def install(self):
# Register models
model.registerModel("testFire", "_testFire", "_action",
"plugins.testFire.models.action")
model.registerModel("testFireTrigger", "_testFireTrigger", "_trigger",
"plugins.testFire.models.trigger")
return True
def install(self):
# Register models
model.registerModel("localDelete", "_localDelete", "_action",
"plugins.local.models.action")
model.registerModel("localWrite", "_localWrite", "_action",
"plugins.local.models.action")
return True
def install(self):
# Register models
model.registerModel("subflow", "_subflow", "_action",
"plugins.subflow.models.action")
model.registerModel("subflowExecute", "_subflowExecute", "_trigger",
"plugins.subflow.models.trigger")
return True
def upgrade(self, LatestPluginVersion):
if self.version < 1.5:
model.registerModel(
"batfishAccessCheck",
"_batfishAccessCheck",
"_action",
"plugins.batfish.models.action",
)
if self.version < 1.6:
model.registerModel(
"batfishConnect",
"_batfishConnect",
"_action",
"plugins.batfish.models.action",
)
if self.version < 1.7:
model.registerModel(
"batfishReachabilityCheck",
"_batfishReachabilityCheck",
"_action",
"plugins.batfish.models.action",
)
if self.version < 1.9:
model.registerModel(
"batfishTraceRouteCheck",
"_batfishTraceRouteCheck",
"_action",
"plugins.batfish.models.action",
)
return True
def install(self):
# Register batfish Models
model.registerModel(
"batfishConnect",
"_batfishConnect",
"_action",
"plugins.batfish.models.action",
)
model.registerModel(
"batfishAccessCheck",
"_batfishAccessCheck",
"_action",
"plugins.batfish.models.action",
)
model.registerModel(
"batfishReachabilityCheck",
"_batfishReachabilityCheck",
"_action",
"plugins.batfish.models.action",
)
model.registerModel(
"batfishTraceRouteCheck",
"_batfishTraceRouteCheck",
"_action",
"plugins.batfish.models.action",
)
return True
def install(self):
# Register models
model.registerModel("shodanGetHostByIP", "_shodanGetHostByIP",
"_action", "plugins.shodan.models.action")
model.registerModel("shodanDomainLookup", "_shodanDomainLookup",
"_action", "plugins.shodan.models.action")
model.registerModel("shodanReverseLookup", "_shodanReverseLookup",
"_action", "plugins.shodan.models.action")
model.registerModel("shodanSearch", "_shodanSearch", "_action",
"plugins.shodan.models.action")
return True
def install(self):
# Register models
model.registerModel("humio", "_humio", "_trigger",
"plugins.humio.models.trigger")
model.registerModel("humioIngest", "_humioIngest", "_trigger",
"plugins.humio.models.action")
model.registerModel("humioSearch", "_humioSearch", "_action",
"plugins.humio.models.action")
model.registerModel("humioDashboard", "_humioDashboard", "_action",
"plugins.humio.models.action")
return True
def install(self):
# Register models
model.registerModel("xForcePremiumCnC", "_xForcePremiumCnC", "_action",
"plugins.ibmXforce.models.action")
model.registerModel("xForceGlpiEnrichment", "_xForceGlpiEnrichment",
"_action", "plugins.ibmXforce.models.action")
model.registerModel("xForceReport", "_xForceReport", "_action",
"plugins.ibmXforce.models.action")
model.registerModel("xForceGetUsage", "_xForceGetUsage", "_action",
"plugins.ibmXforce.models.action")
return True
def upgrade(self, LatestPluginVersion):
if self.version < 0.4:
model.registerModel("xForcePremiumCnC", "_xForcePremiumCnC",
"_action", "plugins.ibmXforce.models.action")
if self.version < 0.3:
model.registerModel("xForceGlpiEnrichment",
"_xForceGlpiEnrichment", "_action",
"plugins.ibmXforce.models.action")
if self.version < 0.2:
model.registerModel("xForceReport", "_xForceReport", "_action",
"plugins.ibmXforce.models.action")
model.registerModel("xForceGetUsage", "_xForceGetUsage", "_action",
"plugins.ibmXforce.models.action")
def upgrade(self, LatestPluginVersion):
if self.version < 0.2:
