Example #1
0
    def run_wireshark_with_dissectors(self, dissector_path=[], path_for_latest_pcap=None):
        logging.debug('run_wireshark_with_dissectors(): Instantiated')

        self.path_for_latest_pcap = path_for_latest_pcap
        filelist = list()

        if path_for_latest_pcap == None:
            #read from config file
            self.path_for_latest_pcap = ConfigurationManager.get_instance().read_config_abspath("COMMENT_MANAGER", "PATH_FOR_LATEST_PCAP")
        self.dissector_path = dissector_path
        if dissector_path == []:
            #read from config file
            self.dissector_path = ConfigurationManager.get_instance().read_config_abspath("COMMENT_MANAGER", "DISSECTOR_PATH")
        if os.path.exists(self.dissector_path):
            #get dissector filenames in path
            try:
                logging.debug("run_wireshark_with_dissectors(): reading dissector filenames")
                print("Iterating: " + str(self.dissector_path))
                for r, d, f in os.walk(self.dissector_path):
                    for file in f:
                        if '.lua' in file:
                            filelist.append(os.path.join(r, file))

            except Exception:
                exc_type, exc_value, exc_traceback = sys.exc_info()
                logging.error("read_json_data(): An error occured ")
                traceback.print_exception(exc_type, exc_value, exc_traceback)
                exit()	   

        if len(filelist) == 0:
            self.wireshark_thread = WiresharkRunner(pcap_filename=self.path_for_latest_pcap)
        else:
            self.wireshark_thread = WiresharkRunner(lua_scripts=filelist, pcap_filename=self.path_for_latest_pcap)
        self.wireshark_thread.start()
        logging.debug('run_wireshark_with_dissectors(): Completed')
Example #2
0
def main():
	configurationManager = ConfigurationManager('broadcast.config')
	configurationData = configurationManager.GetConfigurationData()
	
	broadcastManager = BroadcastManager(configurationData)
	broadcastManager.StartBroadcastAsync()
	
	while(True):
		time.sleep(60*5)
def main():
    configurationManager = ConfigurationManager('broadcast.config')
    configurationData = configurationManager.GetConfigurationData()

    continuousBroadcast = False
    broadcastManager = BroadcastManager(configurationData, continuousBroadcast)
    broadcastManager.StartBroadcastAsync()

    while (continuousBroadcast):
        time.sleep(60 * 5)
Example #4
0
 def extract_json(self, commented_pcap_filename = None):
     logging.debug('extract_json(): Instantiated')
     self.commented_pcap_filename = commented_pcap_filename
     if commented_pcap_filename == None:
         self.commented_pcap_filename = ConfigurationManager.get_instance().read_config_abspath("COMMENT_MANAGER", "PATH_FOR_LATEST_PCAP")
     self.jsondata = self.ce.comment_to_json(self.commented_pcap_filename)
     logging.debug('extract_json(): Completed')
Example #5
0
    def on_alert_button_clicked(self):
        logging.debug('on_analyze_out_start_button_clicked(): Instantiated')
        
        self.batch_thread = BatchThread()
        self.batch_thread.progress_signal.connect(self.update_progress_bar)
        self.batch_thread.completion_signal.connect(self.analyze_button_batch_completed)
        alertOutPath = os.path.join(self.sessionAlertsDir)
        try:
            if os.path.exists(alertOutPath):
                shutil.rmtree(self.sessionAlertsDir, ignore_errors=True)
            os.makedirs(alertOutPath)
        except Exception as e:
                exc_type, exc_value, exc_traceback = sys.exc_info()
                logging.error("comment_to_json(): An error occured ")
                traceback.print_exception(exc_type, exc_value, exc_traceback)

        suricata_config_filename = ConfigurationManager.get_instance().read_config_abspath("VALIDATOR", "SURICATA_CONFIG_FILENAME")
        self.batch_thread.add_function( self.val.run_suricata_with_rules, None, suricata_config_filename, alertOutPath, self.rules_filename, self.pcapLineEdit2.text())
        logging.debug("SUSPECT PCAP: " + self.pcapLineEdit2.text())

        self.progress_dialog_overall = ProgressBarDialog(self, self.batch_thread.get_load_count())
        self.batch_thread.start()
        self.progress_dialog_overall.show()

        logging.debug('on_analyze_out_start_button_clicked(): Complete')
Example #6
0
    def export_data(self, export_data_path=None):
        logging.debug("export_data(): requesting to export data to " +
                      str(export_data_path))

        self.export_data_path = export_data_path
        if export_data_path == None:
            #read from config file
            self.export_data_path = ConfigurationManager.get_instance(
            ).read_config_abspath("LOG_MANAGER", "EXPORT_DATA_PATH_TEMP")

        anyParsersRunning = self.ecel_manager.is_parser_running()
        logging.debug("Checking if parsers running: " + str(anyParsersRunning))
        while anyParsersRunning == True:
            logging.debug("Waiting a few seconds...")
            time.sleep(5)
            anyParsersRunning = self.ecel_manager.is_parser_running()
        logging.debug("No more parsers running. Continuing...")

