class TbNetworkContentInspectionEngineLogFactory(CMFactory):
class Meta:
model = TbNetworkContentInspectionEngineLog
sqlalchemy_session_persistence = 'commit'
CMGuid = TbSystemInfo.get_CM_guid()
SLF_MsgType = 1756
SLF_LogVersion = 1
SLF_LogMinorVersion = 0
SLF_LogGenLocalDatetime = ExtendDateTime.current_time()
SLF_TimeZoneInMins = -480
SLF_DaylightSavingInMins = 0
LogReceivedTime = ExtendDateTime.current_time()
LogReceivedTimeZone = -480
SLF_ComputerName = None
SLF_ProcessName = "Factory.exe"
SLF_SourceIP = '10.1.1.1'
SLF_SourcePort = 80
SLF_DestinationIP = None
SLF_DestinationPort = 80
SLF_Action = 1
SLF_Direction = 1
SLF_PatternType = 1
SLF_Is_CCCA_Detection = 1
SLF_CCCA_DetectionSource = 1
SLF_CCCA_RiskLevel = 1
NCIE_ThreatName = None
CE_FilterID = 'F'
SLF_DestinationDomain = None
@factory.lazy_attribute_sequence
def MsgLogID(self, n):
return "503C31155B94-4E8B9FF2-NCIE-79A5-{:B>4}".format(n)
@factory.lazy_attribute
def LogReceivedUTCTime(self):
return ExtendDateTime.get_date_by_offset(
timedelta(minutes=int(self.LogReceivedTimeZone)),
self.LogReceivedTime)
@factory.lazy_attribute
def SLF_LogGenUTCDatetime(self):
return ExtendDateTime.get_date_by_offset(
timedelta(minutes=int(self.SLF_TimeZoneInMins)),
self.SLF_LogGenLocalDatetime)
@factory.lazy_attribute
def SLF_ProductGUID(self):
return TbEntityInfo.find_by_machine_name(
self.SLF_ComputerName).EI_AgentID
@factory.lazy_attribute
def SLF_ClientGUID(self):
return TbEntityInfo.find_by_machine_name(
self.SLF_ComputerName).EI_EntityID
@factory.lazy_attribute
def SLF_ProductID(self):
return TbEntityInfo.find_by_machine_name(
self.SLF_ComputerName).EI_ProductType
class TbQuickInvMatchObjectInfoFactory(CMFactory):
class Meta:
model = TbQuickInvMatchObjectInfo
sqlalchemy_session_persistence = 'commit'
AgentID = '112E85840114-694DBF9D-44CC-65D3-0003'
SLF_Key = '0x4fa3ac39560cb7f8a1e794840'
RetroScanCategory = 5
MetaValue = 8
MetaCategory = 11
FirstSeenUTCTime = ExtendDateTime.get_date_by_offset('-3')
RCAScanID = None
FileFullPath = None
FileCreationUTCTime = None
LastUpdateTime = ExtendDateTime.current_time()
class Params:
rca_init = True
agent = 'Client11'
@factory.lazy_attribute
def AgentID(self):
return TbEntityInfo.find_by_machine_name(self.agent).EI_EntityID
@factory.lazy_attribute_sequence
def RetroScanData_MD5(self, n):
md5 = '7788no9{:A>4}'.format(n)
return bytes(md5, 'utf-8')
@factory.lazy_attribute_sequence
def RCAScanID(self, n):
if self.rca_init:
return None
else:
return "a4918672-92da-4065-9dec-1ebf6c5a{:A>4}".format(n)
class TbRCATaskFactory(CMFactory):
class Meta:
model = TbRCATask
sqlalchemy_session_persistence = 'commit'
TaskID = None
ScanSummaryID = None
Criteria = 'factory.com'
CriteriaType = 1
AgentID = '112E85840114-694DBF9D-44CC-65D3-0003'
ServerID = None
SLF_Key = '123'
Status = 0
IsAffected = 0
IsSync = 0
CreationTime = ExtendDateTime.current_time()
LastUpdateTime = ExtendDateTime.current_time()
IsTimeout = 0
class Params:
init = True
agent = 'Client11'
day_offset = '+0'
@factory.lazy_attribute
def AgentID(self):
return TbEntityInfo.find_by_machine_name(self.agent).EI_EntityID
@factory.lazy_attribute
def ServerID(self):
if self.init:
return None
else:
return TbEntityInfo.find_by_machine_name(self.agent).EI_AgentID
