def send_unregister_service_event(self): """ Send the unregister event for the service. :return: None. """ if not self.client: raise DxlException("Client not defined") with self.lock: # Send the unregister event only if the register event was sent before and TTL has not yet expired. current_time = int(time.time()) last_register_time = self.get_register_time() if last_register_time > 0 and ( current_time - last_register_time) <= (self.ttl * 60): request = Request(destination_topic=_ServiceManager. DXL_SERVICE_UNREGISTER_REQUEST_CHANNEL) request.payload = self.json_unregister_service() response = self.client.sync_request(request, timeout=60) if response.message_type == Message.MESSAGE_TYPE_ERROR: raise DxlException("Unregister service request timed out") else: if last_register_time > 0: # pylint: disable=logging-not-lazy logger.info( "TTL expired, unregister service event omitted for " + self.service_type + " (" + self.instance_id + ")") info = self.service if info: info._notify_unregistration_succeeded()
def send_unregister_service_event(self): """ Send the unregister event for the service. :return: None. """ if not self.client: raise DxlException("Client not defined") # Send the unregister event only if the register event was sent before and TTL has not yet expired. current_time = int(time.time()) last_register_time = self.get_register_time() if last_register_time > 0 and (current_time - last_register_time) <= (self.ttl * 60): request = Request(destination_topic=_ServiceManager. DXL_SERVICE_UNREGISTER_REQUEST_CHANNEL) request.payload = bytes(self.json_unregister_service()) response = self.client.sync_request(request, timeout=60) if response.message_type != Message.MESSAGE_TYPE_ERROR: info = self.get_service() if info: info._notify_unregistration_succeeded() else: raise DxlException("Unregister service request timed out") else: raise DxlException("Unregister service request timed out")
def get_tie_file_reputation(client, md5_hex, sha1_hex): """ Returns a dictionary containing the results of a TIE file reputation request :param client: The DXL client :param md5_hex: The MD5 Hex string for the file :param sha1_hex: The SHA-1 Hex string for the file :return: A dictionary containing the results of a TIE file reputation request """ # Create the request message req = Request(FILE_REP_TOPIC) # Create a dictionary for the payload payload_dict = { "hashes": [{ "type": "md5", "value": base64_from_hex(md5_hex) }, { "type": "sha1", "value": base64_from_hex(sha1_hex) }] } # Set the payload req.payload = json.dumps(payload_dict).encode() # Send the request and wait for a response (synchronous) res = client.sync_request(req) # Return a dictionary corresponding to the response payload if res.message_type != Message.MESSAGE_TYPE_ERROR: return json.loads(res.payload.decode(encoding="UTF-8")) else: raise Exception("Error: " + res.error_message + " (" + str(res.error_code) + ")")
def execute_mar_search_api(client, payload_dict): """ Executes a query against the MAR search api :param client: The DXL client :param payload_dict: The payload :return: A dictionary containing the results of the query """ # Create the request message req = Request(CREATE_SEARCH_TOPIC) # Set the payload req.payload = json.dumps(payload_dict).encode() # Display the request that is going to be sent print "Request:\n" + json.dumps(payload_dict, sort_keys=True, indent=4, separators=(',', ': ')) # Send the request and wait for a response (synchronous) res = client.sync_request(req) # Return a dictionary corresponding to the response payload if res.message_type != Message.MESSAGE_TYPE_ERROR: resp_dict = json.loads(res.payload.decode()) # Display the response print "Response:\n" + json.dumps(resp_dict, sort_keys=True, indent=4, separators=(',', ': ')) if "code" in resp_dict: code = resp_dict['code'] if code < 200 or code >= 300: raise Exception("Error: Received failure response code: " + str(code)) else: raise Exception("Error: unable to find response code") return resp_dict else: raise Exception("Error: " + res.error_message + " (" + str(res.error_code) + ")")
