def initConfiguration(self):
myparser = OptionParser()
(self.options, args) = myparser.parse_args([])
self.options.alert_names = getConfig('alert_names', [], self.configfile)
self.options.restapi_url = getConfig('restapi_url', '', self.configfile)
self.options.restapi_jwt_token = getConfig('restapi_jwt_token', None, self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile)
# options for your custom/internal ip blocking service
# mozilla's is called banhammer
# and uses an intermediary mysql DB
# here we set credentials
self.options.banhammerdbhost = getConfig(
'banhammerdbhost',
'localhost',
self.configfile)
self.options.banhammerdbuser = getConfig(
'banhammerdbuser',
'auser',
self.configfile)
self.options.banhammerdbpasswd = getConfig(
'banhammerdbpasswd',
'',
self.configfile)
self.options.banhammerdbdb = getConfig(
'banhammerdbdb',
'banhammer',
self.configfile)
def parse_config(self, config_filename, config_keys):
myparser = OptionParser()
self.config = None
(self.config, args) = myparser.parse_args([])
for config_key in config_keys:
temp_value = getConfig(config_key, "", config_filename)
setattr(self.config, config_key, temp_value)
def initConfiguration(self):
myparser = OptionParser()
(self.config, args) = myparser.parse_args([])
self.config.hostfilter = getConfig('hostfilter', '', self.config_file)
self.config.user = getConfig('user', '', self.config_file)
self.config.skiphosts = getConfig('skiphosts', '',
self.config_file).split()
def parse_config(self, config_filename, config_keys):
myparser = OptionParser()
self.config = None
(self.config, args) = myparser.parse_args([])
for config_key in config_keys:
temp_value = getConfig(config_key, '', config_filename)
setattr(self.config, config_key, temp_value)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# options for your custom/internal ip blocking service
# mozilla's is called banhammer
# and uses an intermediary mysql DB
# here we set credentials
self.options.mongohost = getConfig('mongohost', 'localhost',
self.configfile)
self.options.mongoport = getConfig('mongoport', 3001, self.configfile)
# FQDN whitelist as a comma separted list of example.com or foo.bar.com style names
self.options.fqdn_whitelist_file = getConfig('fqdn_whitelist_file',
'/dev/null',
self.configfile)
# optional statuspage.io integration
self.options.statuspage_api_key = getConfig('statuspage_api_key', '',
self.configfile)
self.options.statuspage_page_id = getConfig('statuspage_page_id', '',
self.configfile)
self.options.statuspage_url = 'https://api.statuspage.io/v1/pages/{0}/incidents.json'.format(
self.options.statuspage_page_id)
self.options.statuspage_component_id = getConfig(
'statuspage_component_id', '', self.configfile)
self.options.statuspage_sub_component_id = getConfig(
'statuspage_sub_component_id', '', self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
self.options.mongohost = getConfig('mongohost', 'localhost',
self.configfile)
self.options.mongoport = getConfig('mongoport', 3001, self.configfile)
# CIDR whitelist as a comma separted list of 8.8.8.0/24 style masks
self.options.network_whitelist_file = getConfig(
'network_whitelist_file', '/dev/null', self.configfile)
# optional statuspage.io integration
self.options.statuspage_api_key = getConfig('statuspage_api_key', '',
self.configfile)
self.options.statuspage_page_id = getConfig('statuspage_page_id', '',
self.configfile)
self.options.statuspage_url = 'https://api.statuspage.io/v1/pages/{0}/incidents.json'.format(
self.options.statuspage_page_id)
self.options.statuspage_component_id = getConfig(
'statuspage_component_id', '', self.configfile)
self.options.statuspage_sub_component_id = getConfig(
'statuspage_sub_component_id', '', self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.serviceKey = getConfig('serviceKey', 'APIKEYHERE', self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
self.options.keywords = getConfig('keywords', 'localhost',
self.configfile)
def parse_config(self, config_filename, config_keys):
myparser = OptionParser()
self.config = None
(self.config, args) = myparser.parse_args([])
full_config_filename = os.path.join(os.path.dirname(__file__), "../", config_filename)
for config_key in config_keys:
temp_value = getConfig(config_key, "", full_config_filename)
setattr(self.config, config_key, temp_value)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# example: set a default time zone for when it's not specified
self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.serviceKey = getConfig('serviceKey', 'APIKEYHERE',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# example: set a default time zone for when it's not specified
