,"help":5,"here":[3,8,10,12],"hh":0,"hi":[3,8],"high":7,"higher":[3,8],"highli":12,"hop":10,"host":[0,2,3,4,5,8,12],"hostnam":[0,12],"hour":[0,12],"hover":7,"how":5,"howev":6,"href":10,"html":[3,4,8,10],"http":[0,1,2,3,4,6,8,9,10,11,12],"http_proxi":6,"https_proxi":6,"human":[0,7],"human_timestamp":0,"human_timestamp_to_datetim":0,"human_timestamp_to_unix_timestamp":0,"i":[0,2,3,4,5,6,7,8,10,12],"icon":7,"id":[3,8,10,12],"ideal":[3,8],"ident":[3,8,12],"identifi":10,"idl":[0,2,12],"imap":[0,2,5,12],"imapalwaysapproxmsgs":2,"imapautoexpung":2,"imapidledelai":2,"imapport":2,"immedi":2,"immut":12,"impli":12,"import":[4,7],"improv":12,"inbox":[0,3,5,8,12],"inc":10,"includ":[0,3,6,7,8,12],"include_list_post_head":[3,8],"include_rfc2369_head":[3,8],"include_sender_head":[3,8],"include_spam_trash":12,"incom":[7,12],"incorrect":12,"increas":[4,12],"indent":12,"index":[0,5,9,11,12],"index_prefix":[0,12],"index_prefix_domain_map":12,"index_suffix":[0,12],"indic":[3,5],"individu":12,"industri":12,"inform":[0,4,6,7,12],"ingest":12,"ini":[2,12],"initi":0,"input":0,"input_":0,"insid":6,"instal":[2,5,12],"instanc":12,"instead":[0,3,6,8,12],"int":[0,12],"intend":[3,8],"interact":[2,4],"interakt":10,"interfer":[3,8],"intern":6,"interv":12,"interval_begin":10,"interval_end":10,"invalid":0,"invalidaggregatereport":0,"invaliddmarcreport":0,"invalidforensicreport":0,"invalidsmtptlsreport":0,"io":[0,12],"ip":[0,3,4,6,7,12],"ip_address":[0,10],"ip_db_path":[0,6,12],"ipdb":6,"ipv4":0,"ipv6":0,"is_mbox":0,"is_outlook_msg":0,"iso":0,"issu":[1,5],"java":2,"job":[3,6,8],"joe":[3,8],"journalctl":[2,12],"jre":2,"json":[0,5,12],"june":5,"just":7,"jvm":4,"kafka":[5,12],"kb4099855":6,"kb4134118":6,"kb4295699":6,"keep":0,"keep_al":0,"keepal":2,"kei":[0,3,4,6,12],"keyout":4,"keyr":4,"keystor":4,"kibana":[5,11],"kind":12,"know":3,"known":[3,7,8,12],"label":12,"languag":[3,8],"larg":2,"larger":12,"later":[4,6,12],"latest":[2,4,6,9],"layer":0,"layout":11,"leak":7,"least":[4,6,12],"leav":3,"left":7,"legal":[3,8],"legitim":[7,12],"level":[3,4],"libemail":6,"libxml2":6,"libxslt":6,"licens":6,"life":5,"like":[0,3,6,8,12],"limit":[0,2,12],"line":[3,8,12],"link":[3,4,7,8],"linux":[3,6,8],"list":[0,2,4,5,7,12],"listen":[2,12],"lite":6,"ll":[3,8],"load":4,"local":[0,2,4,10,12],"local_file_path":0,"local_reverse_dns_map_path":12,"localhost":12,"locat":[6,7,12],"log":[2,12],"log_analyt":12,"log_fil":12,"logger":12,"login":4,"logstash":4,"long":3,"longer":[3,8],"look":[3,7],"lookup":0,"loopback":2,"lot":7,"lua":10,"m":[0,6,10,12],"m365":12,"maco":6,"magnifi":7,"mai":[5,7,12],"maidir":12,"mail":[0,5,6