def send_command(self, topic, command): """ Sends an Open Command and Control (OpenC2) message to the specified DXL service and returns the response. The `Lycan library <https://github.com/oasis-open/openc2-lycan-python>`_ contains the OpenC2 classes (Command, Response, etc.). :param topic: The DXL service topic to send the OpenC2 command to :param command: The `openc2.v10.Command` to send to the DXL service :return: The `openc2.v10.Response` received from the DXL service """ # Create the DXL request message request = Request(topic) # Serialize and encode the OpenC2 command request.payload = command.serialize().encode() # Perform a synchronous DXL request response = self._dxl_sync_request(request) if response.message_type == Message.MESSAGE_TYPE_ERROR: raise Exception(response.error_message) # Return the response response_dict = MessageUtils.json_payload_to_dict(response) return openc2.v10.Response(**response_dict)
def ticket(self, msg): print "Filing ticket..." req = Request(SERVICE_TOPIC) req.payload = msg res = client.sync_request(req) if res.message_type != Message.MESSAGE_TYPE_ERROR: print "Create Ticket Number %s" % res
def get_broker_registry(self, client_id=None): """ Queries the broker for the broker registry and replaces the currently stored one with the new results. Notifies all connected web sockets that new broker information is available. """ req = Request(TopologyModule.BROKER_REGISTRY_QUERY_TOPIC) if client_id: req.payload = "{ \"brokerGuid\":\"" + client_id + "\"}" else: req.payload = "{}" # Send the request dxl_response = self.app.dxl_service_client.sync_request(req, 5) if dxl_response.message_type == Message.MESSAGE_TYPE_ERROR: logger.error( "Error response returned from the broker registry: %s", dxl_response.error_message) return {} dxl_response_dict = MessageUtils.json_payload_to_dict(dxl_response) logger.info("Broker registry response: %s", dxl_response_dict) brokers = {} for broker_guid in dxl_response_dict["brokers"]: brokers[broker_guid] = dxl_response_dict["brokers"][broker_guid] self.current_connected_broker = dxl_response.source_broker_id return brokers
def query_repository(query): # Create query message and send it to the repository req = Request(SERVICE_REPOSITORY_QUERY_TOPIC) qm = QueryMessage(query) req.payload = (qm.to_json()).encode() res = client.sync_request(req) # Parse and return the query results qrm = QueryResultMessage() qrm.parse(res.payload.decode()) return qrm
def main(argv): TOPIC_DESTINATION = '' TYPE_PAYLOAD = '' PAYLOAD = '' help = 'python ' + sys.argv[0] + ' -t <topic destination> -p <payload>' try: opts, args = getopt.getopt(argv, "ht:p:", ["topic=", "payload="]) except getopt.GetoptError: print help sys.exit(1) for opt, arg in opts: if opt == '-h': print help sys.exit(1) elif opt in ("-t", "--topic"): TOPIC_DESTINATION = arg elif opt in ("-p", "--payload"): PAYLOAD = arg if (TOPIC_DESTINATION != '' and PAYLOAD != ''): DXL_MESSAGE['SRC_HOST'] = IP DXL_MESSAGE['PAYLOAD'] = PAYLOAD # Create the client with DxlClient(config) as client: # Connect to the fabric client.connect() # # Invoke the service (send a request) # # Create the request req = Request(TOPIC_DESTINATION) # Populate the request payload req.payload = str(json.dumps(DXL_MESSAGE)).encode() # Send the request and wait for a response (synchronous) res = client.sync_request(req) # Extract information from the response (if an error did not occur) if res.message_type != Message.MESSAGE_TYPE_ERROR: print "result is coming:" print res.payload else: logger.error("Error: " + res.error_message + " (" + str(res.error_code) + ")") else: print help sys.exit(1)
def request_assessment(iam): # Create a report request and send it to the manager req = Request(SERVICE_INITIATE_ASSESSMENT_TOPIC) req.payload = (iam.to_json()).encode() logger.info("Requesting report for %s:", iam.to_s()) res = client.sync_request(req) # Extract and store the transaction id from the acknowledgement message if res.message_type != Message.MESSAGE_TYPE_ERROR: ram = RequestAcknowledgementMessage() ram.parse(res.payload.decode()) logger.info("Application received response: %s", ram.to_s()) transactions.append(ram.transaction_id)
