def users():
"""
Route for users page
"""
if 'username' not in session:
abort(401)
if session['secret'] == "token":
sigsci = sigsciapi.SigSciApi(email=session['username'],
api_token=session['password'])
else:
sigsci = sigsciapi.SigSciApi(email=session['username'],
password=session['password'])
sigsci.corp = session['corp']
corp_users = sigsci.get_corp_users()
if 'message' in corp_users:
abort(401)
javascript = 'get_corp_users("' + sigsci.corp + '");'
return render_template('users.html',
javascript=javascript,
corp_users=corp_users)
def deploy_power_rules():
"""
Deploy power rules to site
"""
if 'username' not in session:
abort(401)
target_site = request.args.get('target', None)
rulepack = request.args.get('rulepack', None)
if session['secret'] == "token":
sigsci = sigsciapi.SigSciApi(email=session['username'],
api_token=session['password'])
else:
sigsci = sigsciapi.SigSciApi(email=session['username'],
password=session['password'])
sigsci.corp = session['corp']
sigsci.site = target_site
powerrulepack = powerrules.PowerRules()
response = powerrulepack.deploy_rule_pack(sigsci, rulepack, True)
if 'message' in response:
abort(401)
return jsonify(response)
def site():
"""
Route for site page
"""
if 'username' not in session:
abort(401)
name = request.args.get('name', None)
display_name = ''
if session['secret'] == "token":
sigsci = sigsciapi.SigSciApi(email=session['username'],
api_token=session['password'])
else:
sigsci = sigsciapi.SigSciApi(email=session['username'],
password=session['password'])
sigsci.corp = session['corp']
corp_site = sigsci.get_corp_site(name)
if 'message' in corp_site:
abort(401)
display_name = corp_site['displayName']
session['site'] = corp_site['name']
#$(document).ready(function() {{$("#copy_to_these_sites").multiselect();}});
javascript = 'get_request_rules("{}", "{}");'.format(session['corp'], name)
javascript += 'get_sites_dropdown_html("{}");'.format(name)
return render_template('site.html',
javascript=javascript,
display_name=display_name)
def login():
"""
Route for login
"""
email = request.form.get('email', None)
secret = request.form.get('secret', None)
password = request.form.get('password', None)
session['secret'] = secret
if secret == "token":
sigsci = sigsciapi.SigSciApi(email=email, api_token=password)
else:
sigsci = sigsciapi.SigSciApi(email=email, password=password)
if 'token' not in sigsci.bearer_token:
abort(401)
corps = sigsci.get_corps()
if 'message' in corps:
abort(403)
sigsci.corp = corps['data'][0]['name']
user = sigsci.get_corp_user(email)
if 'message' in user:
abort(403)
session['username'] = email
session['password'] = password
session['corp'] = sigsci.corp
session['name'] = user['name']
session['role'] = user['role']
return redirect(url_for('default'))
def site():
"""
Route for site page
"""
if 'username' not in session:
abort(401)
name = request.args.get('name', None)
display_name = ''
sigsci = sigsciapi.SigSciApi(session['username'], session['password'])
sigsci.corp = session['corp']
if 'token' in sigsci.token:
corp_site = sigsci.get_corp_site(name)
else:
abort(401)
display_name = corp_site['displayName']
session['site'] = corp_site['name']
javascript = 'get_request_rules("{}", "{}");'.format(session['corp'], name)
return render_template('site.html',
javascript=javascript,
display_name=display_name)
def login():
"""
Route for login
"""
email = request.form.get('email', None)
password = request.form.get('password', None)
sigsci = sigsciapi.SigSciApi(email, password)
result = "False"
if 'token' in sigsci.token:
result = "True"
sigsci.corp = sigsci.get_corps()['data'][0]['name']
user = sigsci.get_corp_user(email)
if 'message' in user:
abort(403)
else:
session['username'] = email
session['password'] = password
session['corp'] = sigsci.corp
session['name'] = user['name']
session['role'] = user['role']
return redirect(url_for('default'))
return render_template('index.html', result=result)
def get_corp_users():
"""
Return list of corp users from SigSci API.
"""
if 'username' not in session:
abort(401)
if session['secret'] == "token":
sigsci = sigsciapi.SigSciApi(email=session['username'],
api_token=session['password'])
else:
sigsci = sigsciapi.SigSciApi(email=session['username'],
password=session['password'])
sigsci.corp = session['corp']
response = sigsci.get_corp_users()
if 'message' in response:
abort(401)
return jsonify(response)
def get_templated_rules():
"""
Return templated rules from SigSci API.