self.options.defaultTimeZone = getConfig('defaulttimezone',
'US/Pacific', self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# threat exchange options
self.options.appid = getConfig('appid', '', self.configfile)
self.options.appsecret = getConfig('appsecret', '', self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# cymon options
self.options.cymonapikey = getConfig('cymonapikey', '',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# cymon options
self.options.cymonapikey = getConfig('cymonapikey',
'',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# options
# comma separated list of usernames to exclude
# from the data
self.options.ignoreusernames = getConfig('ignoreusernames', '',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# options
# comma separated list of usernames to exclude
# from the data
self.options.ignoreusernames = getConfig('ignoreusernames',
'',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.defaultTimeZone = getConfig('defaulttimezone',
'US/Pacific', self.configfile)
# threat exchange options
self.options.appid = getConfig('appid', '', self.configfile)
self.options.appsecret = getConfig('appsecret', '', self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# email settings
self.options.smtpserver = getConfig('smtpserver', 'localhost',
self.configfile)
self.options.sender = getConfig('sender', '*****@*****.**',
self.configfile)
recipients_str = getConfig('recipients', '*****@*****.**',
self.configfile)
self.options.recipients = recipients_str.split(',')
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.serviceKey = getConfig('serviceKey', 'APIKEYHERE', self.configfile)
self.options.keywords = getConfig('keywords', 'KEYWORDS', self.configfile)
self.options.clienturl = getConfig('clienturl', 'CLIENTURL', self.configfile)
try:
self.options.docs = json.loads(getConfig('docs', {}, self.configfile))
except:
self.options.docs = {}
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.serviceKey = getConfig('serviceKey', 'APIKEYHERE', self.configfile)
self.options.keywords = getConfig('keywords', 'KEYWORDS', self.configfile)
self.options.clienturl = getConfig('clienturl', 'CLIENTURL', self.configfile)
try:
self.options.docs = json.loads(getConfig('docs', {}, self.configfile))
except:
self.options.docs = {}
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# boto options
self.options.region = getConfig('region', 'us-west-2', self.configfile)
self.options.aws_access_key_id = getConfig('aws_access_key_id', '',
self.configfile)
self.options.aws_secret_access_key = getConfig('aws_secret_access_key',
'', self.configfile)
self.options.aws_queue_name = getConfig('aws_queue_name', '',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile)
# threat exchange options
self.options.appid = getConfig('appid',
'',
self.configfile)
self.options.appsecret=getConfig('appsecret',
'',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.defaultTimeZone = getConfig('defaulttimezone',
'US/Pacific', self.configfile)
# boto options
self.options.region = getConfig('region', 'us-west-2', self.configfile)
self.options.aws_access_key_id = getConfig('aws_access_key_id', '',
self.configfile)
self.options.aws_secret_access_key = getConfig('aws_secret_access_key',
'', self.configfile)
self.options.aws_queue_name = getConfig('aws_queue_name', '',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.defaultTimeZone = getConfig('defaulttimezone',
'US/Pacific', self.configfile)
# options for your custom/internal ip blocking service
# mozilla's is called banhammer
# and uses an intermediary mysql DB
# here we set credentials
self.options.banhammerdbhost = getConfig('banhammerdbhost',
'localhost', self.configfile)
self.options.banhammerdbuser = getConfig('banhammerdbuser', 'auser',
self.configfile)
self.options.banhammerdbpasswd = getConfig('banhammerdbpasswd', '',
self.configfile)
self.options.banhammerdbdb = getConfig('banhammerdbdb', 'banhammer',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile)
# boto options
self.options.region = getConfig('region',
'us-west-2',
self.configfile)
self.options.aws_access_key_id=getConfig('aws_access_key_id',
'',
self.configfile)
self.options.aws_secret_access_key=getConfig('aws_secret_access_key',
'',
self.configfile)
self.options.aws_queue_name=getConfig('aws_queue_name',
'',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# options for your custom/internal ip blocking service
# mozilla's is called banhammer
# and uses an intermediary mysql DB
# here we set credentials
self.options.banhammerdbhost = getConfig('banhammerdbhost',
'localhost', self.configfile)
