def get_alerts_or_events(self):
"""Get alerts/events data
Returns:
results {list} -- alerts/events response data
"""
endpoint_name = self.endpoint.rsplit("/", 1)[-1]
if self.options.light and self.endpoint == ENDPOINT_MAP["event"][0]:
self.log("Light mode - not retrieving:%s" %
"; ".join(self.get_noisy_event_types))
self.log("Config endpoint=%s, filename='%s' and format='%s'" %
(self.endpoint, self.config.filename, self.config.format))
if (self.config.client_id and self.config.client_secret):
tenant_obj = self.get_tenants_from_sophos()
if "id" in tenant_obj:
results = self.make_credentials_request(
endpoint_name, tenant_obj)
else:
self.log("Error :: %s" % tenant_obj["error"])
raise Exception(tenant_obj["error"])
else:
token_data = config.Token(self.config.token_info)
results = self.make_token_request(endpoint_name, token_data)
return results
def main():
global LIGHT, DEBUG, QUIET
if 'SOPHOS_SIEM_HOME' in os.environ:
app_path = os.environ['SOPHOS_SIEM_HOME']
else:
# Setup path
app_path = os.path.join(os.getcwd())
config_file = os.path.join(app_path, 'config.ini')
parser = OptionParser(
description=
"Download event and/or alert data and output to various formats. "
"config.ini is a configuration file that exists by default in the siem-scripts "
"folder."
"Script keeps tab of its state, it will always pick-up from where it left-off "
"based on a state file stored in state folder. Set SOPHOS_SIEM_HOME environment "
"variable to point to the folder where config.ini, mapping files, state "
"and log folders will be located. state and log folders are created when the "
"script is run for the first time. ")
parser.add_option('-s',
'--since',
default=False,
action='store',
help="Return results since specified Unix "
"Timestamp, max last 24 hours, defaults to "
"last 12 hours if there is no state file")
parser.add_option('-c',
'--config',
default=config_file,
action='store',
help="Specify a configuration file, "
"defaults to config.ini")
parser.add_option('-l',
'--light',
default=False,
action='store_true',
help="Ignore noisy events - web control, "
"device control, update failure, "
"application allowed, (non)compliant")
parser.add_option('-d',
'--debug',
default=False,
action='store_true',
help="Print debug logs")
parser.add_option('-v',
'--version',
default=False,
action='store_true',
help="Print version")
parser.add_option('-q',
'--quiet',
default=False,
action='store_true',
help="Suppress status messages")
options, args = parser.parse_args()
if options.config is None:
parser.error("Need a config file specified")
if options.version:
log(VERSION)
sys.exit(0)
if options.quiet:
QUIET = True
# Read config file
cfg = config.Config(options.config)
token = config.Token(cfg.token_info)
log("Config loaded, retrieving results for '%s'" % token.api_key)
log("Config retrieving results for '%s'" % token.authorization)
if cfg.endpoint in ENDPOINT_MAP:
tuple_endpoint = ENDPOINT_MAP[cfg.endpoint]
else:
tuple_endpoint = ENDPOINT_MAP[DEFAULT_ENDPOINT]
state_dir = os.path.join(app_path, 'state')
log_dir = os.path.join(app_path, 'log')
create_log_and_state_dir(state_dir, log_dir)
if options.light:
LIGHT = True
if options.debug:
DEBUG = True
handler = urlrequest.HTTPSHandler(debuglevel=1)
else:
handler = urlrequest.HTTPSHandler()
opener = urlrequest.build_opener(handler)
endpoint_config = {
'format': cfg.format,
'filename': cfg.filename,
'state_dir': state_dir,
'log_dir': log_dir,
'since': options.since
}
if cfg.filename == 'syslog':
endpoint_config['facility'] = cfg.facility.strip()
endpoint_config['address'] = cfg.address.strip()
endpoint_config['socktype'] = cfg.socktype.strip()
for endpoint in tuple_endpoint:
process_endpoint(endpoint, opener, endpoint_config, token)
import asyncio, config, discord, sqlite3, datetime, analytics
import cogs.users as users
from discord import Game
from discord.ext.commands import Bot
from threading import Lock
# Set prefix for bot commands to $
BOT_PREFIX = ("$")
TOKEN = config.Token()
# Create client
client = Bot(command_prefix=BOT_PREFIX)
# List of the files to run as extensions
startup_extensions = [
'quote', 'users', 'task', 'admin', 'analyze', 'inventory', 'money'
]
# Instantiate global variables, and mutex
last_updated_member = discord.Member
member_lock = Lock()
# Output ready message
@client.event
async def on_ready():
await client.change_presence(activity=Game(name='Bobby Newport in P&R'))
print('Logged in as ' + client.user.name)
# Refresh user list
users.refresh_users(client)
# Change member name to conform with server standards.
@client.event
def testParse(self):
txt = "url: https://anywhere.com/api, x-api-key: random, Authorization: Basic KJNKLJNjklNLKHB= "
t = config.Token(txt)
self.assertEqual(t.url, "https://anywhere.com/api")
self.assertEqual(t.api_key, "random")
self.assertEqual(t.authorization, "Basic KJNKLJNjklNLKHB=")