        try:
            if os.path.exists(self.export_data_path) == False:
                os.makedirs(self.export_data_path)
        except:
            logging.error(
                "export_data(): An error occured when trying to use path for export: "
                + str(self.export_data_path))
            exc_type, exc_value, exc_traceback = sys.exc_info()
            traceback.print_exception(exc_type, exc_value, exc_traceback)
        self.ecel_manager.export_data(self.export_data_path)
        logging.debug(
            "export_data(): Completed requesting to export data to path: " +
            str(self.export_data_path))
Example #7
0
 def write_comment_json_to_file(self, comment_json_output_filename = None):
     logging.debug('write_comment_json_to_file(): Instantiated')
     self.comment_json_output_filename = comment_json_output_filename
     if self.comment_json_output_filename == None:
         #read from config file
         self.comment_json_output_filename = ConfigurationManager.get_instance().read_config_abspath("COMMENT_MANAGER", "COMMENTS_JSON_FILENAME")
     self.ce.write_json_to_file(self.comment_json_output_filename, self.jsondata)
     logging.debug('write_comment_json_to_file(): Completed')
Example #8
0
 def write_score_file(self, oscore_file=None):
     logging.debug('write_score_file(): Instantiated')
     self.oscore_file = oscore_file
     if self.oscore_file == None:
         self.oscore_file = ConfigurationManager.get_instance(
         ).read_config_abspath("VALIDATOR", "SCORE_REPORT_FILENAME")
     self.scorer.write_results_to_file(self.oscore_file, self.score_data)
     logging.debug('write_score_file(): Completed')
Example #9
0
 def __init__(self, folder_location=None):
     logging.debug('FileExplorerRunner(): Instantiated')
     QThread.__init__(self)
     self.cmd = ConfigurationManager.get_instance().read_config_abspath(
         "SYSTEM", "FILE_EXPLORER_FILENAME")
     if folder_location != None and os.path.exists(folder_location):
         self.cmd += " " + os.path.abspath(folder_location)
     logging.debug('FileExplorerRunner(): Complete')
Example #10
0
 def extract_rules(self, commented_json_filename=None):
     logging.debug('extract_json(): Instantiated')
     self.commented_json_filename = commented_json_filename
     if self.commented_json_filename == None:
         #read from config file
         self.commented_json_filename = ConfigurationManager.get_instance(
         ).read_config_abspath("VALIDATOR", "COMMENTS_JSON_FILENAME")
     self.rule_list = self.se.json_to_rules(self.commented_json_filename)
     logging.debug('extract_json(): Completed')
Example #11
0
 def __init__(self, path_for_latest_pcap = None):
     logging.debug('CommentManager(): Instantiated')
     self.path_for_latest_pcap = path_for_latest_pcap
     if path_for_latest_pcap == None:
         #read from config file
         self.commented_pcap_filename = ConfigurationManager.get_instance().read_config_abspath("COMMENT_MANAGER", "PATH_FOR_LATEST_PCAP")
     
     self.ce = CommentExtractor()
     logging.debug('CommentManager(): Complete')
Example #12
0
 def generate_score_report(self,
                           suricata_soln_alerts_json=None,
                           suricata_alert_path=None):
     logging.debug('generate_score_report(): Instantiated')
     self.suricata_soln_alerts_json = suricata_soln_alerts_json
     if self.suricata_soln_alerts_json == None:
         #read from config file
         self.suricata_soln_alerts_json = ConfigurationManager.get_instance(
         ).read_config_abspath("VALIDATOR", "SOLN_FILENAME")
     self.suricata_alert_path = suricata_alert_path
     if self.suricata_alert_path == None:
         #read from config file
         self.suricata_alert_path = ConfigurationManager.get_instance(
         ).read_config_abspath("VALIDATOR", "SURICATA_ALERT_PATH")
     #generate the scoring bin data structure based on the input JSON data
     self.scorer.extract_solutions_from_json(self.suricata_soln_alerts_json)
     #generate the report:
     self.scorer.score_alerts(
         os.path.join(self.suricata_alert_path, Validator.ALERT_FILENAME))
     self.score_data = self.scorer.generate_results_report()
     logging.debug('generate_score_report(): Completed')
Example #13
0
    def __init__(self, commented_json_filename=None):
        logging.debug('CommentManager(): Instantiated')
        #will likely use the GUI Threading here for this; from the GUI, however
        self.se = SuricataRuleExtractor()
        self.scorer = Scorer()
        self.commented_json_filename = commented_json_filename
        if self.commented_json_filename == None:
            #read from config file
            self.commented_json_filename = ConfigurationManager.get_instance(
            ).read_config_abspath("VALIDATOR", "COMMENTS_JSON_FILENAME")

