Please refer below script to email Threat. Quarantine and Containment history in CSV format.
Edit parameters:
sendemail=1 ->Edit "sendemail=1" to send csv report in email or Edit "sendemail=0" to print the output in ITSM portal
Edit Email recipients and smtp details if sendemail=1 is set
emailto =['xyz@gmail.com','pqr@gmail.com']
emailfrom = "yyyyyy@gmail.com"
password = "12345678"
smtpserver='smtp.gmail.com'
port=587
CSV Separator:
Set CSV separation format as comma ',' for readability
#Enter 1 to send csv report in email #Enter 0 to print the output in ITSM portal
sendemail=1
#Edit Email recipients and smtp details if you wish to email report
emailto =['xyz@gmail.com','pqr@gmail.com']
emailfrom = "yyyyy@gmail.com"
password = "12345678"
smtpserver='smtp.gmail.com'
port=587
import os
import sqlite3
import csv
def CheckApp(AppName):
import _winreg
import os
AppName = AppName.lower()
def DNDS(rtkey, pK, kA):
ln = []
lv = []
try:
oK = _winreg.OpenKey(rtkey, pK, 0, kA)
i = 0
while True:
try:
bkey = _winreg.EnumKey(oK, i)
vkey = os.path.join(pK, bkey)
oK1 = _winreg.OpenKey(rtkey, vkey, 0, kA)
try:
tls = []
DN, bla = _winreg.QueryValueEx(oK1, 'DisplayName')
DV, bla = _winreg.QueryValueEx(oK1, 'DisplayVersion')
_winreg.CloseKey(oK1)
ln.append(DN)
lv.append(DV)
except:
pass
i += 1
except:
break
_winreg.CloseKey(oK)
return zip(ln, lv)
except:
return zip(ln, lv)
rK = _winreg.HKEY_LOCAL_MACHINE
sK = r'SYSTEM\CurrentControlSet\Control\Session Manager\Environment'
openedKey = _winreg.OpenKey(rK, sK, 0, _winreg.KEY_READ)
arch, bla = _winreg.QueryValueEx(openedKey, 'PROCESSOR_ARCHITECTURE')
arch = str(arch)
_winreg.CloseKey(openedKey)
if arch == 'AMD64':
fList = DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ)
fList.extend(DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_64KEY | _winreg.KEY_READ))
fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_32KEY | _winreg.KEY_READ))
fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_WOW64_64KEY | _winreg.KEY_READ))
else:
fList = DNDS(_winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_READ)
fList.extend(DNDS(_winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall', _winreg.KEY_READ))
fList = set(fList)
lr = []
rs = 0
for i in fList:
a, b = i
if AppName in a.lower():
lr.append('success: {} is installed'.format(a))
lr.append('{:<25}{:5}'.format(a, b))
rs += 1
else:
rs += 0
if rs:
return True
return False
k=CheckApp('COMODO Client - Security')
print k
if k:
if sendemail==1:
def emailreport(emailto,emailfrom,fileToSend,password,smtpserver,port):
import smtplib
import mimetypes
from email.mime.multipart import MIMEMultipart
from email import encoders
from email.message import Message
from email.mime.audio import MIMEAudio
from email.mime.base import MIMEBase
from email.mime.image import MIMEImage
from email.mime.text import MIMEText
import os
msg = MIMEMultipart()
msg["From"] = emailfrom
msg["To"] = ",".join(emailto)
msg["Subject"] = "Comodo Antivirus log reports in CSV"
msg.preamble = "Comodo Antivirus log Reports in CSV"
with open(fileToSend) as fp:
record = MIMEBase('application', 'octet-stream')
record.set_payload(fp.read())
encoders.encode_base64(record)
record.add_header('Content-Disposition', 'attachment',
filename=os.path.basename(fileToSend))
msg.attach(record)
try:
server = smtplib.SMTP(smtpserver,port)
server.ehlo()
server.starttls()
server.login(emailfrom, password)
server.sendmail(emailfrom, emailto, msg.as_string())
server.quit()
print("Email sent successfully")
except Exception as E:
print (E)
qurantined='SELECT Path,CommonInfoUserName FROM AvEvents where Action=1'
lqurantined='Select count(*) FROM AvEvents where Action=1'
lremoved='Select count(*) FROM AvEvents where Action=2'
ldetected='Select count(*) FROM AvEvents where Action=4'
removed='SELECT Path,CommonInfoUserName FROM AvEvents where Action=2'
detected='SELECT Path,CommonInfoUserName FROM AvEvents where Action=4'
virtual='SELECT Path,CommonInfoUserName FROM SbEvents where Action=1'
lvirtual='Select count(*) FROM SbEvents where Action=1'
blocked='SELECT Path,CommonInfoUserName FROM SbEvents where Action=2'
lblocked='Select count(*) FROM SbEvents where Action=2'
ignored='SELECt Path,CommonInfoUserName FROM SbEvents where Action=3'
lignored='Select count(*) FROM SbEvents where Action=3'
connect = sqlite3.connect(os.environ['PROGRAMDATA']+r"\Comodo\Firewall Pro\cislogs.sdb")
operation = connect.cursor()
