Skip to content
/ aggregate-hosts Public

Create and automatically maintain a list of hosts records based on filters

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mfesiem/aggregate-hosts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
agg-hosts.py
agg-hosts.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Aggregate hosts

Create and automatically maintain a list of hosts records, based on querying McAfee SIEM logs.

Will generate a JSON file (hosts.json by default) containing list of dictionnary with host record infos : user, host, macaddress, seen, ip. Hosts are identified and aggregated by their mac addresses.

Use manuf to resolve vendors Mac addresses and msiempy to query McAfee SIEM logs.

Install

git clone https://github.com/mfesiem/aggregate-hosts
cd track-host
pip install -r requirements.txt

Configure

Setup msiempy config file

Usage

The script is design to query Windows Server DHCP logs (Windows DHCP data source model) and Cisco RADIUS logs (Secure ACS data source model). But yo can specify any event signature IDs. It might not work thought.

Find and keep updated a list of all Apple devices from events specific Signature IDS (Wi-Fi related signature ids): RADIUS_START ('268-2239707159'), DHCP_NEW ('272-10'), DHCP_RENEW ('272-11').

Additionnaly exclude mobiles devices based on some hostname matches.

python3 ./agg-hosts.py -t last_24_hours -v Apple -s 268-2239707159 272-10 272-11 -n iPhone iPad Phone Teleph Mobile iPod

More infos

python3 ./agg-hosts.py --help

About

Create and automatically maintain a list of hosts records based on filters

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages