def create_feed(options):
feed_meta = json.loads(options)
# generate the required feed information fields
# based on command-line arguments
#
feedinfo = {
'name': feed_meta['name'],
'display_name': feed_meta['display_name'],
'provider_url': feed_meta['provider_url'],
'summary': feed_meta['summary'],
'tech_data': feed_meta['tech_data']
}
# if an icon was provided, encode as base64 and
# include in the feed information
#
if feed_meta['icon']:
try:
bytes = base64.b64encode(open(feed_meta['icon']).read())
feedinfo['icon'] = bytes
except:
print(Fore.RED + '\n[-]' + Fore.RESET),
print 'Could not open %s. Make sure file still exists.\n' % feed_meta[
'icon']
# build a CbFeedInfo instance
# this does field validation
#
feedinfo = CbFeedInfo(**feedinfo)
# build a list of reports (always one report in this
# case). the single report will include all the IOCs
#
reports = build_reports(feed_meta)
# build a CbFeed instance
# this does field validation (including on the report data)
#
feed = CbFeed(feedinfo, reports)
return feed.dump()
def create(query_file, datatype):
queries = get_queries(query_file, datatype)
reports = build_reports(queries)
feedinfo = {'name': 'queryfeed',
'display_name': "Custom Query Feed",
'provider_url': 'https://github.com/carbonblack/community',
'summary': "This feed is a collection of custom search queries",
'tech_data': "There are no requirements to share any data to receive this feed.",
'icon': ''}
# lazy way out to get right icon path. sorry.
old_cwd = os.getcwd()
os.chdir(os.path.dirname(os.path.realpath(__file__)))
feedinfo = CbFeedInfo(**feedinfo)
feed = CbFeed(feedinfo, reports)
created_feed = feed.dump()
os.chdir(old_cwd)
return created_feed
def create_feed(options):
feed_meta = json.loads(options)
# generate the required feed information fields
# based on command-line arguments
#
feedinfo = {'name': feed_meta['name'],
'display_name': feed_meta['display_name'],
'provider_url': feed_meta['provider_url'],
'summary': feed_meta['summary'],
'tech_data': feed_meta['tech_data']}
# if an icon was provided, encode as base64 and
# include in the feed information
#
if feed_meta['icon']:
try:
bytes = base64.b64encode(open(feed_meta['icon']).read())
feedinfo['icon'] = bytes
except:
print(Fore.RED + '\n[-]' + Fore.RESET),
print 'Could not open %s. Make sure file still exists.\n' % feed_meta['icon']
# build a CbFeedInfo instance
# this does field validation
#
feedinfo = CbFeedInfo(**feedinfo)
# build a list of reports (always one report in this
# case). the single report will include all the IOCs
#
reports = build_reports(feed_meta)
# build a CbFeed instance
# this does field validation (including on the report data)
#
feed = CbFeed(feedinfo, reports)
return feed.dump()
def create(query_file, datatype):
queries = get_queries(query_file, datatype)
reports = build_reports(queries)
feedinfo = {
'name': 'queryfeed',
'display_name': "Custom Query Feed",
'provider_url': 'https://github.com/carbonblack/community',
'summary': "This feed is a collection of custom search queries",
'tech_data':
"There are no requirements to share any data to receive this feed.",
'icon': ''
}
# lazy way out to get right icon path. sorry.
old_cwd = os.getcwd()
os.chdir(os.path.dirname(os.path.realpath(__file__)))
feedinfo = CbFeedInfo(**feedinfo)
feed = CbFeed(feedinfo, reports)
created_feed = feed.dump()
os.chdir(old_cwd)
return created_feed
def create(query_file, datatype, feedinfosrc='', pretty_output_path=''):
queries = get_queries(query_file, datatype, pretty_output_path)
reports = build_reports(queries)
if feedinfosrc:
feedhdrinfo = get_feedhdr(feedinfosrc)
for q in feedhdrinfo:
print q
feedinfo = {'name': q['name'],
'category': q['category'],
'display_name': q['display_name'],
'provider_url': q['provider_url'],
'summary': q['summary'],
'tech_data': q['tech_data'],
'icon': q['icon'],
'icon_small': q['icon_small'],
}
else:
feedinfo = {'name': 'queryfeed',
'display_name': "Custom Query Feed",
'provider_url': 'https://github.com/carbonblack/community',
'summary': "This feed is a collection of custom search queries",
'tech_data': "There are no requirements to share any data to receive this feed.",
'icon': '',
'icon_small': ''}
# lazy way out to get right icon path. sorry.
old_cwd = os.getcwd()
os.chdir(os.path.dirname(os.path.realpath(__file__)))
print "got here",feedinfo
feedinfo = CbFeedInfo(**feedinfo)
feed = CbFeed(feedinfo, reports)
created_feed = feed.dump()
os.chdir(old_cwd)
return created_feed
def create(query_file, datatype, feedinfosrc='', pretty_output_path=''):
queries = get_queries(query_file, datatype, pretty_output_path)
reports = build_reports(queries)
if feedinfosrc:
feedhdrinfo = get_feedhdr(feedinfosrc)
for q in feedhdrinfo:
print q
feedinfo = {'name': q['name'],
'category': q['category'],
'display_name': q['display_name'],
'provider_url': q['provider_url'],
'summary': q['summary'],
'tech_data': q['tech_data'],
'icon': q['icon'],
'icon_small': q['icon_small'],
}
else:
feedinfo = {'name': 'queryfeed',
'display_name': "Custom Query Feed",
'provider_url': 'https://github.com/carbonblack/community',
'summary': "This feed is a collection of custom search queries",
'tech_data': "There are no requirements to share any data to receive this feed.",
'icon': '',
'icon_small': ''}
# lazy way out to get right icon path. sorry.
old_cwd = os.getcwd()
os.chdir(os.path.dirname(os.path.realpath(__file__)))
#print "got here",feedinfo
feedinfo = CbFeedInfo(**feedinfo)
feed = CbFeed(feedinfo, reports)
created_feed = feed.dump()
os.chdir(old_cwd)
return created_feed
