def __init__(self, name, configfile, work_directory=None, logfile=None):
CbIntegrationDaemon.__init__(self,
name,
configfile=configfile,
logfile=logfile)
self.validate_config()
self.logfile = logfile
self.log_level = logging.DEBUG if self.bridge_options[
'debug'] is "1" else logging.INFO
self.initialize_logging()
self.cb = CbResponseAPI(
url=self.bridge_options['carbonblack_server_url'],
token=self.bridge_options['carbonblack_server_token'],
ssl_verify=self.bridge_options['carbonblack_server_sslverify'])
self.session = Session()
tls_adapter = CbAPISessionAdapter(force_tls_1_2=True)
self.session.mount("https://", tls_adapter)
self.juniper_apikey = self.get_config_string("juniper_apikey", None)
self.juniper_client = JuniperSkyAtpClient(
session=self.session,
api_token=self.juniper_apikey,
log_level=self.log_level)
self.watchlists = self.bridge_options['watchlists'].split(",")
specs = {
"M": "minutes",
"W": "weeks",
"D": "days",
"S": "seconds",
"H": "hours"
}
time_increment = self.bridge_options.get('time_increment', "5M")
spec = specs[time_increment[-1].upper()]
val = int(time_increment[:-1])
self.TIME_INCREMENT = timedelta(**{spec: val})
def __init__(self,
name,
virustotal_api_token,
url=None,
rescan_window=None,
log_level=None,
submit_full_binaries=None):
super(VirusTotalProvider, self).__init__(name)
session = Session()
tls_adapter = CbAPISessionAdapter(force_tls_1_2=True)
session.mount("https://", tls_adapter)
self.virustotal_analysis = VirusTotalAnalysisClient(
api_token=virustotal_api_token,
session=session,
log_level=log_level)
self.url = url
self.submit_full_binaries = submit_full_binaries
if rescan_window and "NEVER" not in rescan_window.upper():
specs = {
"M": "minutes",
"W": "weeks",
"D": "days",
"S": "seconds",
"H": "hours"
}
spec = specs[rescan_window[-1].upper()]
val = int(rescan_window[:-1])
self.rescan_window = timedelta(**{spec: val})
else:
self.rescan_window = None
def __init__(self,
name,
username=None,
password=None,
url=None,
days_rescan=None,
report_visualisation_url=None,
log_level=None,
submit_full_binaries=None):
super(ReversingLabsTiCloudProvider, self).__init__(name)
session = Session()
tls_adapter = CbAPISessionAdapter(force_tls_1_2=True)
session.mount("https://", tls_adapter)
self.base_url = url
self.rl_analysis = ReversingLabsAnalysisClient(session=session,
username=username,
password=password,
base_url=url,
log_level=log_level)
self.submit_full_binaries = submit_full_binaries
self.report_visualisation_url = report_visualisation_url
if int(days_rescan) > 0:
self.days_rescan = int(days_rescan)
else:
self.days_rescan = None
def __init__(self, name, wildfire_url, wildfire_ssl_verify, api_keys, work_directory):
super(WildfireProvider, self).__init__(name)
self.api_keys = api_keys
self.wildfire_url = wildfire_url
self.wildfire_ssl_verify = wildfire_ssl_verify
self.current_api_key_index = 0
self.session = APISession(api_keys=self.api_keys, throttle_per_minute=120)
tls_adapter = CbAPISessionAdapter(force_tls_1_2=True)
self.session.mount("https://", tls_adapter)
self.work_directory = work_directory
def __init__(self, name, checkpoint_url, checkpoint_ssl_verify, api_key,
work_directory):
super(CheckpointProvider, self).__init__(name)
self.api_key = api_key
self.checkpoint_url = checkpoint_url
self.checkpoint_ssl_verify = checkpoint_ssl_verify
self.current_api_key_index = 0
self.work_directory = work_directory
self.session = APISession(api_key=self.api_key,
throttle_per_minute=120)
tls_adapter = CbAPISessionAdapter(force_tls_1_2=True)
self.session.mount("https://", tls_adapter)
def check_python_tls_compatibility():
try:
tls_adapter = CbAPISessionAdapter(force_tls_1_2=True)
except Exception as e:
ret = "TLSv1.1"
if "OP_NO_TLSv1_1" not in ssl.__dict__:
ret = "TLSv1.0"
elif "OP_NO_TLSv1" not in ssl.__dict__:
ret = "SSLv3"
elif "OP_NO_SSLv3" not in ssl.__dict__:
ret = "SSLv2"
else:
ret = "Unknown"
else:
ret = "TLSv1.2"
return ret
def __init__(self,
name,
username,
password,
host,
trust_untrusted_scans=True,
log_level=None):
super(FortiSandboxProvider, self).__init__(name)
self.fortisandbox_trust_untrusted = trust_untrusted_scans
session = Session()
tls_adapter = CbAPISessionAdapter(force_tls_1_2=True)
session.mount("https://", tls_adapter)
self.host = host
self.fortisandbox_analysis = FortiSandboxAnalysisClient(
host=host,
username=username,
password=password,
session=session,
log_level=log_level)
def __init__(self, name, api_token, base_url, log_level,
submit_full_binaries):
super(ReversingLabsTiScaleProvider, self).__init__(name)
session = Session()
tls_adapter = CbAPISessionAdapter(force_tls_1_2=True)
session.mount("https://", tls_adapter)
self.base_url = base_url
self.log_level = log_level
self.submit_full_binaries = submit_full_binaries
if log_level:
log.setLevel(logging.DEBUG)
else:
log.setLevel(logging.INFO)
self.tiscale_client = TiScaleClient(session=session,
base_url=self.base_url,
api_token=api_token,
log_level=self.log_level)
def __init__(self,
name,
api_token=None,
url=None,
days_rescan=None,
log_level=None,
submit_full_binaries=None):
super(ReversingLabsA1000Provider, self).__init__(name)
session = Session()
tls_adapter = CbAPISessionAdapter(force_tls_1_2=True)
session.mount("https://", tls_adapter)
self.base_url = url
self.rl_analysis = ReversingLabsAnalysisClient(session=session,
api_token=api_token,
base_url=url,
log_level=log_level)
self.submit_full_binaries = submit_full_binaries
if int(days_rescan) > 0 and 'NEVER' not in days_rescan.upper():
self.days_rescan = int(days_rescan)
else:
self.days_rescan = None
def setUp(self):
requests_cache.uninstall_cache()
self.tls_adapter = CbAPISessionAdapter(force_tls_1_2=True)
self.session = requests.Session()
self.session.mount("https://", self.tls_adapter)