def retrieve_policy_by_name(self, policy_name): """ Retrieve information for an ANC policy by name. :param str policy_name: Name of the policy. :return: The policy information, which should look similar to this: .. code-block:: json { "ancStatus": "success", "ancpolicy": [ { "action": [ "Quarantine" ], "name": "quarantine_policy" } ] } :rtype: dict :raises Exception: If the policy name has not been defined. """ request = Request(self._ANC_RETRIEVE_POLICY_BY_NAME) MessageUtils.dict_to_json_payload(request, {_PARAM_POLICY_NAME: policy_name}) return MessageUtils.json_payload_to_dict( self._pxgrid_client._dxl_sync_request(request))
def apply_endpoint_policy_by_mac(self, mac_address, policy_name): """ Apply a policy to an endpoint by its MAC address. :param str mac_address: MAC address of the endpoint. :param str policy_name: Name of the policy to apply. :return: Results of the attempt to apply the endpoint policy. On a successful application, the results should look similar to this: .. code-block:: json { "ancStatus": "success" } :rtype: dict :raises Exception: If the supplied policy name has already been applied to the endpoint or the policy name has not been defined. """ request = Request(self._ANC_APPLY_ENDPOINT_POLICY_BY_MAC) MessageUtils.dict_to_json_payload(request, { _PARAM_MAC: mac_address, _PARAM_POLICY_NAME: policy_name }) return MessageUtils.json_payload_to_dict( self._pxgrid_client._dxl_sync_request(request))
def get_endpoint_by_mac(self, mac_address): """ Get information for an endpoint by its MAC address. :param str mac_address: MAC address of the endpoint. :return: The endpoint information, which should look similar to this: .. code-block:: json { "ancEndpoint": [ { "macAddress": "00:11:22:33:44:55", "policyName": "quarantine_policy" } ], "ancStatus": "success" } :rtype: dict :raises Exception: If no policy has been associated with the endpoint. """ request = Request(self._ANC_GET_ENDPOINT_BY_MAC) MessageUtils.dict_to_json_payload(request, {_PARAM_MAC: mac_address}) return MessageUtils.json_payload_to_dict( self._pxgrid_client._dxl_sync_request(request))
def send_mitigation_action_by_ip(self, ip_address, action): """ Send an EPS mitigation action for an endpoint IP address. :param str ip_address: IP address of the endpoint for which the action should be performed. :param dxlciscopxgridclient.constants.EpsAction action: The action to perform. :return: Results of the attempt to send the action. The results for a successful send should look similar to this: .. code-block:: json { "gid": "150", "macInterface": "00:11:22:33:44:55", "mitigationStatus": "complete" } :rtype: dict :raises Exception: If no session has been established for an endpoint which corresponds to the IP address. """ request = Request(self._EPS_SEND_MITIGATION_ACTION_BY_IP) MessageUtils.dict_to_json_payload(request, { _PARAM_IP: ip_address, _PARAM_ACTION: action, "foo": "bar" }) return MessageUtils.json_payload_to_dict( self._pxgrid_client._dxl_sync_request(request))
def retrieve_all_policies(self): """ Retrieve information for all ANC policies. :return: The policy information, which should look similar to this: .. code-block:: json { "ancStatus": "success", "ancpolicy": [ { "action": [ "ShutDown" ], "name": "shutdown_policy" }, { "action": [ "Quarantine" ], "name": "quarantine_policy" } ] } :rtype: dict """ request = Request(self._ANC_RETRIEVE_ALL_POLICIES) return MessageUtils.json_payload_to_dict( self._pxgrid_client._dxl_sync_request(request))
def _invoke_service(self, request_method, request_dict): """ Invokes a request method on the MISP DXL service. :param str request_method: The request method to append to the topic for the request. :param dict request_dict: Dictionary containing request information. :return: Results of the service invocation. :rtype: dict """ if self._misp_service_unique_id: request_service_id = "/{}".format(self._misp_service_unique_id) else: request_service_id = "" # Create the DXL request message. request = Request("{}{}/{}".format(self._SERVICE_TYPE, request_service_id, request_method)) # Set the payload on the request message (Python dictionary to JSON # payload). MessageUtils.dict_to_json_payload(request, request_dict) # Perform a synchronous DXL request. response = self._dxl_sync_request(request) # Convert the JSON payload in the DXL response message to a Python # dictionary and return it. return MessageUtils.json_payload_to_dict(response)
