All,
A vendor just sent me this script to decode their vendor message table. Its not just a simple lookup but a concatenation with several events. I see guides on Python, is that the only supported language for custom commands? Should I just use python to wrap this? Any guides on this?
thanks!
#!/usr/bin/env ruby
# to use:
# chmod 744 threat_extract.rb
# ./threat_extract.rb $THREATS_NUMBER
arg = ARGV.first.to_i
hsh = {
1 => 'Known Violators',
2 => 'Blocked Country',
4 => 'Browser Integrity Check',
8 => 'Known Violator User Agent',
16 => 'Rate Limited',
32 => 'Known Violator Honeypot Access',
64 => 'Referrer Block',
128 => 'Session Length Exceeded',
256 => 'Pages Per Session Exceeded',
512 => 'Bad User Agents',
1024 => 'Aggregator User Agents',
2048 => 'Filtered IP',
4096 => 'JavaScript Not Loaded',
8192 => 'JavaScript Check Failed',
16384 => 'Identifier Validation Error',
32768 => 'Known Violator Automation Tool',
65536 => 'Form Spam Submission',
131072 => 'Unverified Signature',
262144 => 'IP Pinning Failure',
524288 => 'Invalid JavaScript Test Results',
1048576 => 'Organization Block',
2097152 => 'Known Violator Data Center'
}
puts *hsh.reject { |(k, v)| (k & arg).zero? }.map {|(k, v)| "#{k} => #{v}"}
↧