self.options.banhammerdbuser = getConfig('banhammerdbuser', 'auser',
self.configfile)
self.options.banhammerdbpasswd = getConfig('banhammerdbpasswd', '',
self.configfile)
self.options.banhammerdbdb = getConfig('banhammerdbdb', 'banhammer',
self.configfile)
# CIDR whitelist as a comma separted list of 8.8.8.0/24 style masks
self.options.network_list_file = getConfig('network_list_file', '',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
self.options.mongohost = getConfig(
'mongohost',
'localhost',
self.configfile)
self.options.mongoport = getConfig(
'mongoport',
3001,
self.configfile)
# FQDN whitelist as a comma separted list of example.com or foo.bar.com style names
self.options.fqdn_whitelist_file = getConfig('fqdn_whitelist_file', '/dev/null', self.configfile)
# optional statuspage.io integration
self.options.statuspage_api_key = getConfig(
'statuspage_api_key',
'',
self.configfile)
self.options.statuspage_page_id = getConfig(
'statuspage_page_id',
'',
self.configfile)
self.options.statuspage_url = 'https://api.statuspage.io/v1/pages/{0}/incidents.json'.format(
self.options.statuspage_page_id)
self.options.statuspage_component_id = getConfig(
'statuspage_component_id',
'',
self.configfile)
self.options.statuspage_sub_component_id = getConfig(
'statuspage_sub_component_id',
'',
self.configfile)
# do we remove any date string from the 'summary' field (removes syslog
# timestamps)
options.removemessagedate = getConfig('removemessagedate', True,
options.configfile)
options.esservers = list(
getConfig('esservers', 'http://localhost:9200',
options.configfile).split(','))
# load any alert regexes from the config file
# expecting one line, tab delimited json:
# regexes={"type":"LDAP Group Update","expression":"ou=groups","severity":"INFO"} {"type":"LDAP Delete","expression":"delete","severity":"INFO"}
# adding a tag attribute will limit expression matching to items with that tag
# regexes={"type":"LDAP Group Update","expression":"ou=groups","severity":"INFO","tag":"ldap"}
regexes = getConfig('regexes', '', options.configfile)
options.regexlist = []
if len(regexes) > 0:
for r in regexes.split('\t'):
options.regexlist.append(json.loads(r))
if __name__ == '__main__':
parser = OptionParser()
parser.add_option("-c",
dest='configfile',
default=sys.argv[0].replace('.py', '.conf'),
help="configuration file to use")
(options, args) = parser.parse_args()
initConfig()
es = esConnect(None)
main()
# run with message acking?
# also toggles transient/persistant delivery (messages in memory only or stored on disk)
# ack=True sets persistant delivery, False sets transient delivery
options.mqack = getConfig("mqack", True, options.configfile)
# plugin options
# secs to pass before checking for new/updated plugins
# seems to cause memory leaks..
# regular updates are disabled for now,
# though we set the frequency anyway.
options.plugincheckfrequency = getConfig("plugincheckfrequency", 120, options.configfile)
if __name__ == "__main__":
# configure ourselves
parser = OptionParser()
parser.add_option(
"-c", dest="configfile", default=sys.argv[0].replace(".py", ".conf"), help="configuration file to use"
)
(options, args) = parser.parse_args()
initConfig()
# open ES connection globally so we don't waste time opening it per message
es = esConnect(None)
# force a check for plugins and establish the plugin list
pluginList = list()
lastPluginCheck = datetime.now() - timedelta(minutes=60)
pluginList, lastPluginCheck = checkPlugins(pluginList, lastPluginCheck)
main()
# plugin options
# secs to pass before checking for new/updated plugins
# seems to cause memory leaks..
# regular updates are disabled for now,
# though we set the frequency anyway.
options.plugincheckfrequency = getConfig('plugincheckfrequency', 120,
options.configfile)
# This is the full ARN that the s3 bucket lives under
options.cloudtrail_arn = getConfig('cloudtrail_arn', 'cloudtrail_arn',
options.configfile)
if __name__ == '__main__':
# configure ourselves
parser = OptionParser()
parser.add_option("-c",
dest='configfile',
default=sys.argv[0].replace('.py', '.conf'),
help="configuration file to use")
(options, args) = parser.parse_args()
initConfig()
initLogger(options)
# open ES connection globally so we don't waste time opening it per message
es = esConnect()
# force a check for plugins and establish the plugin list
pluginList = list()
lastPluginCheck = datetime.now() - timedelta(minutes=60)
pluginList, lastPluginCheck = checkPlugins(pluginList, lastPluginCheck)
if options.action == "info":
get_volume_info(region)
# target a specific snapshot
if options.snapshots and len(options.snapshots) > 0:
