import requests

# Elasticsearch endpoint
elasticsearch_url = 'http://23.96.2.221:9200'

# Index to query
index_name = '.ds-winlogbeat-8.13.0-2024.04.14-000001'

# Search query for failed logon events
query = {
"query": {
"bool": {
"must": [],
"filter": [
{
"match_phrase": {
"event.code": "4625" # Filter for event code 4625 (failed logon)
}
},

{
"range": {
"@timestamp": {
"format": "strict_date_optional_time",
"gte": "2024-04-22T09:00:00.000Z",
"lte": "2024-04-23T09:08:28.887Z"
}
}
}
],
"should": [],
"must_not": []
}
}
}

# Elasticsearch search URL
search_url = f"{elasticsearch_url}/{index_name}/_search"

# Send the request
response = requests.post(search_url, json=query)

# Check if the request was successful (HTTP status code 200)
if response.status_code == 200:
# Parse the JSON response
search_results = response.json()
print(search_results)