model.registerModel("sophosEndpoint", "_sophosEndpoint", "_action",
"plugins.sophos.models.action")
if self.version < 0.3:
model.registerModel("sophosScan", "_sophosScan", "_action",
"plugins.sophos.models.action")
model.registerModel("sophosGetTamperProtection",
"_sophosGetTamperProtection", "_action",
"plugins.sophos.models.action")
model.registerModel("sophosSetTamperProtection",
"_sophosSetTamperProtection", "_action",
"plugins.sophos.models.action")
return True
def upgrade(self, LatestPluginVersion):
if self.version < 0.3:
model.registerModel("shodanSearch", "_shodanSearch", "_action",
"plugins.shodan.models.action")
if self.version < 0.2:
model.registerModel("shodanDomainLookup", "_shodanDomainLookup",
"_action", "plugins.shodan.models.action")
model.registerModel("shodanReverseLookup", "_shodanReverseLookup",
"_action", "plugins.shodan.models.action")
def upgrade(self, LatestPluginVersion):
#Added Humio Dashboard Action
if self.version < 1.5:
model.registerModel("humioDashboard", "_humioDashboard", "_action",
"plugins.humio.models.action")
model.registerModel("humioSearch", "_humioSearch", "_action",
"plugins.humio.models.action")
#Added Humio Ingest Action
if self.version < 1.2:
model.registerModel("humioIngest", "_humioIngest", "_action",
"plugins.humio.models.action")
return True
def install(self):
# Register models
model.registerModel("choice","_choice","_document","plugins.choice.models.choice",True)
model.registerModel("choiceRequest","_requestChoice","_action","plugins.choice.models.action")
model.registerModel("choiceTrigger","_choiceTrigger","_action","plugins.choice.models.action",True)
c = conduct._conduct().new("choiceCore")
c = conduct._conduct().getAsClass(id=c.inserted_id)[0]
t = trigger._trigger().new("choiceCore")
t = trigger._trigger().getAsClass(id=t.inserted_id)[0]
a = action._choiceTrigger().new("choiceCore")
a = action._choiceTrigger().getAsClass(id=a.inserted_id)[0]
c.triggers = [t._id]
flowTriggerID = str(uuid.uuid4())
flowActionID = str(uuid.uuid4())
c.flow = [
{
"flowID" : flowTriggerID,
"type" : "trigger",
"triggerID" : t._id,
"next" : [
{"flowID": flowActionID, "logic": True }
]
},
{
"flowID" : flowActionID,
"type" : "action",
"actionID" : a._id,
"next" : []
}
]
webui._modelUI().new(c._id,{ "ids":[ { "accessID":"0","delete": True,"read": True,"write": True } ] },flowTriggerID,0,0,"")
webui._modelUI().new(c._id,{ "ids":[ { "accessID":"0","delete": True,"read": True,"write": True } ] },flowActionID,100,0,"")
c.acl = { "ids":[ { "accessID":"0","delete": True,"read": True,"write": True } ] }
c.enabled = True
c.update(["triggers","flow","enabled","acl"])
t.acl = { "ids":[ { "accessID":"0","delete": True,"read": True,"write": True } ] }
t.schedule = "60-90s"
t.enabled = True
t.update(["schedule","enabled","acl"])
a.acl = { "ids":[ { "accessID":"0","delete": True,"read": True,"write": True } ] }
a.enabled = True
a.update(["enabled","acl"])
return True
def install(self):
# Register models
model.registerModel("remoteConnectLinux","_remoteConnectLinux","_action","plugins.remote.models.action")
model.registerModel("remoteCommand","_remoteCommand","_action","plugins.remote.models.action")
model.registerModel("remoteConnectWindows","_remoteConnectWindows","_action","plugins.remote.models.action")
model.registerModel("remoteDownload","_remoteDownload","_action","plugins.remote.models.action")
model.registerModel("remoteUpload","_remoteUpload","_action","plugins.remote.models.action")
model.registerModel("remoteDisconnect","_remoteDisconnect","_action","plugins.remote.models.action")
model.registerModel("remoteReboot","_remoteReboot","_action","plugins.remote.models.action")
model.registerModel("linuxStartPortForward","_remoteLinuxStartPortForward","_action","plugins.remote.models.action")