# attach a snapshot to forensics?
if options.action == 'attach' and \
options.snapshots and \
options.forensic :
attach_snapshot(region)
if options.action == 'list':
list_snapshots(region)
if __name__ == '__main__':
parser = OptionParser()
parser.add_option("-c", "--conf", dest='configfile', default=sys.argv[0].replace('.py', '.conf'), help="configuration file to use")
parser.add_option("-o", "--output", dest='output', default='text', help="output format, json or text")
parser.add_option("-r", "--regions", dest='regions', default=None, help="comma delimited list of regions to target")
parser.add_option("-i", "--instances", dest='instances', default=None, help="comma delimited list of instance IDs to target")
parser.add_option("-f", "--forensic", dest='forensic', default=None, help="instance IDs to use as the forensic workstation")
parser.add_option("-v", "--volumes", dest='volumes', default=None, help="comma delimited list of volume IDs to target")
parser.add_option("-s", "--snapshots", dest='snapshots', default=None, help="comma delimited list of snapshot IDs to attach to the forensic instance")
parser.add_option("-d", "--device", dest="device", default="/dev/sdf", help="target device to use when attaching a volume")
parser.add_option("-a", "--action", dest='action', default='list', type="choice", choices=["list", "info", "snapshot", "attach"], help="Action to perform, list, info, snapshot, attach. Defaults to list")
(options, args) = parser.parse_args()
initConfig()
initLogger()
main()
options.aws_secret_access_key = getConfig('aws_secret_access_key', '',
options.configfile)
options.esservers = list(
getConfig('esservers', 'http://localhost:9200',
options.configfile).split(','))
options.aws_accounts = list(
getConfig('aws_accounts', '', options.configfile).split(','))
options.assumed_role_arns = list(
getConfig('assumed_role_arns', '', options.configfile).split(','))
options.bucket_account_map = json.loads(
getConfig('bucket_account_map', '{}', options.configfile))
options.state_file_name = getConfig('state_file_name',
'{0}.json'.format(sys.argv[0]),
options.configfile)
options.regions = list(
getConfig('regions',
','.join([x.name for x in boto.cloudtrail.regions()]),
options.configfile).split(','))
options.purge = getConfig('purge', False, options.configfile)
if __name__ == '__main__':
parser = OptionParser()
parser.add_option("-c",
dest='configfile',
default='{0}.conf'.format(sys.argv[0]),
help="configuration file to use")
(options, args) = parser.parse_args()
initConfig()
main()
options.esservers = list(
getConfig('esservers', 'http://localhost:9200',
options.configfile).split(','))
# mongo connectivity options
options.mongohost = getConfig('mongohost', 'localhost', options.configfile)
options.mongoport = getConfig('mongoport', 3001, options.configfile)
options.listen_host = getConfig('listen_host', '127.0.0.1',
options.configfile)
default_user_agent = 'Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/58.0'
options.user_agent = getConfig('user_agent', default_user_agent,
options.configfile)
parser = OptionParser()
parser.add_option("-c",
dest='configfile',
default=__file__.replace(".py", ".conf"),
help="configuration file to use")
(options, args) = parser.parse_args()
initConfig()
initLogger(options)
registerPlugins()
if __name__ == "__main__":
run(host=options.listen_host, port=8081)
else:
application = default_app()
# queue topic
options.alerttopic = get_config(
'alerttopic',
'mozdef.*',
options.configfile)
# how many messages to ask for at once
options.prefetch = get_config('prefetch', 50, options.configfile)
options.mq_alert_server = get_config('mqalertserver', 'localhost', options.configfile)
options.mq_user = get_config('mquser', 'guest', options.configfile)
options.mq_password = get_config('mqpassword', 'guest', options.configfile)
options.mq_port = get_config('mqport', 5672, options.configfile)
# mqack=True sets persistant delivery, False sets transient delivery
options.mq_ack = get_config('mqack', True, options.configfile)
if __name__ == "__main__":
parser = OptionParser()
parser.add_option(
"-c", dest='configfile',
default=sys.argv[0].replace('.py', '.conf'),
help="configuration file to use")
(options, args) = parser.parse_args()
init_config()