        logging.debug('CommentManager(): Complete')
Example #14
0
    def __init__(self, lua_scripts=None, pcap_filename=None):
        logging.debug('WiresharkRunner(): Instantiated')
        QThread.__init__(self)
        try:

            self.cmd = ConfigurationManager.get_instance().read_config_abspath(
                "COMMENT_MANAGER", "WIRESHARK_FILENAME")
            if pcap_filename != None:
                self.cmd += " -r " + pcap_filename
            if lua_scripts != None and len(lua_scripts) > 0:
                for lua_script in lua_scripts:
                    self.cmd += " -Xlua_script:" + lua_script
            logging.debug('WiresharkRunner(): Complete')
        except Exception as e:
            exc_type, exc_value, exc_traceback = sys.exc_info()
            logging.error(
                'WiresharkRunner(): Error during Wireshark execution')
            traceback.print_exception(exc_type, exc_value, exc_traceback)
Example #15
0
    def write_rules_to_file(self, rules_output_filename=None):
        logging.debug('write_rules_to_file(): Instantiated')
        self.rules_output_filename = rules_output_filename
        if rules_output_filename == None:
            #read from config file
            self.rules_output_filename = ConfigurationManager.get_instance(
            ).read_config_abspath("VALIDATOR", "SURICATA_RULES_FILENAME")
        try:
            #make sure path exists, if not, create it
            dirname = os.path.dirname(self.rules_output_filename)
            if os.path.exists(dirname) == False:
                os.makedirs(dirname)
        except Exception as e:
            exc_type, exc_value, exc_traceback = sys.exc_info()
            logging.error("write_rules_to_file(): An error occured")
            traceback.print_exception(exc_type, exc_value, exc_traceback)
            exit()

        self.se.write_rules_to_file(self.rules_output_filename, self.rule_list)
        logging.debug('write_rules_to_file(): Completed')
Example #16
0
    def __init__(self, projectName):
        QtWidgets.QWidget.__init__(self, parent=None)

        self.logger_started_once = False

        self.projectPath = ""
        self.projectName = projectName
        self.cancel_pressed = False
        self.saved_pressed = False
        self.cm = ConfigurationManager.get_instance()
        self.project_sessions_folder = self.cm.read_config_value(
            "PROJECTS", "PROJECTS_BASE_PATH")
        self.project_sessions_folder = os.path.join(
            self.project_sessions_folder, self.projectName)

        quit = QAction("Quit", self)
        quit.triggered.connect(self.closeEvent)

        #Title of window
        self.outerVertBoxPro = QtWidgets.QVBoxLayout()
        self.outerVertBoxPro.setObjectName("outerVertBox")
        self.setWindowTitle("Create Session")
        self.setObjectName("New Project Session")

        #Label - New Session Title
        self.labelVerBoxPro = QtWidgets.QVBoxLayout()
        self.labelVerBoxPro.setObjectName("labeVerBoxPro")
        self.newSessionLabel = QLabel("Create Session")
        labelFont = QtGui.QFont()
        labelFont.setBold(True)
        self.newSessionLabel.setFont(labelFont)
        self.newSessionLabel.setAlignment(Qt.AlignCenter)

        self.sessionNameHorBoxPro = QtWidgets.QHBoxLayout()
        self.sessionNameHorBoxPro.setObjectName("sessionNameHorBoxPro")
        self.sessionNameLabel = QtWidgets.QLabel()
        self.sessionNameLabel.setObjectName("sessionNameLabel")
        self.sessionNameLabel.setText("Session Name:")
        self.sessionNameHorBoxPro.addWidget(self.sessionNameLabel)
        self.newsessionname = QLineEdit()
        self.newsessionname.textChanged.connect(self.on_newsessionname_changed)
        self.newsessionname.setFixedHeight(27)
        self.sessionNameHorBoxPro.addWidget(self.newsessionname)

        self.templateNameHorBoxPro = QtWidgets.QHBoxLayout()
        self.templateNameHorBoxPro.setObjectName("templateNameHorBoxPro")
        self.templateNameLabel = QtWidgets.QLabel()
        self.templateNameLabel.setObjectName("templateNameLabel")
        self.templateNameLabel.setText("From Session:")
        self.templateNameHorBoxPro.addWidget(self.templateNameLabel)
        self.templateNameComboBox = QComboBox()
        self.templateNameComboBox.addItem("None")
        self.templateNameComboBox.setEnabled(False)
        self.templateNameComboBox.setFixedHeight(27)
        self.templateNameHorBoxPro.addWidget(self.templateNameComboBox)

        #Create buttons for OK/Cancel
        self.okButton = QPushButton("OK")
        self.okButton.setEnabled(False)
        self.okButton.clicked.connect(self.on_ok_button_clicked)
        self.cancelButton = QPushButton("Cancel")
        self.cancelButton.clicked.connect(self.on_cancel_button_clicked)

