Skip to content

added: function to sort public and private IPv4 #185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: 6.2
Choose a base branch
from
Open

added: function to sort public and private IPv4 #185

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions custom_functions/Public_Private_IP_Filter.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{
"create_time": "2024-04-09T14:43:24.621003+00:00",
"custom_function_id": "d4efa90eac5443293c20f1f659f1c6ed576dd4b9",
"description": "",
"draft_mode": false,
"inputs": [
{
"contains_type": [
"ip"
],
"description": "",
"input_type": "list",
"name": "IPv4",
"placeholder": "8.8.8.8"
}
],
"outputs": [
{
"contains_type": [
"ip"
],
"data_path": "public_ip",
"description": ""
}
],
"outputs_type": "item",
"platform_version": "6.1.1.211",
"python_version": "3"
}
55 changes: 55 additions & 0 deletions custom_functions/Public_Private_IP_Filter.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
def Public_Private_IP_Filter(IPv4=None, **kwargs):
"""
Args:
IPv4 (CEF type: ip)

Returns a JSON-serializable object that implements the configured data paths:
public_ip (CEF type: ip)
"""
############################ Custom Code Goes Below This Line #################################
import json
import phantom.rules as phantom

# Write your custom code here...

def is_private_ipv4_address(ip_address):
parts = ip_address.split('.')
if len(parts) != 4:
return False # Skip invalid addresses
try:
first = int(parts[0])
second = int(parts[1])
third = int(parts[2])
fourth = int(parts[3])
except ValueError:
return False # Skip invalid addresses
if ip_address == '127.0.0.1':
return False # Skip loopback address
elif first == 10 or (first == 172 and 16 <= second <= 31) or (first == 192 and second == 168):
return True # Private address
else:
return False # Public address

def sort_ipv4_addresses(addresses):
public = []
private = []
for address in addresses:
if is_private_ipv4_address(address):
private.append(address)
else:
public.append(address)
public.sort()
private.sort()
return public, private

addresses = IPv4
public, private = sort_ipv4_addresses(addresses)
public = str(public)
public = public.strip('[')
public = public.strip(']')
public = public.strip("'")

outputs = {'public_ip':public, 'private_ip':private}
# Return a JSON-serializable object
assert json.dumps(outputs) # Will raise an exception if the :outputs: object is not JSON-serializable
return outputs