diff --git a/README.md b/README.md index ed203da..b858b5f 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,37 @@ dcu-tools ========= -dcu-tools are tools used for fetching and analyzing (private) Microsoft Digital Crimes Unit feeds \ No newline at end of file +dcu-tools are tools used for fetching and analyzing (private) Microsoft Digital Crimes Unit feeds + +Usage +===== + + Usage: dcu-fetch.py [options] dcu feed blob fetcher + + Options: + -h, --help show this help message and exit + -d, --debug output debug message on stderr + -a ACCOUNT_NAME, --account_name=ACCOUNT_NAME + Microsoft Azure account name + -k ACCOUNT_KEY, --account_key=ACCOUNT_KEY + Microsoft Azure key to access DCU container + -c, --clear Delete blobs and containers after fetching + -e, --header Remove field header in the output (default is + displayed) + -f OUTPUT_FORMAT, --format=OUTPUT_FORMAT + output txt, json (default is txt) + +Dumping sink-hole addresses +--------------------------- + + python ./bin/dcu-fetch.py -a -k "" -f json | jq -r .TargetIp + +Dumping some values and cleaning the container/blobs +---------------------------------------------------- + + python ./bin/dcu-fetch.py -a -k "" -f json | jq -r '.SourceIpAsnNr+" "+.SourceIp +" "+ .Botnet' + +Dumping the JSON object for a specific ASN +------------------------------------------ + + python ./bin/dcu-fetch.py -a -k "" -f json | jq -r 'if .SourceIpAsnNr == "AS12345" then . else "" end'