Ejemplos de System en Python

Ejemplo n.º 1

def run_play_book(sns_profile, container_id, playbook_name):
    url = '%s/playbook_run' % (get_base_url(sns_profile))
    print(url)

    d = {
        "container_id": container_id,
        "playbook_id": playbook_name,
        "run": True,
        "scope": "new"
    }

    print(d)

    headers = get_phantom_request_headers(sns_profile)
    resp = requests.post(url,
                         headers=headers,
                         proxies=System.get_request_proxies(),
                         data=json.dumps(d),
                         verify=False)

    if resp.status_code != 200:
        print('!!!! playbook_run error: status_code=%d' % (resp.status_code))
        print('!!!! playbook_run error: body=%s' % (json.dumps(resp.json())))
        return None

    j = resp.json()
    if j['recieved']:
        return j['playbook_run_id']
    else:
        print('!!!!playbook_run error: body=%s' % (json.dumps(resp.json())))
        return None

Ejemplo n.º 2

Archivo: crowd_strike.py Proyecto: oh1ehh/stip-sns

def request(url):
    # 指定の url (CrowdStrike API) に request する
    proxies = System.get_request_proxies()
    resp = requests.get(url,
                        headers=get_crowd_strike_request_header(),
                        proxies=proxies)
    return json.loads(resp.text)

Ejemplo n.º 3

Archivo: receive.py Proyecto: ta-hiroki/stip-sns

def get_attached_file_from_slack(file_path):
    slack_token = SNSConfig.get_slack_bot_token()
    headers = {}
    headers['Authorization'] = 'Bearer ' + slack_token
    proxies = System.get_request_proxies()
    resp = requests.get(url=file_path, headers=headers, proxies=proxies)
    return resp

Ejemplo n.º 4

def create_container_id(container_name, sns_profile, artifacts=[]):
    url = '%s/container' % (get_base_url(sns_profile))

    d = {
        "name": container_name,
        "label": CONTAINER_LABEL,
        "artifacts": artifacts,
    }

    headers = get_phantom_request_headers(sns_profile)
    resp = requests.post(url,
                         headers=headers,
                         proxies=System.get_request_proxies(),
                         data=json.dumps(d),
                         verify=False)

    if resp.status_code != 200:
        print('!!!! container error: status_code=%d' % (resp.status_code))
        print('!!!! container error: body =%s' % (json.dumps(resp.json())))
        return None
    j = resp.json()
    if j['success']:
        return j['id']
    else:
        print('!!!!error: body =%s' % (json.dumps(resp.json())))
        return None

Ejemplo n.º 5

Archivo: splunk.py Proyecto: ykoji8681/stip-sns

def get_connect(sns_profile):
    proxies = System.get_request_proxies()
    con = client.connect(host=sns_profile.splunk_host,
                         port=sns_profile.splunk_api_port,
                         handler=handler(proxies),
                         username=sns_profile.splunk_username,
                         password=sns_profile.splunk_password,
                         scheme=sns_profile.splunk_scheme,
                         proxies=proxies)
    return con

Ejemplo n.º 6

Archivo: crowd_strike.py Proyecto: ykoji8681/stip-sns

def request_get(url):
    # 指定の url (CrowdStrike API) に request する
    proxies = System.get_request_proxies()
    access_token_rsp = get_access_token(proxies)
    if access_token_rsp.status_code != 201:
        return json.loads(access_token_rsp.text)
    else:
        access_token = access_token_rsp.json()['access_token']
    resp = requests.get(
        url,
        headers=get_crowd_strike_request_header(access_token),
        proxies=proxies)
    return json.loads(resp.text)

Ejemplo n.º 7

    def _get_element_from_referred_url(cls, referred_url, ta_list, white_list):
        extractors = {
            'application/pdf': PDFExtractor._get_element_from_target_file,
            'text/csv': CSVExtractor._get_element_from_target_file,
            'text/plain': TxtExtractor._get_element_from_target_file
        }
        try:
            resp = requests.get(referred_url,
                                verify=False,
                                proxies=System.get_request_proxies())
            content_type = resp.headers['content-type']
            file_ = None
            if 'text/html' in content_type:
                bs = bs4.BeautifulSoup(resp.text, 'lxml')
                return WebExtractor._get_element_from_post(
                    bs.body.text,
                    referred_url,
                    ta_list=ta_list,
                    white_list=white_list)
            else:
                # content_type が extractros の何かにマッチすればその処理を行う
                for extractor_key in list(extractors.keys()):
                    if extractor_key in content_type:
                        print(extractor_key)
                        # 一時ファイルを作成
                        file_ = WebExtractor._get_temp_file(
                            referred_url, resp.content)
                        try:
                            # それぞれの処理を行う
                            confirm_indicators, confirm_ttps, confirm_tas = extractors[
                                extractor_key](file_,
                                               ta_list=ta_list,
                                               white_list=white_list)
                            # 一時ファイルを削除してスキップ
                            if file_ is not None and file_.file_path is not None:
                                os.remove(file_.file_path)
                            return confirm_indicators, confirm_ttps, confirm_tas
                        except BaseException:
                            # 失敗した場合は None
                            return None, None, None
            return None, None, None

        except Exception:
            import traceback
            traceback.print_exc()
            return None, None, None

