Documentation updated

2024-12-22 16:56:10 +00:00 · 2013-02-07 12:01:09 +01:00 · 2013-02-07 12:01:09 +01:00 · ee10433bd5
commit ee10433bd5
parent cb61f4e217
1 changed files with 34 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -1,4 +1,37 @@
 dcu-tools
 =========

-dcu-tools are tools used for fetching and analyzing (private) Microsoft Digital Crimes Unit feeds
+dcu-tools are tools used for fetching and analyzing (private) Microsoft Digital Crimes Unit feeds
+
+Usage
+=====
+
+        Usage: dcu-fetch.py [options] dcu feed blob fetcher
+
+        Options:
+          -h, --help            show this help message and exit
+          -d, --debug           output debug message on stderr
+          -a ACCOUNT_NAME, --account_name=ACCOUNT_NAME
+                                Microsoft Azure account name
+          -k ACCOUNT_KEY, --account_key=ACCOUNT_KEY
+                                Microsoft Azure key to access DCU container
+          -c, --clear           Delete blobs and containers after fetching
+          -e, --header          Remove field header in the output (default is
+                                displayed)
+          -f OUTPUT_FORMAT, --format=OUTPUT_FORMAT
+                                output txt, json (default is txt)
+
+Dumping sink-hole addresses
+---------------------------
+
+    python ./bin/dcu-fetch.py -a <azure feed> -k "<azure key>" -f json | jq -r .TargetIp
+
+Dumping some values and cleaning the container/blobs
+----------------------------------------------------
+
+    python ./bin/dcu-fetch.py -a <azure feed> -k "<azure key>" -f json | jq -r '.SourceIpAsnNr+" "+.SourceIp +" "+ .Botnet'
+
+Dumping the JSON object for a specific ASN
+------------------------------------------
+
+    python ./bin/dcu-fetch.py -a <azure feed> -k "<azure key>" -f json | jq -r 'if .SourceIpAsnNr == "AS12345" then . else "" end'