diff --git a/composer.json b/composer.json index 9775fc9..ca0e5d7 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "abuseio/collector-rbl", "description": "Collector addon for handling notifications from RBL lists", - "version": "1.3.2", + "version": "1.3.3", "keywords": ["laravel", "abuseio", "parser", "rbl"], "homepage": "http://abuse.io", "type": "library", diff --git a/src/Rbl.php b/src/Rbl.php index 7285aca..668851b 100644 --- a/src/Rbl.php +++ b/src/Rbl.php @@ -5,6 +5,7 @@ use AbuseIO\Models\Incident; use Validator; use AbuseIO\Models\Ticket; +use Carbon; /** * Class Rbl @@ -37,7 +38,7 @@ class Rbl extends Collector * @var array */ protected $allowedMethods = [ - 'dns' => false, + 'dns' => true, 'file' => true, ]; @@ -146,24 +147,24 @@ public function parse() } else { continue; } + } - switch($mode) { - case "asns": - $this->scanAsn($config); - break; - case "netblocks": - $this->scanNetblock($config); - break; - case "ipaddresses": - $this->scanAddresses($config); - break; - case "tickets": - $this->scanTickets(); - break; - } - + switch($mode) { + case "asns": + $this->scanAsn($config); + break; + case "netblocks": + $this->scanNetblock($config); + break; + case "ipaddresses": + $this->scanAddresses($config); + break; + case "tickets": + $this->scanTickets(); + break; } + return $this->success(); } @@ -263,9 +264,9 @@ private function scanAddresses($addresses) */ private function scanTickets() { - $tickets = Ticket::where('status_id', '!=', '2')->get(); + $tickets = Ticket::where('status_id', '=', 'OPEN'); - foreach ($tickets as $ticket) { + foreach ($tickets->get() as $ticket) { $this->scanAddress($ticket->ip); } @@ -280,6 +281,12 @@ private function scanTickets() */ private function scanAddress($address) { + /* + * today's timestamp used as report time (today 00:00) to prevent a lot of duplicates on the + * same day. Using the same time will aggregate and deduplicate events into 1 per day. + */ + + if (!filter_var($address, FILTER_VALIDATE_IP) === false) { $addressReverse = implode('.', array_reverse(preg_split('/\./', $address))); @@ -311,11 +318,13 @@ private function scanAddress($address) $incident->domain = false; $incident->class = $feedData['class']; $incident->type = $feedData['type']; + /* - * This prevents multiple incidents on the same day. So info - * blob has a scan time and this a report time + * today's timestamp used as report time (today 00:00) to prevent a lot of duplicates on the + * same day. Using the same time will aggregate and deduplicate events into 1 per day. */ - $incident->timestamp = strtotime('0:00'); + $incident->timestamp = Carbon::today(); + $incident->information = json_encode( array_merge( $feedData['information'], @@ -326,7 +335,6 @@ private function scanAddress($address) ); $this->incidents[] = $incident; - } } }