fileToSend = os.environ['TEMP']+r'\ComodoAntiviruslogs.csv'
if sendemail==1:
import csv
with open(fileToSend, 'w') as csvfile:
spamwriter= csv.writer(csvfile, delimiter=' ',quotechar=' ', quoting=csv.QUOTE_MINIMAL)
spamwriter.writerow("Qurantine History")
for row in operation.execute(lqurantined):
out=tuple(row)
if out[0]==0:
csvfile.write('No Such History Data Available')
csvfile.write('\n')
csvfile.write("\n")
else:
spamwriter.writerow("Path,Username")
for row in operation.execute(qurantined):
csvfile.write(str(row))
csvfile.write('\n')
csvfile.write("\n")
spamwriter= csv.writer(csvfile, delimiter=' ',quotechar=' ', quoting=csv.QUOTE_MINIMAL)
spamwriter.writerow("Threats removed")
for row in operation.execute(lremoved):
out=tuple(row)
if out[0]==0:
csvfile.write('No Such History Data Available')
csvfile.write('\n')
csvfile.write("\n")
else:
spamwriter.writerow("Path,Username")
for row in operation.execute(removed):
csvfile.write(str(row))
csvfile.write('\n')
csvfile.write("\n")
spamwriter= csv.writer(csvfile, delimiter=' ',quotechar=' ', quoting=csv.QUOTE_MINIMAL)
spamwriter.writerow("Threats Detected")
for row in operation.execute(ldetected):
out=tuple(row)
if out[0]==0:
csvfile.write('No Such History Data Available')
csvfile.write('\n')
csvfile.write("\n")
else:
spamwriter.writerow("Path,Username")
for row in operation.execute(detected):
csvfile.write(str(row))
csvfile.write('\n')
csvfile.write("\n")
spamwriter= csv.writer(csvfile, delimiter=' ',quotechar=' ', quoting=csv.QUOTE_MINIMAL)
spamwriter.writerow("Containment History")
spamwriter.writerow("Run Virtually")
for row in operation.execute(lvirtual):
out=tuple(row)
if out[0]==0:
csvfile.write('No Such History Data Available')
csvfile.write('\n')
csvfile.write("\n")
else:
spamwriter.writerow("Path,Username")
for row in operation.execute(virtual):
csvfile.write(str(row))
csvfile.write('\n')
csvfile.write("\n")
spamwriter= csv.writer(csvfile, delimiter=' ',quotechar=' ', quoting=csv.QUOTE_MINIMAL)
spamwriter.writerow("Blocked applications by containment ")
for row in operation.execute(lblocked):
out=tuple(row)
if out[0]==0:
csvfile.write('No Such History Data Available')
csvfile.write('\n')
csvfile.write("\n")
else:
spamwriter.writerow("Path,Username")
for row in operation.execute(blocked):
csvfile.write(str(row))
csvfile.write('\n')
csvfile.write("\n")
spamwriter= csv.writer(csvfile, delimiter=' ',quotechar=' ', quoting=csv.QUOTE_MINIMAL)
spamwriter.writerow("Applications ignored by containment (Run Unrestriced) ")
for row in operation.execute(lignored):
out=tuple(row)
if out[0]==0:
csvfile.write('No Such History Data Available')
csvfile.write('\n')
csvfile.write("\n")
else:
spamwriter.writerow("Path,Username")
for row in operation.execute(ignored):
csvfile.write(str(row))
csvfile.write('\n')
csvfile.write("\n")
csvfile.close()
emailreport(emailto,emailfrom,fileToSend,password,smtpserver,port)
if sendemail==0:
print("Qurantine History")
for row in operation.execute(lqurantined):
out=tuple(row)
if out[0]==0:
print ('No Such History Data Available')
print ('\n')
else:
for row in operation.execute(qurantined):
print(str(row))
print("Threats removed")
for row in operation.execute(lremoved):
out=tuple(row)
if out[0]==0:
print('No Such History Data Available')
else:
print("Path,Username")
for row in operation.execute(removed):
print(str(row))
print("Threats Detected")
for row in operation.execute(ldetected):
out=tuple(row)
if out[0]==0:
print('No Such History Data Available')
print('\n')
else:
print("Path,Username")
for row in operation.execute(detected):
print(str(row))
print("Containment History")
print ("Run Virtually")
for row in operation.execute(lvirtual):
out=tuple(row)
if out[0]==0:
print('No Such History Data Available')
print('\n')
else:
print("Path,Username")
for row in operation.execute(virtual):
print(str(row))
print("Blocked applications by containment ")
for row in operation.execute(lblocked):
out=tuple(row)
if out[0]==0:
print('No Such History Data Available')
print('\n')
else:
print("Path,Username")
for row in operation.execute(blocked):
print(str(row))
print("Applications ignored by containment (Run Unrestriced) ")
for row in operation.execute(lignored):
out=tuple(row)
if out[0]==0:
print('No Such History Data Available')
else:
print("Path,Username")
for row in operation.execute(ignored):
print(str(row))
else:
print "Comodo Client Security is not installed in the Endpoint"
Comments