def test_taxii(self):
"""
Objective: Test if we can transmit data to MITRE's TAXII test server.
Note: This actually also tests the StixTransformer since the event is parsed by the transformer
before transmission.
"""
config = ConfigParser()
config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg')
config.read(config_file)
config.set('taxii', 'enabled', True)
test_event = {
'remote': ('127.0.0.1', 54872),
'data_type': 's7comm',
'timestamp': datetime.now(),
'session_id': '101d9884-b695-4d8b-bf24-343c7dda1b68',
'data': {
0: {
'request': 'who are you',
'response': 'mr. blue'
},
1: {
'request': 'give me apples',
'response': 'no way'
}
}
}
taxiiLogger = TaxiiLogger(config)
taxii_result = taxiiLogger.log(test_event)
# TaxiiLogger returns false if the message could not be delivered
self.assertTrue(taxii_result)
def test_taxii(self):
"""
Objective: Test if we can transmit data to MITRE's TAXII test server.
Note: This actually also tests the StixTransformer since the event is parsed by the transformer
before transmission.
"""
config = ConfigParser()
config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg')
config.read(config_file)
config.set('taxii', 'enabled', True)
test_event = {'remote': ('127.0.0.1', 54872), 'data_type': 's7comm',
'timestamp': datetime.now(),
'session_id': '101d9884-b695-4d8b-bf24-343c7dda1b68',
'data': {0: {'request': 'who are you', 'response': 'mr. blue'},
1: {'request': 'give me apples', 'response': 'no way'}}}
taxiiLogger = TaxiiLogger(config)
taxii_result = taxiiLogger.log(test_event)
# TaxiiLogger returns false if the message could not be delivered
self.assertTrue(taxii_result)
def __init__(self, config, log_queue, public_ip):
self.log_queue = log_queue
self.sqlite_logger = None
self.friends_feeder = None
self.syslog_client = None
self.public_ip = public_ip
self.taxii_logger = None
if config.getboolean('sqlite', 'enabled'):
self.sqlite_logger = SQLiteLogger()
if config.getboolean('hpfriends', 'enabled'):
host = config.get('hpfriends', 'host')
port = config.getint('hpfriends', 'port')
ident = config.get('hpfriends', 'ident')
secret = config.get('hpfriends', 'secret')
channels = eval(config.get('hpfriends', 'channels'))
try:
self.friends_feeder = HPFriendsLogger(host, port, ident,
secret, channels)
except Exception as e:
logger.exception(e.message)
self.friends_feeder = None
if config.getboolean('syslog', 'enabled'):
host = config.get('syslog', 'host')
port = config.getint('syslog', 'port')
facility = config.get('syslog', 'facility')
logdevice = config.get('syslog', 'device')
logsocket = config.get('syslog', 'socket')
self.syslog_client = SysLogger(host, port, facility, logdevice,
logsocket)
if config.getboolean('taxii', 'enabled'):
# TODO: support for certificates
self.taxii_logger = TaxiiLogger(config)
self.enabled = True
def __init__(self, config, log_queue, public_ip):
self.log_queue = log_queue
self.sqlite_logger = None
self.friends_feeder = None
self.syslog_client = None
self.public_ip = public_ip
self.taxii_logger = None
if config.getboolean('sqlite', 'enabled'):
self.sqlite_logger = SQLiteLogger()
if config.getboolean('hpfriends', 'enabled'):
host = config.get('hpfriends', 'host')
port = config.getint('hpfriends', 'port')
ident = config.get('hpfriends', 'ident')
secret = config.get('hpfriends', 'secret')
channels = eval(config.get('hpfriends', 'channels'))
try:
self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels)
except Exception as e:
logger.exception(e.message)
self.friends_feeder = None
if config.getboolean('syslog', 'enabled'):
host = config.get('syslog', 'host')
port = config.getint('syslog', 'port')
facility = config.get('syslog', 'facility')
logdevice = config.get('syslog', 'device')
logsocket = config.get('syslog', 'socket')
self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket)