,10,12],"mail_bcc":0,"mail_cc":0,"mail_from":0,"mail_to":0,"mailbox":[0,7,12],"mailbox_connect":0,"mailboxconnect":0,"maildir":12,"maildir_cr":12,"maildir_path":12,"mailer":10,"mailrelai":10,"mailto":6,"main":4,"maintain":5,"make":[0,3,4,8,9,12],"malici":[7,12],"manag":[4,12],"manual":12,"map":[0,12],"market":7,"match":[0,4,11,12],"max_ag":10,"max_shards_per_nod":12,"maximum":4,"maxmind":[0,6,12],"mbox":[0,12],"mechan":3,"member":[3,8],"mention":7,"menu":[4,7],"messag":[0,2,3,4,6,7,8,10,12],"message_id":10,"meta":10,"method":12,"mfrom":10,"microsoft":[2,5,10,12],"might":[0,3,7,8],"migrate_index":0,"mime":10,"minimum":4,"minut":[0,2,12],"mitig":[3,8],"mkdir":6,"mm":0,"mmdb":[0,12],"mobil":[3,8],"mode":[2,4,10,12],"modern":[2,3,8],"modifi":[3,8,12],"modul":[0,5,12],"mon":10,"monitor":[3,12],"monthli":[0,12],"monthly_index":[0,12],"more":[0,4,6,11,12],"most":[3,4,7,8,12],"mous":7,"move":[0,4,12],"msg":[0,6],"msg_byte":0,"msg_date":0,"msg_footer":[3,8],"msg_header":[3,8],"msgconvert":[0,6],"msgraph":12,"much":12,"multi":[2,5],"multipl":12,"mung":[3,8],"must":[2,3,8,12],"mutual":4,"mv":4,"mx":10,"my":12,"n":[10,12],"n_proc":12,"name":[0,3,4,7,10,11,12],"nameserv":[0,12],"nano":[2,12],"nation":12,"navig":[3,6,8],"ncontent":10,"ndate":10,"ndjson":4,"need":[2,3,4,6,7,8,12],"nelson":[3,8],"net":[2,12],"network":[2,4,12],"new":[0,2,3,6,7,12],"newer":6,"newest":[2,12],"newkei":4,"next":[0,12],"nfrom":10,"nmessag":10,"nmime":10,"node":4,"non":[3,8,12],"none":[0,3,10,12],"noproxyfor":2,"norepli":[3,10],"normal":[0,10,12],"normalize_timespan_threshold_hour":0,"normalized_timespan":10,"nosecureimap":2,"notabl":7,"now":[4,7],"nsubject":10,"nto":10,"null":10,"number":[0,12],"number_of_replica":[0,12],"number_of_shard":[0,12],"nwettbewerb":10,"nx":10,"o":[2,4,12],"oauth2":12,"oauth2_port":12,"object":[0,4],"observ":7,"occur":[0,7],"occurr":11,"oct":10,"offic":2,"office365":2,"offlin":[0,12],"often":7,"ol":[0,6],"old":7,"older":[6,10],"oldest":[2,12],"onc":6,"ondmarc":5,"one":[0,3,5,8,12],"onli":[2,3,6,7,8,12],"onlin":[0,2,12],"oor":0,"open":3,"opendn":12,"opensearch":[5,12],"opensearcherror":0,"openssl":4,"opt":[2,6,12],"option":[0,2,3,4,5,8,11,12],"order":6,"ordereddict":0,"org":[0,6,9,10,12],"org_email":10,"org_extra_contact_info":10,"org_nam":10,"organ":[2,7,12],"organization_nam":10,"origin":[3,8,12],"original_envelope_id":10,"original_mail_from":10,"original_rcpt_to":10,"original_timespan_second":10,"other":[0,3,4,7,8],"our":7,"out":[3,4,7],"outdat":7,"outgo":[3,8,12],"outlook":[0,2,6],"output":[0,5,12],"output_directori":0,"outsid":12,"over":[2,5,7],"overrid":[0,