Ejemplo n.º 8

 def get_taxii_collection_source(cls):
     # あらかじめ ATT&CK の TAXIICOllectionSourceを取得する
     try:
         proxies = System.get_request_proxies()
         attck_txs = Server("%s/taxii/" % (cls.ATT_CK_TAXII_SERVER),
                            proxies=proxies)
         api_root = attck_txs.api_roots[0]
         for collection in api_root.collections:
             if collection.title == cls.COLLCETION_TITLE:
                 collection = Collection(
                     "%s/stix/collections/%s/" %
                     (cls.ATT_CK_TAXII_SERVER, collection.id),
                     proxies=proxies)
                 return TAXIICollectionSource(collection)
         return None
     except Exception:
         import traceback
         traceback.print_exc()
         return None

Ejemplo n.º 9

 def _fetch_from_circl(cls, cve):
     # cve.circl.lu から取得する
     url = '%s%s' % (CIRCL_API_URL_PREFIX, cve)
     try:
         resp = requests.get(url, proxies=System.get_request_proxies())
         if resp.text == 'null':
             # データが返却されていない
             return None
         info = json.loads(resp.text)
         doc = Cve()
         doc.cve = cve
         doc.info = info
         doc.created = datetime.datetime.now(pytz.utc)
         doc.save()
         return doc
     except BaseException:
         traceback.print_exc()
         # 取得できなかった
         return None

Ejemplo n.º 10

def call_jira(request):
    try:
        # JIRA が import されていない場合は何もしない
        if imported_jira is None:
            rsp = {}
            return JsonResponse(rsp)
        # feed情報取得
        feed_file_name_id = request.GET['feed_id']
        package_id_arg = request.GET['package_id']
        feed = Feed.get_feeds_from_package_id(request.user, package_id_arg)

        # JIRA instance
        proxies = System.get_request_proxies()
        j = JIRA(server=SNSConfig.get_jira_host(),
                 proxies=proxies,
                 basic_auth=(SNSConfig.get_jira_username(),
                             SNSConfig.get_jira_password()))
        # issues作成
        issue = j.create_issue(project=SNSConfig.get_jira_project(),
                               summary=feed.title,
                               description=feed.post,
                               issuetype={'name': SNSConfig.get_jira_type()})
        # 添付があればそれもつける
        for attach_file in feed.files.all():
            file_path = Feed.get_attach_file_path(attach_file.package_id)
            j.add_attachment(issue=issue,
                             attachment=file_path,
                             filename=str(attach_file.file_name))

        # STIX添付
        stix_package = STIXPackage.from_xml(feed.stix_file_path)
        package_id = stix_package.id_
        stix_file_name = '%s.xml' % (package_id)
        j.add_attachment(issue=issue,
                         attachment=feed.stix_file_path,
                         filename=stix_file_name)

        # CSV添付
        # CSVの中身を取得する
        content = get_csv_content(feed_file_name_id)
        csv_attachment = io.StringIO()
        csv_attachment.write(content)
        csv_file_name = '%s.csv' % (package_id)
        j.add_attachment(issue=issue,
                         attachment=csv_attachment,
                         filename=csv_file_name)

        # PDF添付
        feed_pdf = FeedPDF(feed, stix_package)
        pdf_attachment = io.BytesIO()
        feed_pdf.make_pdf_content(pdf_attachment, feed)
        pdf_file_name = '%s.pdf' % (package_id)
        j.add_attachment(issue=issue,
                         attachment=pdf_attachment,
                         filename=pdf_file_name)

        # isssue番号返却
        url = SNSConfig.get_jira_host(
        ) + '/projects/' + SNSConfig.get_jira_project() + '/issues/' + str(
            issue)
        rsp = {
            'issues': str(issue),
            'url': url,
        }
        return JsonResponse(rsp)
    except Exception as e:
        traceback.print_exc()
        return HttpResponseServerError(str(e))

Ejemplo n.º 11

COMMAND_STIX_PATTERN = re.compile(COMMAND_STIX_PATTERN_STR)
CHANNEL_PATTERN_STR = r'(?P<channel_info><#[0-9A-Z]+?\|(?P<channel_name>.+?)>)'
CHANNEL_PATTERN = re.compile(
    CHANNEL_PATTERN_STR,
    flags=(re.MULTILINE))
USER_ID_PATTERN_STR = '(?P<user_info><@(?P<user_id>[0-9A-Z]+?)>)'
USER_ID_PATTERN = re.compile(
    USER_ID_PATTERN_STR,
    flags=(re.MULTILINE))

# TLP_LIST 初期化
TLP_LIST = []
for choice in TLP_CHOICES:
    TLP_LIST.append(choice[0])

proxies = System.get_request_proxies()
wc = None
th = None
rtm_client = None
slack_token = None


class SlackThread(threading.Thread):
    def __init__(self):
        super().__init__()
        self.started = threading.Event()
        self.alive = True
        self.start()

    def begin(self):
        self.started.set()