def start(self):
"""
Starts the monitor activity
"""
result, systems = get_systems('server')
if not result:
logger.error("Cannot retrieve system info: %s" % str(systems))
return False
self.remove_monitor_data()
success, main_key = db_get_config('open_threat_exchange_key')
# if error or otx key is not activated then we don't keep checking.
if not success or main_key == '':
return False
for system_id, system_ip in systems:
try:
key = ansible_get_otx_key(system_ip)
if main_key != key:
monitor_data = {'same_otx_key': False}
if not self.save_data(system_id, ComponentTypes.SYSTEM,
self.get_json_message(monitor_data)):
logger.error("Cannot save monitor info")
except Exception, exc:
logger.error("[MonitorFederatedOTXKey]: %s" % str(exc))
def start(self):
"""
Starts the monitor activity
"""
result, systems = get_systems('server')
if not result:
logger.error("Cannot retrieve system info: %s" % str(systems))
return False
self.remove_monitor_data()
success, main_key = db_get_config('open_threat_exchange_key')
# if error or otx key is not activated then we don't keep checking.
if not success or main_key == '':
return False
for system_id, system_ip in systems:
try:
key = ansible_get_otx_key(system_ip)
if main_key != key:
monitor_data = {'same_otx_key': False}
if not self.save_data(system_id,
ComponentTypes.SYSTEM,
self.get_json_message(monitor_data)):
logger.error("Cannot save monitor info")
except Exception, exc:
logger.error("[MonitorFederatedOTXKey]: %s" % str(exc))
def _sanitize_tasks(self):
# Special case for telemetry
if Task.TELEMERY not in self._custom_tasks:
try:
success, value = db_get_config('track_usage_information')
if success and value != '':
telemetry_task = self.get_task(Task.TELEMERY)
telemetry_task.enabled = bool(int(value))
self.update_task(telemetry_task)
except Exception as e:
api_log.warning("[Scheduler._sanitize_tasks] {0}".format(str(e)))
def _sanitize_tasks(self):
# Special case for telemetry
if Task.TELEMERY not in self._custom_tasks:
try:
success, value = db_get_config('track_usage_information')
if success and value != '':
telemetry_task = self.get_task(Task.TELEMERY)
telemetry_task.enabled = bool(int(value))
self.update_task(telemetry_task)
except Exception as e:
api_log.warning("[Scheduler._sanitize_tasks] {0}".format(
str(e)))
def apimethod_get_open_threat_exchange_config():
"""Retrieves the OTX configuration from the database
Returns:
success (bool): True if successful, False elsewhere
result(dict) : A python dic containing all the OTX configuration.
"""
result = {}
keys = {
"token": "open_threat_exchange_key",
"username": "******",
"user_id": "open_threat_exchange_user_id",
"latest_update": "open_threat_exchange_latest_update",
"latest_contribution": "open_threat_exchange_last",
"contributing": "open_threat_exchange",
"key_version": "open_threat_exchange_key_version"
}
for result_key, db_key in keys.iteritems():
success, value = db_get_config(db_key)
if not success:
api_log.error("[apimethod_get_open_threat_exchange_config] %s" %
str(value))
return False, str(value)
else:
if result_key == "contributing":
result[result_key] = True if value == "yes" else "no"
else:
result[result_key] = value
#Check problem with OTX keys that are not updated.
if result["token"] and result["key_version"] < "2":
try:
otxapi = OTXv2(key=result["token"])
user_data = otxapi.check_token()
username = user_data.get('username')
user_id = user_data.get('user_id')
if username != 'user_needs_profile':
db_set_config("open_threat_exchange_key_version", 2)
db_set_config("open_threat_exchange_username", username)
db_set_config("open_threat_exchange_user_id", user_id)
result["username"] = username
result["user_id"] = user_id
result["key_version"] = "2"
except Exception as err:
api_log.error("Cannot check if the OTX Key is valid: %s" %
str(err))
return True, result
def apimethod_get_open_threat_exchange_config():
"""Retrieves the OTX configuration from the database
Returns:
success (bool): True if successful, False elsewhere
result(dict) : A python dic containing all the OTX configuration.