        #Set the button layouts
        self.bottomButtons_layout = QtWidgets.QHBoxLayout()

        #Put all the components together
        self.labelVerBoxPro.addWidget(self.newSessionLabel)
        self.bottomButtons_layout.addWidget(self.okButton)
        self.bottomButtons_layout.addWidget(self.cancelButton,
                                            alignment=QtCore.Qt.AlignRight)

        self.outerVertBoxPro.addLayout(self.labelVerBoxPro)
        self.outerVertBoxPro.addLayout(self.sessionNameHorBoxPro)
        self.outerVertBoxPro.addLayout(self.templateNameHorBoxPro)
        self.outerVertBoxPro.addLayout(self.bottomButtons_layout)

        self.outerVertBoxPro.addStretch()

        self.setLayout(self.outerVertBoxPro)
Example #17
0
    def copy_latest_data(self,
                         export_data_path_temp=None,
                         export_data_path_latest=None,
                         path_for_latest_pcap=None,
                         out_click_path=None,
                         out_timed_path=None):
        logging.debug('copy_latest_data(): Instantiated')
        #get the directory with all of the exported data:
        self.export_data_path_temp = export_data_path_temp
        if self.export_data_path_temp == None:
            #read from config file
            self.export_data_path_temp = ConfigurationManager.get_instance(
            ).read_config_abspath("LOG_MANAGER", "EXPORT_DATA_PATH_TEMP")

        #this is where the latest exported data will be placed
        self.export_data_path_latest = export_data_path_latest
        if self.export_data_path_latest == None:
            #read from config file
            self.export_data_path_latest = ConfigurationManager.get_instance(
            ).read_config_abspath("LOG_MANAGER", "EXPORT_DATA_PATH_LATEST")

        self.path_for_latest_pcap = path_for_latest_pcap
        if self.path_for_latest_pcap == None:
            #read from config file
            self.path_for_latest_pcap = ConfigurationManager.get_instance(
            ).read_config_abspath("LOG_MANAGER", "PATH_FOR_LATEST_PCAP")

        self.out_click_path = out_click_path
        if self.out_click_path == None:
            #read from config file
            self.out_click_path = ConfigurationManager.get_instance(
            ).read_config_abspath("LOG_MANAGER", "OUT_CLICK_PATH")

        self.out_timed_path = out_timed_path
        if self.out_timed_path == None:
            #read from config file
            self.out_timed_path = ConfigurationManager.get_instance(
            ).read_config_abspath("LOG_MANAGER", "OUT_TIMED_PATH")

        latestlogdirs = self.get_sorted_in_dirs(self.export_data_path_temp,
                                                dircontains="export")
        latestlogdir = ""
        if len(latestlogdirs) > 0:
            #get the latest directory based on its timestamp
            latestlogdir = latestlogdirs[-1]
        else:
            logging.error("No export log file directory found in path: " +
                          self.export_data_path_temp)
            return
        try:
            if os.path.exists(self.export_data_path_latest) == False:
                os.makedirs(self.export_data_path_latest)
            pcapbase = os.path.dirname(self.path_for_latest_pcap)
            if os.path.exists(pcapbase) == False:
                os.makedirs(pcapbase)
        except:
            logging.error(
                "copy_latest_data(): An error occured when trying create directory"
            )
            exc_type, exc_value, exc_traceback = sys.exc_info()
            traceback.print_exception(exc_type, exc_value, exc_traceback)
        try:
            #cp all JSON files to out dir
            auditdFile = os.path.join(latestlogdir, "parsed", "auditd",
                                      "auditdData.JSON")
            keystrokesFile = os.path.join(latestlogdir, "parsed",
                                          "pykeylogger", "keypressData.JSON")
            clicksFile = os.path.join(latestlogdir, "parsed", "pykeylogger",
                                      "click.JSON")
            timedFile = os.path.join(latestlogdir, "parsed", "pykeylogger",
                                     "timed.JSON")
            if os.path.exists(auditdFile):
                shutil.copy(
                    auditdFile,
                    os.path.join(self.export_data_path_latest,
                                 "SystemCalls.JSON"))
            if os.path.exists(keystrokesFile):
                shutil.copy(
                    keystrokesFile,
                    os.path.join(self.export_data_path_latest,
                                 "Keypresses.JSON"))
            if os.path.exists(keystrokesFile):
                shutil.copy(
                    clicksFile,
                    os.path.join(self.export_data_path_latest,
                                 "MouseClicks.JSON"))
            if os.path.exists(keystrokesFile):
                shutil.copy(
                    timedFile,
                    os.path.join(self.export_data_path_latest,
                                 "TimedScreenshots.JSON"))
            #cp merged pcap to dir
            pcapFile = os.path.join(latestlogdir, "raw", "tshark",
                                    "merged.pcapng")
            if os.path.exists(pcapFile):
                shutil.copy(pcapFile, self.path_for_latest_pcap)
            clicksPath = os.path.join(latestlogdir, "raw", "pykeylogger",
                                      "click_images")
            if os.path.exists(clicksPath):
                shutil.copytree(clicksPath, self.out_click_path)
            timedPath = os.path.join(latestlogdir, "raw", "pykeylogger",
                                     "timed_screenshots")
            if os.path.exists(timedPath):
                shutil.copytree(timedPath, self.out_timed_path)

