def checkRA(self, stage): if self.rp_rule.get(stage): for rule in self.rp_rule.get(stage): try: rtask = REACTutils.read_yaml_file(self.inputRA + rule + ".yml") except OSError: print("Response Action %s not existing\n" % rule) continue self.task_prefix = int(self.task_prefix) self.task_prefix += 1 task = THC.TheHiveTask(order=self.task_order) self.task_order += 1 task.title = str(self.task_prefix) + " | "\ + rtask.get('id')\ + ": "\ + REACTutils.normalize_react_title(rtask.get('title'),REACTConfig.get('titlefmtrules')) if rtask.get('stage'): task.group = REACTutils.normalize_rs_name( rtask.get('stage')) else: task.group = 'Unknown stage' task.description = str(rtask.get('workflow')) if rtask.get('owner'): task.owner = str(rtask.get('owner')) self.case.tasks.append(task.return_dictionary())
def main(c_auth=None): try: REACTConfig = REACTutils.load_config("config.yml") confluence_space_name = REACTConfig.get('confluence_space_name') confluence_space_home_page_name = REACTConfig.get( 'confluence_space_home_page_name') confluence_rest_api_url = REACTConfig.get('confluence_rest_api_url') confluence_name_of_root_directory = REACTConfig.get( 'confluence_name_of_root_directory') except Exception as e: raise e pass if not c_auth: mail = input("Login: "******"" print("[*] Creating RE&CT root page...") data = { "title": confluence_name_of_root_directory, "spacekey": confluence_space_name, "parentid": str(REACTutils.confluence_get_page_id( url, auth, confluence_space_name, confluence_space_home_page_name)), "confluencecontent": content, } if not REACTutils.push_to_confluence(data, url, auth): raise Exception("[-] Could not create or update the page. " + "Is the parent name correct?") pages = ["Response Actions","Response Playbooks","Response Stages"] for page in pages: print("[*] Creating %s..." % page) data = { "title": page, "spacekey": confluence_space_name, "parentid": str(REACTutils.confluence_get_page_id( url, auth, confluence_space_name, confluence_name_of_root_directory)), "confluencecontent": content, } if not REACTutils.push_to_confluence(data, url, auth): raise Exception("[*] Could not create or update the page. " + "Is the parent name correct?") print("[+] Initial Confluence page structure created!") return True
def response_stage(self, rs_path): """Populate Response Stages""" print("[*] Populating Response Stages...") if rs_path: rs_list = glob.glob(rs_path + '*.yml') else: rs_dir = REACTConfig.get('response_stages_dir') rs_list = glob.glob(rs_dir + '/*.yml') for rs_file in rs_list: try: rs = ResponseStage(rs_file) rs.render_template("markdown") rs.save_markdown_file(atc_dir=self.atc_dir) except Exception as e: print(rs_file + " failed\n\n%s\n\n" % e) print("Err message: %s" % e) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) template = env.get_template('markdown_responsestage_main_template.j2') rss, rs_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_stages_dir')) rs_filenames = [ _rs_path.split('/')[-1].replace('.yml', '') for _rs_path in rs_paths ] rss_dict = {} rss_list = [] for i in range(len(rss)): rs_title = rss[i].get('title') rs_id = rss[i].get('id') rs_description = rss[i].get('description') rss_list.append((rs_id, rs_title, rs_description)) rss_dict.update({'rss_list': sorted(rss_list)}) content = template.render(rss_dict) REACTutils.write_file(rs_summary_dir + '/responsestages.md', content) print("[+] Response Stages populated!")
def __init__(self): UpdateReactMapping() response_actions = [] for ra_id, ra_name in ra_mapping.items(): ra_color = "" category_score = int(ra_id[3:6]) ra_category = REACTutils.get_ra_category(ra_id) for category_name, category_color in category_colors.items(): if ra_category == category_name: ra_color = category_color break response_actions.append({ "techniqueID": ra_id, "color": ra_color, "score": category_score, # for sorting }) NAVIGATOR_TEMPLATE['techniques'] = response_actions with open(directory + '/' + filename, 'w') as fp: json.dump(NAVIGATOR_TEMPLATE, fp) print(f'[+] Created {filename}')
def response_action(self, ra_path): """Nothing here yet""" print("[*] Populating Response Actions...") if ra_path: ra_list = glob.glob(ra_path + '*.yml') else: ra_dir = REACTConfig.get('response_actions_dir') ra_list = glob.glob(ra_dir + '/*.yml') for ra_file in ra_list: try: ra = ResponseAction(ra_file, apipath=self.apipath, auth=self.auth, space=self.space) ra.render_template("confluence") confluence_data = { "title": ra.ra_parsed_file['title'], "spacekey": self.space, "parentid": str( REACTutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Response Actions")), "confluencecontent": ra.content, } res = REACTutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: RA '" + ra.ra_parsed_file['title'] + "'") # print("Done: ", ra.ra_parsed_file['title']) except Exception as err: print(ra_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Response Actions populated!")
