in elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/enrich_syncdomainslists/module.py [0:0]
def sync_domainslist(self, domainlist="redteam"):
"""Sync data between ES domainlist and config files"""
# Get data from config file domainlist
cfg_domainslist = self.get_cfg_domains(domainlist)
# If the config file doesn't exist, skip the sync
if cfg_domainslist is None:
return []
# Get data from ES domainlist
query = f"domainslist.name:{domainlist}"
es_domainslist_docs = get_query(query, size=10000, index="redelk-domainslist-*")
# Check if config domain is in ES and source = config_file
es_domainslist = []
for doc in es_domainslist_docs:
domain = get_value(
"_source.domainslist.domain", doc
) # pylint: disable=invalid-name
if domain:
es_domainslist.append((domain, doc))
for domainc, comment in cfg_domainslist:
found = [item for item in es_domainslist if domainc in item]
if not found:
self.logger.debug("Domain not found in ES: %s", domainc)
# if not, add it
self.add_es_domain(domainc, domainlist, comment)
toadd = []
for domaine, doc in es_domainslist:
# Check if ES domain is in config file
found = [item for item in cfg_domainslist if domaine in item]
# if not, check if source = config_file
if not found:
# if yes, remove domain from ES
if get_value("_source.domainslist.source", doc) == "config_file":
self.remove_es_domain(doc, domainlist)
# if not, add it
else:
comment = get_value("_source.domainslist.comment", doc)
if comment:
domaina = f"{domaine} # From ES -- {comment}"
else:
domaina = f"{domaine} # From ES"
toadd.append(domaina)
self.add_cfg_domains(toadd, domainlist)
return toadd