in source/lambda/es_loader/siem/sf_config_snapshot.py [0:0]
def extract_ip(logdata):
configuration = logdata.get('configuration')
if not configuration:
return logdata
private_ip = ''
public_ip = ''
ip_list = []
if logdata['resourceType'] in ('AWS::EC2::EIP'):
public_ip = logdata['resourceName']
private_ip = configuration.get('privateIpAddress')
elif logdata['resourceType'] == 'AWS::EC2::Instance':
for eni in logdata['configuration']['networkInterfaces']:
ip_list.extend(extract_ip_from_nic(eni['privateIpAddresses']))
elif logdata['resourceType'] == 'AWS::EC2::NetworkInterface':
ip_list = extract_ip_from_nic(
logdata['configuration']['privateIpAddresses'])
elif logdata['resourceType'] == 'AWS::EC2::NatGateway':
private_ip = configuration['natGatewayAddresses'][0].get('publicIp', '')
public_ip = configuration['natGatewayAddresses'][0].get('privateIp', '')
elif logdata['resourceType'] == 'AWS::SSM::ManagedInstanceInventory':
contents = configuration.get('AWS:Network', {}).get('Content')
if contents:
for content in contents:
ip_list.append(content['IPV6'])
ip_list.append(content['IPV4'])
if private_ip or public_ip or len(ip_list):
if 'related' not in logdata:
logdata['related'] = {}
logdata['related']['ip'] = []
if private_ip:
logdata['related']['ip'].append(private_ip)
if public_ip:
logdata['related']['ip'].append(public_ip)
if len(ip_list):
logdata['related']['ip'].extend(ip_list)
return logdata