def save_markdown_file(self, atc_dir=REACTConfig.get('md_name_of_root_directory')): """Write content (md template filled with data) to a file""" base = os.path.basename(self.yaml_file) title = os.path.splitext(base)[0] file_path = atc_dir + self.parent_title + "/" + \ title + ".md" return REACTutils.write_file(file_path, self.content)
def react_create_markdown_dirs(): REACTConfig = REACTutils.load_config('config.yml') base_dir = Path(REACTConfig.get('md_name_of_root_directory', '../docs')) target_dir_list = [ 'Response_Actions', 'Response_Playbooks', 'Response_Stages' ] for item in target_dir_list: (base_dir / item).mkdir(parents=True, exist_ok=True)
def convertRPToTemplate(self, file_input, output_file): self.rp_rule = REACTutils.read_yaml_file(file_input) self.case = THC.TheHiveCase() self.case.name = self.rp_rule.get('id')\ + ": "\ + REACTutils.normalize_react_title(self.rp_rule.get('title'),REACTConfig.get('titlefmtrules')) self.case.description = str(self.rp_rule.get('description')) + \ '\n\nWorkflow:\n\n' + str(self.rp_rule.get('workflow')) try: self.case.tags += self.rp_rule.get('tags') except TypeError: pass self.case.tlp = self.checkTLP(self.rp_rule.get('tlp')) self.case.pap = self.checkPAP(self.rp_rule.get('pap')) if self.args.prefix: self.case.prefix = self.args.prefix self.task_prefix = 0.0 self.task_order = 0 stages = [ 'preparation', 'identification', 'containment', 'eradication', 'recovery', 'lessons_learned' ] for stage in stages: if stage in self.rp_rule.keys(): self.checkRA(stage) try: with open(output_file, 'w') as f: f.write(self.case.json()) except OSError: print("ERROR: No such directory %s" % os.path.dirname(os.path.abspath(output_file)))
UpdateAttackMapping() ReactPopulateMarkdown(auto=args.auto, ra=args.responseactions, rp=args.responseplaybook, rs=args.responsestage, init=args.init) GenerateMkdocs() GenerateSTIX() GenerateNavigator() elif args.mkdocs: GenerateMkdocs() elif args.stix: GenerateSTIX() elif args.navigator: GenerateNavigator() elif args.thehive: UpdateAttackMapping() REACTConfig = REACTutils.read_yaml_file("config.yml") REACTConfig2 = REACTutils.read_yaml_file("scripts/config.default.yml") #print("HINT: Make sure proper directories are " + # "configured in the scripts/config.yml") if REACTConfig.get( 'response_playbooks_dir', REACTConfig2.get('response_playbooks_dir')) and \ REACTConfig.get( 'response_actions_dir', REACTConfig2.get('response_actions_dir')) and \ REACTConfig.get( 'thehive_templates_dir', REACTConfig2.get('thehive_templates_dir')): RPTheHive( inputRP=REACTConfig.get(
def render_template(self, template_type): """Description template_type: - "markdown" - "confluence" """ if template_type not in ["markdown", "confluence"]: raise Exception( "Bad template_type. Available values:" + " [\"markdown\", \"confluence\"]") # # PRE: Common for both Markdown and Confluence templates # self.ra_parsed_file.update( {'category': REACTutils.get_ra_category(self.ra_parsed_file .get('id'))} ) self.ra_parsed_file.update( {'description': self.ra_parsed_file.get('description').strip()} ) # Get proper template if template_type == "markdown": template = env.get_template( 'markdown_responseaction_template.md.j2' ) self.ra_parsed_file.update( {'title': REACTutils.normalize_react_title(self.ra_parsed_file .get('title'),REACTConfig.get('titlefmtrules'))} ) stage_list = [] stage = self.ra_parsed_file.get('stage') for rs_id, rs_name in rs_mapping.items(): if REACTutils.normalize_rs_name(stage) == rs_name: stage_list.append((rs_id, rs_name)) self.ra_parsed_file.update( {'stage': stage_list} ) elif template_type == "confluence": template = env.get_template( 'confluence_responseaction_template.html.j2') new_title = self.ra_parsed_file.get('id')\ + ": "\ + REACTutils.normalize_react_title(self.ra_parsed_file.get('title'),REACTConfig.get('titlefmtrules')) self.ra_parsed_file.update( {'title': new_title} ) self.ra_parsed_file.update( {'confluence_viewpage_url': REACTConfig.get('confluence_viewpage_url')}) ## ## Add link to a stage ## stage = self.ra_parsed_file.get('stage') rs_list = [] for rs_id, rs_name in rs_mapping.items(): if REACTutils.normalize_rs_name(stage) == rs_name: if self.apipath and self.auth and self.space: rs_confluence_page_name = rs_id + ": " + rs_name rs_confluence_page_id = str(REACTutils.confluence_get_page_id( self.apipath, self.auth, self.space, rs_confluence_page_name) ) rs_list.append((rs_id, rs_name, rs_confluence_page_id)) else: rs_confluence_page_id = "" rs_list.append((rs_id, rs_name, rs_confluence_page_id)) break self.ra_parsed_file.update( {'stage': rs_list} ) # # POST: Common for both Markdown and Confluence templates # self.content = template.render(self.ra_parsed_file)