def send_mitigation_action_by_mac(self, mac_address, action): """ Send an EPS mitigation action for an endpoint MAC address. :param str mac_address: MAC address of the endpoint for which the action should be performed. :param dxlciscopxgridclient.constants.EpsAction action: The action to perform. :return: Results of the attempt to send the action. The results for a successful send should look similar to this: .. code-block:: json { "gid": "150", "macInterface": "00:11:22:33:44:55", "mitigationStatus": "complete" } :rtype: dict """ request = Request(self._EPS_SEND_MITIGATION_ACTION_BY_MAC) MessageUtils.dict_to_json_payload(request, { _PARAM_MAC: mac_address, _PARAM_ACTION: action }) return MessageUtils.json_payload_to_dict( self._pxgrid_client._dxl_sync_request(request))
def _refresh_all_services(self): """ Queries the broker for the service list and replaces the currently stored one with the new results. Notifies all connected web sockets that new services are available. """ req = Request(MonitorModule.SERVICE_REGISTRY_QUERY_TOPIC) req.payload = "{}" # Send the request dxl_response = self._dxl_service_client.sync_request(req, 5) dxl_response_dict = MessageUtils.json_payload_to_dict(dxl_response) logger.info("Service registry response: %s", dxl_response_dict) with self._service_dict_lock: self._services = {} for service_guid in dxl_response_dict["services"]: self._services[service_guid] = dxl_response_dict["services"][ service_guid] self.notify_web_sockets()
def send_register_service_request(self): """ Send the registration request for the service. :return: None. """ if not self.client: raise DxlException("Client not defined") req = Request(destination_topic=_ServiceManager.DXL_SERVICE_REGISTER_REQUEST_CHANNEL) req.payload = bytes(self.json_register_service()) response = self.client.sync_request(req, timeout=10) if response.message_type != Message.MESSAGE_TYPE_ERROR: self.update_register_time() info = self.get_service() if info: info._notify_registration_succeeded() else: # TODO: Notify the client with an exception if an error occurred, so that it doesn't wait for timeout logger.error("Error registering service.")
def task_pce(crm, pce_id): logger.info("Tasking PCE: %s", crm.to_s()) # Get content and perform any content conversions # before sending to PCE. If cancellation message # just send that to the PCE. if crm.ids == "": content = "cancel_" + str(crm.transaction_id) else: content = get_content(crm.ids) content = convert_content(content) # Send the collection request to the identified PCE req = Request(SERVICE_PCE_REQUEST_TOPIC + "/" + pce_id) req.payload = content res = client.sync_request(req) if res.message_type != Message.MESSAGE_TYPE_ERROR: # Only send results if not a cancel message if crm.ids != "": rrsm = ReportResultsMessage() rrsm.assessment_results = res.payload.decode() rrsm.transaction_id = crm.transaction_id rrsm.requestor_id = crm.requestor_id rrsm.target_id = lookup_target_id(pce_id) rrsm.collector_id = COLLECTOR_ID rrsm.pcx_id = PCX_ID rrsm.pce_id = pce_id rrsm.timestamp = str(datetime.datetime.now()) # Apply collection parameters cp_rrsm = apply_collection_parameters( rrsm, crm.collection_parameters) store_data(cp_rrsm) # Apply result format and filters and send to the # appropriate application rff_rrsm = apply_format_and_filters(rrsm, crm.result_format_filters) send_collection_results_event(rff_rrsm) return
def _invoke_service(self, topic, payload, other_fields=None): """ Invokes a request method on the File Transfer DXL service. :param str topic: The topic to send the request to. :param payload: The payload to include in the request :param dict other_fields: Other fields to include in the request :return: Results of the service invocation. :rtype: dict """ # Create the DXL request message. request = Request(topic) # Set the full request parameters. request.payload = payload request.other_fields = other_fields # Perform a synchronous DXL request. response = self._dxl_sync_request(request) # Convert the JSON payload in the DXL response message to a Python # dictionary and return it. return MessageUtils.json_payload_to_dict(response)