        except:
            logging.error(
                "copy_latest_data(): An error occured when trying to copy log files"
            )
            exc_type, exc_value, exc_traceback = sys.exc_info()
            traceback.print_exception(exc_type, exc_value, exc_traceback)
Example #18
0
    def __init__(self, existingProjects):
        QtWidgets.QWidget.__init__(self, parent=None)

        self.logger_started_once = False

        self.existingconfignames = existingProjects
        self.projectPath = ""
        self.projectName = ""
        self.cancel_pressed = False
        self.saved_pressed = False
        self.cm = ConfigurationManager.get_instance()
        self.project_data_folder = self.cm.read_config_value(
            "PROJECTS", "PROJECTS_BASE_PATH")

        quit = QAction("Quit", self)
        quit.triggered.connect(self.closeEvent)

        #Title of window
        self.outerVertBoxPro = QtWidgets.QVBoxLayout()
        self.outerVertBoxPro.setObjectName("outerVertBox")
        self.setWindowTitle("Project from PCAP")
        self.setObjectName("NewFromPCAP")

        #Label - New Project Title
        self.labelVerBoxPro = QtWidgets.QVBoxLayout()
        self.labelVerBoxPro.setObjectName("labeVerBoxPro")
        self.newProjectLabel = QLabel("Create Project from PCAP")
        labelFont = QtGui.QFont()
        labelFont.setBold(True)
        self.newProjectLabel.setFont(labelFont)
        self.newProjectLabel.setAlignment(Qt.AlignCenter)

        self.projectNameHorBoxPro = QtWidgets.QHBoxLayout()
        self.projectNameHorBoxPro.setObjectName("projectNameHorBoxPro")
        self.projectNameLabel = QtWidgets.QLabel()
        self.projectNameLabel.setObjectName("projectNameLabel")
        self.projectNameLabel.setText("Project Name:")
        self.projectNameHorBoxPro.addWidget(self.projectNameLabel)
        self.configname = QLineEdit()
        self.configname.textChanged.connect(self.on_configname_changed)
        self.configname.setFixedHeight(27)
        self.projectNameHorBoxPro.addWidget(self.configname)

        self.pcapNameHorBoxPro = QtWidgets.QHBoxLayout()
        self.pcapNameHorBoxPro.setObjectName("pcapNameHorBoxPro")
        self.pcapNameLabel = QtWidgets.QLabel()
        self.pcapNameLabel.setObjectName("pcapNameLabel")
        self.pcapNameLabel.setText("Path to PCAP:")
        self.pcapNameHorBoxPro.addWidget(self.pcapNameLabel)
        self.pcapNameLineEdit = QLineEdit()
        self.pcapNameLineEdit.setEnabled(False)
        self.pcapNameLineEdit.setFixedHeight(27)
        self.pcapNameHorBoxPro.addWidget(self.pcapNameLineEdit)
        self.selectPCAPButton = QPushButton("...")
        self.selectPCAPButton.clicked.connect(
            self.on_select_PCAP_button_clicked)
        self.pcapNameHorBoxPro.addWidget(self.selectPCAPButton)

        #Create buttons for OK/Cancel
        self.okButton = QPushButton("OK")
        self.okButton.setEnabled(False)
        self.okButton.clicked.connect(self.on_ok_button_clicked)
        self.cancelButton = QPushButton("Cancel")
        self.cancelButton.clicked.connect(self.on_cancel_button_clicked)

        #Set the button layouts
        self.bottomButtons_layout = QtWidgets.QHBoxLayout()

        #Put all the components together
        self.labelVerBoxPro.addWidget(self.newProjectLabel)
        self.bottomButtons_layout.addWidget(self.okButton)
        self.bottomButtons_layout.addWidget(self.cancelButton,
                                            alignment=QtCore.Qt.AlignRight)

        self.outerVertBoxPro.addLayout(self.labelVerBoxPro)
        self.outerVertBoxPro.addLayout(self.projectNameHorBoxPro)
        self.outerVertBoxPro.addLayout(self.pcapNameHorBoxPro)
        self.outerVertBoxPro.addLayout(self.bottomButtons_layout)

        self.outerVertBoxPro.addStretch()