"""
result = {}
keys = {"token": "open_threat_exchange_key",
"username": "******",
"user_id": "open_threat_exchange_user_id",
"latest_update": "open_threat_exchange_latest_update",
"latest_contribution": "open_threat_exchange_last",
"contributing": "open_threat_exchange",
"key_version": "open_threat_exchange_key_version"}
for result_key, db_key in keys.iteritems():
success, value = db_get_config(db_key)
if not success:
api_log.error("[apimethod_get_open_threat_exchange_config] %s" % str(value))
return False, str(value)
else:
if result_key == "contributing":
result[result_key] = True if value == "yes" else "no"
else:
result[result_key] = value
#Check problem with OTX keys that are not updated.
if result["token"] and result["key_version"] < "2":
try:
otxapi = OTXv2(key=result["token"])
user_data = otxapi.check_token()
username = user_data.get('username')
user_id = user_data.get('user_id')
if username != 'user_needs_profile':
db_set_config("open_threat_exchange_key_version", 2)
db_set_config("open_threat_exchange_username", username)
db_set_config("open_threat_exchange_user_id", user_id)
result["username"] = username
result["user_id"] = user_id
result["key_version"] = "2"
except Exception as err:
api_log.error("Cannot check if the OTX Key is valid: %s" % str(err))
return True, result
def apimethod_is_otx_enabled():
"""Retrieves whether a system has OTX enabled or not
Args:
system_id (str): The system_id of the system which you want to get the information
Returns:
otx_enabled(bool): True if OTX is enabled, otherwise False
"""
success, value = db_get_config("open_threat_exchange_key")
if not success:
api_log.error("[apimethod_is_otx_enabled] %s" % str(value))
return False
else:
#If the token is registered, the otx is enabled
return True if value else False
def apimethod_get_otx_pulse_stats_summary(user):
"""Get the pulse statistics:
#Pulses, #IOCs, Last Updated, #Alarms with Pulses, #Events with Pulses
Args:
user(string): User Login
Returns:
success (bool): True if successful, False elsewhere
result(dic) : Error message if there was an error or dic with the pulse stats.
"""
stats = {
"pulses": 0,
"iocs": 0,
"last_updated": "",
"alarms": 0,
"events": 0
}
if apimethod_is_otx_enabled() is False:
return False, 'OTX is not activated'
try:
pulse_db = PulseDB()
pulses = pulse_db.get_range(0, -1)
del pulse_db
#Getting the number of pulses
stats['pulses'] = len(pulses)
#Counting the number of indicators for each pulse.
for p in pulses:
stats['iocs'] += len(p.get('indicators'))
stats['alarms'] = db_get_otx_alarms(user)
stats['events'] = db_get_otx_events(user)
except Exception as err:
api_log.error("[apimethod_get_otx_pulse_stats] %s" % str(err))
return False, "Error retrieving the Pulse Stats: %s" % str(err)
success, last_updated = db_get_config("open_threat_exchange_latest_update")
if not success:
api_log.error("[apimethod_get_otx_pulse_stats] %s" % str(last_updated))
return False, "Error retrieving the Pulse Stats: %s" % str(
last_updated)
stats['last_updated'] = last_updated
return True, stats
def apimethod_is_otx_enabled():
"""Retrieves whether a system has OTX enabled or not
Args:
system_id (str): The system_id of the system which you want to get the information
Returns:
otx_enabled(bool): True if OTX is enabled, otherwise False
"""
success, value = db_get_config("open_threat_exchange_key")
if not success:
api_log.error("[apimethod_is_otx_enabled] %s" % str(value))
return False
else:
#If the token is registered, the otx is enabled
return True if value else False
def apimethod_get_otx_pulse_stats_summary(user):
"""Get the pulse statistics:
#Pulses, #IOCs, Last Updated, #Alarms with Pulses, #Events with Pulses
Args:
user(string): User Login
Returns:
success (bool): True if successful, False elsewhere
result(dic) : Error message if there was an error or dic with the pulse stats.
"""
stats = {"pulses": 0, "iocs": 0, "last_updated": "", "alarms": 0, "events": 0}
if apimethod_is_otx_enabled() is False:
return False, 'OTX is not activated'
try:
pulse_db = PulseDB()
pulses = pulse_db.get_range(0, -1)
del pulse_db
# Getting the number of pulses
stats['pulses'] = len(pulses)
# Counting the number of indicators for each pulse.
for p in pulses:
stats['iocs'] += len(p.get('indicators', {}))
stats['alarms'] = db_get_otx_alarms(user)
stats['events'] = db_get_otx_events(user)
except Exception as err:
api_log.error("[apimethod_get_otx_pulse_stats] %s" % str(err))
return False, "Error retrieving the Pulse Stats: %s" % str(err)
success, last_updated = db_get_config("open_threat_exchange_latest_update")
if not success:
api_log.error("[apimethod_get_otx_pulse_stats] %s" % str(last_updated))
return False, "Error retrieving the Pulse Stats: %s" % str(last_updated)
stats['last_updated'] = last_updated
return True, stats
