The beginning

Did you ever find yourself doing the same task everyday?

Booting up your computer, logging in, checking the e-mails, checking your news feed, etc..

I don’t know if you did, but I absolutely did.

Every morning I was doing the entire process, until a day I came out with the idea to automate at least one of the processes: monitor the CSIRT’s alerts.

So it all began.

The CSIRT

The Italian Computer Security Incident Response Team provides some services directly on his website, the alerting of security threats is one of them.

As you can see, the alerting output is formatted as follows:

DD/MM/YY (XX/YYMMDD/CSIRT-ITA) Descriptive title of the alert

For example, we will take a deeper look at the alert AL01/200812/CSIRT-ITA:

  • AL01: identifies the alert in a progressive manner, related on the given date
  • 200812: means that it has been pubblished the 12th of July 2020
  • CSIRT-ITA: identifies the Italian CSIRT

There are situations where we won’t find the ALXX numeration:

  • Bulletin: we will find the BLXX numeration
  • News: we will find either the NEXX numeration or just the title (e.g.: The weekly summary has got only the title)

The goal

Now that you have a little knowledge about the Italian CSIRT, we can go further with our automated python script. The script that we are going to create will grab all the RSS feeds from the CSIRT and filter out the alerts, the buletins and the news.

Creating the RSS class

We have to create a class file named rss.py, inside it we have to create the class RSS and its methods. The modules needed are all built-in:

  • xml.etree.ElementTree
  • requests
  • json
  • datetime

The methods that we will create are:

  • __ init __ : the constructor to initialize the attributes of the class
  • RSS2XML: to retrieve the RSS feed and save it to a XML file
  • XMLParser: to parse the XML file and grab only the useful info for our goal
  • Cont2File: to save the grabbed info to a JSON file

The RSS class attributes will be:

  • self._url: to store the rss feed url_
  • self._xml: to set the file where RSS2XML will save the RSS feed
  • self._json: to set the JSON file where the script will save the useful info

As I don’t think that putting the code on this blog is useful, here there is the link to my Github repo where you can find the rss.py class: https://github.com/wirzka/act/blob/master/rss.py

Finalizing the script

Once we have finished coding our rss.py class, we can create the act.py file. So we need to create the following variables that we will pass to the RSS class:

  • url
  • xml
  • json

Then, we have to create an object for the RSS class and call the functions needed:

u.RSS(url, xml, json)
u.RSS2XML()
u.XMLParser()
u.Cont2File()

To look at the complete act.py code, take again at look at my repo: https://github.com/wirzka/act/blob/master/act.py

Looking at the results

If you follow these instructions and the code on GitHub, you will have a similar output on the terminal: And a similar one on the JSON file:

Bonus: add the script as a scheduled task

I’m on a Windows system, so I will show how to add the script as a scheduled task on Windows 10 with a PowerShell script that you have to run as admin:

# put here the absolute path of your python
$exe = ""

# put here the script name
$arg = "act.py"

# put here the absolute path of your script
$wd = ""

$A = New-ScheduledTaskAction -Execute $exe -Argument $arg -WorkingDirectory $wd
$T = New-ScheduledTaskTrigger -AtLogOn                       
Register-ScheduledTask -Action $A -Trigger $T -TaskName "CSIRT_Alerting" -Description "CSIRT alert monitoring."