Rich Rumble
asked on
Clipboard Curation and additional actions
I have a script from: https://www.experts-exchange.com/questions/29123692/PowerShell-script-to-format-data-in-Clipboard.html?anchorAnswerId=42719419#a42719419
I'd like to take additional actions on certain fields such as IP Address, we'll use aaaa for that
INPUT
aaaa:8.8.8.8
bbbb:80
cccc:3333
dddd:FC-FC-48-11-22-33-44 -55
eeee:443
fffffff:66666
Not only do I want to eliminate the cccc and fffffff lines like in the previous question, I want to do an NSLookup on the data after the aaaa:
and if the IP resolves, append the response. If eeee: exists, look up in a csvfile what port 443, HTTPS if not listed in csv, output Unknown. Same for Mac address (dddd: in this case), look up in a CSV what the first 3 octets correspond to (FC-FC-48, Apple/Mac)
I'd like it to be easy to do more actions like that with the data that might exist after the keys. I think I can figure it out with a few examples.
Output would now be:
eeee:443 HTTPS
aaaa:1111 google-public-dns-a.google .com
dddd:FC-FC-48-11-22-33-44 -55 Apple/Mac
Thanks!
-rich
I'd like to take additional actions on certain fields such as IP Address, we'll use aaaa for that
INPUT
aaaa:8.8.8.8
bbbb:80
cccc:3333
dddd:FC-FC-48-11-22-33-44 -55
eeee:443
fffffff:66666
Not only do I want to eliminate the cccc and fffffff lines like in the previous question, I want to do an NSLookup on the data after the aaaa:
and if the IP resolves, append the response. If eeee: exists, look up in a csvfile what port 443, HTTPS if not listed in csv, output Unknown. Same for Mac address (dddd: in this case), look up in a CSV what the first 3 octets correspond to (FC-FC-48, Apple/Mac)
I'd like it to be easy to do more actions like that with the data that might exist after the keys. I think I can figure it out with a few examples.
Output would now be:
eeee:443 HTTPS
aaaa:1111 google-public-dns-a.google
dddd:FC-FC-48-11-22-33-44 -55 Apple/Mac
Thanks!
-rich
ASKER
Sorry for the delay I've been away
Allow me to give some added data.
CSV's are "val_1 comma+space val_2)
I didn't even consider TCP/UDP, we will have to assume TCP in the script as it's not a value given in most of the data I'm looking to parse. Or I can remove anything not TCP and leave it at that. Only the first 3 octets of the Mac address are used to look them up, and they will be given in the xx-xx-xx format.
========oui.csv (mac address')==========
00-00-00, Xerox Corporation
00-00-0C, Cisco Systems Inc.
00-21-59, Juniper Networks
04-BD-88, Aruba
04-C2-41, Nokia
08-00-1B, Dell EMC
=======tcp-udp.csv=======
http, 80, SCTP, 0.000000, # www-http | www | World Wide Web HTTP
http, 80, TCP, 0.484143, # World Wide Web HTTP
http, 80, UDP, 0.035767, # World Wide Web HTTP
ntp, 123, TCP, 0.000138, # Network Time Protocol
ntp, 123, UDP, 0.330879, # Network Time Protocol
https, 443, SCTP, 0.000000, # http protocol over TLS/SSL
https, 443, TCP, 0.208669, # secure http (SSL)
https, 443, UDP, 0.010840
quake3, 27960, UDP, 0.000726, # Quake 3 Arena Server
===========Test Data============
Host : Google DNS
Alert : Green
IP Address : 8.8.8.8
State : Active
Port : 443
Prod : True
Mac Address : 00-21-59-66-AF-00
Filler : Yup
Lorum Ipsom : Ubet
I didn't know about this call "[system.net.dns]::GetHost ByAddres" very neat!
Thanks!
Allow me to give some added data.
CSV's are "val_1 comma+space val_2)
I didn't even consider TCP/UDP, we will have to assume TCP in the script as it's not a value given in most of the data I'm looking to parse. Or I can remove anything not TCP and leave it at that. Only the first 3 octets of the Mac address are used to look them up, and they will be given in the xx-xx-xx format.
========oui.csv (mac address')==========
00-00-00, Xerox Corporation
00-00-0C, Cisco Systems Inc.
00-21-59, Juniper Networks
04-BD-88, Aruba
04-C2-41, Nokia
08-00-1B, Dell EMC
=======tcp-udp.csv=======
http, 80, SCTP, 0.000000, # www-http | www | World Wide Web HTTP
http, 80, TCP, 0.484143, # World Wide Web HTTP
http, 80, UDP, 0.035767, # World Wide Web HTTP
ntp, 123, TCP, 0.000138, # Network Time Protocol
ntp, 123, UDP, 0.330879, # Network Time Protocol
https, 443, SCTP, 0.000000, # http protocol over TLS/SSL
https, 443, TCP, 0.208669, # secure http (SSL)
https, 443, UDP, 0.010840
quake3, 27960, UDP, 0.000726, # Quake 3 Arena Server
===========Test Data============
Host : Google DNS
Alert : Green
IP Address : 8.8.8.8
State : Active
Port : 443
Prod : True
Mac Address : 00-21-59-66-AF-00
Filler : Yup
Lorum Ipsom : Ubet
I didn't know about this call "[system.net.dns]::GetHost
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Perfect! Thanks for working so hard on this, again sorry for the delay in responding.
-rich
-rich
You gave no information whatsoever about the csv format for the mac/ports, so you'll have to adjust lines 8 and 10 accordingly.
It currently assumes two columns "MacAddress" and "Vendor", for the MACs, and "Port" and "Protocol" for the ports.
It converts the key/value strings to a hash table, then you can change the values, then it puts them back together again (skipping those without an empty value).
Open in new window