Rich Rumble
asked on
Clipboard Curation and additional actions
I have a script from: https://www.experts-exchange.com/questions/29123692/PowerShell-script-to-format-data-in-Clipboard.html?anchorAnswerId=42719419#a42719419
I'd like to take additional actions on certain fields such as IP Address, we'll use aaaa for that
INPUT
aaaa:8.8.8.8
bbbb:80
cccc:3333
dddd:FC-FC-48-11-22-33-44 -55
eeee:443
fffffff:66666
Not only do I want to eliminate the cccc and fffffff lines like in the previous question, I want to do an NSLookup on the data after the aaaa:
and if the IP resolves, append the response. If eeee: exists, look up in a csvfile what port 443, HTTPS if not listed in csv, output Unknown. Same for Mac address (dddd: in this case), look up in a CSV what the first 3 octets correspond to (FC-FC-48, Apple/Mac)
I'd like it to be easy to do more actions like that with the data that might exist after the keys. I think I can figure it out with a few examples.
Output would now be:
eeee:443 HTTPS
aaaa:1111 google-public-dns-a.google .com
dddd:FC-FC-48-11-22-33-44 -55 Apple/Mac
Thanks!
-rich
I'd like to take additional actions on certain fields such as IP Address, we'll use aaaa for that
INPUT
aaaa:8.8.8.8
bbbb:80
cccc:3333
dddd:FC-FC-48-11-22-33-44 -55
eeee:443
fffffff:66666
Not only do I want to eliminate the cccc and fffffff lines like in the previous question, I want to do an NSLookup on the data after the aaaa:
and if the IP resolves, append the response. If eeee: exists, look up in a csvfile what port 443, HTTPS if not listed in csv, output Unknown. Same for Mac address (dddd: in this case), look up in a CSV what the first 3 octets correspond to (FC-FC-48, Apple/Mac)
I'd like it to be easy to do more actions like that with the data that might exist after the keys. I think I can figure it out with a few examples.
Output would now be:
eeee:443 HTTPS
aaaa:1111 google-public-dns-a.google
dddd:FC-FC-48-11-22-33-44 -55 Apple/Mac
Thanks!
-rich
ASKER
Sorry for the delay I've been away
Allow me to give some added data.
CSV's are "val_1 comma+space val_2)
I didn't even consider TCP/UDP, we will have to assume TCP in the script as it's not a value given in most of the data I'm looking to parse. Or I can remove anything not TCP and leave it at that. Only the first 3 octets of the Mac address are used to look them up, and they will be given in the xx-xx-xx format.
========oui.csv (mac address')==========
00-00-00, Xerox Corporation
00-00-0C, Cisco Systems Inc.
00-21-59, Juniper Networks
04-BD-88, Aruba
04-C2-41, Nokia
08-00-1B, Dell EMC
=======tcp-udp.csv=======
http, 80, SCTP, 0.000000, # www-http | www | World Wide Web HTTP
http, 80, TCP, 0.484143, # World Wide Web HTTP
http, 80, UDP, 0.035767, # World Wide Web HTTP
ntp, 123, TCP, 0.000138, # Network Time Protocol
ntp, 123, UDP, 0.330879, # Network Time Protocol
https, 443, SCTP, 0.000000, # http protocol over TLS/SSL
https, 443, TCP, 0.208669, # secure http (SSL)
https, 443, UDP, 0.010840
quake3, 27960, UDP, 0.000726, # Quake 3 Arena Server
===========Test Data============
Host : Google DNS
Alert : Green
IP Address : 8.8.8.8
State : Active
Port : 443
Prod : True
Mac Address : 00-21-59-66-AF-00
Filler : Yup
Lorum Ipsom : Ubet
I didn't know about this call "[system.net.dns]::GetHost ByAddres" very neat!
Thanks!
Allow me to give some added data.
CSV's are "val_1 comma+space val_2)
I didn't even consider TCP/UDP, we will have to assume TCP in the script as it's not a value given in most of the data I'm looking to parse. Or I can remove anything not TCP and leave it at that. Only the first 3 octets of the Mac address are used to look them up, and they will be given in the xx-xx-xx format.
========oui.csv (mac address')==========
00-00-00, Xerox Corporation
00-00-0C, Cisco Systems Inc.
00-21-59, Juniper Networks
04-BD-88, Aruba
04-C2-41, Nokia
08-00-1B, Dell EMC
=======tcp-udp.csv=======
http, 80, SCTP, 0.000000, # www-http | www | World Wide Web HTTP
http, 80, TCP, 0.484143, # World Wide Web HTTP
http, 80, UDP, 0.035767, # World Wide Web HTTP
ntp, 123, TCP, 0.000138, # Network Time Protocol
ntp, 123, UDP, 0.330879, # Network Time Protocol
https, 443, SCTP, 0.000000, # http protocol over TLS/SSL
https, 443, TCP, 0.208669, # secure http (SSL)
https, 443, UDP, 0.010840
quake3, 27960, UDP, 0.000726, # Quake 3 Arena Server
===========Test Data============
Host : Google DNS
Alert : Green
IP Address : 8.8.8.8
State : Active
Port : 443
Prod : True
Mac Address : 00-21-59-66-AF-00
Filler : Yup
Lorum Ipsom : Ubet
I didn't know about this call "[system.net.dns]::GetHost
Thanks!
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Perfect! Thanks for working so hard on this, again sorry for the delay in responding.
-rich
-rich
You gave no information whatsoever about the csv format for the mac/ports, so you'll have to adjust lines 8 and 10 accordingly.
It currently assumes two columns "MacAddress" and "Vendor", for the MACs, and "Port" and "Protocol" for the ports.
It converts the key/value strings to a hash table, then you can change the values, then it puts them back together again (skipping those without an empty value).
Open in new window