Ejemplo n.º 1
0
def setup():
    parser = argparse.ArgumentParser(
        description='Watches for FASGuard/STIX message from the ASG, '+
        'stores it in sqlite DB and sends signal to Suricata reloader')
    parser.add_argument('-d','--debug',required=False,action='store_true',
                        help='run with debug logging')
    parser.add_argument('-p','--properties',type=str,required=False,
                        default='rrd.properties',help='properties file')

    args = parser.parse_args()
    #print "In file: ",args.in_file
    FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
    logging_level  = logging.DEBUG if args.debug else logging.INFO
    logger = logging.getLogger('simple_example')
    logger.setLevel(logging_level)

    ch = logging.StreamHandler()
    ch.setLevel(logging_level)
    formatter = logging.Formatter(
        '%(asctime)s - %(name)s - %(levelname)s - %(message)s')

    ch.setFormatter(formatter)
    print 'logging.DEBUG',logging.DEBUG
    logger.addHandler(ch)

    logger.debug('debug message')

    #sys.exit(-1)
    properties = EnvProperties(args.properties)

    # Retrieve the rule file directory where we'll watch for new files

    incoming_port = properties.getProperty('RuleRcvD.IncomingPort')
    sleep_sec = int(properties.getProperty('RuleRcvD.DBWatchSleepS'))
    named_pipe = properties.getProperty('RuleRcvD.NamedPipe')
    db_file = properties.getProperty('RuleRcvD.DbFile')
    p_fh = open(named_pipe,'w+')


    # Create MsgOnInsert object that will watch for new insertions into the
    # database by django
    moi = MsgOnInsert(os.environ['YETIPATH']+'/'+db_file,p_fh,
                      'taxii_services_inboxmessage',sleep_sec)
    # Start thread
    thread.start_new_thread(moi.moiThread,())

    sys.path.append(os.environ['YETIPATH'])
    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "yeti.settingsRules")

    exec_args = [os.environ['YETIPATH']+'/manage.py','runsslserver',
                 '--addrport','0.0.0.0:'+incoming_port]


    execute_from_command_line(exec_args)
    moi.loopFlag = False
Ejemplo n.º 2
0
def setup():
    parser = argparse.ArgumentParser(
        description="Watches for attack STIX message from anomaly detector, "
        + "stores it in sqlite DB and sends signal to ASG"
    )
    parser.add_argument("-d", "--debug", required=False, action="store_true", help="run with debug logging")
    parser.add_argument(
        "-p", "--properties", type=str, required=False, default="ard.properties", help="properties file"
    )

    args = parser.parse_args()
    # print "In file: ",args.in_file
    FORMAT = "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
    logging_level = logging.DEBUG if args.debug else logging.INFO
    logger = logging.getLogger("simple_example")
    logger.setLevel(logging_level)

    ch = logging.StreamHandler()
    ch.setLevel(logging_level)
    formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s")

    ch.setFormatter(formatter)
    print "logging.DEBUG", logging.DEBUG
    logger.addHandler(ch)

    logger.debug("debug message")

    # sys.exit(-1)
    properties = EnvProperties(args.properties)

    # Retrieve the attack file directory where we'll watch for new files

    incoming_port = properties.getProperty("AttackRcvD.IncomingPort")
    sleep_sec = int(properties.getProperty("AttackRcvD.DBWatchSleepS"))
    named_pipe = properties.getProperty("AttackRcvD.NamedPipe")
    p_fh = open(named_pipe, "w+")

    # Create MsgOnInsert object that will watch for new insertions into the
    # database by django
    moi = MsgOnInsert(os.environ["YETIPATH"] + "/sqlite3.db", p_fh, "taxii_services_inboxmessage", sleep_sec)
    # Start thread
    thread.start_new_thread(moi.moiThread, ())

    sys.path.append(os.environ["YETIPATH"])
    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "yeti.settings")

    exec_args = [os.environ["YETIPATH"] + "/manage.py", "runsslserver", "--addrport", "0.0.0.0:" + incoming_port]

