def main():
parser = build_cli_parser("VirusTotal Connector")
parser.add_argument("--config",
"-c",
help="Path to configuration file",
default="virustotal.ini")
args = parser.parse_args()
inifile = RawConfigParser({
"vt_api_key": None,
"retrieve_files": "true",
"upload_binaries_to_vt": "false",
"connector_name": "VirusTotal",
"log_file": None,
})
inifile.read(args.config)
config = {}
config["vt_api_key"] = inifile.get("bridge", "vt_api_key")
config["retrieve_files"] = inifile.getboolean("bridge", "retrieve_files")
config["connector_name"] = inifile.get("bridge", "connector_name")
config["upload_binaries_to_vt"] = inifile.getboolean(
"bridge", "upload_binaries_to_vt")
log_file = inifile.get("bridge", "log_file")
if log_file:
file_handler = logging.FileHandler(log_file)
formatter = logging.Formatter('%(asctime)s %(levelname)s:%(message)s')
file_handler.setFormatter(formatter)
file_handler.setLevel(logging.DEBUG)
logging.getLogger().addHandler(file_handler)
if not config["vt_api_key"]:
log.fatal("Cannot start without a valid VirusTotal API key, exiting")
return 1
log.info("Configuration:")
for k, v in iteritems(config):
log.info(" %-20s: %s" % (k, v))
api = get_cb_protection_object(args)
vt = VirusTotalConnector(
api,
vt_token=config["vt_api_key"],
allow_uploads=config[
"upload_binaries_to_vt"], # Allow VT connector to upload binary files to VirusTotal
connector_name=config["connector_name"],
)
log.info("Starting VirusTotal processing loop")
vt.run()
def __init__(self, product_name, **kwargs):
if product_name not in ("response", "protection", "psc"):
raise CredentialError("Product name {0:s} not valid".format(product_name))
self.credential_search_path = [
os.path.join(os.path.sep, "etc", "carbonblack", "credentials.%s" % product_name),
os.path.join(os.path.expanduser("~"), ".carbonblack", "credentials.%s" % product_name),
os.path.join(".", ".carbonblack", "credentials.%s" % product_name),
]
if "credential_file" in kwargs:
if isinstance(kwargs["credential_file"], six.string_types):
self.credential_search_path = [kwargs["credential_file"]]
elif type(kwargs["credential_file"]) is list:
self.credential_search_path = kwargs["credential_file"]
self.credentials = RawConfigParser(defaults=default_profile)
self.credential_files = self.credentials.read(self.credential_search_path)
class FileCredentialStore(object):
def __init__(self, product_name, **kwargs):
if product_name not in ("response", "protection", "psc"):
raise CredentialError(
"Product name {0:s} not valid".format(product_name))
self.credential_search_path = [
os.path.join(os.path.sep, "etc", "carbonblack",
"credentials.%s" % product_name),
os.path.join(os.path.expanduser("~"), ".carbonblack",
"credentials.%s" % product_name),
os.path.join(".", ".carbonblack", "credentials.%s" % product_name),
]
if "credential_file" in kwargs:
if isinstance(kwargs["credential_file"], six.string_types):
self.credential_search_path = [kwargs["credential_file"]]
elif type(kwargs["credential_file"]) is list:
self.credential_search_path = kwargs["credential_file"]
self.credentials = RawConfigParser(defaults=default_profile)
self.credential_files = self.credentials.read(
self.credential_search_path)
def get_credentials(self, profile=None):
credential_profile = profile or "default"
if credential_profile not in self.get_profiles():
raise CredentialError(
"Cannot find credential profile '%s' after searching in these files: %s."
