def Main(IPList, TicketID):
conf = LoadConfig.Load()
otx = OTXv2(conf["api_keys"]["AlienVaultAPI"])
for IP in IPList:
logging.info("[AlienVault] OTX Searching %s" % IP)
result = pformat(
otx.get_indicator_details_full(IndicatorTypes.IPv4, IP))
otrs_functions.UpdateTicket("", "AlienVault OTX - %s Results" % IP,
result, TicketID)
def CreateTicket(SIEM_Events):
conf = LoadConfig.Load()
client = Client("%s" % conf['otrs']['server'], "%s" % conf['otrs']['user'],
"%s" % conf['otrs']['pass'])
client.session_create()
with open("siem_events.csv", "rt") as events:
data = csv.reader(events)
for event in data:
ticket = Ticket.create_basic(Title=event[0],
Queue=event[1],
State=event[2],
Priority=event[3],
CustomerUser=event[4])
article = Article({"Subject": event[5], "Body": event[6]})
logging.info(client.ticket_create(ticket, article))
sleep(30)
def RequestIP(IP):
## Load Configuration and set VirusTotal configuration
conf = LoadConfig.Load()
url = 'https://www.virustotal.com/vtapi/v2/ip-address/report'
params = { 'apikey': conf["api_keys"]["VirusTotalAPI"], 'ip': IP }
## Send Request to VirusTotal and Retrieve Response
response = requests.get(url, params=params)
## Check if Response is valid
if str(response) == "<Response [200]>":
return response.json()
## If Response isn't valid (e.g. API limit exceeded), log this, wait a minute, then try again
else:
logging.info("VirusTotal API limit exceeded. Waiting 60 seconds to try again.")
sleep(60)
Request(IP)
def CreateSocket():
## Load Configuration File
conf = LoadConfig.Load()
## Log that IoCSpector is listening on the configuration-defined port
logging.info(f"[IoCSpector] Listening on port {conf['LPort']}")
## Start Socket Listener on Port from Configuration Port
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind((socket.gethostname(), conf['LPort']))
s.listen(1)
## Receive Connections
conn, address = s.accept()
## Start Multithreading to accept multiple incoming connections
Thread(target=ProcessRequest, args=(conn, conf)).start()
## Close the Socket
s.close()
CreateSocket()
if __name__ == '__main__':
## Check if another instance is running and kill process if it is
logging.info(
f"[PID: {os.getpid()} Checking if another instance is running...")
try:
self = Check.SingleInstance()
except:
exit()
## Welcome Greeting
logging.info("[IoCSpector] Welcome to IoCSpector!")
logging.info("[IoCSpector] Author: Vaelwolf")
logging.info("[IoCSpector] All rights reserved")
## Load Configuration File and iterate through values
conf = LoadConfig.Load()
for module, value in conf['modules'].items():
if value[0] == True:
logging.info(
f"[+] Loaded Module '{module}' from configuration file")
else:
logging.info(
f"[+] Skipping Module '{module}' from configuration file")
## Launch Main Socket Listener (starts program from this function)
CreateSocket()