Skip to content

Releases: BHCyber/DMARC2Syslog

v1.0.2

29 Jul 11:36
@BHCyber BHCyber
v1.0.2
692b887
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.2 Latest
Latest

Bug Fixing:

  • Issue with parsing % character if present in password of mailbox.
  • Issue to run on Linux due to config file path.
Assets 2
Loading

v1.0.1

12 Mar 07:51
@BHCyber BHCyber
v1.0.1
257c0f5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.1

Added a new option to bypass TLS/SSL certificate verification to connect to Exchange Web Service.

Assets 2
Loading

v1.0.0

21 Feb 17:09
@BHCyber BHCyber
v1.0.0
51bd10f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0

DMARC2Syslog

Supported mailbox access:

  1. EWS (Exchange Web Service)

Supported Syslog messages formats:

  1. LEEF v1

Requirements:

  1. Python 3.10
  2. exchangelib 4.6.2 : installation command -> pip install exchangelib

How to use it:

  1. Provide the required configuration in the configuration file "config.ini"
  2. create a task scheduler or cron job to run the script file "start.py", as an example each 10 minutes.
  3. The script manages the last time it checked for reports and it will check starting from last time check.

available information for each record in the DMARC report and the LEEF key name:

XML Tag LEEF Key
dmarc_report_version ver=
dmarc_report_metadata_org_name orgName=
dmarc_report_metadata_email email=
dmarc_report_metadata_extra_contact_info extraContactInfo=
dmarc_report_metadata_report_id reportID=
dmarc_report_date_range_begin dateRangeBegin=
dmarc_report_date_range_end dateRangeEnd=
dmarc_report_policy_published_domian policyPublishedDomain=
dmarc_report_policy_published_adkim policyPublishedADKIM=
dmarc_report_policy_published_aspf policyPublishedASPF=
dmarc_report_policy_published_p policyPublishedP=
dmarc_report_policy_published_sp policyPublishedSP=
dmarc_report_policy_published_pct policyPublishedPCT=
dmarc_report_policy_published_fo policyPublishedFO=
dmarc_record_row_source_ip RecordRowSourceIP=
dmarc_record_row_count RecordRowCount=
dmarc_record_row_policy_evaluated_disposition RecordRowPolicyEvaluatedDisposition=
dmarc_record_row_policy_evaluated_dkim RecordRowPolicyEvaluatedDKIM=
dmarc_record_row_policy_evaluated_spf RecordRowPolicyEvaluatedSPF=
dmarc_record_identifiers_header_from RecordIdentifiersHeaderFrom=
dmarc_record_identifiers_envelope_from RecordIdentifiersEnvelopeFrom=
dmarc_record_auth_results_dkim_domain RecordAuthResultsDKIMDomain=
dmarc_record_auth_results_dkim_result RecordAuthResultsDKIMResult=
dmarc_record_auth_results_dkim_selector RecordAuthResultsDKIMSelector=
dmarc_record_auth_results_spf_domain RecordAuthResultsSPFDomain=
dmarc_record_auth_results_spf_result RecordAuthResultsSPFResult=

Configuration File:

Section Config Tag Value Description
CONFIG start_datetime YYYY-MM-DD-HH:MM date/time to process the emails starting from it.
CONFIG srv_max_worker Number number of threads to process the reports
CONFIG mailbox_type [ews] connection type to mailbox
CONFIG error_log_enable [True,False] log errors to the log file .\log\error.log
CONFIG debug_log_enable [True,False] log debug to the log file .\log\error.log
SYSLOG syslog_server IP syslog server IP
SYSLOG syslog_port Port Number Syslog server port number
EWS ews_username domain\userName username to connect to mailbox through EWS
EWS ews_password userPass password to connect to mailbox through EWS
EWS ews_email [email protected] mailbox email
EWS ews_service_endpoint https://mail.domian.com/ews/exchange.asmx ews service endpoint URL
Assets 2
Loading