% (credential_profile, ", ".join(self.credential_search_path)))
retval = {}
for k, v in six.iteritems(default_profile):
retval[k] = self.credentials.get(credential_profile, k)
if not retval["url"] or not retval["token"]:
raise CredentialError(
"Token and/or URL not available for profile %s" %
credential_profile)
return Credentials(retval)
def get_profiles(self):
return self.credentials.sections()
class FileCredentialStore(object):
def __init__(self, product_name, **kwargs):
if product_name not in ("response", "protection", "psc"):
raise CredentialError("Product name {0:s} not valid".format(product_name))
self.credential_search_path = [
os.path.join(os.path.sep, "etc", "carbonblack", "credentials.%s" % product_name),
os.path.join(os.path.expanduser("~"), ".carbonblack", "credentials.%s" % product_name),
os.path.join(".", ".carbonblack", "credentials.%s" % product_name),
]
if "credential_file" in kwargs:
if isinstance(kwargs["credential_file"], six.string_types):
self.credential_search_path = [kwargs["credential_file"]]
elif type(kwargs["credential_file"]) is list:
self.credential_search_path = kwargs["credential_file"]
self.credentials = RawConfigParser(defaults=default_profile)
self.credential_files = self.credentials.read(self.credential_search_path)
def get_credentials(self, profile=None):
credential_profile = profile or "default"
if credential_profile not in self.get_profiles():
raise CredentialError("Cannot find credential profile '%s' after searching in these files: %s." %
(credential_profile, ", ".join(self.credential_search_path)))
retval = {}
for k, v in six.iteritems(default_profile):
retval[k] = self.credentials.get(credential_profile, k)
if not retval["url"] or not retval["token"]:
raise CredentialError("Token and/or URL not available for profile %s" % credential_profile)
return Credentials(retval)
def get_profiles(self):
return self.credentials.sections()
def main():
parser = build_cli_parser("VirusTotal Connector")
parser.add_argument("--config", "-c", help="Path to configuration file", default="virustotal.ini")
args = parser.parse_args()
inifile = RawConfigParser({
"vt_api_key": None,
"retrieve_files": "true",
"upload_binaries_to_vt": "false",
"connector_name": "VirusTotal",
"log_file": None,
})
inifile.read(args.config)
config = {}
config["vt_api_key"] = inifile.get("bridge", "vt_api_key")
config["retrieve_files"] = inifile.getboolean("bridge", "retrieve_files")
config["connector_name"] = inifile.get("bridge", "connector_name")
config["upload_binaries_to_vt"] = inifile.getboolean("bridge", "upload_binaries_to_vt")
log_file = inifile.get("bridge", "log_file")
if log_file:
file_handler = logging.FileHandler(log_file)
formatter = logging.Formatter('%(asctime)s %(levelname)s:%(message)s')
file_handler.setFormatter(formatter)
file_handler.setLevel(logging.DEBUG)
logging.getLogger().addHandler(file_handler)
if not config["vt_api_key"]:
log.fatal("Cannot start without a valid VirusTotal API key, exiting")
return 1
log.info("Configuration:")
for k, v in iteritems(config):
log.info(" %-20s: %s" % (k,v))
api = get_cb_protection_object(args)
vt = VirusTotalConnector(
api,
vt_token=config["vt_api_key"],
allow_uploads=config["upload_binaries_to_vt"], # Allow VT connector to upload binary files to VirusTotal
connector_name=config["connector_name"],
)
log.info("Starting VirusTotal processing loop")
vt.run()
def __init__(self, product_name, **kwargs):
if product_name not in ("response", "protection", "psc"):
raise CredentialError("Product name {0:s} not valid".format(product_name))
self.credential_search_path = [
os.path.join(os.path.sep, "etc", "carbonblack", "credentials.%s" % product_name),
os.path.join(os.path.expanduser("~"), ".carbonblack", "credentials.%s" % product_name),
os.path.join(".", ".carbonblack", "credentials.%s" % product_name),
]
if "credential_file" in kwargs:
if isinstance(kwargs["credential_file"], six.string_types):
self.credential_search_path = [kwargs["credential_file"]]
elif type(kwargs["credential_file"]) is list:
self.credential_search_path = kwargs["credential_file"]
self.credentials = RawConfigParser(defaults=default_profile)
self.credential_files = self.credentials.read(self.credential_search_path)