    execute_from_command_line(exec_args)
    moi.loopFlag = False
Ejemplo n.º 3
0
def setup():
    parser = argparse.ArgumentParser(
        description='Watches for attack file from anomaly detector ' +
        'and transmists it via TAXII')
    parser.add_argument('-d',
                        '--debug',
                        required=False,
                        action='store_true',
                        help='run with debug logging')
    parser.add_argument('-p',
                        '--properties',
                        type=str,
                        required=False,
                        default='axd.properties',
                        help='properties file')

    args = parser.parse_args()
    #print "In file: ",args.in_file
    FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
    logging_level = logging.DEBUG if args.debug else logging.INFO
    logger = logging.getLogger('simple_example')
    logger.setLevel(logging_level)

    ch = logging.StreamHandler()
    ch.setLevel(logging_level)
    formatter = logging.Formatter(
        '%(asctime)s - %(name)s - %(levelname)s - %(message)s')

    ch.setFormatter(formatter)
    #logger.setLevel(logging_level)
    #logger.setLevel(logging.DEBUG)
    #ch.setFormatter(formatter)
    print 'logging.DEBUG', logging.DEBUG
    logger.addHandler(ch)

    logger.debug('debug message')

    #sys.exit(-1)
    properties = EnvProperties(args.properties)

    # Retrieve the attack file directory where we'll watch for new files

    atk_file_dir = properties.getProperty('AttackXmitD.AttackFileDir')

    logger.debug('Attack File Dir: %s', atk_file_dir)

    watch_and_xmit = WatchAndXmit(atk_file_dir, properties)
    watch_and_xmit.startLoop()
Ejemplo n.º 4
0
def setup():
    parser = argparse.ArgumentParser(
        description='Receives Snort rules in STIX transmission and injects '+
        'them into a running Snort or Suricata instance')
    parser.add_argument('-d','--debug',required=False,action='store_true',
                        help='run with debug logging')
    parser.add_argument('-p','--properties',type=str,required=False,
                        default='rinject.properties',help='properties file')
    parser.add_argument('-c','--config',type=str,required=False,
                        help='Configuration file of IDS instance to inject rules into')
    config=None
    args = parser.parse_args()
    #print "In file: ",args.in_file
    FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
    logging_level  = logging.DEBUG if args.debug else logging.INFO
    logger = logging.getLogger('simple_example')
    logger.setLevel(logging_level)
    #formatter = logging.Formatter(FORMAT)
    ch = logging.StreamHandler()
    ch.setLevel(logging_level)
    formatter = logging.Formatter(
        '%(asctime)s - %(name)s - %(levelname)s - %(message)s')
    ch.setFormatter(formatter)
    #logger.setLevel(logging_level)
    #logger.setLevel(logging.DEBUG)
    #ch.setFormatter(formatter)
    print 'logging.DEBUG',logging.DEBUG
    logger.addHandler(ch)
    logger.debug('debug message')
    properties = EnvProperties(args.properties)
    # Snort or Suricata?
    ids = IPS.SnortOrSuricata(config)
    if not ids:
        raise Exception('Could not identify an instance of Snort or Suricata to work with')
    # Connect to database
    stx_frm_db = StixFromDb(properties)
    logger.debug('Created StixFromDb')
    stix_xml_filename = properties.getProperty('StixFromDb.StixXmlFilename')
    while stx_frm_db.processStix(): # continuous loop -
        fsr = FASGuardStixRule()
        fh = open(stix_xml_filename,'r')
        xml = fh.read()
        fh.close()
        fsr.parseXML(xml)
        if fsr.ruleList is not None:
            ids.updateRules(fsr.ruleList)
Ejemplo n.º 5
0
def setup():
    parser = argparse.ArgumentParser(
        description='Watches for attack file from anomaly detector '+
        'and transmists it via TAXII')
    parser.add_argument('-d','--debug',required=False,action='store_true',
                        help='run with debug logging')
    parser.add_argument('-p','--properties',type=str,required=False,
                        default='axd.properties',help='properties file')

    args = parser.parse_args()
    #print "In file: ",args.in_file
    FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
    logging_level  = logging.DEBUG if args.debug else logging.INFO
    logger = logging.getLogger('simple_example')
    logger.setLevel(logging_level)

    ch = logging.StreamHandler()
    ch.setLevel(logging_level)
    formatter = logging.Formatter(
        '%(asctime)s - %(name)s - %(levelname)s - %(message)s')

    ch.setFormatter(formatter)
    #logger.setLevel(logging_level)
    #logger.setLevel(logging.DEBUG)
    #ch.setFormatter(formatter)
    print 'logging.DEBUG',logging.DEBUG
    logger.addHandler(ch)

    logger.debug('debug message')