12],"overridden":6,"overwrit":4,"owa":5,"own":[7,11],"p":[3,6,10],"p12":4,"pack":4,"packag":[0,4],"pad":0,"page":[3,4,6,7,8],"paginate_messag":12,"pan":10,"parallel":12,"paramet":0,"parent":7,"pars":[0,3,5,6,10,12],"parse_aggregate_report_fil":0,"parse_aggregate_report_xml":0,"parse_email":0,"parse_forensic_report":0,"parse_report_email":0,"parse_report_fil":0,"parse_smtp_tls_report_json":0,"parsed_aggregate_reports_to_csv":0,"parsed_aggregate_reports_to_csv_row":0,"parsed_forensic_reports_to_csv":0,"parsed_forensic_reports_to_csv_row":0,"parsed_sampl":10,"parsed_smtp_tls_reports_to_csv":0,"parsed_smtp_tls_reports_to_csv_row":0,"parsedmarc":[4,9,10,11],"parser":0,"parsererror":0,"part":[3,4,7,8],"particular":7,"particularli":[5,12],"pass":[3,7,10],"passag":7,"passsword":12,"password":[0,4,6,12],"past":[4,11],"patch":6,"path":[0,4,12],"pattern":[5,7],"payload":[0,12],"pct":10,"per":12,"percentag":7,"perform":[2,12],"period":12,"perl":[0,6],"permiss":[4,12],"persist":12,"peter":10,"pie":7,"pin":5,"pip":6,"place":[4,7,12],"plain":0,"plaintext":[3,8],"platform":[3,8],"pleas":[1,5,12],"plu":7,"polici":[3,8,10,12],"policy_domain":10,"policy_evalu":10,"policy_override_com":10,"policy_override_reason":10,"policy_publish":10,"policy_str":10,"policy_typ":10,"policyscopegroupid":12,"poll":[2,12],"port":[0,2,12],"posit":12,"possibl":12,"post":[3,8,12],"poster":[3,8],"postoriu":[3,8],"powershel":12,"ppa":6,"pre":[6,12],"prefer":[2,6],"prefix":[0,3,8,12],"premad":[5,11],"prerequisit":5,"present":12,"pretti":12,"prettifi":12,"previou":[0,2,4,12],"previous":[4,7],"print":12,"printabl":10,"privaci":[3,6,7,8,12],"process":[0,2,5,6,12],"produc":10,"program":12,"programdata":6,"project":[0,2,3,5,11],"prompt":4,"proofpoint":5,"properti":2,"protect":[2,3,5,8,12],"provid":[4,7,12],"prox":6,"proxi":2,"proxyhost":2,"proxypassword":2,"proxyport":2,"proxyus":2,"pry":[2,12],"psl_overrid":0,"public":[0,3,10,12],"public_suffix_list":0,"publicbaseurl":4,"publicsuffix":0,"publish":3,"put":[4,12],"python":[0,6],"python3":6,"python39":6,"qo":4,"quarantin":[3,8],"queri":[0,12],"query_dn":0,"quickstart":12,"quot":10,"r":[2,6,10,12],"rais":0,"ram":4,"rather":[3,8],"read":[0,12],"readabl":0,"readwrit":12,"realli":3,"reason":[0,2,4,5,12],"receiv":[0,10,12],"receiving_ip":10,"receiving_mx_hostnam":10,"recipi":7,"recogn":7,"recommend":12,"record":[0,5,6,10],"record_typ":0,"refer":[4,5],"regard":12,"regardless":10,"region":12,"region_nam":12,"regist":6,"registr":12,"regul":[4,6,9,12],"regular":[3,8],"reject":[3,8],"relai":[3,8],"relat":[3,12],"releas":[4,6],"reli":7,"reliabl":12,"reload":[2,