"""
if 'username' not in session:
abort(401)
if session['secret'] == "token":
sigsci = sigsciapi.SigSciApi(email=session['username'],
api_token=session['password'])
else:
sigsci = sigsciapi.SigSciApi(email=session['username'],
password=session['password'])
sigsci.corp = session['corp']
sigsci.site = request.args.get('name', None)
response = sigsci.get_templated_rules()
if 'message' in response:
abort(401)
return jsonify(response)
def get_memberships():
"""
Return list of user memberships from SigSci API.
"""
if 'username' not in session:
abort(401)
if session['secret'] == "token":
sigsci = sigsciapi.SigSciApi(email=session['username'],
api_token=session['password'])
else:
sigsci = sigsciapi.SigSciApi(email=session['username'],
password=session['password'])
sigsci.corp = session['corp']
email = request.args.get('email', None)
response = sigsci.get_memberships(email)
if 'message' in response:
abort(401)
return jsonify(response)
def get_corp_sites():
"""
Return list of corp sites from SigSci API.
"""
if 'username' not in session:
abort(401)
sigsci = sigsciapi.SigSciApi(session['username'], session['password'])
sigsci.corp = session['corp']
if 'token' in sigsci.token:
response = sigsci.get_corp_sites()
else:
abort(401)
return jsonify(response)
def main():
"""
Example main function
"""
# create sigsci api object
sigsci = sigsciapi.SigSciApi()
if "SIGSCI_CORP" in os.environ:
sigsci.corp = os.environ['SIGSCI_CORP']
else:
print('SIGSCI_CORP required.')
sys.exit()
if "SIGSCI_SITE" in os.environ:
sigsci.site = os.environ['SIGSCI_SITE']
else:
print('SIGSCI_SITE required.')
sys.exit()
if sigsci.auth(EMAIL, PASSWORD):
print(sigsci.bearer_token)
# List corps
print(sigsci.get_corps())
# Get corp by name
print(sigsci.get_corp())
# Update corp by name
data = {"displayName": "My Display Name"}
print(sigsci.update_corp(data))
# List corp users
print(sigsci.get_corp_users())
# List custom alerts
print(sigsci.get_custom_alerts())
# List events
print(sigsci.get_events())
# List requests
sigsci.site = "mysite"
params = {"q": "from:-1d tag:XSS"}
print(sigsci.get_requests(parameters=params))
# Get request feed
sigsci.site = "mysite"
params = {
"from": parse_time_delta("-1d"),
"until": parse_time_delta("-5m"),
"tags": "xss"
}
print(sigsci.get_request_feed(parameters=params))
def get_advanced_rules():
"""
Return advanced rules from SigSci API.
"""
if 'username' not in session:
abort(401)
sigsci = sigsciapi.SigSciApi(session['username'], session['password'])
sigsci.corp = session['corp']
sigsci.site = request.args.get('name', None)
if 'token' in sigsci.token:
response = sigsci.get_advanced_rules()
else:
abort(401)
return jsonify(response)
def init_api(username, password, token, corp, dry_run=False):
api = sigsciapi.SigSciApi(email=username,
password=password,
api_token=token)
api.corp = corp
# Work around missing functionality in pysigsci
setattr(sigsciapi.SigSciApi, 'update_corp_user', update_corp_user)
if dry_run:
# When doing a dry run override the API methods that make changes so
# that they do nothing. Still need the methods that get things to
# work so that changes can be determined.
print('Dry run...')
api.create_corp_site = noop
api.add_rule_lists = noop
api.add_custom_signals = noop
api.add_request_rules = noop
api.add_site_rules = noop
api.add_signal_rules = noop
api.add_templated_rules = noop
api.add_custom_alert = noop
api.update_rule_lists = noop
api.update_custom_alert = noop
api.update_site_member = noop
api.add_integration = noop
api.update_integration = noop
api.add_corp_user = noop
api.delete_corp_user = noop
api.update_corp_user = noop
api.get_requests = noop
api.add_members_to_site = noop
api.delete_site_member = noop
api.copy_advanced_rule = noop
return api
from __future__ import print_function
import os
import sys
import json
from pyad import adgroup, aduser
from pysigsci import sigsciapi
MAP_FILE = "sigsci-ad-map.json"
if __name__ == '__main__':
try:
with open('{}'.format(MAP_FILE)) as f:
mappings = json.load(f)
sigsci = sigsciapi.SigSciApi(email=os.environ["SIGSCI_EMAIL"],
api_token=os.environ["SIGSCI_API_TOKEN"])
print('Syncing {} to {}'.format(mappings['ADDomain'],
mappings['SigSciCorp']))
sigsci.corp = mappings['SigSciCorp']
for group_map in mappings["GroupMappings"]:
print('----> Syncing users in AD group {}'.format(
group_map['ADGroup']))
sites = []
group_users = []
dc_parts = mappings['ADDomain'].split(".")