    #sys.exit(-1)
    properties = EnvProperties(args.properties)

    # Retrieve the attack file directory where we'll watch for new files

    atk_file_dir = properties.getProperty('AttackXmitD.AttackFileDir')

    logger.debug('Attack File Dir: %s',atk_file_dir)

    watch_and_xmit = WatchAndXmit(atk_file_dir, properties)
    watch_and_xmit.startLoop()
Ejemplo n.º 6
0
def setup():
    parser = argparse.ArgumentParser(description="Watches for rule file from ASG " + "and transmists it via TAXII")
    parser.add_argument("-d", "--debug", required=False, action="store_true", help="run with debug logging")
    parser.add_argument(
        "-p", "--properties", type=str, required=False, default="rxd.properties", help="properties file"
    )

    args = parser.parse_args()
    # print "In file: ",args.in_file
    FORMAT = "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
    logging_level = logging.DEBUG if args.debug else logging.INFO
    logger = logging.getLogger("simple_example")
    logger.setLevel(logging_level)

    ch = logging.StreamHandler()
    ch.setLevel(logging_level)
    formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s")

    ch.setFormatter(formatter)
    # logger.setLevel(logging_level)
    # logger.setLevel(logging.DEBUG)
    # ch.setFormatter(formatter)
    print "logging.DEBUG", logging.DEBUG
    logger.addHandler(ch)

    logger.debug("debug message")

    # sys.exit(-1)
    properties = EnvProperties(args.properties)

    # Retrieve the rule file directory where we'll watch for new files

    atk_file_dir = properties.getProperty("RuleXmitD.RuleFileDir")

    logger.debug("Rule File Dir: %s", atk_file_dir)

    watch_and_xmit = WatchAndXmit(atk_file_dir, properties)
    watch_and_xmit.startLoop()
Ejemplo n.º 7
0
def setup():
    parser = argparse.ArgumentParser(
        description='Watches for attack STIX message from anomaly detector, ' +
        'stores it in sqlite DB and sends signal to ASG')
    parser.add_argument('-d',
                        '--debug',
                        required=False,
                        action='store_true',
                        help='run with debug logging')
    parser.add_argument('-p',
                        '--properties',
                        type=str,
                        required=False,
                        default='ard.properties',
                        help='properties file')

    args = parser.parse_args()
    #print "In file: ",args.in_file
    FORMAT = '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
    logging_level = logging.DEBUG if args.debug else logging.INFO
    logger = logging.getLogger('simple_example')
    logger.setLevel(logging_level)

    ch = logging.StreamHandler()
    ch.setLevel(logging_level)
    formatter = logging.Formatter(
        '%(asctime)s - %(name)s - %(levelname)s - %(message)s')

    ch.setFormatter(formatter)
    print 'logging.DEBUG', logging.DEBUG
    logger.addHandler(ch)

    logger.debug('debug message')

    #sys.exit(-1)
    properties = EnvProperties(args.properties)

    # Retrieve the attack file directory where we'll watch for new files

    incoming_port = properties.getProperty('AttackRcvD.IncomingPort')
    sleep_sec = int(properties.getProperty('AttackRcvD.DBWatchSleepS'))
    named_pipe = properties.getProperty('AttackRcvD.NamedPipe')
    p_fh = open(named_pipe, 'w+')

    # Create MsgOnInsert object that will watch for new insertions into the
    # database by django
    moi = MsgOnInsert(os.environ['YETIPATH'] + '/sqlite3.db', p_fh,
                      'taxii_services_inboxmessage', sleep_sec)
    # Start thread
    thread.start_new_thread(moi.moiThread, ())

    sys.path.append(os.environ['YETIPATH'])
    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "yeti.settings")

    exec_args = [
        os.environ['YETIPATH'] + '/manage.py', 'runsslserver', '--addrport',
        '0.0.0.0:' + incoming_port
    ]

    execute_from_command_line(exec_args)
    moi.loopFlag = False