        self.setLayout(self.outerVertBoxPro)
Example #19
0
    def run_suricata_with_rules(self,
                                suricata_executable_filename=None,
                                suricata_config_filename=None,
                                suricata_alert_path=None,
                                suricata_rules_filename=None,
                                validate_pcap_filename=None):
        logging.debug('run_suricata_with_rules(): Instantiated')
        ##Read configuration from the setup file##
        self.suricata_executable_filename = suricata_executable_filename
        if self.suricata_executable_filename == None:
            #read from config file
            self.suricata_executable_filename = ConfigurationManager.get_instance(
            ).read_config_abspath("VALIDATOR", "SURICATA_EXECUTABLE_FILENAME")

        self.suricata_config_filename = suricata_config_filename
        if self.suricata_config_filename == None:
            #read from config file
            self.suricata_config_filename = ConfigurationManager.get_instance(
            ).read_config_abspath("VALIDATOR", "SURICATA_CONFIG_FILENAME")

        self.suricata_alert_path = suricata_alert_path
        if self.suricata_alert_path == None:
            #read from config file
            self.suricata_alert_path = ConfigurationManager.get_instance(
            ).read_config_abspath("VALIDATOR", "SURICATA_ALERT_PATH")
        """ try:
            #if path exists, remove it and then recreate it
            if os.path.exists(self.suricata_alert_path) == True:
                shutil.rmtree(self.suricata_alert_path, ignore_errors=True)
            os.makedirs(self.suricata_alert_path)
        except Exception as e:
            exc_type, exc_value, exc_traceback = sys.exc_info()
            logging.error("write_rules_to_file(): An error occured")
            traceback.print_exception(exc_type, exc_value, exc_traceback)
            exit() """

        self.suricata_rules_filename = suricata_rules_filename
        if self.suricata_rules_filename == None:
            #read from config file
            self.suricata_rules_filename = ConfigurationManager.get_instance(
            ).read_config_abspath("VALIDATOR", "SURICATA_RULES_FILENAME")

        self.validate_pcap_filename = validate_pcap_filename
        if self.validate_pcap_filename == None:
            #read from config file
            self.validate_pcap_filename = ConfigurationManager.get_instance(
            ).read_config_abspath("VALIDATOR", "PCAP_FOR_VALIDATION_FILENAME")

        #Sample command: suricata -c /etc/suricata/suricata.yaml -l . -r $1 -k none
        logging.debug('run_suricata_with_rules(): Instantiated')
        self.cmd = self.suricata_executable_filename
        self.cmd += " -c " + self.suricata_config_filename
        self.cmd += " -l " + self.suricata_alert_path
        self.cmd += " -r " + self.validate_pcap_filename
        self.cmd += " -s " + self.suricata_rules_filename
        self.cmd += " -k none"
        try:
            if sys.platform == "linux" or sys.platform == "linux2":
                logging.debug('run_suricata_with_rules(): Running Command: ' +
                              str(self.cmd))
                output = subprocess.check_output(shlex.split(self.cmd))
            else:
                logging.debug('run_suricata_with_rules(): Running Command: ' +
                              str(self.cmd))
                output = subprocess.check_output(self.cmd)
            logging.debug('run_suricata_with_rules(): Complete')
        except Exception as e:
            exc_type, exc_value, exc_traceback = sys.exc_info()
            logging.error(
                'run_suricata_with_rules(): Error during suricata execution')
            traceback.print_exception(exc_type, exc_value, exc_traceback)
Example #20
0
    def generate_dissectors(self,
                            export_data_path_latest=None,
                            dissector_path=None,
                            dissector_code_template_filename=None):
        logging.debug('generate_dissectors(): Instantiated')
        dg = DissectorGenerator()
        #clear out the previous list of generated dissectors
        self.generated_dissector_filenames = []

        #this is where the latest exported data will be read
        self.export_data_path_latest = export_data_path_latest
        if self.export_data_path_latest == None:
            #read from config file
            self.export_data_path_latest = ConfigurationManager.get_instance(
            ).read_config_abspath("LOG_MANAGER", "EXPORT_DATA_PATH_LATEST")

        #this is where the dissectors will be placed
        self.dissector_path = dissector_path
        if self.dissector_path == None:
            #read from config file
            self.dissector_path = ConfigurationManager.get_instance(
            ).read_config_abspath("LOG_MANAGER", "DISSECTOR_PATH")

        #this is where the dissectors will be placed
        self.dissector_code_template_filename = dissector_code_template_filename
        if self.dissector_code_template_filename == None:
            #read from config file
            self.dissector_code_template_filename = ConfigurationManager.get_instance(
            ).read_config_abspath("LOG_MANAGER",
                                  "DISSECTOR_CODE_TEMPLATE_FILENAME")

