def start(self): """ Starts the monitor activity """ result, systems = get_systems('server') if not result: logger.error("Cannot retrieve system info: %s" % str(systems)) return False self.remove_monitor_data() success, main_key = db_get_config('open_threat_exchange_key') # if error or otx key is not activated then we don't keep checking. if not success or main_key == '': return False for system_id, system_ip in systems: try: key = ansible_get_otx_key(system_ip) if main_key != key: monitor_data = {'same_otx_key': False} if not self.save_data(system_id, ComponentTypes.SYSTEM, self.get_json_message(monitor_data)): logger.error("Cannot save monitor info") except Exception, exc: logger.error("[MonitorFederatedOTXKey]: %s" % str(exc))
def _sanitize_tasks(self): # Special case for telemetry if Task.TELEMERY not in self._custom_tasks: try: success, value = db_get_config('track_usage_information') if success and value != '': telemetry_task = self.get_task(Task.TELEMERY) telemetry_task.enabled = bool(int(value)) self.update_task(telemetry_task) except Exception as e: api_log.warning("[Scheduler._sanitize_tasks] {0}".format(str(e)))
def _sanitize_tasks(self): # Special case for telemetry if Task.TELEMERY not in self._custom_tasks: try: success, value = db_get_config('track_usage_information') if success and value != '': telemetry_task = self.get_task(Task.TELEMERY) telemetry_task.enabled = bool(int(value)) self.update_task(telemetry_task) except Exception as e: api_log.warning("[Scheduler._sanitize_tasks] {0}".format( str(e)))
def apimethod_get_open_threat_exchange_config(): """Retrieves the OTX configuration from the database Returns: success (bool): True if successful, False elsewhere result(dict) : A python dic containing all the OTX configuration. """ result = {} keys = { "token": "open_threat_exchange_key", "username": "******", "user_id": "open_threat_exchange_user_id", "latest_update": "open_threat_exchange_latest_update", "latest_contribution": "open_threat_exchange_last", "contributing": "open_threat_exchange", "key_version": "open_threat_exchange_key_version" } for result_key, db_key in keys.iteritems(): success, value = db_get_config(db_key) if not success: api_log.error("[apimethod_get_open_threat_exchange_config] %s" % str(value)) return False, str(value) else: if result_key == "contributing": result[result_key] = True if value == "yes" else "no" else: result[result_key] = value #Check problem with OTX keys that are not updated. if result["token"] and result["key_version"] < "2": try: otxapi = OTXv2(key=result["token"]) user_data = otxapi.check_token() username = user_data.get('username') user_id = user_data.get('user_id') if username != 'user_needs_profile': db_set_config("open_threat_exchange_key_version", 2) db_set_config("open_threat_exchange_username", username) db_set_config("open_threat_exchange_user_id", user_id) result["username"] = username result["user_id"] = user_id result["key_version"] = "2" except Exception as err: api_log.error("Cannot check if the OTX Key is valid: %s" % str(err)) return True, result
def apimethod_get_open_threat_exchange_config(): """Retrieves the OTX configuration from the database Returns: success (bool): True if successful, False elsewhere result(dict) : A python dic containing all the OTX configuration. """ result = {} keys = {"token": "open_threat_exchange_key", "username": "******", "user_id": "open_threat_exchange_user_id", "latest_update": "open_threat_exchange_latest_update", "latest_contribution": "open_threat_exchange_last", "contributing": "open_threat_exchange", "key_version": "open_threat_exchange_key_version"} for result_key, db_key in keys.iteritems(): success, value = db_get_config(db_key) if not success: api_log.error("[apimethod_get_open_threat_exchange_config] %s" % str(value)) return False, str(value) else: if result_key == "contributing": result[result_key] = True if value == "yes" else "no" else: result[result_key] = value #Check problem with OTX keys that are not updated. if result["token"] and result["key_version"] < "2": try: otxapi = OTXv2(key=result["token"]) user_data = otxapi.check_token() username = user_data.get('username') user_id = user_data.get('user_id') if username != 'user_needs_profile': db_set_config("open_threat_exchange_key_version", 2) db_set_config("open_threat_exchange_username", username) db_set_config("open_threat_exchange_user_id", user_id) result["username"] = username result["user_id"] = user_id result["key_version"] = "2" except Exception as err: api_log.error("Cannot check if the OTX Key is valid: %s" % str(err)) return True, result
def apimethod_is_otx_enabled(): """Retrieves whether a system has OTX enabled or not Args: system_id (str): The system_id of the system which you want to get the information Returns: otx_enabled(bool): True if OTX is enabled, otherwise False """ success, value = db_get_config("open_threat_exchange_key") if not success: api_log.error("[apimethod_is_otx_enabled] %s" % str(value)) return False else: #If the token is registered, the otx is enabled return True if value else False
def apimethod_get_otx_pulse_stats_summary(user): """Get the pulse statistics: #Pulses, #IOCs, Last Updated, #Alarms with Pulses, #Events with Pulses Args: user(string): User Login Returns: success (bool): True if successful, False elsewhere result(dic) : Error message if there was an error or dic with the pulse stats. """ stats = { "pulses": 0, "iocs": 0, "last_updated": "", "alarms": 0, "events": 0 } if apimethod_is_otx_enabled() is False: return False, 'OTX is not activated' try: pulse_db = PulseDB() pulses = pulse_db.get_range(0, -1) del pulse_db #Getting the number of pulses stats['pulses'] = len(pulses) #Counting the number of indicators for each pulse. for p in pulses: stats['iocs'] += len(p.get('indicators')) stats['alarms'] = db_get_otx_alarms(user) stats['events'] = db_get_otx_events(user) except Exception as err: api_log.error("[apimethod_get_otx_pulse_stats] %s" % str(err)) return False, "Error retrieving the Pulse Stats: %s" % str(err) success, last_updated = db_get_config("open_threat_exchange_latest_update") if not success: api_log.error("[apimethod_get_otx_pulse_stats] %s" % str(last_updated)) return False, "Error retrieving the Pulse Stats: %s" % str( last_updated) stats['last_updated'] = last_updated return True, stats
def apimethod_get_otx_pulse_stats_summary(user): """Get the pulse statistics: #Pulses, #IOCs, Last Updated, #Alarms with Pulses, #Events with Pulses Args: user(string): User Login Returns: success (bool): True if successful, False elsewhere result(dic) : Error message if there was an error or dic with the pulse stats. """ stats = {"pulses": 0, "iocs": 0, "last_updated": "", "alarms": 0, "events": 0} if apimethod_is_otx_enabled() is False: return False, 'OTX is not activated' try: pulse_db = PulseDB() pulses = pulse_db.get_range(0, -1) del pulse_db # Getting the number of pulses stats['pulses'] = len(pulses) # Counting the number of indicators for each pulse. for p in pulses: stats['iocs'] += len(p.get('indicators', {})) stats['alarms'] = db_get_otx_alarms(user) stats['events'] = db_get_otx_events(user) except Exception as err: api_log.error("[apimethod_get_otx_pulse_stats] %s" % str(err)) return False, "Error retrieving the Pulse Stats: %s" % str(err) success, last_updated = db_get_config("open_threat_exchange_latest_update") if not success: api_log.error("[apimethod_get_otx_pulse_stats] %s" % str(last_updated)) return False, "Error retrieving the Pulse Stats: %s" % str(last_updated) stats['last_updated'] = last_updated return True, stats