def run(self):
# Connect to rabbit
credentials = pika.PlainCredentials(
self.config['Rabbit']['username'],
self.config['Rabbit']['password'])
self.connection = pika.BlockingConnection(
pika.ConnectionParameters(host=self.config['Rabbit']['host'], credentials=credentials))
self.channel = self.connection.channel()
# Setup recurring search
rpcSender = RPCSender(self.config)
resp = json.loads(rpcSender.send_request(
'SEARCH',
'honeycomb',
{"QUERY": self.query, "TIMESCALE": 604800},
'',
'pheromonealerter',
key='honeycomb'))
self.channel.basic_consume(
self.on_message,
queue=resp['data']['queue'],
no_ack=True)
self.ready.set()
self.channel.start_consuming()
def new(self, msg, resp):
worker = self.workers.new()
sender = RPCSender(self.config)
r = sender.channel.queue_declare()
q = r.method.queue
machine = ProcHandler(
self.config,
Alerter(
self.config,
msg['data']['query'],
msg['data']['time'],
msg['data']['quantity'],
msg['data']['message'],
msg['data']['user']),
q)
machine.start()
req = json.loads(sender.send_request(
'GET',
'hive',
{'variables': ['uuid']},
'',
'',
key=q))
print req
worker.UUID = req['uuid']
worker.CONTROLQUEUE = q
worker.QUERY = msg['data']['query']
worker.TIME = msg['data']['time']
worker.QUANTITY = msg['data']['quantity']
worker.MESSAGE = msg['data']['message']
self.workers.save(worker)
resp.respond({worker.UUID: worker.to_hash()})
def run(self):
# Connect to rabbit
credentials = pika.PlainCredentials(
self.config['Rabbit']['username'],
self.config['Rabbit']['password'])
self.connection = pika.BlockingConnection(
pika.ConnectionParameters(host=self.config['Rabbit']['host'], credentials=credentials))
self.channel = self.connection.channel()
# Setup queue for outputing data
result = channel.queue_declare(exclusive=true)
self.queue = result.method.queue
# Push all historic data from honeycomb
rpcSender = RPCSender(self.config)
resp = rpcSender.send_request(
'THINGS',
'honeycomb',
'{}',
'SOMETHING',
'timemachineworker',
key='honeycomb')
for log in resp.data:
self.channel.basic_publish(
exchange='',
routing_key=self.queue,
body=log)
# Start listening for live data to forward
result = channel.queue_declare(exclusive=true)
self.buff = result.method.queue
channel.queue_bind(
exchange='apiary',
queue=self.buff,
routing_key='agent.*.data')
channel.basic_consume(on_message, queue=self.buff, no_ack=True)
channel.start_consuming()
def newsearch(self, msg, resp):
sender = RPCSender(self.config)
queue = sender.channel.queue_declare()
queue_name = queue.method.queue
results = self.searchers.mongoQuery({'QUERY': msg['data']['QUERY']})
if len(results) > 0:
searcher = results[0]
sender.channel.queue_bind(
exchange=searcher.OUTPUTEXCHANGE,
queue=queue_name)
req = sender.send_request(
'SET',
'hive',
{'override': True},
'',
'',
key=searcher.CONTROLQUEUE)
else:
searcher = self.searchers.new()
r = sender.channel.queue_declare()
q = r.method.queue
machine = ProcHandler(
self.config,
Searcher(
self.config,
msg['data']['QUERY']),
q)
machine.start()
req = json.loads(sender.send_request(
'GET',
'hive',
{'variables': ['exchange']},
'',
'',
key=q))
searcher.OUTPUTEXCHANGE = req['exchange']
searcher.CONTROLQUEUE = q
searcher.QUERY = msg['data']['QUERY']
sender.channel.queue_bind(
exchange=searcher.OUTPUTEXCHANGE,
queue=queue_name)
req = sender.send_request(
'SET',
'hive',
{'override': True},
'',
'',
key=q)
self.searchers.save(searcher)
resp.respond({'queue': queue_name})
data['CONTENT'] = "ERROR 128.10.10.90"
data['TYPE'] = "string"
data['EVENTTIMESTAMP'] = str(time.time())
data['METADATA'] = {}
data['METADATA']['TAGS'] = "firewall,yomama"
data['QUERY'] = "CONTENT:\"ERROR *.*.*.*\""
data['TIMESCALE'] = "86400"
data['files'] = {'PATH': "/etc/path", 'TAGS': "firewall"}
data['agents'] = ['17af7719-f759-44a5-95a6-f66d31c53f86']
data['query'] = "CONTENT:apple"
data['time'] = 600
data['quantity'] = 5
data['message'] = "HOLY MOTHER OF JEBUS"
data['user'] = "******"
sdata = data
config = {}
config['Rabbit'] = {}
config['Rabbit']['username'] = '******'
config['Rabbit']['password'] = '******'
config['Rabbit']['host'] = '192.168.1.106'
sender = RPCSender(config)
resp = sender.send_request('QUERY', 'hive', sdata, 'LKJABSDHBAS', 'Test Script', exchange="", key="honeycomb")
#resp = sender.send_request('NEW', 'hive', sdata, 'LKJABSDHBAS', 'Test Script', exchange="", key="pheromone")
print resp
