def indicators():
"""
GET/POST the Indicators Controller
:return: { 'message': '{success|failure}', 'data': [] }
"""
if request.method == 'GET':
filters = {}
for f in FILTERS:
if request.args.get(f):
filters[f] = request.args.get(f)
try:
r = Client(remote,
pull_token()).filter(filters=filters,
limit=request.args.get('limit'))
except RuntimeError as e:
logger.error(e)
response = jsonify({"message": "search failed", "data": []})
response.status_code = 403
else:
response = jsonify({"message": "success", "data": r})
response.status_code = 200
else:
try:
r = Client(remote, pull_token()).submit(request.data)
except RuntimeError as e:
logger.error(e)
response = jsonify({"message": "submission failed", "data": []})
response.status_code = 422
else:
response = jsonify({"message": "success", "data": r})
response.status_code = 201
return response
def __init__(self,
remote=HUNTER_ADDR,
router=ROUTER_ADDR,
token=TOKEN,
*args,
**kv):
self.logger = logging.getLogger(__name__)
self.context = zmq.Context.instance()
self.socket = self.context.socket(zmq.SUB)
if sys.version_info > (3, ):
self.socket.setsockopt_string(zmq.SUBSCRIBE, '')
else:
self.socket.setsockopt(zmq.SUBSCRIBE, '')
self.loop = ioloop.IOLoop.instance()
self.loop.add_handler(self.socket, self.handle_message, zmq.POLLIN)
self.plugins = []
import pkgutil
self.logger.debug('loading plugins...')
for loader, modname, is_pkg in pkgutil.iter_modules(
cif.hunter.__path__, 'cif.hunter.'):
p = loader.find_module(modname).load_module(modname)
self.plugins.append(p.Plugin(*args, **kv))
self.logger.debug('plugin loaded: {}'.format(modname))
self.hunters = remote
self.router = Client(remote=router, token=token)
def ping():
"""
Ping the router interface
:return: { 'message': 'success', 'data': '<timestamp>' }
"""
r = Client(remote, pull_token()).ping()
return jsonify({"message": "success", "data": r})
def main():
p = get_argument_parser()
p = ArgumentParser(description=textwrap.dedent('''\
example usage:
$ cif-httpd -d
'''),
formatter_class=RawDescriptionHelpFormatter,
prog='cif-httpd',
parents=[p])
p.add_argument("--router",
help="specify router frontend [default %(default)s]",
default=ROUTER_ADDR)
p.add_argument('--token',
help="specify cif-httpd token [default %(default)s]",
default=TOKEN)
p.add_argument(
'--listen',
help='specify the interface to listen on [default %(default)s]',
default=HTTP_LISTEN)
p.add_argument('--listen-port',
help='specify the port to listen on [default %(default)s]',
default=HTTP_LISTEN_PORT)
p.add_argument('--fdebug', action='store_true')
args = p.parse_args()
setup_logging(args)
logger = logging.getLogger(__name__)
logger.info('loglevel is: {}'.format(
logging.getLevelName(logger.getEffectiveLevel())))
setup_signals(__name__)
try:
logger.info('pinging router...')
if Client(args.router, args.token).ping():
app.config["SECRET_KEY"] = os.urandom(1024)
logger.info('starting up...')
app.run(host=args.listen, port=args.listen_port, debug=args.fdebug)
else:
logger.error('router unavailable...')
except KeyboardInterrupt:
logger.info('shutting down...')
raise SystemExit
def search():
"""
Search controller
:param str q: query term (ex: example.org, 1.2.3.4, 1.2.3.0/24)
:param dict filters: query filters
:param int limit: limit search results (reporttime desc)
:return: { 'message': 'success', 'data': [] }
"""
filters = {}
for k in ['indicator', 'itype', 'application', 'limit']:
if request.args.get(k):
filters[k] = request.args.get(k)
if request.args.get('q'):
filters['indicator'] = request.args.get('q')
r = Client(remote, pull_token()).search(filters)
return jsonify({"message": "success", "data": r})
def client():
from cif.client.zeromq import ZMQ as Client
yield Client(ROUTER_ADDR, '1234')