@factory.lazy_attribute_sequence
def TaskID(self, n):
if self.init:
return None
else:
return "a4918672-92da-4065-rcac-1ebf6c5a{:A>4}".format(n)
@factory.lazy_attribute_sequence
def ScanSummaryID(self, n):
if self.init:
return None
else:
return "b4918672-92da-4065-scan-1ebf6c5a{:A>4}".format(n)
@factory.lazy_attribute
def CreationTime(self):
return ExtendDateTime.get_date_by_offset(self.day_offset)
class TbBlacklistInfoFactory(CMFactory):
class Meta:
model = TbBlacklistInfo
sqlalchemy_session_persistence = 'commit'
SLF_Key = '0x36e77307362d14b49b9d61f24b221082'
SLF_Action = 1
SLF_Type = 2
SLF_Data = '1.1.1.1'
SLF_RiskLevel = 3
SourceType = 1
ScanAction = 1
Status = 1
UserDefinedTime = ExtendDateTime.current_time()
class Params:
expire_date = '+5'
expire_utc_date = '+13'
@factory.lazy_attribute_sequence
def EntityID(self, n):
return '11111111-AAAA-BBBB-CCCC-DDDDDDDD{:A>4}'.format(n)
@factory.lazy_attribute
def SLF_ExpireDateTimeStamp(self):
return ExtendDateTime.get_time_stamp_by_offset(self.expire_date)
@factory.lazy_attribute
def SLF_ExpiredUTCDate(self):
return ExtendDateTime.get_date_by_offset(self.expire_utc_date)
class TbIOCFileListFactory(CMFactory):
class Meta:
model = TbIOCFileList
sqlalchemy_session_persistence = 'commit'
IOC_GUID = '111111111111-AAAAAAAA-1111-0000-0001'
FileHashID = '31DD9A3F6863946E36E7A6762609CFE22C7154FC'
FileName = 'Test IOC file 1'
Author = 'Tester'
AuthoredUTCTime = ExtendDateTime.current_time()
ShortDesc = 'Short description sample'
Description = 'Description sample'
FileContent_BASE64 = '123='
UploadedTime = ExtendDateTime.current_time()
UploadedFrom = 1
UploadedBy = 'app name 1'
ExtractingStatus = 1
class TbIOCsYARAFileListFactory(CMFactory):
class Meta:
model = TbIOCsYARAFileList
sqlalchemy_session_persistence = 'commit'
FileHashID = '71EAB2143940EF63899DBD8C99994FD374174EAB'
FileName = 'APT_Gholee.yara'
FileContent_BASE64 = '123='
UploadedTime = ExtendDateTime.current_time()
UploadedFrom = 1
UploadedBy = 'test app 1'
class TbIOCsSTIXFileListFactory(CMFactory):
class Meta:
model = TbIOCsSTIXFileList
sqlalchemy_session_persistence = 'commit'
FileHashID = '017D896BE4991423EB6653077B93ADA1DCC7FFB2'
FileName = 'STIX_Domain_Watchlist.xml'
FileContent_BASE64 = '123='
Title = 'Title line 1 test app 1'
UploadedTime = ExtendDateTime.current_time()
UploadedFrom = 1
UploadedBy = 'test app 1'
ExtractingStatus = 1
class TbQuickInvTaskFactory(CMFactory):
class Meta:
model = TbQuickInvTask
sqlalchemy_session_persistence = 'commit'
TaskID = None
HasMore = 1
LastContentID = ''
Criteria = 'a.b.c'
CriteriaType = 1
RetroScanData_MD5 = None
RetroScanCategory = 5
SLF_Key = '123'
IsManual = 1
CreationTime = ExtendDateTime.current_time()
LastUpdateTime = ExtendDateTime.current_time()
IsTimeout = 0
class Params:
init = True
day_offset = '+0'
@factory.lazy_attribute_sequence
def TaskID(self, n):
if self.init:
return None
else:
return "a4918672-92da-4065-9dec-1ebf6c5a{:A>4}".format(n)
@factory.lazy_attribute
def CreationTime(self):
return ExtendDateTime.get_date_by_offset(self.day_offset)
@factory.lazy_attribute_sequence
def RetroScanData_MD5(self, n):
md5 = '7788no9{:A>4}'.format(n)
return bytes(md5, 'utf-8')
class TbInventoryQuickInvScanMappingFactory(CMFactory):