model.registerModel("linuxStopPortForward","_remoteLinuxStopPortForward","_action","plugins.remote.models.action")
model.registerModel("remotePullWinEvents","_remotePullWinEvents","_trigger","plugins.remote.models.trigger")
model.registerModel("remoteConnectFortigate","_remoteConnectFortigate","_action","plugins.remote.models.action")
return True
def upgrade(self,LatestPluginVersion):
if self.version < 1.1:
model.registerModel("remotePullWinEvents","_remotePullWinEvents","_trigger","plugins.remote.models.trigger")
if self.version < 0.7:
model.registerModel("remoteReboot","_remoteReboot","_action","plugins.remote.models.action")
if self.version < 0.5:
model.registerModel("remoteDisconnect","_remoteDisconnect","_action","plugins.remote.models.action")
if self.version < 0.4:
model.registerModel("remoteUpload","_remoteUpload","_action","plugins.remote.models.action")
if self.version < 0.3:
model.registerModel("remoteDownload","_remoteDownload","_action","plugins.remote.models.action")
if self.version < 0.2:
model.registerModel("remoteConnectWindows","_remoteConnectWindows","_action","plugins.remote.models.action")
if self.version < 1.2:
model.registerModel("remoteConnectFortigate","_remoteConnectFortigate","_action","plugins.remote.models.action")
return True
def upgrade(self, LatestPluginVersion):
if self.version < 1.1:
model.registerModel("localWrite", "_localWrite", "_action",
"plugins.local.models.action")
return True
def install(self):
# Register models
model.registerModel("asset", "_asset", "_document",
"plugins.asset.models.asset")
model.registerModel("assetUpdate", "_assetUpdate", "_action",
"plugins.asset.models.action")
model.registerModel("assetBulkUpdate", "_assetBulkUpdate", "_action",
"plugins.asset.models.action")
model.registerModel("assetSearch", "_assetSearch", "_action",
"plugins.asset.models.assetSearch")
model.registerModel("assetSearchTrigger", "_assetSearchTrigger",
"_action", "plugins.asset.models.assetSearch")
model.registerModel("assetRelationship", "_assetRelationship",
"_document", "plugins.asset.models.relationship")
model.registerModel("assetRelationshipUpdate",
"_assetRelationshipUpdate", "_action",
"plugins.asset.models.relationship")
model.registerModel("assetRelationshipBulkUpdate",
"_assetRelationshipBulkUpdate", "_action",
"plugins.asset.models.relationship")
return True
def systemInstall():
# Adding ENC secure
systemSecure = _system().query(query={"name": "secure"})["results"]
if len(systemSecure) < 1:
systemSecure = _system().new("secure").inserted_id
systemSecure = _system().get(systemSecure)
systemSecure.data = {"string": secrets.token_hex(32)}
systemSecure.update(["data"])
# Installing model if that DB is not installed
if "model" not in db.list_collection_names():
logging.debug("DB Collection 'model' Not Found : Creating...")
# Creating default model required so other models can be registered
logging.debug("Registering default model class...")
m = model._model()
m.name = "model"
m.classID = None
m.acl = {
"ids": [{
"accessID": "0",
"delete": True,
"read": True,
"write": True
}]
}
m.className = "_model"
m.classType = "_document"
m.location = "core.model"
m.insert_one(m.parse())
if "conducts" not in db.list_collection_names():
logging.debug("DB Collection conducts Not Found : Creating...")
model.registerModel("conduct", "_conduct", "_document",
"core.models.conduct")
if "triggers" not in db.list_collection_names():
logging.debug("DB Collection action Not Found : Creating...")
model.registerModel("trigger", "_trigger", "_document",
"core.models.trigger")
if "actions" not in db.list_collection_names():
logging.debug("DB Collection action Not Found : Creating...")
model.registerModel("action", "_action", "_document",
"core.models.action")
if "webui" not in db.list_collection_names():
logging.debug("DB Collection webui Not Found : Creating...")
