def test_stix_transform(self):
"""
Objective: Test if our STIX xml can be validated.
"""
config = ConfigParser()
config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg')
config.read(config_file)
config.set('taxii', 'enabled', True)
test_event = {'remote': ('127.0.0.1', 54872), 'data_type': 's7comm',
'public_ip': '111.222.111.222',
'timestamp': datetime.now(),
'session_id': str(uuid.uuid4()),
'data': {0: {'request': 'who are you', 'response': 'mr. blue'},
1: {'request': 'give me apples', 'response': 'no way'}}}
dom = etree.parse('conpot/templates/default/template.xml')
stixTransformer = StixTransformer(config, dom)
stix_package_xml = stixTransformer.transform(test_event)
validator = validators.STIXSchemaValidator()
result = validator.validate(StringIO(stix_package_xml.encode('utf-8'))).as_dict()
has_errors = False
error_string = ''
if 'errors' in result:
has_errors = True
for error in result['errors']:
error_string += error['message']
error_string += ', '
self.assertFalse(has_errors, 'Error while validations STIX xml: {0}'. format(error_string))
def test_stix_transform(self):
"""
Objective: Test if our STIX xml can be validated.
"""
config = ConfigParser()
config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg')
config.read(config_file)
config.set('taxii', 'enabled', True)
config.set('taxii', 'use_contact_info', True)
config.set('taxii', 'contact_name', 'conpot')
config.set('taxii', 'contact_mail', '[email protected]')
config.set('taxii', 'contact_domain', 'http://conpot.org/stix-1')
test_event = {'remote': ('127.0.0.1', 54872), 'data_type': 's7comm',
'public_ip': '111.222.111.222',
'timestamp': datetime.now(),
'session_id': str(uuid.uuid4()),
'data': {0: {'request': 'who are you', 'response': 'mr. blue'},
1: {'request': 'give me apples', 'response': 'no way'}}}
dom = etree.parse('conpot/templates/default/template.xml')
stixTransformer = StixTransformer(config, dom)
stix_package_xml = stixTransformer.transform(test_event)
xmlValidator = STIXValidator(None, True, False)
result_dict = xmlValidator.validate(StringIO(stix_package_xml.encode('utf-8')))
errors = ''
if 'errors' in result_dict:
errors = ', '.join(result_dict['errors'])
self.assertTrue(result_dict['result'], 'Error while validations STIX xml: {0}'. format(errors))
def __init__(self, config, dom):
self.host = config.get('taxii', 'host')
self.port = config.getint('taxii', 'port')
self.inbox_path = config.get('taxii', 'inbox_path')
self.use_https = config.getboolean('taxii', 'use_https')
self.client = HttpClient()
self.client.setProxy('noproxy')
self.stix_transformer = StixTransformer(config, dom)
def __init__(self, config, dom):
self.host = config.get("taxii", "host")
self.port = config.getint("taxii", "port")
self.inbox_path = config.get("taxii", "inbox_path")
self.use_https = config.getboolean("taxii", "use_https")
self.client = HttpClient()
self.client.setProxy("noproxy")
self.stix_transformer = StixTransformer(config, dom)
class TaxiiLogger(object):
def __init__(self, config, dom):
self.host = config.get("taxii", "host")
self.port = config.getint("taxii", "port")
self.inbox_path = config.get("taxii", "inbox_path")
self.use_https = config.getboolean("taxii", "use_https")
self.client = HttpClient()
self.client.setProxy("noproxy")
self.stix_transformer = StixTransformer(config, dom)
def log(self, event):
# converts from conpot log format to STIX compatible xml
stix_package = self.stix_transformer.transform(event)
# wrapping the stix message in a TAXII envelope
content_block = ContentBlock(libtaxii.CB_STIX_XML_11, stix_package.encode("utf-8"))
inbox_message = InboxMessage(message_id=generate_message_id(), content_blocks=[content_block])
inbox_xml = inbox_message.to_xml()
# the actual call to the TAXII web service
response = self.client.callTaxiiService2(
self.host, self.inbox_path, libtaxii.VID_TAXII_XML_11, inbox_xml, self.port
)
response_message = libtaxii.get_message_from_http_response(response, "0")
if response_message.status_type != libtaxii.messages.ST_SUCCESS:
logger.error("Error while transmitting message to TAXII server: {0}".format(response_message.message))
return False
else:
return True
class TaxiiLogger(object):
def __init__(self, config, dom):
self.host = config.get('taxii', 'host')
self.port = config.getint('taxii', 'port')
self.inbox_path = config.get('taxii', 'inbox_path')
self.use_https = config.getboolean('taxii', 'use_https')
self.client = HttpClient()
self.client.setProxy('noproxy')
self.stix_transformer = StixTransformer(config, dom)
def log(self, event):
# converts from conpot log format to STIX compatible xml
stix_package = self.stix_transformer.transform(event)
# wrapping the stix message in a TAXII envelope
content_block = ContentBlock(libtaxii.CB_STIX_XML_11, stix_package.encode('utf-8'))
inbox_message = InboxMessage(message_id=generate_message_id(), content_blocks=[content_block])
inbox_xml = inbox_message.to_xml()
# the actual call to the TAXII web service
response = self.client.callTaxiiService2(self.host, self.inbox_path, libtaxii.VID_TAXII_XML_11, inbox_xml, self.port)
response_message = libtaxii.get_message_from_http_response(response, '0')
if response_message.status_type != libtaxii.messages.ST_SUCCESS:
logger.error('Error while transmitting message to TAXII server: {0}'.format(response_message.message))
return False
else:
return True
def __init__(self, config, dom):
self.host = config.get("taxii", "host")
self.port = config.getint("taxii", "port")
self.inbox_path = config.get("taxii", "inbox_path")
self.use_https = config.getboolean("taxii", "use_https")
self.client = HttpClient()
self.client.setProxy("noproxy")
self.stix_transformer = StixTransformer(config, dom)
def __init__(self, config, dom):
self.host = config.get('taxii', 'host')
self.port = config.getint('taxii', 'port')
self.inbox_path = config.get('taxii', 'inbox_path')
self.use_https = config.getboolean('taxii', 'use_https')
self.client = HttpClient()
self.client.setProxy('noproxy')
self.stix_transformer = StixTransformer(config, dom)
def test_stix_transform(self):
"""
Objective: Test if our STIX xml can be validated.
