dcu-tools/README.md

37 lines
1.5 KiB
Markdown

dcu-tools
=========
dcu-tools are tools used for fetching and analyzing (private) Microsoft Digital Crimes Unit feeds
Usage
=====
Usage: dcu-fetch.py [options] dcu feed blob fetcher
Options:
-h, --help show this help message and exit
-d, --debug output debug message on stderr
-a ACCOUNT_NAME, --account_name=ACCOUNT_NAME
Microsoft Azure account name
-k ACCOUNT_KEY, --account_key=ACCOUNT_KEY
Microsoft Azure key to access DCU container
-c, --clear Delete blobs and containers after fetching
-e, --header Remove field header in the output (default is
displayed)
-f OUTPUT_FORMAT, --format=OUTPUT_FORMAT
output txt, json (default is txt)
Dumping sink-hole addresses
---------------------------
python ./bin/dcu-fetch.py -a <azure feed> -k "<azure key>" -f json | jq -r .TargetIp
Dumping some values and cleaning the container/blobs
----------------------------------------------------
python ./bin/dcu-fetch.py -a <azure feed> -k "<azure key>" -f json | jq -r '.SourceIpAsnNr+" "+.SourceIp +" "+ .Botnet'
Dumping the JSON object for a specific ASN
------------------------------------------
python ./bin/dcu-fetch.py -a <azure feed> -k "<azure key>" -f json | jq -r 'if .SourceIpAsnNr == "AS12345" then . else "" end'