        #get files in directory
        self.filelist = dg.get_json_files(self.export_data_path_latest)

        file_events = {}

        try:
            #remove directory if it exists and then create it
            if os.path.exists(self.dissector_path) == False:
                os.makedirs(self.dissector_path)
        except:
            logging.error(
                "generate_dissectors(): An error occured when trying to copy log files"
            )
            exc_type, exc_value, exc_traceback = sys.exc_info()
            traceback.print_exception(exc_type, exc_value, exc_traceback)

        for filename in self.filelist:
            #save the filename as a key, all the events (event, time) as the value
            file_events = dg.read_json_data(filename)
            base = os.path.basename(filename)
            basenoext = os.path.splitext(base)[0]
            dissector_filename = dg.events_to_dissector(
                file_events,
                dissector_name=basenoext,
                ofilename=os.path.join(self.dissector_path, basenoext),
                template_filename=self.dissector_code_template_filename,
                start_threshold=0.0,
                end_threshold=2.0)
            self.generated_dissector_filenames.append(dissector_filename)
        logging.debug('generate_dissectors(): Completed')
    def __init__(self, logman, existingProjects):
        QtWidgets.QWidget.__init__(self, parent=None)

        self.logger_started_once = False

        self.existingconfignames = existingProjects
        self.projectPath = ""
        self.projectName = ""
        self.cancel_pressed = False
        self.saved_pressed = False
        self.cm = ConfigurationManager.get_instance()
        self.project_data_folder = self.cm.read_config_value(
            "PROJECTS", "PROJECTS_BASE_PATH")

        quit = QAction("Quit", self)
        quit.triggered.connect(self.closeEvent)

        #Title of window
        self.outerVertBoxPro = QtWidgets.QVBoxLayout()
        self.outerVertBoxPro.setObjectName("outerVertBox")
        self.setWindowTitle("Collect Data")
        self.setObjectName("NewFromCollectDataDialog")

        #Label - New Project Title
        self.labelVerBoxPro = QtWidgets.QVBoxLayout()
        self.labelVerBoxPro.setObjectName("labeVerBoxPro")
        self.newProjectLabel = QLabel("Collect Data for New Project")
        labelFont = QtGui.QFont()
        labelFont.setBold(True)
        self.newProjectLabel.setFont(labelFont)
        self.newProjectLabel.setAlignment(Qt.AlignCenter)

        self.nameVerBoxPro = QtWidgets.QHBoxLayout()
        self.nameVerBoxPro.setObjectName("nameVerBoxPro")
        self.nameLabel = QtWidgets.QLabel()
        self.nameLabel.setObjectName("nameLabel")
        self.nameLabel.setText("Project Name:")
        self.nameVerBoxPro.addWidget(self.nameLabel)
        self.configname = QLineEdit()
        self.configname.returnPressed.connect(self.on_log_start_button_clicked)
        ###### Fixed Height for project name text box
        self.configname.setFixedHeight(27)

        #Create buttons for creating new file
        self.logOutStartButton = QPushButton("Start Logging")
        self.logOutStopButton = QPushButton("Stop Logging")
        self.logOutSaveButton = QPushButton("Save")
        self.logOutCancelButton = QPushButton("Cancel")

        #Add on click event
        self.logOutStartButton.clicked.connect(
            self.on_log_start_button_clicked)
        self.logOutStartButton.setEnabled(True)
        self.logOutStopButton.clicked.connect(self.on_log_stop_button_clicked)
        self.logOutStopButton.setEnabled(False)
        self.logOutSaveButton.clicked.connect(self.on_log_save_button_clicked)
        self.logOutSaveButton.setEnabled(False)
        self.logOutCancelButton.clicked.connect(self.on_cancel_button_clicked)

        #Set the button layouts
        self.bottomButtons_layout = QtWidgets.QHBoxLayout()

        #Put all the components together
        self.labelVerBoxPro.addWidget(self.newProjectLabel)
        self.nameVerBoxPro.addWidget(self.configname)
        self.bottomButtons_layout.addWidget(self.logOutStartButton)
        self.bottomButtons_layout.addWidget(self.logOutStopButton)
        self.bottomButtons_layout.addWidget(self.logOutSaveButton)
        self.bottomButtons_layout.addWidget(self.logOutCancelButton,
                                            alignment=QtCore.Qt.AlignRight)

        self.outerVertBoxPro.addLayout(self.labelVerBoxPro)
        self.outerVertBoxPro.addLayout(self.nameVerBoxPro)
        self.outerVertBoxPro.addLayout(self.bottomButtons_layout)

        #Auto Adjust Size
        self.setFixedSize(self.labelVerBoxPro.sizeHint())
        self.setFixedSize(self.nameVerBoxPro.sizeHint())
        self.setFixedSize(self.bottomButtons_layout.sizeHint())

        self.outerVertBoxPro.addStretch()

        self.setLayout(self.outerVertBoxPro)

        self.logman = logman
Example #22
0
    def __init__(self, logman, comment_mgr, val):
        logging.debug("MainGUI(): Instantiated")
        super(MainGUI, self).__init__()
        self.setWindowTitle('Traffic Annotation Workflow')
        self.setFixedSize(670,565)

        self.logman = logman
        self.comment_mgr = comment_mgr
        self.val = val

        self.project_sessions = ProjectSessions()
        self.cm = ConfigurationManager.get_instance()

