红蓝队攻防演练监控声音告警脚本-IPS

#!coding:utf-8
from socket import *
import pygame,re

tmpSip = ''
tmpDip = ''
#!红队IP
Sip = ['210.72.243.18','114.242.71.226','114.242.71.227','114.242.71.228','114.242.71.229','114.242.71.230','114.242.71.231','114.242.71.232','114.242.71.233','114.242.71.234','114.242.71.235','114.242.71.236','114.242.71.237','114.242.71.238','114.242.71.239','114.242.71.240','114.242.71.241','114.242.71.242','114.242.71.243','114.242.71.244','114.242.71.245','114.242.71.246','114.242.71.247','114.242.71.248','114.242.71.249','114.242.71.250','114.242.71.251','114.242.71.252','114.242.71.253','114.242.71.254','1.50.104.62','14.135.74.35']

#接收IPS告警
revlog = socket(AF_INET,SOCK_DGRAM)
addr = ('172.16.26.122',514)
revlog.bind(addr)
while True:
    receive_data = revlog.recvfrom(204800)
    date = receive_data[0]#decode('gbk')# 存储接收的数据
    addr = receive_data[1]
    Dev_ip = addr[0]
    port = addr[1]
    
    #监测红队IP
    SrcIP = str(re.findall("SrcIP=+(d+S+)",date)[0])
    DstIP = str(re.findall("DstIP=+(d+S+)",date)[0])
    EventName = str(re.findall("EventName=+(S+)",date)[0])#.decode('gbk').encode('utf-8')
    SecurityType = str(re.findall("SecurityType=+(S+)",date)[0])#.decode('gbk').encode('utf-8')
    ProtocolType = str(re.findall("ProtocolType=+(S+)",date)[0])#.decode('gbk').encode('utf-8')
    Action = str(re.findall("Action=+(w+)",date)[0])
    print "=",#日志接收状态
    
    #!去重
    if tmpSip == SrcIP:
        if tmpDip == DstIP:
            continue
    #!告警
    if SrcIP in Sip:
        tmpSip = SrcIP
        tmpDip = DstIP
        pygame.mixer.init()
        track = pygame.mixer.music.load(r"D:auto-toolstoollisteningMP3620.wav")
        pygame.mixer.music.play()
        #print "+++"*10
        print "+++++ This is IPS +++++n"
        print "检测到红队攻击IP %s 目标服务器IP：%s 安全事件：%s 类型：%s 动作：%sn".decode('UTF-8').encode('GBK') %(SrcIP,DstIP,EventName,SecurityType,Action)
        print "+++"*10

http://www.oniont.cn/index.php/archives/9.html