Latest Updates

random

IPQS External lookup with Splunk

IPQS IP Quality Score, it proactively prevents fraud across any industry catching high risk users & transactions in real-time without impacting your legitimate audience.

Create IPQS account

1) Click on register button and create your free account 

2) Complete registration process and view the API

3) There are several API you can use according to your requirement

4) Click on email verification API on dashboard and select documentation option 

5) You will get private key and data format URL that you can use it in your source code

6) You will get the JSON API lookup with your email address

7) There is an example code according to your requirement you can try API link in your source code

Getting IPQS Functionality through API as External lookup in Splunk

Python code for implementing external lookup 
Import all the required libraries
  • import requests
    import sys
    import json
    import csv
    import sys
    import socket
    import splunk
Add the API URL which you got from IPQS website
  • apiURL = "https://www.ipqualityscore.com/api/json/ip/XXXXXXXXXXXXXXXXXXX /"
    clientip = sys.argv[1]
Read the data from csv 
  • infile = sys.stdin
    outfile = sys.stdout
    r = csv.DictReader(infile)
    for result in r:
    res=result
If client Ip matches the result add ip into api url and Convert the data into JSON format
  • if result[clientip]:
    URL = apiURL + result[clientip]
    r = requests.get(URL)
    data = r.json()
Check the data present in result and check the fraud_score, country_code, success
  • for i,j in data.items():
      if i=="fraud_score":
       fraud_score={i:j}
      elif i=="country_code":
        country_code={i:j}
      elif i=="success":
       success={i:j}
Update the field result
  • res.update(fraud_score)
    res.update(country_code)
    res.update(success)
Write the result into csv 
  • new_fieldnames = ["clientip","fraud_score","country_code","success"]
    w = csv.DictWriter(outfile, fieldnames=new_fieldnames)
    w.writeheader()
    w.writerow(res)
8) Keep the python file in search app or create new app in bin directory

9) Make this python script executable and save it to 
  • etc/app/<splunk_app>/bin/<external_lookup_script>

Transforms.conf for implementing external lookup 

Create transforms .conf file in etc/app/<splunk_app>/local/ or default 
stanza for IPQS transform.conf
  • [ipqs_abhi]
           allow_caching = 1
    case_sensitive_match = 1
           external_cmd = ipqs_test.py clientip
    fields_list = clientip,fraud_score,country_code,success
Restart Splunk.

Check output result

To check the result of above task you have to go to splunk and write the query in search tab

If you are still facing issue regarding this topic Feel free to Ask Doubts in the Comment Box Below and Don't Forget to Follow us on 👍 Social Networks😉
IPQS External lookup with Splunk Reviewed by Avotrix.Author on Monday, October 26, 2020 Rating: 5

No comments:

All Rights Reserved by Avotrix © 2018 - 2019
Developed and created by Avotrix

Contact Form

Name

Email *

Message *

Powered by Blogger.