class Meta:
model = TbInventoryQuickInvScanMapping
sqlalchemy_session_persistence = 'commit'
EventContent_MD5 = bytes('123456', 'utf-8')
RetroScanData_MD5 = bytes('234567', 'utf-8')
RetroScanCategory = 2
LastUpdateTime = ExtendDateTime.current_time()
@factory.lazy_attribute_sequence
def EventContent_MD5(self, n):
md5 = '5566nodie{:A>4}'.format(n)
return bytes(md5, 'utf-8')
@factory.lazy_attribute_sequence
def RetroScanData_MD5(self, n):
md5 = '183nodie{:A>4}'.format(n)
return bytes(md5, 'utf-8')
def initialize_yara_test_data():
yara_test_data = os.path.join(
os.path.dirname(os.path.abspath(__file__)),
r'..\..\tests\external_api\initial_data\yara.csv')
test_data_list = csv_handler.parse_csv(yara_test_data)
dict_list = []
for sub_list in test_data_list[1:]:
tmp_dict = {}
for key, data in zip(test_data_list[0], sub_list):
tmp_dict.update({key: data})
dict_list.append(tmp_dict)
time_offset = -1
for yara in dict_list:
TbIOCsYARAFileListFactory(
FileHashID=yara['FileHashID'],
FileName=yara['FileName'],
UploadedFrom=int(yara['UploadedFrom']),
UploadedBy=yara['UploadedBy'],
UploadedTime=ExtendDateTime.get_date_by_offset(str(time_offset)))
time_offset -= 1
def initialize_stix_test_data():
stix_test_data = os.path.join(
os.path.dirname(os.path.abspath(__file__)),
r'..\..\tests\external_api\initial_data\stix.csv')
test_data_list = csv_handler.parse_csv(stix_test_data)
dict_list = []
for sub_list in test_data_list[1:]:
tmp_dict = {}
for key, data in zip(test_data_list[0], sub_list):
tmp_dict.update({key: data})
dict_list.append(tmp_dict)
time_offset = -1
for stix in dict_list:
TbIOCsSTIXFileListFactory(
FileHashID=stix['FileHashID'],
FileName=stix['FileName'],
Title=stix['ShortDesc_Title'],
UploadedFrom=int(stix['UploadedFrom']),
UploadedBy=stix['UploadedBy'],
ExtractingStatus=int(stix['ExtractingStatus']),
UploadedTime=ExtendDateTime.get_date_by_offset(str(time_offset)))
time_offset -= 1
def CreationTime(self):
return ExtendDateTime.get_date_by_offset(self.day_offset)
def SLF_LogGenerationTime(self):
return ExtendDateTime.get_date_by_offset(self.day_offset)
def SLF_LogGenUTCDatetime(self):
return ExtendDateTime.get_date_by_offset(
timedelta(minutes=int(self.SLF_TimeZoneInMins)),
self.SLF_LogGenLocalDatetime)
def LogReceivedUTCTime(self):
return ExtendDateTime.get_date_by_offset(
timedelta(minutes=int(self.LogReceivedTimeZone)),
self.LogReceivedTime)
class TbAvviruslogFactory(CMFactory):
class Meta:
model = TbAVVirusLog
sqlalchemy_session_persistence = 'commit'
CLF_MsgLogType = 1703
CLF_LogMinorVersion = 1
CLF_EntityID = '111111111111-AAAAAAAA-1111-0000-0001'
CLF_ManagerID = '000C2934ADB2-5AEBD810-05D5-C191-5B5E'
CLF_LogVersion = 1
CLF_ProductType = '15'
CLF_ProductVersion = '13.5'
CLF_ProductLanguageCode = 0
CLF_LogGenerationTime = ExtendDateTime.get_date_by_offset('-1')
CLF_LogGenerationTimeZone = 0
CLF_LogReceivedTime = ExtendDateTime.current_time()
CLF_LogReceivedUTCTime = ExtendDateTime.current_time()
CLF_LogReceivedTimeZone = 0
CLF_ServerityCode = 2
CLF_ComponentCode = 9
CLF_LogReplicatedFlag = None
CLF_ComputerName = 'Client11'
CLF_ProductPlatformCode = 4
CLF_IsDayLightSaving = 0
CLF_ReasonCode = 'virus log'
CLF_ReasonCodeSource = 20
VLF_VirusLogType = 1
VLF_VirusName = 'Factory_make_virus'
