in elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/enrich_iplists/module.py [0:0]
def get_iplists(self): # pylint: disable=no-self-use
"""Get all IP lists"""
ip_lists = {}
# Get all IPs except from tor
es_query = {
"query": {"bool": {"must_not": [{"match": {"iplist.name": "tor"}}]}}
}
es_results = raw_search(es_query, index="redelk-iplist-*")
if not es_results:
return ip_lists
for ip_doc in es_results["hits"]["hits"]:
# pylint: disable=invalid-name
ip = get_value("_source.iplist.ip", ip_doc)
iplist_name = get_value("_source.iplist.name", ip_doc)
# Already one IP found in this list, adding it
if iplist_name in ip_lists:
ip_lists[iplist_name].append(ip)
# First IP for this IP list, creating the array
else:
ip_lists[iplist_name] = [ip]
return ip_lists