Python script to fetch data from Abnormal Security and feed it to LogScale's ingest API.
The script currently fetches from the following endpoints:
endpoints = {
"cases",
"vendor-cases",
"abusecampaigns"
}
- Python3.10+
- python-dotenv
Install the python-dotenv
package with pip.
pip install python-dotenv
Add a .env
file in the same directory as the script.
SRCTOKEN={Abnormal Security API Token}
DSTTOKEN={LogScale Repository Ingest Token}
ORGTENANT={LogScale Org Tenant}
Adjust how far back you would like to fetch results by adusting the time delta function.
datetime.timedelta(minutes=15)
You can also set the time delta to use hours
or days
instead of minutes.
datetime.timedelta(hours=2)
Or...
datetime.timedelta(days=5)
Specify the number of events you want to fetch by adjusting the pageSize
value in the params
list.
params = {
"filter": paramOpts + " gte " + sTime,
"pageSize": 5
}
- JA Salinas
I had issues with getting the date in UTC using Python 3.10.
Issue:
datetime.datetime.now(datetime.UTC)
Solution:
datetime.datetime.utcnow()
The solution still works in Python version 3.13, but it complains about utcnow()
being deprecated.