def parse_into_fields(self, yaml_file): """Description""" self.ra_parsed_file = REACTutils.read_yaml_file(yaml_file)
#!/usr/bin/env python3 from jinja2 import Environment, FileSystemLoader import os try: from scripts.reactutils import REACTutils from scripts.react_mapping import rs_mapping env = Environment(loader=FileSystemLoader('scripts/templates')) except: from response.atc_react.scripts.reactutils import REACTutils from response.atc_react.scripts.react_mapping import rs_mapping env = Environment(loader=FileSystemLoader( 'response/atc_react/scripts/templates')) REACTConfig = REACTutils.load_config("config.yml") class ResponseAction: """Class for the Playbook Actions entity""" def __init__(self, yaml_file, apipath=None, auth=None, space=None): """Init method""" # Init vars self.yaml_file = yaml_file self.apipath = apipath self.auth = auth self.space = space # The name of the directory containing future markdown Response_Actions self.parent_title = "Response_Actions"
def render_template(self, template_type): """Description template_type: - "markdown" - "confluence" """ if template_type not in ["markdown", "confluence"]: raise Exception("Bad template_type. Available values:" + " [\"markdown\", \"confluence\"]]") # Get proper template if template_type == "markdown": template = env.get_template( 'markdown_responseplaybook_template.md.j2') self.rp_parsed_file.update({ 'title': REACTutils.normalize_react_title( self.rp_parsed_file.get('title')) }) # MITRE ATT&CK Tactics and Techniques tactic = [] tactic_re = re.compile(r'attack\.\w\D+$') technique = [] technique_re = re.compile(r'attack\.t\d{4}(\.\d{3})?$') # AM!TT Tactics and Techniques amitt_tactic = [] amitt_tactic_re = re.compile(r'amitt\.\w\D+$') amitt_technique = [] amitt_technique_re = re.compile(r'amitt\.t\d{1,5}$') other_tags = [] for tag in self.rp_parsed_file.get('tags'): if tactic_re.match(tag): tactic.append(ta_mapping.get(tag)) elif technique_re.match(tag): te = tag.upper()[7:] technique.append((te_mapping.get(te), te)) elif amitt_tactic_re.match(tag): amitt_tactic.append(amitt_tactic_mapping.get(tag)) elif amitt_technique_re.match(tag): te = tag.upper()[6:] amitt_technique.append( (amitt_technique_mapping.get(te), te)) else: other_tags.append(tag) # Add MITRE ATT&CK Tactics and Techniques to J2 self.rp_parsed_file.update({'tactics': tactic}) self.rp_parsed_file.update({'techniques': technique}) # Add AM!TT Tactics and Techniques to J2 self.rp_parsed_file.update({'amitt_tactics': amitt_tactic}) self.rp_parsed_file.update({'amitt_techniques': amitt_technique}) self.rp_parsed_file.update({'other_tags': other_tags}) preparation = [] identification = [] containment = [] eradication = [] recovery = [] lessons_learned = [] detect = [] deny = [] disrupt = [] degrade = [] deceive = [] destroy = [] deter = [] stages = [('preparation', preparation), ('identification', identification), ('containment', containment), ('eradication', eradication), ('recovery', recovery), ('lessons_learned', lessons_learned), ('detect', detect), ('deny', deny), ('disrupt', disrupt), ('degrade', degrade), ('deceive', deceive), ('destroy', destroy), ('deter', deter)] # grab workflow per action in each IR stages # error handling for playbooks with empty stages for stage_name, stage_list in stages: try: for task in self.rp_parsed_file.get(stage_name): action = REACTutils.read_yaml_file( REACTConfig.get('response_actions_dir') + '/' + task + '.yml') action_title = action.get('id')\ + ": "\ + REACTutils.normalize_react_title(action.get('title')) stage_list.append( (action_title, task, action.get('description'), action.get('workflow'))) except TypeError: pass elif template_type == "confluence": template = env.get_template( 'confluence_responseplaybook_template.html.j2') new_title = self.rp_parsed_file.get('id')\ + ": "\ + REACTutils.normalize_react_title(self.rp_parsed_file.get('title')) self.rp_parsed_file.update({'title': new_title}) self.rp_parsed_file.update({ 'confluence_viewpage_url': REACTConfig.get('confluence_viewpage_url') }) # MITRE ATT&CK Tactics and Techniques tactic = [] tactic_re = re.compile(r'attack\.\w\D+$') technique = [] technique_re = re.compile(r'attack\.t\d{4}(\.\d{3})?$') # AM!TT Tactics and Techniques amitt_tactic = [] amitt_tactic_re = re.compile(r'amitt\.\w\D+$') amitt_technique = [] amitt_technique_re = re.compile(r'amitt\.t\d{1,5}$') other_tags = [] for tag in self.rp_parsed_file.get('tags'): if tactic_re.match(tag): tactic.append(ta_mapping.get(tag)) elif technique_re.match(tag): te = tag.upper()[7:] technique.append((te_mapping.get(te), te)) elif amitt_tactic_re.match(tag): amitt_tactic.append(amitt_tactic_mapping.get(tag)) elif amitt_technique_re.match(tag): te = tag.upper()[6:] amitt_technique.append( (amitt_technique_mapping.get(te), te)) else: other_tags.append(tag) # Add MITRE ATT&CK Tactics and Techniques to J2 self.rp_parsed_file.update({'tactics': tactic}) self.rp_parsed_file.update({'techniques': technique}) # Add AM!TT Tactics and Techniques to J2 self.rp_parsed_file.update({'amitt_tactics': amitt_tactic}) self.rp_parsed_file.update({'amitt_techniques': amitt_technique}) self.rp_parsed_file.update({'other_tags': other_tags}) # get links to response action preparation = [] identification = [] containment = [] eradication = [] recovery = [] lessons_learned = [] detect = [] deny = [] disrupt = [] degrade = [] deceive = [] destroy = [] deter = [] stages = [('preparation', preparation), ('identification', identification), ('containment', containment), ('eradication', eradication), ('recovery', recovery), ('lessons_learned', lessons_learned), ('detect', detect), ('deny', deny), ('disrupt', disrupt), ('degrade', degrade), ('deceive', deceive), ('destroy', destroy), ('deter', deter)] for stage_name, stage_list in stages: try: for task in self.rp_parsed_file.get(stage_name): action = REACTutils.read_yaml_file( REACTConfig.get('response_actions_dir') + '/' + task + '.yml') action_title = action.get('id')\ + ": "\ + REACTutils.normalize_react_title(action.get('title')) if self.apipath and self.auth and self.space: stage_list.append( (action_title, str( REACTutils.confluence_get_page_id( self.apipath, self.auth, self.space, action_title)))) else: stage_list.append((action_title, "")) except TypeError: pass # change stages name to more pretty format stages = [(stage_name.replace('_', ' ').capitalize(), stage_list) for stage_name, stage_list in stages] self.rp_parsed_file.update({'stages_with_id': stages}) # get descriptions for response actions preparation = [] identification = [] containment = [] eradication = [] recovery = [] lessons_learned = [] detect = [] deny = [] disrupt = [] degrade = [] deceive = [] destroy = [] deter = [] stages = [('preparation', preparation), ('identification', identification), ('containment', containment), ('eradication', eradication), ('recovery', recovery), ('lessons_learned', lessons_learned), ('detect', detect), ('deny', deny), ('disrupt', disrupt), ('degrade', degrade), ('deceive', deceive), ('destroy', destroy), ('deter', deter)] # grab workflow per action in each IR stages # error handling for playbooks with empty stages for stage_name, stage_list in stages: try: for task in self.rp_parsed_file.get(stage_name): action = REACTutils.read_yaml_file( REACTConfig.get('response_actions_dir') + '/' + task + '.yml') stage_list.append((action.get('description'), action.get('workflow'))) except TypeError: pass # # POST: Common for both Markdown and Confluence templates # # change stages name to more pretty format stages = [(stage_name.replace('_', ' ').capitalize(), stage_list) for stage_name, stage_list in stages] self.rp_parsed_file.update({'stages': stages}) self.rp_parsed_file.update( {'description': self.rp_parsed_file.get('description').strip()}) # Render self.content = template.render(self.rp_parsed_file)
