in elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/enrich_tor/module.py [0:0]
def sync_tor_exitnodes(self):
"""Sync the tor exit nodes with the iplists"""
try:
# 1. Get tor exit nodes
response = requests.get(self.tor_exitlist_url)
iplist_tor = response.text.split("\n")
iplist_es = []
for ip in iplist_tor: # pylint: disable=invalid-name
if ip != "":
iplist_es.append(f"{ip}/32")
# 2. Delete existing nodes
es.delete_by_query(
index="redelk-*",
body={"query": {"bool": {"filter": {"term": {"iplist.name": "tor"}}}}},
)
# 3. Add new data (index=l['_index'], id=l['_id'], body={'doc': l['_source']})
now = datetime.datetime.utcnow().isoformat()
iplist_doc = [
{
"_source": {
"iplist": {"ip": ip, "source": "enrich", "name": "tor"},
"@timestamp": now,
}
}
for ip in iplist_es
]
helpers.bulk(es, iplist_doc, index="redelk-iplist-tor")
self.logger.info("Successfuly updated iplist tor exit nodes")
return iplist_tor
except Exception as error: # pylint: disable=broad-except
self.logger.error("Failed updating iplist tor exit nodes: %s", error)
self.logger.exception(error)
return False