deepblue/mikrocata2selks
1
0
Fork 0
mirror of https://github.com/angolo40/mikrocata2selks.git synced 2025-05-12 00:17:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

added severity filter

Browse Source
This commit is contained in:
Giuseppe 2023-03-02 09:44:20 +01:00 committed by GitHub
parent c681719776
commit 6575b1f05a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mikrocata.py
View File

@ -35,6 +35,9 @@ LOCAL_IP_PREFIX = "192.168."
WHITELIST_IPS = (WAN_IP, LOCAL_IP_PREFIX, "127.0.0.1", "1.1.1.1", "8.8.8.8")
COMMENT_TIME_FORMAT = "%-d %b %Y %H:%M:%S.%f" # See datetime strftime formats.
#Set comma separated value of suricata alerts severity which will be blocked in Mikrotik. All severity values are ("1","2","3")
SEVERITY=("1","2")
################# END EDIT SETTINGS
# ------------------------------------------------------------------------------
@ -127,8 +130,13 @@ def add_to_tik(alerts):
address_list = api.path("/ip/firewall/address-list")
resources = api.path("system/resource")
# Remove duplicate src_ips.
for event in {item['src_ip']: item for item in alerts}.values():
if str(event["alert"]["severity"]) not in SEVERITY:
break
if not in_ignore_list(ignore_list, event):
timestamp = dt.strptime(event["timestamp"],
"%Y-%m-%dT%H:%M:%S.%f%z").strftime(