Add support for sending SMTP TLS results to Log Analytics

domainaware · Jan 3, 2024 · e416c54 · e416c54
1 parent 17c2035
commit e416c54
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/parsedmarc/cli.py b/parsedmarc/cli.py
@@ -236,7 +236,8 @@ def process_reports(reports_):
                 la_client.publish_results(
                     reports_,
                     opts.save_aggregate,
-                    opts.save_forensic)
+                    opts.save_forensic,
+                    opts.save_smtp_tls)
             except loganalytics.LogAnalyticsException as e:
                 logger.error(
                     "Log Analytics error: {0}".format(e.__str__()))

diff --git a/parsedmarc/loganalytics.py b/parsedmarc/loganalytics.py
@@ -117,9 +117,11 @@ def publish_results(
             self,
             results,
             save_aggregate: bool,
-            save_forensic: bool):
+            save_forensic: bool,
+            save_smtp_tls: bool
+    ):
         """
-        Function to publish DMARC reports to Log Analytics
+        Function to publish DMARC and/or SMTP TLS reports to Log Analytics
         via Data Collection Rules (DCR).
         Look below for docs:
         https://learn.microsoft.com/en-us/azure/azure-monitor/logs/logs-ingestion-api-overview
@@ -131,6 +133,8 @@ def publish_results(
                 Whether Aggregate reports can be saved into Log Analytics
             save_forensic (bool):
                 Whether Forensic reports can be saved into Log Analytics
+            save_smtp_tls (bool):
+                Whether Forensic reports can be saved into Log Analytics
         """
         conf = self.conf
         credential = ClientSecretCredential(
@@ -161,3 +165,14 @@ def publish_results(
                 logs_client,
                 conf.dcr_forensic_stream)
             logger.info("Successfully pushed forensic reports.")
+        if (
+                results['smtp_tls_reports'] and
+                conf.dcr_smtp_tls_stream and
+                len(results['smtp_tls_reports']) > 0 and
+                save_smtp_tls):
+            logger.info("Publishing SMTP TLS reports.")
+            self.publish_json(
+                results['smtp_tls_reports'],
+                logs_client,
+                conf.dcr_forensic_stream)
+            logger.info("Successfully pushed SMTP TLS reports.")