4,12],"remain":7,"remot":2,"remov":[0,3,4,8,12],"repeat":[3,8],"replac":[0,3,4,8],"repli":[2,3,8],"replica":[0,12],"reply_goes_to_list":[3,8],"reply_to":10,"replyto":[3,8],"report":[0,4,7,11,12],"report_id":10,"report_metadata":10,"report_typ":0,"reported_domain":10,"reports_fold":[0,12],"repositori":[6,11],"req":4,"request":[2,4,12],"requir":[0,2,3,4,6,8,12],"require_encrypt":0,"resid":12,"resolv":[0,12],"resourc":[0,4,5,12],"respons":[0,12],"restart":[2,3,4,8,12],"restartsec":[2,12],"restor":4,"restrict":12,"restrictaccess":12,"result":[0,5,7,10,12],"result_typ":10,"retain":[3,8],"retent":5,"retriev":2,"return":0,"revers":[0,7,12],"reverse_dn":[0,10],"reverse_dns_base_domain":0,"reverse_dns_map":0,"reverse_dns_map_path":0,"reverse_dns_map_url":[0,12],"review":[5,7],"rewrit":[3,8],"rfc":[0,3,8,10],"rfc2369":[3,8],"rfc822":2,"rhel":[4,5,6],"rhhel":5,"right":[4,7],"rm":4,"ro":0,"rollup":6,"root":[2,12],"rpm":4,"rsa":4,"rua":[5,6],"ruf":[5,6,7,12],"rule":[7,12],"run":[0,4,5,6],"rw":[2,12],"s3":12,"safe":0,"same":[3,4,6,7,11],"sampl":[0,5,12],"sample_headers_onli":10,"save":[0,4,6,12],"save_aggreg":12,"save_aggregate_report_to_elasticsearch":0,"save_aggregate_reports_to_splunk":0,"save_forens":12,"save_forensic_report_to_elasticsearch":0,"save_forensic_reports_to_splunk":0,"save_output":0,"save_smtp_tl":12,"save_smtp_tls_report_to_elasticsearch":0,"save_smtp_tls_reports_to_splunk":0,"schedul":6,"schema":10,"scope":[10,12],"scrub_nondigest":[3,8],"search":[0,3,8,12],"second":[0,2,12],"secret":12,"secret_access_kei":12,"section":12,"secur":[0,4,12],"see":[2,3,4,5,7,12],"segment":7,"select":6,"selector":10,"self":[4,5],"send":[0,2,3,4,5,7,8,11,12],"sender":[5,7,8],"sending_mta_ip":10,"sensit":12,"sent":[3,8,12],"separ":[3,4,6,7,9,11,12],"server":[0,2,3,4,6,7,10,12],"server_ip":4,"servernameon":10,"servic":[0,3,4,5,7,8],"session":7,"set":[0,2,3,4,6,7,8,9,12],"set_host":0,"setup":[4,9,12],"setuptool":6,"shard":[0,12],"share":[4,12],"sharepoint":10,"should":[3,6,7,8,12],"shouldn":[3,8],"show":[2,7,12],"side":7,"sign":[3,4,6],"signatur":[3,7,8],"silent":12,"similar":7,"simpl":5,"simplifi":0,"sinc":[0,12],"singl":[0,12],"sister":3,"size":[2,4],"skip":12,"skip_certificate_verif":12,"slightli":11,"small":4,"smtp":[0,3,5,7,12],"smtp_tl":[0,12],"smtp_tls_csv_filenam":[0,12],"smtp_tls_json_filenam":[0,12],"smtp_tls_report":0,"smtp_tls_url":12,"so":[3,6,7,8,12],"socket":2,"solut":6,"some":[0,2,3,4,7,8],"someon":4,"sometim":12,"sort":[7,12],"sourc":[0,3,4,6,7,10],"source_base_domain":10,"source_countri":10,"source_ip_address":10,"source_nam":10,"source_reverse_dn":10,"