DC = ',DC='.join(dc_parts)
def copy_configuration():
"""
Route for copying configuration
"""
if 'username' not in session:
abort(401)
config_type = request.args.get('type', None)
target_site = request.args.get('target', None)
config_data = None
sigsci = sigsciapi.SigSciApi(session['username'], session['password'])
sigsci.corp = session['corp']
sigsci.site = session['site']
if 'token' in sigsci.token:
result = '{ "status": "success" }'
identifier = request.form.get('identifier', None)
if config_type == 'request_rules':
config_data = sigsci.get_request_rules()
elif config_type == 'signal_rules':
config_data = sigsci.get_signal_rules()
elif config_type == 'templated_rules':
config_data = sigsci.get_templated_rules()
elif config_type == 'advanced_rules':
config_data = sigsci.get_advanced_rules()
elif config_type == 'rule_lists':
config_data = sigsci.get_rule_lists()
elif config_type == 'custom_signals':
config_data = sigsci.get_custom_signals()
elif config_type == 'custom_alerts':
config_data = sigsci.get_custom_alerts()
elif config_type == 'redactions':
config_data = sigsci.get_redactions()
elif config_type == 'header_links':
config_data = sigsci.get_header_links()
elif config_type == 'integrations':
config_data = sigsci.get_integrations()
if 'data' in config_data:
if config_type != 'templated_rules':
for config in config_data['data']:
if 'id' not in config:
# a bit of a hack for objects that don't have an id
config['id'] = config['tagName']
if identifier == config['id']:
# this is the config we want, break out of loop
# disable config before copying
config['enabled'] = False
if 'id' in config:
del config['id']
if 'updated' in config:
del config['updated']
if 'created' in config:
del config['created']
if 'createdBy' in config:
del config['createdBy']
break
else:
# handle structure for templated rules
# prep and build payload
payload = {
'alertAdds': [],
'alertDeletes': [],
'alertUpdates': [],
'detectionAdds': [],
'detectionDeletes': [],
'detectionUpdates': []
}
# let's gather up the detections
for config in config_data['data']:
for detection in config['detections']:
if identifier == config['name']:
# this is the signal we want
# disable rule before copying
detection_add = {
'name': detection['name'],
'enabled': False,
'fields': detection['fields']
}
payload['detectionAdds'].append(detection_add)
for config in config_data['data']:
for alert in config['alerts']:
if identifier == alert['tagName']:
# this is the signal we want
# disable rule before copying
alert_add = {
'action': alert['action'],
'enabled': False,
'interval': alert['interval'],
'skipNotifications':
alert['skipNotifications'],
'longName': alert['longName'],
'threshold': alert['threshold']
}
payload['alertAdds'].append(alert_add)
else:
config = config_data
# copy config to target site
sigsci.site = target_site
if config_type == 'request_rules':
response = sigsci.add_request_rules(config)
elif config_type == 'signal_rules':
response = sigsci.add_signal_rules(config)
elif config_type == 'templated_rules':
response = sigsci.add_templated_rules(identifier, payload)
elif config_type == 'advanced_rules':
response = sigsci.add_advanced_rules(config)
elif config_type == 'rule_lists':
response = sigsci.add_rule_lists(config)
elif config_type == 'custom_signals':
response = sigsci.add_custom_signals(config)
elif config_type == 'custom_alerts':
response = sigsci.add_custom_alert(config)
elif config_type == 'redactions':
response = sigsci.add_redactions(config)
elif config_type == 'header_links':
response = sigsci.add_header_links(config)
elif config_type == 'integrations':
response = sigsci.add_integration(config)
if 'message' in response:
result = '{{"status": "failed", "message": {}}}'.format(
response['message'])
else:
abort(401)
return result