model.registerModel("flowData", "_flowData", "_document",
"core.models.webui")
if "modelUI" not in db.list_collection_names():
logging.debug("DB Collection modelUI Not Found : Creating...")
model.registerModel("modelUI", "_modelUI", "_document",
"core.models.webui")
if "clusterMembers" not in db.list_collection_names():
logging.debug("DB Collection clusterMembers Not Found : Creating...")
model.registerModel("clusterMember", "_clusterMember", "_document",
"core.cluster")
# System - failedTriggers
from core.models import trigger
triggers = trigger._trigger().query(
query={"name": "failedTriggers"})["results"]
if len(triggers) < 1:
from system.models import trigger as systemTrigger
model.registerModel("failedTriggers", "_failedTriggers", "_trigger",
"system.models.trigger")
if not systemTrigger._failedTriggers().new("failedTriggers"):
logging.debug("Unable to register failedTriggers", -1)
return False
temp = model._model().getAsClass(query={"name": "failedTriggers"})
if len(temp) == 1:
temp = temp[0]
temp.hidden = True
temp.update(["hidden"])
# System - Actions
from core.models import action
actions = action._action().query(query={"name": "resetTrigger"})["results"]
if len(actions) < 1:
from system.models import action as systemAction
model.registerModel("resetTrigger", "_resetTrigger", "_action",
"system.models.action")
if not systemAction._resetTrigger().new("resetTrigger"):
logging.debug("Unable to register resetTrigger", -1)
return False
temp = model._model().getAsClass(query={"name": "resetTrigger"})
if len(temp) == 1:
temp = temp[0]
temp.hidden = True
temp.update(["hidden"])
from core import auth
# Adding models for user and groups
model.registerModel("user", "_user", "_document", "core.auth")
model.registerModel("group", "_group", "_document", "core.auth")
# Adding default admin group
adminGroup = auth._group().getAsClass(query={"name": "admin"})
if len(adminGroup) == 0:
adminGroup = auth._group().new("admin")
adminGroup = auth._group().getAsClass(query={"name": "admin"})
adminGroup = adminGroup[0]
# Adding default root user
rootUser = auth._user().getAsClass(query={"username": "******"})
if len(rootUser) == 0:
rootPass = randomString(30)
rootUser = auth._user().new("root", "root", rootPass)
rootUser = auth._user().getAsClass(query={"username": "******"})
logging.debug("Root user created! Password is: {}".format(rootPass),
-1)
rootUser = rootUser[0]
# Adding root to group
if rootUser._id not in adminGroup.members:
adminGroup.members.append(rootUser._id)
adminGroup.update(["members"])
# Adding primary group for root user
rootUser.primaryGroup = adminGroup._id
rootUser.update(["primaryGroup"])
return True
def install(self):
# Register models
model.registerModel("microsoftteamswebhooksPostMessage","_microsoftteamswebhooksPostMessage","_action","plugins.microsoftteamswebhooks.models.action")
model.registerModel("microsoftteamswebhooksResponse","_microsoftteamswebhooksResponse","_trigger","plugins.microsoftteamswebhooks.models.trigger")
return True
def upgrade(self,LatestPluginVersion):
if self.version < 0.2:
model.registerModel("otxLookupIPv4","_otxLookupIPv4","_action","plugins.otx.models.action")
model.registerModel("otxLookupIPv6","_otxLookupIPv6","_action","plugins.otx.models.action")
model.registerModel("otxLookupDomain","_otxLookupDomain","_action","plugins.otx.models.action")
model.registerModel("otxLookupHostname","_otxLookupHostname","_action","plugins.otx.models.action")
model.registerModel("otxLookupUrl","_otxLookupUrl","_action","plugins.otx.models.action")
model.registerModel("otxLookupCve","_otxLookupCve","_action","plugins.otx.models.action")
model.registerModel("otxLookupFileHash","_otxLookupFileHash","_action","plugins.otx.models.action")
def upgrade(self, LatestPluginVersion):
if self.version < 1.9:
model.registerModel("testFireTrigger", "_testFireTrigger",
"_trigger", "plugins.testFire.models.trigger")
