RUN AS LOCALSYSTEM USER
NOTE:
Gmail:
use this link to generate application password https://security.google.com/settings/security/apppasswords
1) Turn on Two-step verification ( https://security.google.com/settings/security )
2) select other in "select app" section
3) give any app name
4) select generate and use the 16 digit code as application password instead of email password
Outlook:
use this link to generate application password https://account.microsoft.com/security
1) Select Advance security options
2) Turn on Two-step verification
3) After completing Two-step verification scroll down in Advance security options page for App password Section
4) Select create a app password and use the 16 digit code as application password instead of email password
this script has been scanned with virustotal.com and xcitium verdict cloud.
PYTHON SCRIPT FILE SHA1 VALUE - 869862bf744eda001254da48a1f24173a7359957
JSON FILE SHA1 VALUE - 73e1494823d74b89186890483a8768be0c2878cb
Receiver = itsm.getParameter('EmailTo') ## Provide an Toemail address where the mail need to be sent.
Sender = itsm.getParameter('EmailFrom') ## Provide the From Email address from which the mail to be send
Password = itsm.getParameter('Password') ##Provide password for from email
MailFlag = itsm.getParameter('MailFlag') # Provide mail flag 1 or 0 (1 - outlook, 0 - gmail). the datatype should be a int.
import os
import ctypes
import smtplib
import mimetypes
import socket
from email.mime.multipart import MIMEMultipart
from email.message import Message
from email.mime.text import MIMEText
from datetime import datetime, timedelta
cd = str(datetime.today().strftime(r"%Y-%m-%dT%H:%M:%S"))
twbd = (datetime.today() - timedelta(days=14)).strftime(r"%Y-%m-%dT00:00:00")
disk_warning='wevtutil qe System "/q:*[System [(EventID=153) and (Level=3) and TimeCreated[@SystemTime>=\'%s\' and @SystemTime<\'%s\']]]" /f:text'%(twbd,cd)
ntfs_error='wevtutil qe System "/q:*[System [(EventID=55) and (Level=1 or Level=2) and TimeCreated[@SystemTime>=\'%s\' and @SystemTime<\'%s\']]]" /f:text'%(twbd,cd)
Device=str(os.environ['COMPUTERNAME'])
ip = socket.gethostbyname(socket.gethostname())
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def __enter__(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def __exit__(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
def gmail(sender_email,password,receiver,disk_text,ntfs_text):
msg = MIMEMultipart()
msg["From"] = sender_email
msg["To"] = receiver
msg["Subject"] = "Event Log Details for disk warning and ntfs errors for the device-%s and IP-%s"%(Device,ip)
disk_warning_attachment = MIMEText(disk_text, _subtype="plain")
ntfs_error_attachment = MIMEText(ntfs_text, _subtype="plain")
disk_warning_attachment.add_header('Content-Disposition', 'attachment', filename="%s_disk_warning_logs.txt"%(Device))
ntfs_error_attachment.add_header('Content-Disposition', 'attachment', filename="%s_ntfs_error_logs.txt"%(Device))
msg.attach(disk_warning_attachment)
msg.attach(ntfs_error_attachment)
if MailFlag:
server = smtplib.SMTP("smtp.office365.com", 587)
else:
server = smtplib.SMTP("smtp.gmail.com", 587)
server.starttls()
server.login(sender_email,password)
server.sendmail(sender_email, receiver, msg.as_string())
server.quit()
print("successfully sent the mail")
def EventLogs():
with disable_file_system_redirection():
disk_warning_logs = os.popen(disk_warning).read()
ntfs_error_logs = os.popen(ntfs_error).read()
if not disk_warning_logs:
print("no event logs found for disk warning for the last 2 weeks")
disk_warning_logs = "no event logs found for disk warning for the last 2 weeks"
if not ntfs_error_logs:
print("no event logs found for ntfs error for the last 2 weeks")
ntfs_error_logs = "no event logs found for ntfs error for the last 2 weeks"
gmail(Sender,Password,Receiver,disk_warning_logs,ntfs_error_logs)
EventLogs()
Comments