source_typ":10,"sourceforg":2,"sp":[3,10],"spam":12,"special":12,"specif":[3,12],"specifi":[2,3],"spf":[7,10],"spf_align":10,"spf_domain":10,"spf_result":10,"spf_scope":10,"splunk":[5,12],"splunk_hec":12,"splunkerror":0,"splunkhec":12,"spoof":[3,8],"ss":0,"ssl":[0,2,4,12],"ssl_cert_path":0,"st":[10,12],"stabl":4,"stack":[4,12],"standard":[0,5,10],"start":[0,2,4,6,7,9,11,12],"starttl":12,"static":6,"statu":[2,12],"stdout":12,"step":[3,4,8],"still":[3,6,8,10,12],"storag":[0,12],"store":[2,4,9],"str":[0,12],"stream":12,"string":0,"strip":[3,8,12],"strip_attachment_payload":[0,12],"strongli":12,"structur":5,"stsv1":10,"subdomain":[0,3,12],"subject":[0,3,8,10,12],"subject_prefix":[3,8],"subsidiari":7,"successful_session_count":10,"sudo":[2,4,6,12],"suffix":[0,12],"suggest":7,"suitabl":0,"summari":[3,5,8],"suppli":[0,7,12],"support":[2,5,10,11],"sure":[4,6],"sw50zxjha3rpdmugv2v0dgjld2vyymvylcocymvyc2ljahq":10,"switch":7,"syslog":[2,12],"system":[2,3,4,6,8,12],"systemctl":[2,4,12],"systemd":5,"systemdr":6,"t":[5,8,12],"tab":[3,4,8],"tabl":[5,7],"tag":6,"target":[2,12],"task":6,"tby":10,"tcp":12,"tee":4,"tell":[3,6,7,8],"templat":[3,8],"temporari":7,"tenant":5,"tenant_id":12,"term":6,"test":[0,10,12],"text":[0,10],"than":[3,4,8,12],"thank":[5,10],"thei":[3,6,7,8,12],"theirs":3,"them":[0,4,7,12],"therebi":[3,8],"thi":[0,2,3,4,5,6,7,8,10,12],"those":6,"thousand":12,"three":7,"through":3,"time":[0,2,4,6,7,12],"timeout":[0,2,12],"timespan":0,"timespan_requires_norm":10,"timestamp":0,"timestamp_to_datetim":0,"timestamp_to_human":0,"timezon":10,"tl":[0,5,12],"tld":3,"to_domain":10,"to_utc":0,"token":[0,4,12],"token_fil":12,"tool":[6,12],"top":[3,7],"topic":12,"touch":[3,8],"tracker":1,"tradit":[3,8],"trail":12,"transfer":10,"transpar":5,"transport":[4,12],"trash":12,"true":[0,2,4,10,12],"trust":12,"truststor":4,"try":12,"tuesdai":6,"two":6,"txt":0,"type":[0,10,12],"u":[2,6,10,12],"ubuntu":[4,6],"udp":12,"ui":[3,8],"uncondition":[3,8],"under":[4,6,7],"underneath":7,"underscor":12,"understand":[5,7],"unencrypt":12,"unfortun":[3,8],"unit":[0,2,12],"unix":0,"unknown":0,"unsubscrib":[3,8],"until":[0,5,12],"unzip":2,"up":[0,2,4,6,7,9,12],"updat":[0,4,6,12],"upersecur":12,"upgrad":[2,5,6,12],"upload":12,"upper":7,"uri":6,"url":[0,2,12],"us":[0,3,4,5,8,10],"usag":12,"use_ssl":0,"user":[2,3,4,5,6,8,10,12],"user_ag":10,"useradd":[2,6],"usernam":[0,12],"usernamepassword":12,"usesystemproxi":2,"usr":4,"utc":0,"utf":10,"util":5,"v":[6,12],"valid":[0,7,10,12],"valimail":5,"valu":[0,3,4,7,8,12],"var":[3,8],"variou":6,"vendor":3,"venv":[6,12],"verbos":12,"veri":[4,7,12],"verif":[4