"""
config = ConfigParser()
config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg')
config.read(config_file)
config.set('taxii', 'enabled', True)
test_event = {
'remote': ('127.0.0.1', 54872),
'data_type': 's7comm',
'public_ip': '111.222.111.222',
'timestamp': datetime.now(),
'session_id': str(uuid.uuid4()),
'data': {
0: {
'request': 'who are you',
'response': 'mr. blue'
},
1: {
'request': 'give me apples',
'response': 'no way'
}
}
}
dom = etree.parse('conpot/templates/default/template.xml')
stixTransformer = StixTransformer(config, dom)
stix_package_xml = stixTransformer.transform(test_event)
validator = validators.STIXSchemaValidator()
result = validator.validate(StringIO(
stix_package_xml.encode('utf-8'))).as_dict()
has_errors = False
error_string = ''
if 'errors' in result:
has_errors = True
for error in result['errors']:
error_string += error['message']
error_string += ', '
self.assertFalse(
has_errors,
'Error while validations STIX xml: {0}'.format(error_string))
def test_stix_transform(self):
"""
Objective: Test if our STIX xml can be validated.
"""
config = ConfigParser()
config_file = os.path.join(os.path.dirname(__file__), "../conpot.cfg")
config.read(config_file)
config.set("taxii", "enabled", True)
test_event = {
"remote": ("127.0.0.1", 54872),
"data_type": "s7comm",
"public_ip": "111.222.111.222",
"timestamp": datetime.now(),
"session_id": str(uuid.uuid4()),
"data": {
0: {
"request": "who are you",
"response": "mr. blue"
},
1: {
"request": "give me apples",
"response": "no way"
},
},
}
dom = etree.parse("conpot/templates/default/template.xml")
stixTransformer = StixTransformer(config, dom)
stix_package_xml = stixTransformer.transform(test_event)
validator = validators.STIXSchemaValidator()
result = validator.validate(StringIO(
stix_package_xml.encode("utf-8"))).as_dict()
has_errors = False
error_string = ""
if "errors" in result:
has_errors = True
for error in result["errors"]:
error_string += error["message"]
error_string += ", "
self.assertFalse(
has_errors,
"Error while validations STIX xml: {0}".format(error_string))
def test_stix_transform(self):
"""
Objective: Test if our STIX xml can be validated.
"""
config = ConfigParser()
config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg')
config.read(config_file)
config.set('taxii', 'enabled', True)
config.set('taxii', 'use_contact_info', True)
config.set('taxii', 'contact_name', 'James Bond')
config.set('taxii', 'contact_mail', '[email protected]')
test_event = {
'remote': ('127.0.0.1', 54872),
'data_type': 's7comm',
'public_ip': '111.222.111.222',
'timestamp': datetime.now(),
'session_id': '101d9884-b695-4d8b-bf24-343c7dda1b68',
'data': {
0: {
'request': 'who are you',
'response': 'mr. blue'
},
1: {
'request': 'give me apples',
'response': 'no way'
}
}
}
dom = etree.parse('conpot/templates/default.xml')
stixTransformer = StixTransformer(config, dom)
stix_package_xml = stixTransformer.transform(test_event)
xmlValidator = STIXValidator(None, True, False)
result_dict = xmlValidator.validate(
StringIO(stix_package_xml.encode('utf-8')))
errors = ''
if 'errors' in result_dict:
errors = ', '.join(result_dict['errors'])
self.assertTrue(result_dict['result'],
'Error while validations STIX xml: {0}'.format(errors))
