/
Python Configuration
Document toolboxDocument toolbox

Python Configuration

Owned by Shirly Tsang
May 23, 2024
3 min read

We will be using a Python script to gather the most recent ten minutes of DNS event data from Infoblox’s BloxOne Threat Defense REST API and write it into json log files. To ensure the data is always recent and updated, we will tell Ubuntu to run this script every ten minutes. Later we will configure Logstash to read the json and send it to Kibana to be visualized.

Let’s create the Python script. You can save this script anywhere easily accessible to you, such as Documents or the Desktop. Note: For this demo we will be saving it in /home/<username>/dataconnector.

  1. Access the machine where your Logstash instance is installed. Note: For this demo Elastic Stack was installed on Ubuntu 18.04.

  2. Open a terminal.

  3. Python3 must be installed for the script to work properly. If it is not already installed, install it with:

sudo apt install python3.8

  1. Navigate to /home/<username>/dataconnector:

cd /home/infoblox/dataconnector

  1. Create a new Python file:

touch cspscript.py

  1. Open the file with gedit for editing:

gedit cspscript.py

  1. Copy and paste the following into the file. Careful to note Python’s spacing and tabbing syntax. Indent nested Python newlines with four spaces. Replace the text <YOUR API KEY HERE> with the BloxOne TD API key acquired in the CSP API Key Retrieval section of this document. Save and close the file when finished. To ensure your formatting is correct, you can also download the script here on InfobloxOpen’s Github repo.

# -*- coding: utf-8 -*- import os import datetime import calendar import requests import json import time now = datetime.datetime.utcnow() ten_minutes_ago = datetime.datetime.utcnow() - datetime.timedelta(minutes = 10) filename = f"{ten_minutes_ago.strftime('%Y%m%d_%H%M%S')}_{now.strftime('%H%M%S')}" sif_now = calendar.timegm(now.timetuple()) sif_last_hour = calendar.timegm(ten_minutes_ago.timetuple()) url = f"https://csp.infoblox.com/api/dnsdata/v1/dns_event?t0={sif_last_hour}&_format=json&t1={sif_now}&source=rpz" time.sleep(120 ) payload = {} headers = { 'Authorization': 'Token <YOUR API KEY HERE>' } response = requests.request("GET", url, headers=headers, data = payload) path = "/tmp/rpz" if not os.path.exists(path): os.makedirs(path) completeName = os.path.join(path, filename+".json") data = json.loads(response.content) write_data = json.dumps(data) fh = open(completeName, 'w') fh.write(write_data) fh.close()

 

  1. Let’s make sure the script is working. Run: 

/usr/bin/python3 /home/<username>/dataconnector/cspscript.py &

You should see an output like this:

 

The software utility cron is a time-based job scheduler in Unix-like operating systems. Let’s configure cron to run the Python script every ten minutes.

  1. Open a terminal.

  2. Open a crontab file for editing: 

crontab -e

  1. Choose your preferred editor if prompted. 

  1. Insert the following line into the file as shown below. Save and exit the editor. 

*/10 * * * * /usr/bin/python3 /home/<username>/dataconnector/cspscript.py &

 

Related content