VLF_IsMoreThanOneVirus = 0
VLF_FunctionCode = 11
VLF_FirstAction = 2
VLF_SecondAction = 4
VLF_FirstActionResult = 32
VLF_SecondActionResult = 25
VLF_FileName = 'Factory_make'
VLF_FilePath = 'C:\\factory\\make'
VLF_FileNameInCompressedFile = 'win32'
VLF_InfectionSource = 'Factory Make'
VLF_InfectionDestination = '*****@*****.**'
VLF_EngineType = 4096
VLF_EngineVersion = '1.83.5566'
VLF_PatternType = None
VLF_PatternNumber = 55688
SIC_RuleName = None
MVL_Protocol = None
MVL_DeliverTime = None
MVL_StorageGroup = None
MVL_DataBaseName = None
MVL_FolderName = None
MVL_MessageID = None
DVL_ClientIPAddress = None
DVL_ResultCode = None
FVL_InfectTarget = None
FVL_LoginUser = None
MVL_Subject = None
DCS_JobID = None
DCS_TaskID = None
VLF_MajorVirusType = 1
VLF_SubVirusType = 0
VLF_PrivateAttribute = None
VLF_ClientGUID = '112E85840114-694DBF9D-44CC-65D3-0003'
AggregatedCount = 1
AggregatedLocalToTime = None
AggregatedUTCToTime = None
SourceIP = None
DestIP = None
UserGroupName = None
SLF_FileSHA1 = None
SLF_CloudStorage = None
CE_FilterID = None
SLF_Channel = None
CLF_LogGenCMLocalTime = ExtendDateTime.current_time()
@factory.lazy_attribute_sequence
def MsgLogID(self, n):
return "503C31155B94-4E8B9FF2-VIRU-SLOG-{:A>4}".format(n)
@factory.lazy_attribute
def VLF_ClientGUID(self):
return TbEntityInfo.find_by_machine_name(self.CLF_ComputerName).EI_EntityID
@factory.lazy_attribute
def CLF_ProductVersion(self):
return TbEntityInfo.find_by_machine_name(self.CLF_ComputerName).EI_ProductVersion
@factory.lazy_attribute
def CLF_ProductType(self):
return TbEntityInfo.find_by_machine_name(self.CLF_ComputerName).EI_ProductType
@factory.lazy_attribute
def CLF_ManagerID(self):
return TbEntityInfo.find_by_machine_name(self.CLF_ComputerName).EI_ManagerID
@factory.lazy_attribute
def CLF_EntityID(self):
return TbEntityInfo.find_by_machine_name(self.CLF_ComputerName).EI_AgentID
def FileCreationUTCTime(self):
return ExtendDateTime.get_date_by_offset(self.create_date)
def CLF_LogGenCMLocalTime(self):
return ExtendDateTime.get_date_by_offset(self.day_offset)
class TbFileHashDetectionLogFactory(CMFactory):
class Meta:
model = TbFileHashDetectionLog
sqlalchemy_session_persistence = 'commit'
CMGuid = TbSystemInfo.get_CM_guid()
SLF_LogType = 1766
SLF_ProductGUID = None
SLF_ProductID = None
SLF_LogVersion = 1
SLF_LogMinorVersion = 0
SLF_ComputerName = 'OSCE01'
SLF_ProductVersion = 13
SLF_LogGenerationTime = ExtendDateTime.current_time()
SLF_LogGenerationTimeZone = 8
SLF_IsDayLightSaving = 0
SLF_Sender = None
SLF_Recipient = None
SLF_Subject = None
SLF_EntryChannel = None
SLF_ClientGUID = None
SLF_ClientIP = None
SLF_HostName = None
SLF_TrueFileType = "EXE"
SLF_FileSHA1 = None
SLF_FileSource = "Factory.exe"
SLF_SourceType = 0
SLF_Action = 1
SLF_ActionResult = 1
SLF_ScanType = 2
SLF_LogReceivedUTCTime = ExtendDateTime.current_time()
SLF_FileCreatedUTCTime = ExtendDateTime.current_time()
SLF_FileModifiedUTCTime = ExtendDateTime.current_time()
CE_FilterID = None
CLF_LogGenCMLocalTime = ExtendDateTime.current_time()
class Params:
affected_client = None
day_offset = '+0'
@factory.lazy_attribute_sequence
def MsgLogID(self, n):
return "503C31155B94-4E8B9FF2-FILE-HASH-{:A>4}".format(n)
@factory.lazy_attribute