def __init__(self, ra=False, rp=False, rs=False, auto=False, ra_path=False, rp_path=False, rs_path=False, atc_dir=False, init=False): """Init""" # Check if atc_dir provided if atc_dir: self.atc_dir = atc_dir else: self.atc_dir = REACTConfig.get('md_name_of_root_directory') + '/' # Main logic if auto: self.response_action(ra_path) self.response_playbook(rp_path) self.response_stage(rs_path) if ra: self.response_action(ra_path) if rp: self.response_playbook(rp_path) if rs: self.response_stage(rs_path) if ra_path: ras, ra_paths = REACTutils.load_yamls_with_paths(ra_path) else: ras, ra_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_actions_dir')) if rp_path: rps, rp_paths = REACTutils.load_yamls_with_paths(rp_path) else: rps, rp_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_playbooks_dir')) if rs_path: rss, rs_paths = REACTutils.load_yamls_with_paths(rs_path) else: rss, rs_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_stages_dir')) ra_filenames = [ ra_path.split('/')[-1].replace('.yml', '') for ra_path in ra_paths ] rp_filenames = [ rp_path.split('/')[-1].replace('.yml', '') for rp_path in rp_paths ] rs_filenames = [ rs_path.split('/')[-1].replace('.yml', '') for rs_path in rs_paths ] # Point to the templates directory env = Environment(loader=FileSystemLoader('scripts/templates')) # Get proper template template = env.get_template('mkdocs_config_template.md.j2') preparation = [] identification = [] containment = [] eradication = [] recovery = [] lessons_learned = [] detect = [] deny = [] disrupt = [] degrade = [] deceive = [] destroy = [] deter = [] stages = [('preparation', preparation), ('identification', identification), ('containment', containment), ('eradication', eradication), ('recovery', recovery), ('lessons_learned', lessons_learned), ('detect', detect), ('deny', deny), ('disrupt', disrupt), ('degrade', degrade), ('deceive', deceive), ('destroy', destroy), ('deter', deter)] playbooks = [] data_to_render = {} for i in range(len(ras)): ra_updated_title = ras[i].get('id')\ + ": "\ + REACTutils.normalize_react_title(ras[i].get('title'),REACTConfig.get('titlefmtrules')) if "RA1" in ras[i]['id']: preparation.append((ra_updated_title, ra_filenames[i])) elif "RA2" in ras[i]['id']: identification.append((ra_updated_title, ra_filenames[i])) elif "RA3" in ras[i]['id']: containment.append((ra_updated_title, ra_filenames[i])) elif "RA4" in ras[i]['id']: eradication.append((ra_updated_title, ra_filenames[i])) elif "RA5" in ras[i]['id']: recovery.append((ra_updated_title, ra_filenames[i])) elif "RA6" in ras[i]['id']: lessons_learned.append((ra_updated_title, ra_filenames[i])) stages = [(stage_name.replace('_', ' ').capitalize(), sorted(stage_list)) for stage_name, stage_list in stages] for i in range(len(rps)): rp_updated_title = rps[i].get('id')\ + ": "\ + REACTutils.normalize_react_title(rps[i].get('title'),REACTConfig.get('titlefmtrules')) playbooks.append((rp_updated_title, rp_filenames[i])) rs_list = [] for i in range(len(rss)): rs_title = rss[i].get('title') rs_id = rss[i].get('id') rs_list.append((rs_title, rs_id)) data_to_render.update({'stages': stages}) data_to_render.update({'playbooks': sorted(playbooks)}) data_to_render.update({'rs_list': rs_list}) content = template.render(data_to_render) try: REACTutils.write_file('mkdocs.yml', content) print("[+] Created mkdocs.yml") except: print("[-] Failed to create mkdocs.yml")