if config.getboolean('taxii', 'enabled'):
# TODO: support for certificates
self.taxii_logger = TaxiiLogger(config)
self.enabled = True
class LogWorker(object):
def __init__(self, config, log_queue, public_ip):
self.log_queue = log_queue
self.sqlite_logger = None
self.friends_feeder = None
self.syslog_client = None
self.public_ip = public_ip
self.taxii_logger = None
if config.getboolean('sqlite', 'enabled'):
self.sqlite_logger = SQLiteLogger()
if config.getboolean('hpfriends', 'enabled'):
host = config.get('hpfriends', 'host')
port = config.getint('hpfriends', 'port')
ident = config.get('hpfriends', 'ident')
secret = config.get('hpfriends', 'secret')
channels = eval(config.get('hpfriends', 'channels'))
try:
self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels)
except Exception as e:
logger.exception(e.message)
self.friends_feeder = None
if config.getboolean('syslog', 'enabled'):
host = config.get('syslog', 'host')
port = config.getint('syslog', 'port')
facility = config.get('syslog', 'facility')
logdevice = config.get('syslog', 'device')
logsocket = config.get('syslog', 'socket')
self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket)
if config.getboolean('taxii', 'enabled'):
# TODO: support for certificates
self.taxii_logger = TaxiiLogger(config)
self.enabled = True
def start(self):
self.enabled = True
while self.enabled:
event = self.log_queue.get()
assert 'data_type' in event
assert 'timestamp' in event
if self.public_ip:
event['public_ip'] = self.public_ip
if self.friends_feeder:
self.friends_feeder.log(json.dumps(event, default=self.json_default))
if self.sqlite_logger:
self.sqlite_logger.log(event)
if self.syslog_client:
self.syslog_client.log(event)
if self.taxii_logger:
self.taxii_logger.log(event)
def stop(self):
self.enabled = False
def json_default(self, obj):
if isinstance(obj, datetime):
return obj.isoformat()
elif isinstance(obj, uuid.UUID):
return str(obj)
else:
return None
class LogWorker(object):
def __init__(self, config, log_queue, public_ip):
self.log_queue = log_queue
self.sqlite_logger = None
self.friends_feeder = None
self.syslog_client = None
self.public_ip = public_ip
self.taxii_logger = None
if config.getboolean('sqlite', 'enabled'):
self.sqlite_logger = SQLiteLogger()
if config.getboolean('hpfriends', 'enabled'):
host = config.get('hpfriends', 'host')
port = config.getint('hpfriends', 'port')
ident = config.get('hpfriends', 'ident')
secret = config.get('hpfriends', 'secret')
channels = eval(config.get('hpfriends', 'channels'))
try:
self.friends_feeder = HPFriendsLogger(host, port, ident,
secret, channels)
except Exception as e:
logger.exception(e.message)
self.friends_feeder = None
if config.getboolean('syslog', 'enabled'):
host = config.get('syslog', 'host')
port = config.getint('syslog', 'port')
facility = config.get('syslog', 'facility')
logdevice = config.get('syslog', 'device')
logsocket = config.get('syslog', 'socket')
self.syslog_client = SysLogger(host, port, facility, logdevice,
logsocket)
if config.getboolean('taxii', 'enabled'):
# TODO: support for certificates
self.taxii_logger = TaxiiLogger(config)
self.enabled = True
def start(self):
self.enabled = True
while self.enabled:
event = self.log_queue.get()
assert 'data_type' in event
assert 'timestamp' in event
if self.public_ip:
event['public_ip'] = self.public_ip
if self.friends_feeder:
self.friends_feeder.log(
json.dumps(event, default=self.json_default))
if self.sqlite_logger:
self.sqlite_logger.log(event)
if self.syslog_client:
self.syslog_client.log(event)
if self.taxii_logger:
self.taxii_logger.log(event)
def stop(self):
self.enabled = False
def json_default(self, obj):
if isinstance(obj, datetime):
return obj.isoformat()
elif isinstance(obj, uuid.UUID):
return str(obj)
else:
return None