def sendMessage(self, topic="/dsa/dxl/test/event2", message="Default message"): if not self.isConnected(): raise DxlJythonException(1200, "Not connected to a OpenDXL broker") try: request = Request(topic) # Encode string payload as UTF-8 request.payload = message.encode() # Send Synchronous Request with default timeout and wait for Response logger.info("Requesting '" + message + "' from '" + topic + "'") response = self.client.sync_request(request) dxl_message = JavaDxlMessage() dxl_message.setMessageVersion(response.version) dxl_message.setMessageId(response.message_id) dxl_message.setClientId(response.source_client_id) dxl_message.setBrokerId(response.source_broker_id) dxl_message.setMessageType(response.message_type) dxl_message.setBrokerIdList(response.broker_ids) dxl_message.setClientIdList(response.client_ids) dxl_message.setRequestMessageId(response.request_message_id) # Check that the Response is not an Error Response, then extract if response.message_type != Message.MESSAGE_TYPE_ERROR: dxl_message.setServiceId(response.service_id) dxl_message.setPayload(response.payload.decode()) else: dxl_message.setErrorCode(response.error_code) dxl_message.setErrorMessage(response.error_message) return dxl_message except Exception as e: logger.info("Exception: " + e.message) raise DxlJythonException(1010, "Unable to communicate with a DXL broker")
def _invoke_service(self, request_method, request_dict): """ Invokes a request method on the Elasticsearch DXL service. :param str request_method: The request method to append to the topic for the request. :param dict request_dict: Dictionary containing request information. :return: Results of the service invocation. :rtype: dict """ if self._elasticsearch_service_unique_id: request_service_id = "/{}".format( self._elasticsearch_service_unique_id) else: request_service_id = "" # Create the DXL request message. request = Request("{}{}/{}".format( self._SERVICE_TYPE, request_service_id, request_method)) # Set the payload on the request message (Python dictionary to JSON # payload). MessageUtils.dict_to_json_payload(request, request_dict) # Perform a synchronous DXL request. response = self._dxl_client.sync_request(request, timeout=self.response_timeout) if response.message_type == Message.MESSAGE_TYPE_ERROR: try: self._raise_exception_for_error_response( MessageUtils.json_payload_to_dict(response)) except ValueError: # If an appropriate exception cannot be constructed from the # error response data, raise a more generic Exception as a # fallback. raise Exception("Error: {} ({})".format( response.error_message, str(response.error_code))) # Convert the JSON payload in the DXL response message to a Python # dictionary and return it. return MessageUtils.json_payload_to_dict(response)
def lookup_host(self, host): """ Looks up Geolocation information for the specified host/IP :param host: The host/IP to lookup :return: A dictionary (``dict``) containing the details of the Geolocation lookup """ # Create the DXL request message request = Request(self.HOST_LOOKUP_TOPIC) # Set the payload on the request message (Python dictionary to JSON payload) MessageUtils.dict_to_json_payload(request, {self._PARAM_HOST: host}) # Perform a synchronous DXL request response = self._dxl_sync_request(request) # Convert the JSON payload in the DXL response message to a Python dictionary # and return it. return MessageUtils.json_payload_to_dict(response)
def clear_endpoint_policy_by_mac(self, mac_address): """ Clear the policy for an endpoint by its MAC address. :param str mac_address: MAC address of the endpoint. :return: Results of the attempt to clear the endpoint policy. On a successful clear attempt, the results should look similar to this: .. code-block:: json { "ancStatus": "success" } :rtype: dict :raises Exception: If no policy has been associated with the endpoint. """ request = Request(self._ANC_CLEAR_ENDPOINT_POLICY_BY_MAC) MessageUtils.dict_to_json_payload(request, {_PARAM_MAC: mac_address}) return MessageUtils.json_payload_to_dict( self._pxgrid_client._dxl_sync_request(request))