bot = SlackBot(options.slack_token, options.channels, options.name)
monitor_alerts_thread = Thread(target=consume_alerts, args=[bot])
monitor_alerts_thread.daemon = True
monitor_alerts_thread.start()
bot.run()
options.password = getConfig('password', '', options.configfile)
options.join = getConfig('join', '#mzdf', options.configfile)
options.mqserver = getConfig('mqserver', 'localhost', options.configfile)
options.alertqueue = getConfig('alertqueue', 'mozdef.alert',
options.configfile)
options.alertexchange = getConfig('alertexchange', 'alerts',
options.configfile)
options.alertircchannel = getConfig('alertircchannel', '',
options.configfile)
options.channelkeys = json.loads(
getConfig('channelkeys', '{"#somechannel": "somekey"}',
options.configfile))
if options.alertircchannel == '':
options.alertircchannel = options.join
if __name__ == "__main__":
parser = OptionParser()
parser.add_option("-c",
dest='configfile',
default='',
help="configuration file to use")
(options, args) = parser.parse_args()
initConfig()
thebot = mozdefBot()
thebot.run()
# vim: set ts=4 sts=4 sw=4 et:
jlog=json.loads(f.read())
for r in jlog['Records']:
r['utctimestamp']=toUTC(r['eventTime']).isoformat()
jbody=json.dumps(r)
res=es.index(index='events',doc_type='cloudtrail',doc=jbody)
#logger.debug(res)
setConfig('lastrun',lastrun,options.configfile)
except boto.exception.NoAuthHandlerFound:
logger.error("No auth handler found, check your credentials")
except Exception as e:
logger.error("Unhandled exception, terminating: %r"%e)
def initConfig():
options.output=getConfig('output','stdout',options.configfile) #output our log to stdout or syslog
options.sysloghostname=getConfig('sysloghostname','localhost',options.configfile) #syslog hostname
options.syslogport=getConfig('syslogport',514,options.configfile) #syslog port
options.defaultTimeZone=getConfig('defaulttimezone','US/Pacific',options.configfile)
options.aws_access_key_id=getConfig('aws_access_key_id','',options.configfile) #aws credentials to use to connect to cloudtrail
options.aws_secret_access_key=getConfig('aws_secret_access_key','',options.configfile)
options.esservers=list(getConfig('esservers','http://localhost:9200',options.configfile).split(','))
options.lastrun=toUTC(getConfig('lastrun',toUTC(datetime.now()-timedelta(hours=1)),options.configfile))
options.purge=getConfig('purge',False,options.configfile)
if __name__ == '__main__':
parser=OptionParser()
parser.add_option("-c", dest='configfile' , default='{0}.conf'.format(sys.argv[0]), help="configuration file to use")
(options,args) = parser.parse_args()
initConfig()
main()
def initConfig():
#initialize config options
#sets defaults or overrides from config file.
options.host=getConfig('host','irc.somewhere.com',options.configfile)
options.nick=getConfig('nick','mozdefnick',options.configfile)
options.port=getConfig('port',6697,options.configfile)
options.username=getConfig('username','username',options.configfile)
options.realname=getConfig('realname','realname',options.configfile)
options.password=getConfig('password','',options.configfile)
options.join=getConfig('join','#mzdf',options.configfile)
options.esserver=getConfig('esserver','localhost',options.configfile)
options.mqserver=getConfig('mqserver','localhost',options.configfile)
options.alertqueue=getConfig('alertqueue','mozdef.alert',options.configfile)
options.alertexchange=getConfig('alertexchange','alerts',options.configfile)
options.alertircchannel=getConfig('alertircchannel','',options.configfile)
if options.alertircchannel=='':
options.alertircchannel=options.join
if __name__ == "__main__":
parser=OptionParser()
parser.add_option("-c", dest='configfile' , default='', help="configuration file to use")
(options,args) = parser.parse_args()
initConfig()
thebot=mozdefBot()
thebot.run()
# vim: set ts=4 sts=4 sw=4 et:
options.kibanaurl = getConfig('kibanaurl', 'http://localhost:9090',
options.configfile)
# mongo connectivity options
options.mongohost = getConfig('mongohost', 'localhost', options.configfile)
options.mongoport = getConfig('mongoport', 3001, options.configfile)
options.listen_host = getConfig('listen_host', '127.0.0.1',
options.configfile)
default_user_agent = 'Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/58.0'
options.user_agent = getConfig('user_agent', default_user_agent,