def SLF_ProductGUID(self):
return TbEntityInfo.find_by_machine_name(
self.affected_client).EI_AgentID
@factory.lazy_attribute
def SLF_ProductID(self):
return TbEntityInfo.find_by_machine_name(
self.affected_client).EI_ProductType
@factory.lazy_attribute
def SLF_ProductVersion(self):
return TbEntityInfo.find_by_machine_name(
self.affected_client).EI_ProductVersion
@factory.lazy_attribute
def SLF_ClientGUID(self):
return TbEntityInfo.find_by_machine_name(
self.affected_client).EI_EntityID
@factory.lazy_attribute
def SLF_ClientIP(self):
return TbEntityInfo.find_by_machine_name(
self.affected_client).EI_IPAddressList
@factory.lazy_attribute
def SLF_HostName(self):
return self.affected_client
@factory.lazy_attribute
def SLF_LogGenerationTime(self):
return ExtendDateTime.get_date_by_offset(self.day_offset)
@factory.lazy_attribute
def CLF_LogGenCMLocalTime(self):
return ExtendDateTime.get_date_by_offset(self.day_offset)
def SLF_ExpireDateTimeStamp(self):
return ExtendDateTime.get_time_stamp_by_offset(self.expire_date)
class TbLogGeneralFactory(CMFactory):
class Meta:
model = TbLogGeneral
sqlalchemy_session_persistence = 'commit'
CMGuid = TbSystemInfo.get_CM_guid()
LogReferenceID = None
Authentication = 1
ConstraintType = 0
ComputerName = 'DDI01'
DaylightSavingInMins = 0
Description = 'Factory Make'
DetectedBy = 42
DetectionName = 'Factory Made Virus'
LogGenLocalDatetime = ExtendDateTime.get_date_by_offset('-1')
LogGenUTCDatetime = ExtendDateTime.get_date_by_offset('-1')
LogMinorVersion = 4
LogVersion = 1
MsgType = 1723
PotentialRisk = 0
Protocol = 5
ProtocolGroup = 8
RiskType = 'AV'
RiskTypeGroup = 1
RuleID = 709
ScanDirection = 4
TimeZoneInMins = 0
VLANId = 5
CLF_LogReceivedTime = datetime.datetime.now()
CollaborationID = '73599893-97B1-4678-B964-4D9B3FEDAAE4'
Severity = 1
SLF_InterestedIP = None
SLF_PeerIP = '5.5.6.6'
SLF_Is_CCCA_Detection = 1
SLF_CCCA_DetectionSource = 1
SLF_CCCA_Destination = None
SLF_CCCA_RiskLevel = 0
SLF_CCCA_DestinationFormat = None
ThreatType = 1
IsBlocked = 0
InterestedGroupName = 'Fake Group'
DetectionType = 1
EventTotalCount = 1
EventAggregatedCount = 1
ECE_SeverityCode = 1
AttackPhase = 1
DetectedByVA = 1
LogNativeID = 9223372036854775807
DCEHash1 = 9223372036854775807
DCEHash2 = 9223372036854775807
Remarks = 'Fake Remark'
CC_Server = 'Fake Server'
CC_ServerType = 1
MalwareType = 'Fake Malware Type'
Event_Class = 4
Event_SubClass = 2
HeurFlag = 3
CommonThreatFamily = 'Fake Common Threat Family'
SLF_URLCorrelationKey = None
VADetectionName = None
ThreatCharacteristics = None
CE_FilterID = None
@factory.lazy_attribute_sequence
def MsgLogID(self, n):
return "503C31155B94-4E8B9FF2-LOGE-79A5-{:B>4}".format(n)
@factory.lazy_attribute
def ProductGUID(self):
return TbEntityInfo.find_by_machine_name(self.ComputerName).EI_EntityID
@factory.lazy_attribute
def ProductID(self):
return TbEntityInfo.find_by_machine_name(self.ComputerName).EI_ProductType
def SubmitTime(self):
return ExtendDateTime.get_date_by_offset(self.submit)
def FirstObsUTCTime(self):
return ExtendDateTime.get_date_by_offset(self.observe_date)
def SLF_ExpiredUTCDate(self):
return ExtendDateTime.get_date_by_offset(self.expire_utc_date)
def AnalyzeTime(self):
return ExtendDateTime.get_date_by_offset(self.analyze)