def indicators(): """ GET/POST the Indicators Controller :return: { 'message': '{success|failure}', 'data': [] } """ if request.method == 'GET': filters = {} for f in FILTERS: if request.args.get(f): filters[f] = request.args.get(f) try: r = Client(remote, pull_token()).filter(filters=filters, limit=request.args.get('limit')) except RuntimeError as e: logger.error(e) response = jsonify({"message": "search failed", "data": []}) response.status_code = 403 else: response = jsonify({"message": "success", "data": r}) response.status_code = 200 else: try: r = Client(remote, pull_token()).submit(request.data) except RuntimeError as e: logger.error(e) response = jsonify({"message": "submission failed", "data": []}) response.status_code = 422 else: response = jsonify({"message": "success", "data": r}) response.status_code = 201 return response
def __init__(self, remote=HUNTER_ADDR, router=ROUTER_ADDR, token=TOKEN, *args, **kv): self.logger = logging.getLogger(__name__) self.context = zmq.Context.instance() self.socket = self.context.socket(zmq.SUB) if sys.version_info > (3, ): self.socket.setsockopt_string(zmq.SUBSCRIBE, '') else: self.socket.setsockopt(zmq.SUBSCRIBE, '') self.loop = ioloop.IOLoop.instance() self.loop.add_handler(self.socket, self.handle_message, zmq.POLLIN) self.plugins = [] import pkgutil self.logger.debug('loading plugins...') for loader, modname, is_pkg in pkgutil.iter_modules( cif.hunter.__path__, 'cif.hunter.'): p = loader.find_module(modname).load_module(modname) self.plugins.append(p.Plugin(*args, **kv)) self.logger.debug('plugin loaded: {}'.format(modname)) self.hunters = remote self.router = Client(remote=router, token=token)
def ping(): """ Ping the router interface :return: { 'message': 'success', 'data': '<timestamp>' } """ r = Client(remote, pull_token()).ping() return jsonify({"message": "success", "data": r})
def main(): p = get_argument_parser() p = ArgumentParser(description=textwrap.dedent('''\ example usage: $ cif-httpd -d '''), formatter_class=RawDescriptionHelpFormatter, prog='cif-httpd', parents=[p]) p.add_argument("--router", help="specify router frontend [default %(default)s]", default=ROUTER_ADDR) p.add_argument('--token', help="specify cif-httpd token [default %(default)s]", default=TOKEN) p.add_argument( '--listen', help='specify the interface to listen on [default %(default)s]', default=HTTP_LISTEN) p.add_argument('--listen-port', help='specify the port to listen on [default %(default)s]', default=HTTP_LISTEN_PORT) p.add_argument('--fdebug', action='store_true') args = p.parse_args() setup_logging(args) logger = logging.getLogger(__name__) logger.info('loglevel is: {}'.format( logging.getLevelName(logger.getEffectiveLevel()))) setup_signals(__name__) try: logger.info('pinging router...') if Client(args.router, args.token).ping(): app.config["SECRET_KEY"] = os.urandom(1024) logger.info('starting up...') app.run(host=args.listen, port=args.listen_port, debug=args.fdebug) else: logger.error('router unavailable...') except KeyboardInterrupt: logger.info('shutting down...') raise SystemExit
def search(): """ Search controller :param str q: query term (ex: example.org, 1.2.3.4, 1.2.3.0/24) :param dict filters: query filters :param int limit: limit search results (reporttime desc) :return: { 'message': 'success', 'data': [] } """ filters = {} for k in ['indicator', 'itype', 'application', 'limit']: if request.args.get(k): filters[k] = request.args.get(k) if request.args.get('q'): filters['indicator'] = request.args.get('q') r = Client(remote, pull_token()).search(filters) return jsonify({"message": "success", "data": r})
def client(): from cif.client.zeromq import ZMQ as Client yield Client(ROUTER_ADDR, '1234')