def install(self):
# Register models
model.registerModel("jinjaFormat", "_jinjaFormat", "_action",
"plugins.jinja.models.action")
return True
def install(self):
# Register models
model.registerModel("databaseSearch", "_databaseSearch", "_action",
"plugins.database.models.action")
return True
def install(self):
# Register models
model.registerModel("otxUpdate","_otxUpdate","_action","plugins.otx.models.action")
model.registerModel("otxLookup","_otxLookup","_action","plugins.otx.models.action")
model.registerModel("otxLookupIPv4","_otxLookupIPv4","_action","plugins.otx.models.action")
model.registerModel("otxLookupIPv6","_otxLookupIPv6","_action","plugins.otx.models.action")
model.registerModel("otxLookupDomain","_otxLookupDomain","_action","plugins.otx.models.action")
model.registerModel("otxLookupHostname","_otxLookupHostname","_action","plugins.otx.models.action")
model.registerModel("otxLookupUrl","_otxLookupUrl","_action","plugins.otx.models.action")
model.registerModel("otxLookupCve","_otxLookupCve","_action","plugins.otx.models.action")
model.registerModel("otxLookupFileHash","_otxLookupFileHash","_action","plugins.otx.models.action")
return True
def upgrade(self,LatestPluginVersion):
if self.version < 0.2:
model.registerModel("microsoftteamswebhooksResponse","_microsoftteamswebhooksResponse","_trigger","plugins.microsoftteamswebhooks.models.trigger")
def upgrade(self, LatestPluginVersion):
if self.version < 0.6:
model.registerModel("assetSearchTrigger", "_assetSearchTrigger",
"_action", "plugins.asset.models.assetSearch")
if self.version < 0.5:
model.registerModel("assetRelationshipBulkUpdate",
"_assetRelationshipBulkUpdate", "_action",
"plugins.asset.models.relationship")
if self.version < 0.4:
model.registerModel("assetRelationship", "_assetRelationship",
"_document",
"plugins.asset.models.relationship")
model.registerModel("assetRelationshipUpdate",
"_assetRelationshipUpdate", "_action",
"plugins.asset.models.relationship")
if self.version < 0.3:
model.registerModel("assetBulkUpdate", "_assetBulkUpdate",
"_action", "plugins.asset.models.action")
if self.version < 0.2:
model.registerModel("assetSearch", "_assetSearch", "_action",
"plugins.asset.models.assetSearch")
return True
def install(self):
# Register models
model.registerModel("splunkSearch","_splunkSearch","_trigger","plugins.splunk.models.trigger")
return True
def install(self):
# Register models
model.registerModel("playbook", "_playbook", "_document",
"plugins.playbook.models.playbook", True)
model.registerModel("playbookStart", "_playbookStart", "_action",
"plugins.playbook.models.action")
model.registerModel("playbookEnd", "_playbookEnd", "_action",
"plugins.playbook.models.action")
model.registerModel("playbookSearch", "_playbookSearch", "_trigger",
"plugins.playbook.models.trigger")
model.registerModel("playbookGet", "_playbookGet", "_action",
"plugins.playbook.models.action")
model.registerModel("playbookSearchAction", "_playbookSearchAction",
"_action", "plugins.playbook.models.action")
model.registerModel("playbookAdd", "_playbookAdd", "_action",
"plugins.playbook.models.action")
model.registerModel("playbookUpdateData", "_playbookUpdateData",
"_action", "plugins.playbook.models.action")
model.registerModel("playbookStartUpdate", "_playbookStartUpdate",
"_action", "plugins.playbook.models.action")
model.registerModel("playbookBulkAdd", "_playbookBulkAdd", "_action",
"plugins.playbook.models.action")
pb._playbook()._dbCollection.create_index("name")
pb._playbook()._dbCollection.create_index([("name", 1),
("occurrence", 1)])
return True
def install(self):
# Register models
model.registerModel("email","_email","_action","plugins.email.models.action")
return True
def install(self):
# Register models
model.registerModel("websiteScreenshot", "_websiteScreenshot",
"_action", "plugins.screenshotapi.models.action")
return True