def _invoke_service(self, req_dict, topic): """ Invokes the DXL Nmap service. :param req_dict: Dictionary containing request information :param topic: The Nmap DXL topic to invoke :return: A dictionary containing the response """ # Create the DXL request message request = Request(topic) # Set the payload on the request message (Python dictionary to JSON # payload) MessageUtils.dict_to_json_payload(request, req_dict) # Perform a synchronous DXL request response = self._dxl_sync_request(request) # Convert the JSON payload in the DXL response message to a Python # dictionary and return it. return MessageUtils.json_payload_to_dict(response)
# Create DXL configuration from file config = DxlClientConfig.create_dxl_config_from_file(CONFIG_FILE) # The ePO unique identifier EPO_UNIQUE_ID = "<specify-ePO-unique-identifier>" # The search text SEARCH_TEXT = "<specify-find-search-text>" # Create the client with DxlClient(config) as client: # Connect to the fabric client.connect() req = Request("/mcafee/service/epo/remote/{0}".format(EPO_UNIQUE_ID)) req.payload = \ json.dumps({ "command": "system.find", "output": "json", "params": {"searchText": SEARCH_TEXT} }).encode(encoding="utf-8") # Send the request res = client.sync_request(req, timeout=30) if res.message_type != Message.MESSAGE_TYPE_ERROR: response_dict = json.loads(res.payload, encoding='utf-8') print json.dumps(response_dict, sort_keys=True, indent=4, separators=(',', ': ')) else: print "Error: {0} ({1}) ".format(res.error_message, str(res.error_code))
logger = logging.getLogger(__name__) # Create DXL configuration from file config = DxlClientConfig.create_dxl_config_from_file(CONFIG_FILE) # Create the client with DxlClient(config) as client: # Connect to the fabric client.connect() logger.info("Connected to DXL fabric.") # Invoke 'host scan' method request_topic = "/opendxl-urlvoid/service/urlvapi/host/scan" req = Request(request_topic) MessageUtils.dict_to_json_payload(req, {"host": "027.ru"}) res = client.sync_request(req, timeout=60) if res.message_type != Message.MESSAGE_TYPE_ERROR: payload = MessageUtils.decode_payload(res) xml = xml.dom.minidom.parseString(payload) print("Response for URLVoid host scan:") print( xml.toprettyxml(indent=' ', newl='', encoding="UTF-8").decode("UTF-8")) else: print("Error invoking service with topic '{0}': {1} ({2})".format( request_topic, res.error_message, res.error_code))
logger = logging.getLogger(__name__) # Create DXL configuration from file config = DxlClientConfig.create_dxl_config_from_file(CONFIG_FILE) # The ePO unique identifier EPO_UNIQUE_ID = "<specify-ePO-unique-identifier>" # Create the client with DxlClient(config) as client: # Connect to the fabric client.connect() # Create the request req = Request("/mcafee/service/epo/remote/{0}".format(EPO_UNIQUE_ID)) # Set the payload for the request (core.help remote command) MessageUtils.dict_to_json_payload(req, { "command": "core.help", "output": "verbose", "params": {} }) # Send the request res = client.sync_request(req, timeout=30) if res.message_type != Message.MESSAGE_TYPE_ERROR: # Display resulting payload print(MessageUtils.decode_payload(res)) else: print("Error: {0} ({1}) ".format(res.error_message,
logger = logging.getLogger(__name__) # Create DXL configuration from file config = DxlClientConfig.create_dxl_config_from_file(CONFIG_FILE) # Create the client with DxlClient(config) as client: # Connect to the fabric client.connect() logger.info("Connected to DXL fabric.") # Create the new event request request_topic = "/opendxl-misp/service/misp-api/new_event" new_event_request = Request(request_topic) # Set the payload for the new event request MessageUtils.dict_to_json_payload( new_event_request, { "distribution": 3, "info": "OpenDXL MISP new event example", "analysis": 1, "threat_level_id": 3 }) # Send the new event request new_event_response = client.sync_request(new_event_request, timeout=30) if new_event_response.message_type != Message.MESSAGE_TYPE_ERROR: # Display results for the new event request