def __init__(self, ra=False, rp=False, auto=False, ra_path=False, rp_path=False, atc_dir=False, init=False): """Init""" # Check if atc_dir provided if atc_dir: self.atc_dir = atc_dir else: self.atc_dir = REACTConfig.get('md_name_of_root_directory') + '/' # Main logic if auto: self.response_action(ra_path) self.response_playbook(rp_path) if ra: self.response_action(ra_path) if rp: self.response_playbook(rp_path) if ra_path: ras, ra_paths = REACTutils.load_yamls_with_paths(ra_path) else: ras, ra_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_actions_dir')) if rp_path: rps, rp_paths = REACTutils.load_yamls_with_paths(rp_path) else: rps, rp_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_playbooks_dir')) ra_filenames = [ ra_path.split('/')[-1].replace('.yml', '') for ra_path in ra_paths ] rp_filenames = [ rp_path.split('/')[-1].replace('.yml', '') for rp_path in rp_paths ] _preparation = [] _identification = [] _containment = [] _eradication = [] _recovery = [] _lessons_learned = [] stages = [('preparation', _preparation), ('identification', _identification), ('containment', _containment), ('eradication', _eradication), ('recovery', _recovery), ('lessons_learned', _lessons_learned)] for i in range(len(ras)): normalized_title = REACTutils.normalize_react_title( ras[i].get('title'), REACTConfig.get('titlefmtrules')) ra_updated_title = ras[i].get('id')\ + ":"\ + normalized_title if "RA1" in ras[i]['id']: stage = 'preparation' elif "RA2" in ras[i]['id']: stage = 'identification' elif "RA3" in ras[i]['id']: stage = 'containment' elif "RA4" in ras[i]['id']: stage = 'eradication' elif "RA5" in ras[i]['id']: stage = 'recovery' elif "RA6" in ras[i]['id']: stage = 'lessons-learned' kill_chain_phases = [{ "kill_chain_name": 'atc-react', "phase_name": stage }] external_references = [{ "source_name": "atc-react", "external_id": ras[i].get('id'), "url": react_web_kb_base_url + "Response_Actions/" + ra_filenames[i] }] ra = ReactAction(name=normalized_title, description=ras[i].get('description'), external_references=external_references, kill_chain_phases=kill_chain_phases, x_mitre_platforms=['Windows', 'Linux', 'macOS'], allow_custom=True) stix_mem.add(ra) stix_mem.add([ preparation, identification, containment, eradication, recovery, lessons_learned ]) stix_mem.add(react_matrix) try: stix_mem.save_to_file(local_react_json_url) print("[+] Created react.json STIX file") except: print("[-] Failed to create react.json STIX file")
def response_stage(self, rs_path): """Nothing here yet""" print("[*] Populating Response Stages...") if rs_path: rs_list = glob.glob(rs_path + '*.yml') else: rs_dir = REACTConfig.get('response_stages_dir') rs_list = glob.glob(rs_dir + '/*.yml') for rs_file in rs_list: try: rs = ResponseStage(rs_file, apipath=self.apipath, auth=self.auth, space=self.space) rs.render_template("confluence") base = os.path.basename(rs_file) confluence_data = { "title": rs.rs_parsed_file['title'], "spacekey": self.space, "parentid": str( REACTutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Response Stages")), "confluencecontent": rs.content, } res = REACTutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: RS '" + base + "'") except Exception as err: print(rs_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) # # Populate Response Stages root page # template = env.get_template( 'confluence_responsestage_main_template.html.j2') rss, rs_paths = REACTutils.load_yamls_with_paths( REACTConfig.get('response_stages_dir')) rss_dict = {} rss_list = [] for i in range(len(rss)): rs_id = rss[i].get('id') rs_title = rss[i].get('title') rs_confluence_page_name = rs_id + ": " + rs_title rs_confluence_page_id = str( REACTutils.confluence_get_page_id(self.apipath, self.auth, self.space, rs_confluence_page_name)) rs_description = rss[i].get('description') rss_list.append( (rs_id, rs_title, rs_description, rs_confluence_page_id)) rss_dict.update({'rss_list': sorted(rss_list)}) rss_dict.update({ 'confluence_viewpage_url': REACTConfig.get('confluence_viewpage_url') }) content = template.render(rss_dict) try: data = { "title": "Response Stages", "spacekey": self.space, "parentid": str( REACTutils.confluence_get_page_id(self.apipath, self.auth, self.space, self.root_name)), "confluencecontent": content, } res = REACTutils.push_to_confluence(data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: Response Stages root page") except Exception as err: print("Response Stages root page" + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Response Stages populated!")