From a0b1d7ee25cf4481a2a1130f77ecc7f9ce795671 Mon Sep 17 00:00:00 2001 From: Duke Nguyen Date: Fri, 7 Aug 2020 17:51:35 -0400 Subject: [PATCH 1/3] activated the paid version of maxmind --- analyzers/MaxMind/MaxMind_GeoIP.json | 18 +++++++++++++++++- analyzers/MaxMind/geo.py | 11 ++++++++++- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/analyzers/MaxMind/MaxMind_GeoIP.json b/analyzers/MaxMind/MaxMind_GeoIP.json index fc6b94e17..777287139 100644 --- a/analyzers/MaxMind/MaxMind_GeoIP.json +++ b/analyzers/MaxMind/MaxMind_GeoIP.json @@ -7,5 +7,21 @@ "description": "Use MaxMind to geolocate an IP address.", "dataTypeList": ["ip"], "baseConfig": "MaxMind", - "command": "MaxMind/geo.py" + "command": "MaxMind/geo.py", + "configurationItems": [ + { + "name": "user_id", + "description": "MaxMind API User ID", + "required": false, + "multi": false, + "type": "string" + }, + { + "name": "license_key", + "description": "MaxMind API License Key", + "required": false, + "multi": false, + "type": "string" + } + ] } diff --git a/analyzers/MaxMind/geo.py b/analyzers/MaxMind/geo.py index fbc9d2e2c..54491b741 100755 --- a/analyzers/MaxMind/geo.py +++ b/analyzers/MaxMind/geo.py @@ -4,10 +4,16 @@ import geoip2.database from geoip2.errors import AddressNotFoundError from cortexutils.analyzer import Analyzer +from geoip2.webservice import Client class MaxMindAnalyzer(Analyzer): + def __init__(self): + Analyzer.__init__(self) + self.user_id = self.get_param('config.user_id') + self.license_key = self.get_param('config.license_key') + def dump_city(self, city): return { 'confidence': city.confidence, @@ -74,7 +80,10 @@ def run(self): try: data = self.get_data() - city = geoip2.database.Reader(os.path.dirname(__file__) + '/GeoLite2-City.mmdb').city(data) + if self.user_id != None and self.license_key != None: + city = Client(self.user_id, self.license_key).city(data) + else: + city = geoip2.database.Reader(os.path.dirname(__file__) + '/GeoLite2-City.mmdb').city(data) self.report({ 'city': self.dump_city(city.city), From 0419d3efe7930ab61e19f9a464ae3230aeb47e5e Mon Sep 17 00:00:00 2001 From: Duke Nguyen Date: Thu, 27 Aug 2020 09:52:51 -0400 Subject: [PATCH 2/3] make user_id and license_key required as we only support the paid version of MaxMind --- analyzers/MaxMind/MaxMind_GeoIP.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/analyzers/MaxMind/MaxMind_GeoIP.json b/analyzers/MaxMind/MaxMind_GeoIP.json index 777287139..80fd4be19 100644 --- a/analyzers/MaxMind/MaxMind_GeoIP.json +++ b/analyzers/MaxMind/MaxMind_GeoIP.json @@ -12,14 +12,14 @@ { "name": "user_id", "description": "MaxMind API User ID", - "required": false, + "required": true, "multi": false, "type": "string" }, { "name": "license_key", "description": "MaxMind API License Key", - "required": false, + "required": true, "multi": false, "type": "string" } From 930d7f1c7ff6db71e88124e47034a718d387bebe Mon Sep 17 00:00:00 2001 From: Duke Nguyen Date: Thu, 27 Aug 2020 09:59:34 -0400 Subject: [PATCH 3/3] enforce user_id and license_key to be required in the analyzer constructor --- analyzers/MaxMind/geo.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/analyzers/MaxMind/geo.py b/analyzers/MaxMind/geo.py index 54491b741..ce5e8c7e3 100755 --- a/analyzers/MaxMind/geo.py +++ b/analyzers/MaxMind/geo.py @@ -11,8 +11,8 @@ class MaxMindAnalyzer(Analyzer): def __init__(self): Analyzer.__init__(self) - self.user_id = self.get_param('config.user_id') - self.license_key = self.get_param('config.license_key') + self.user_id = self.get_param('config.user_id', None, 'Missing MaxMind API user_id') + self.license_key = self.get_param('config.license_key', None, 'Missing MaxMind API license_key') def dump_city(self, city): return {