        #shared data between widgets
        self.existingconfignames = {}
        self.logEnabled = ''
        self.closeConfirmed = ''
        self.newProject_pressed = False
        self.newPro = None

        #get project folder
        self.project_data_folder = self.cm.read_config_value("PROJECTS", "PROJECTS_BASE_PATH")
        self.createRequiredSubDirectories()

        self.at_start = True

        self.mainWidget = QWidget()
        self.setCentralWidget(self.mainWidget)
        mainlayout = QVBoxLayout()
        self.baseWidget = QWidget() #BaseWidget()
        self.annotateWidget = QWidget()
        self.resultsWidget = QWidget()
        self.projectTree = QtWidgets.QTreeWidget()
        self.baseWidgets = {}
        self.blankTreeContextMenu = {}
        
        quit = QAction("Quit", self)
        quit.triggered.connect(self.closeEvent)

        #Add tab widget - RES
        tabWidget = QtWidgets.QTabWidget()
        tabWidget.setGeometry(QtCore.QRect(0, 15, 668, 565))
        tabWidget.setObjectName("tabWidget")

        #BaseWidget
        self.baseWidget.setWindowTitle("BaseWidget")
        self.baseWidget.setObjectName("BaseWidget")
        baseLayoutWidget = QtWidgets.QWidget()
        baseLayoutWidget.setObjectName("layoutWidget")
        self.baseOuterVertBox = QtWidgets.QVBoxLayout()
        self.baseOuterVertBox.setObjectName("outerVertBox")
        baseLayoutWidget.setLayout(self.baseOuterVertBox)

        self.baseWidget.setLayout(self.baseOuterVertBox)

        #Configuration window - RES
        ## windowBoxHLayout contains:
        ###projectTree (Left)
        ###basedataStackedWidget (Right)
        windowWidget = QtWidgets.QWidget()
        windowWidget.setObjectName("windowWidget")
        windowBoxHLayout = QtWidgets.QHBoxLayout()
        windowBoxHLayout.setObjectName("windowBoxHLayout")
        windowWidget.setLayout(windowBoxHLayout)

        self.projectTree.itemSelectionChanged.connect(self.onItemSelected)
        self.projectTree.setContextMenuPolicy(QtCore.Qt.CustomContextMenu)
        self.projectTree.customContextMenuRequested.connect(self.showContextMenu)
        self.projectTree.setEnabled(True)
        self.projectTree.setMaximumSize(200,521)
        self.projectTree.setObjectName("projectTree")
        self.projectTree.headerItem().setText(0, "Projects")
        self.projectTree.setSortingEnabled(False)
        windowBoxHLayout.addWidget(self.projectTree)

        self.basedataStackedWidget = QStackedWidget()
        self.basedataStackedWidget.setObjectName("basedataStackedWidget")
        windowBoxHLayout.addWidget(self.basedataStackedWidget)
        tabWidget.addTab(windowWidget, "Configuration")

        #ADD TAB WIDGET - RES
        self.initMenu()
        mainlayout = QVBoxLayout()
        mainlayout.addWidget(self.mainMenu)
        mainlayout.addWidget(tabWidget)
        self.mainWidget.setLayout(mainlayout)

        #load any saved projects
        self.load_saved()
        self.load_sessions()
        self.at_start = False

        logging.debug("MainWindow(): Complete")
Example #23
0
if __name__ == '__main__':
    logging.getLogger().setLevel(logging.DEBUG)

    logging.debug("MainApp(): Starting GUI")
    logging.debug("MainApp(): Instantiating LogManager")
    logman = LogManager()
    logging.debug("MainApp(): Instantiating Comment Manager")
    comment_mgr = CommentManager()
    logging.debug("MainApp(): Instantiating Validator")
    validator = Validator()

    if len(sys.argv) > 2:
        if os.path.exists(sys.argv[1]):
            logging.debug("MainApp(): Setting up configuration manager")
            ConfigurationManager.get_instance().set_config_file(sys.argv[1])
        else:
            logging.debug("MainApp(): config file " + sys.argv[1] +
                          " does not exist")

    logging.debug("MainApp(): Instantiated")
    logging.basicConfig(stream=sys.stdout,
                        format='%(levelname)s:%(message)s',
                        level=logging.DEBUG)

    appctxt = QApplication(sys.argv)
    gui = MainGUI(logman, comment_mgr, validator)
    gui.setGeometry(500, 300, 500, 100)
    gui.show()
    exit_code = appctxt.exec_()
    sys.exit(exit_code)