Ejemplo n.º 1
0
def execute(event):
    
    analysts = {}
    for analyst, email, txt in [x.split(',') for x in containmentAnalystsEmails.split('|')]:
        analysts[analyst] = {'email': email, 'txt': txt}
    
    perimeterBlock = getUserIn("Request Perimeter Block (Yes/No)") in YES
    event.setAttribute('perimeter_block', perimeterBlock)
    
    if perimeterBlock and (notifyContainmentAnalysts or event._analystUsername not in analysts):
        
        selectedAnalysts = getUserMultiChoice('Choose Containment Analysts', 'Analysts', analysts.keys(), numCols=1, default=['All'], allChoice=True)
                                
        subject = 'CIRTA Perimeter Block'
        msg = '''

CIRTA ID -- %s
Analyst -- %s
IP -- %s
Host -- %s
MAC-- %s''' % (event.cirta_id, event._analystUsername, event.ip_address, event.hostname, event.mac_address)

        smsFilePath = event._baseFilePath + '.sms'
        f = open(smsFilePath, 'w')
        f.write(subject + msg)
        f.close()
        subprocess.call(['nano', smsFilePath])
        f = open(smsFilePath, 'r')
        msg = f.read()
        f.close()
        
        printStatusMsg('Final Request', 22, '>', color=colors.HEADER2)
    
        print(msg)
        
        printStatusMsg('Final Request', 22, '<', color=colors.HEADER2)
    
        if getUserIn('Send Request (Yes/No)') in YES:
            m = MailServer(fromAddr=fromAddr, server=mailServerName)
            m.sendMail(subject + ' - %s' % event.cirta_id, msg, fromAddr, toAddr=[v['email'] for k,v in analysts.items() if k in selectedAnalysts])
            m.sendText(msg, fromAddr, toAddr=[v['txt'] for k,v in analysts.items() if k in selectedAnalysts])
Ejemplo n.º 2
0
def execute(event):
    
    def splitAndStrip(raw):
        return [x.strip() for x in raw.split(',')]
      
    #subject = getUserInWithDef('Subject', '%s %s' % (subjectStart, event.Category.split(',')[0]))
    
    event.ir_ticket = getUserIn('IR Ticket')
    
    toAddress = splitAndStrip(getUserInWithDef('Recipient(s)', confVars.toAddr))
    
    if confVars.cc:
        cc = [confVars.cc]
    else:
        cc = []
        
    if confVars.bcc:
        bcc = [confVars.bcc]
    else:
        bcc = []
        
    mailServer = MailServer(confVars.fromAddr, toAddress, server=confVars.mailServerName)
    
    if event.hostname:
        subjectAdd = "%s - %s" % (event.hostname, event.description) 
    else:
        subjectAdd = "%s - %s" % (event.ip_address, event.description)
        
    subject = getUserInWithDef('Subject', '%s - %s' % (confVars.subject, subjectAdd))
    
    print('')

    msg = confVars.header
    
    eventStage = splitAndStrip(confVars.eventStage)
    eventDefaultStage = splitAndStrip(confVars.eventDefaultStage)
    
    containmentActions = splitAndStrip( confVars.containmentActions)
    containmentPreferred = splitAndStrip( confVars.containmentPreferred)
    containmentAlternative = splitAndStrip( confVars.containmentAlternative)
    containmentTimeline = splitAndStrip( confVars.containmentTimeline)
    containmentDefaultTimeline = splitAndStrip( confVars.containmentDefaultTimeline)
    
    eradicationActions = splitAndStrip( confVars.eradicationActions)
    eradicationDefaultActions = splitAndStrip( confVars.eradicationDefaultActions)
    eradicationTimeline = splitAndStrip( confVars.eradicationTimeline)
    eradicationDefaultTimeline = splitAndStrip( confVars.eradicationDefaultTimeline)
    

    event.eventStage = ', '.join(getUserMultiChoice('Current Event Stage', 'Selection', eventStage, numCols=1, default=eventDefaultStage, allowMultiple=False))
    
    event.containmentPreferred = ', '.join(getUserMultiChoice('Preferred Containment', 'Selection', containmentActions, numCols=2, default=containmentPreferred, allowMultiple=True, other=True))
    event.containmentAlternative = ', '.join(getUserMultiChoice('Alternative Containment', 'Selection', containmentActions, numCols=2, default=containmentAlternative, allowMultiple=True, other=True))
    event.containmentTimeline = ', '.join(getUserMultiChoice('Containment Timeline', 'Selection', containmentTimeline, numCols=2, default=containmentDefaultTimeline, allowMultiple=False, other=True))
    
    event.eradicationActions = ', '.join(getUserMultiChoice('Mitigation Actions', 'Selection', eradicationActions, numCols=1, default=eradicationDefaultActions, allowMultiple=True, other=True))
    event.eradicationTimeline = ', '.join(getUserMultiChoice('Mitigation Timeline', 'Selection', eradicationTimeline, numCols=2, default=eradicationDefaultTimeline, allowMultiple=False, other=True)) 
        
    
    msg += 'Incident Response Details\n'
    msg += '------------------------------------------------\n'
    msg += 'Response Stage -- %s\n\n' % event.eventStage
    
    msg += 'Containment Timeline -- %s\n' % event.containmentTimeline
    msg += 'Containment Preference -- %s\n\n' % event.containmentPreferred
    msg += 'Containment Alternatives -- %s\n\n' % event.containmentAlternative
    
    msg += 'Mitigation Timeline -- %s\n' % event.eradicationTimeline
    msg += 'Mitigation Action -- %s\n' % event.eradicationActions
    
    emailSections = splitAndStrip(confVars.emailSections)
    
    for emailSection in emailSections:
        sectionAttrs = [attr for attr in event._fifoAttrs.values() if attr.value and attr.verify and attr.emailSection == emailSection]
        if sectionAttrs:
            msg += '\n%s\n' % emailSection
            msg += '------------------------------------------------\n'
            for attr in sectionAttrs:
                msg += '%s -- %s\n' % (attr.formalName, attr.value)

    msg += confVars.footer
     
    ticketFilePath = event._baseFilePath + '.ticket'
    f = open(ticketFilePath, 'w')
    f.write(msg)
    f.close()
    subprocess.call(['nano', ticketFilePath])
    f = open(ticketFilePath, 'r')
    msg = f.read()
    f.close()
    
    printStatusMsg('IR Final Ticket', 22, '>', color=colors.HEADER2)
    
    print('Subject: %s\n' % subject)
    print(msg + '\n')
    
    printStatusMsg('IR Final Ticket', 22, '<', color=colors.HEADER2)
    
    raw_input(colors.BOLDON + "Hit 'Enter' to continue..." + colors.BOLDOFF)
    
    printStatusMsg('Email Final Ticket', 22, '-', color=colors.HEADER2)
    
    f = open(ticketFilePath, 'w')
    f.write(msg)
    f.close()
    
    print('From: %s' % confVars.fromAddr)
    print('To:   %s' % ', '.join(toAddress))
    if cc:
        print('CC:   %s' % ', '.join(cc))
    if bcc:
        print('BCC:   %s' % ', '.join(bcc))
    print('Subject: %s\n' % subject)
    print(msg + '\n')
    
    if getUserIn('Send Email?') in YES:
        if not event._testing:
            mailServer.sendMail(subject, msg, ccAddr=cc, bccAddr=bcc, prior=priority)