MHaggis · October 4, 2017 15:17
diff --git a/redcanary_requests.py b/redcanary_requests.py
 #!/usr/bin/env python

 import os.path
 import sys
 import json
 from datetime import datetime
 import requests

 TIMEFILE="/opt/splunk/etc/apps/redcanary_app_analysis/bin/redcanary.lastrun"
 #TIMEFILE2="/opt/splunk/etc/apps/redcanary_app_analysis/redcanary2.lastrun"
 #TIMEFILE3="/opt/splunk/etc/apps/redcanary_app_analysis/redcanary3.lastrun"
 #TIMEFILE4="/opt/splunk/etc/apps/redcanary_app_analysis/redcanary4.lastrun"
 #TIMEFILE5="/opt/splunk/etc/apps/redcanary_app_analysis/redcanary5.lastrun"
 EPOCH = '1970-01-01T00:00:00-00'


 def load_last_run_time(timefile):
    if not os.path.exists(timefile):
        fh = file(timefile, 'w')
        fh.write('1970-01-01T00:00:00')
        fh.close()

    fh = file(timefile, 'r')
    ret = fh.read()
    fh.close()

    return ret


 def save_last_run_time(timefile):
    fh = file(timefile, 'w')
    fh.write(datetime.now().strftime("%Y-%m-%dT%H:%m:%S"))
    fh.close()


 def main():

    customer_id = ["<customerID>"]
    apitok = "<APItoken>"
    data = ""

    for rcid in customer_id:
        if rcid == '<customerID>':
            last_run = load_last_run_time(TIMEFILE)
 #        elif rcid =='<customerID>':
 #            last_run = load_last_run_time(TIMEFILE2)
 #        elif rcid =='<customerID>':
 #            last_run = load_last_run_time(TIMEFILE3)
 #        elif rcid =='<customerID>':
 #            last_run = load_last_run_time(TIMEFILE5)
 #        else:
 #            last_run = load_last_run_time(TIMEFILE4)



        if last_run:
            response = requests.get('https://{}.my.redcanary.co/openapi/v2/detections.json?auth_token={}&since={}'.format(rcid, apitok, last_run))
        else:
            response = requests.get('https://{}.my.redcanary.co/openapi/v2/detections.json?auth_token={}'.format(rcid, apitok))

        if response.status_code == 200:

            for detection in json.loads(response.content):
                data += (json.dumps(detection) + '\n')
            print(data)
            save_last_run_time(TIMEFILE)

        else:
            print "There was an error: Status - {}".format(response.status_code)
            exit(1)


 main()
	#!/usr/bin/env python

	import os.path
	import sys
	import json
	from datetime import datetime
	import requests

	TIMEFILE="/opt/splunk/etc/apps/redcanary_app_analysis/bin/redcanary.lastrun"
	#TIMEFILE2="/opt/splunk/etc/apps/redcanary_app_analysis/redcanary2.lastrun"
	#TIMEFILE3="/opt/splunk/etc/apps/redcanary_app_analysis/redcanary3.lastrun"
	#TIMEFILE4="/opt/splunk/etc/apps/redcanary_app_analysis/redcanary4.lastrun"
	#TIMEFILE5="/opt/splunk/etc/apps/redcanary_app_analysis/redcanary5.lastrun"
	EPOCH = '1970-01-01T00:00:00-00'


	def load_last_run_time(timefile):
	if not os.path.exists(timefile):
	fh = file(timefile, 'w')
	fh.write('1970-01-01T00:00:00')
	fh.close()

	fh = file(timefile, 'r')
	ret = fh.read()
	fh.close()

	return ret


	def save_last_run_time(timefile):
	fh = file(timefile, 'w')
	fh.write(datetime.now().strftime("%Y-%m-%dT%H:%m:%S"))
	fh.close()


	def main():

	customer_id = ["<customerID>"]
	apitok = "<APItoken>"
	data = ""

	for rcid in customer_id:
	if rcid == '<customerID>':
	last_run = load_last_run_time(TIMEFILE)
	# elif rcid =='<customerID>':
	# last_run = load_last_run_time(TIMEFILE2)
	# elif rcid =='<customerID>':
	# last_run = load_last_run_time(TIMEFILE3)
	# elif rcid =='<customerID>':
	# last_run = load_last_run_time(TIMEFILE5)
	# else:
	# last_run = load_last_run_time(TIMEFILE4)



	if last_run:
	response = requests.get('https://{}.my.redcanary.co/openapi/v2/detections.json?auth_token={}&since={}'.format(rcid, apitok, last_run))
	else:
	response = requests.get('https://{}.my.redcanary.co/openapi/v2/detections.json?auth_token={}'.format(rcid, apitok))

	if response.status_code == 200:

	for detection in json.loads(response.content):
	data += (json.dumps(detection) + '\n')
	print(data)
	save_last_run_time(TIMEFILE)

	else:
	print "There was an error: Status - {}".format(response.status_code)
	exit(1)


	main()