options.configfile)
parser = OptionParser()
parser.add_option("-c",
dest='configfile',
default=os.path.join(os.path.dirname(__file__),
__file__).replace('.py', '.conf'),
help="configuration file to use")
(options, args) = parser.parse_args()
initConfig()
initLogger(options)
registerPlugins()
if __name__ == "__main__":
run(host=options.listen_host, port=8081)
else:
application = default_app()
# also toggles transient/persistant delivery (messages in memory only or stored on disk)
# ack=True sets persistant delivery, False sets transient delivery
options.mqack = getConfig("mqack", True, options.configfile)
# aws options
options.accesskey = getConfig("accesskey", "", options.configfile)
options.secretkey = getConfig("secretkey", "", options.configfile)
options.region = getConfig("region", "", options.configfile)
# How long to sleep between polling
options.sleep_time = getConfig("sleep_time", 0.1, options.configfile)
if __name__ == "__main__":
# configure ourselves
parser = OptionParser()
parser.add_option("-c",
dest="configfile",
default=sys.argv[0].replace(".py", ".conf"),
help="configuration file to use")
(options, args) = parser.parse_args()
initConfig()
initLogger(options)
# open ES connection globally so we don't waste time opening it per message
es = esConnect()
pluginList = registerPlugins()
try:
main()
duo.get_telephony_log(mintime=state["telephony"] + 1),
"telephony",
state,
)
pickle.dump(state, open(options.statepath, "wb"))
def initConfig():
options.IKEY = getConfig("IKEY", "", options.configfile)
options.SKEY = getConfig("SKEY", "", options.configfile)
options.URL = getConfig("URL", "", options.configfile)
options.MOZDEF_URL = getConfig("MOZDEF_URL", "", options.configfile)
options.DEBUG = getConfig("DEBUG", True, options.configfile)
options.statepath = getConfig("statepath", "", options.configfile)
options.update_tags = getConfig("addtag", "", options.configfile)
if __name__ == "__main__":
parser = OptionParser()
defaultconfigfile = sys.argv[0].replace(".py", ".conf")
parser.add_option(
"-c",
dest="configfile",
default=defaultconfigfile,
help="configuration file to use",
)
(options, args) = parser.parse_args()
initConfig()
main()
def initConfiguration(self):
myparser = OptionParser()
(self.config, args) = myparser.parse_args([])
self.config.hostfilter = getConfig('hostfilter', '', self.config_file)
self.config.user = getConfig('user', '', self.config_file)
self.config.skiphosts = getConfig('skiphosts', '', self.config_file).split()
duo.get_telephony_log(mintime=state["telephony"] + 1),
"telephony",
state,
)
pickle.dump(state, open(options.statepath, "wb"))
def initConfig():
options.IKEY = getConfig("IKEY", "", options.configfile)
options.SKEY = getConfig("SKEY", "", options.configfile)
options.URL = getConfig("URL", "", options.configfile)
options.MOZDEF_URL = getConfig("MOZDEF_URL", "", options.configfile)
options.DEBUG = getConfig("DEBUG", True, options.configfile)
options.statepath = getConfig("statepath", "", options.configfile)
options.update_tags = getConfig("addtag", "", options.configfile)
if __name__ == "__main__":
parser = OptionParser()
defaultconfigfile = sys.argv[0].replace(".py", ".conf")
parser.add_option(
"-c",
dest="configfile",
default=defaultconfigfile,
help="configuration file to use",
)
(options, args) = parser.parse_args()
initConfig()
main()
options.configfile).split(','))
options.kibanaurl = getConfig('kibanaurl',
'http://localhost:9090',
options.configfile)
# mongo connectivity options
options.mongohost = getConfig('mongohost', 'localhost', options.configfile)
options.mongoport = getConfig('mongoport', 3001, options.configfile)
options.listen_host = getConfig('listen_host', '127.0.0.1', options.configfile)
default_user_agent = 'Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/58.0'
options.user_agent = getConfig('user_agent', default_user_agent, options.configfile)
parser = OptionParser()
parser.add_option(
"-c",
dest='configfile',
default=os.path.join(os.path.dirname(__file__), __file__).replace('.py', '.conf'),
help="configuration file to use")
(options, args) = parser.parse_args()
initConfig()
initLogger(options)
registerPlugins()
if __name__ == "__main__":
run(host=options.listen_host, port=8081)
else:
application = default_app()