,12],"verifi":0,"verification_mod":4,"version":[2,4,5,6,9,10,11,12],"vew":2,"via":2,"view":[7,12],"vim":4,"virtualenv":6,"visual":[4,9],"volum":7,"vulner":3,"w":[0,12],"w3c":10,"wa":[3,4,6,8],"wai":[4,7],"wait":[0,12],"want":[2,5,12],"wantedbi":[2,12],"warn":12,"watch":[0,2,4,12],"watch_inbox":0,"watcher":12,"web":[2,4],"webdav":2,"webhook":12,"webmail":[3,7,8],"week":[0,12],"weekli":6,"well":[2,12],"were":[7,12],"wettbewerb":10,"wget":4,"whalensolut":12,"what":5,"when":[0,3,5,7,8,12],"whenev":[0,2,12],"where":[0,2,3,8,12],"wherea":7,"wherev":12,"whether":0,"which":[2,4,5,7,12],"while":[7,12],"who":7,"why":[3,7],"wide":[6,10],"wiki":10,"window":6,"without":[3,4,7,8,12],"won":5,"work":[2,3,5,6,7,8],"workstat":2,"worst":3,"would":[3,5,6,8],"wrap":[3,8],"write":12,"www":[4,6,12],"x":[4,10],"x509":4,"xennn":10,"xml":[0,11],"xml_schema":10,"xms4g":4,"xmx4g":4,"xpack":4,"xxxx":4,"y":[4,6],"yahoo":7,"yaml":12,"ye":[3,8],"year":12,"yet":3,"yml":4,"you":[2,3,4,5,6,7,8,12],"your":[3,4,6,7,8,11,12],"yyyi":0,"zip":[0,2,5,12],"\u00fcbersicht":10},"titles":["API reference","Contributing to parsedmarc","Accessing an inbox using OWA/EWS","Understanding DMARC","Elasticsearch and Kibana","parsedmarc documentation - Open source DMARC report analyzer and visualizer","Installation","Using the Kibana dashboards","What about mailing lists?","OpenSearch and Grafana","Sample outputs","Splunk","Using parsedmarc"],"titleterms":{"2":[3,8],"3":[3,8],"about":[3,8],"access":2,"aggreg":10,"align":3,"an":2,"analyz":[5,6],"api":0,"best":[3,8],"bug":1,"cli":12,"compat":5,"configur":[2,12],"content":5,"contribut":1,"csv":10,"dashboard":7,"davmail":2,"depend":6,"dkim":3,"dmarc":[3,5,7],"do":[3,8],"document":5,"domain":3,"elast":0,"elasticsearch":4,"ew":2,"exchang":6,"featur":5,"file":12,"forens":[7,10],"geoipupd":6,"grafana":9,"guid":3,"help":12,"inbox":2,"index":4,"indic":0,"instal":[4,6,9],"json":10,"kibana":[4,7],"list":[3,8],"listserv":[3,8],"lookalik":3,"mail":[3,8],"mailman":[3,8],"microsoft":6,"multi":12,"multipl":6,"open":5,"opensearch":[0,9],"option":6,"output":10,"owa":2,"parsedmarc":[0,1,2,5,6,12],"pattern":4,"practic":[3,8],"prerequisit":6,"proxi":6,"python":5,"record":[3,4,9],"refer":0,"report":[1,5,6,10],"resourc":3,"retent":[4,9],"run":[2,12],"sampl":[7,10],"sender":3,"servic":[2,12],"setup":6,"smtp":10,"sourc":5,"spf":3,"splunk":[0,11],"summari":7,"support":[3,12],"systemd":[2,12],"t":3,"tabl":0,"tenant":12,"test":6,"tl":10,"understand":3,"upgrad":4,"us":[2,6,7,12],"util":0,"valid":3,"visual":5,"web":6,"what":[3,8],"won":3,"workaround":[3,8]}})
\ No newline at end of file