from flask import Flask, request, jsonify import requests import json app = Flask(__name__) # Define the endpoint and API token as variables endpoint = "https://1120c346273d43869ecf2cbfc37aef2f.ingest.us-2.crowdstrike.com/services/collector" api_token = "2d4c1105e28b439fb8fa17f695bdf74a" @app.route('/webhook', methods=['POST']) def webhook(): # Get JSON data from the webhook payload data = request.get_json() from flask import Flask, request, jsonify import requests import json app = Flask(__name__) # Define the endpoint and API token as variables endpoint = "https://1120c346273d43869ecf2cbfc37aef2f.ingest.us-2.crowdstrike.com/services/collector" api_token = "2d4c1105e28b439fb8fa17f695bdf74a" @app.route('/webhook', methods=['POST']) def webhook(): # Get JSON data from the webhook payload data = request.get_json() # Extract necessary fields from the payload event_id = data.get("id", "default_id_value") # Replace "default_id_value" with a sensible default severity = data.get("severity") state = data.get("state") nes = data.get("nes", []) user = data.get("user") userName = data.get("userName") shares = [share["name"] for share in data.get("shares", [])] detected = data.get("detectedTime", 0) / 1000 # Convert to seconds with milliseconds precision protocol = data.get("protocol") files = data.get("files", []) client_ips = data.get("clientIPs", []) # Use the first client IP if available, otherwise set to a default value host = client_ips[0] if client_ips else "unknown" # Create the new payload payload = { "fields": { "eventid": event_id, "host": host, "source": "Superna", "sourcetype": "json", "severity": severity, "state": state, "nes": nes, "user": user, "userName": userName, "shares": shares, "detected": detected, "protocol": protocol, "files": files }, "event": detected # Assuming event time is the same as detected time } # Output the new payload to the console print(json.dumps(payload, indent=4)) # Send the payload to the specified endpoint headers = { "Authorization": f"Bearer {api_token}", "Content-Type": "application/json; charset=utf-8" } response = requests.post(endpoint, headers=headers, json=payload) # Return the response from the endpoint if response.status_code == 200: return jsonify({"status": "success", "response": response.json()}), 200 else: return jsonify({"status": "error", "response": response.text}), response.status_code if __name__ == '__main__': app.run(host='0.0.0.0', port=5000,debug=True) # Extract necessary fields from the payload severity = data.get("severity") state = data.get("state") nes = data.get("nes", []) user = data.get("user") userName = data.get("userName") shares = [share["name"] for share in data.get("shares", [])] detected = data.get("detectedTime", 0) / 1000 # Convert to seconds with milliseconds precision protocol = data.get("protocol") files = data.get("files", []) client_ips = data.get("clientIPs", []) # Use the first client IP if available, otherwise set to a default value host = client_ips[0] if client_ips else "unknown" # Create the new payload payload = { "fields": { "eventid": id, "host": host, "source": "Superna", "sourcetype": "json", "severity": severity, "state": state, "nes": nes, "user": user, "userName": userName, "shares": shares, "detected": detected, "protocol": protocol, "files": files }, "event": detected # Assuming event time is the same as detected time } # Output the new payload to the console print(json.dumps(payload, indent=4)) # Send the payload to the specified endpoint headers = { "Authorization": f"Bearer {api_token}", "Content-Type": "application/json; charset=utf-8" } response = requests.post(endpoint, headers=headers, json=payload) # Return the response from the endpoint if response.status_code == 200: return jsonify({"status": "success", "response": response.json()}), 200 else: return jsonify({"status": "error", "response": response.text}), response.status_code if __name__ == '__main__': app.run(host='0.0.0.0', port=5000,debug=True)