def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options # change this to your default zone for when it's not specified self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile) # options for your custom/internal ip blocking service # mozilla's is called banhammer # and uses an intermediary mysql DB # here we set credentials self.options.banhammerdbhost = getConfig( 'banhammerdbhost', 'localhost', self.configfile) self.options.banhammerdbuser = getConfig( 'banhammerdbuser', 'auser', self.configfile) self.options.banhammerdbpasswd = getConfig( 'banhammerdbpasswd', '', self.configfile) self.options.banhammerdbdb = getConfig( 'banhammerdbdb', 'banhammer', self.configfile)
def parse_config(self, config_filename, config_keys): myparser = OptionParser() self.config = None (self.config, args) = myparser.parse_args([]) for config_key in config_keys: temp_value = getConfig(config_key, "", config_filename) setattr(self.config, config_key, temp_value)
def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options # change this to your default zone for when it's not specified self.options.serviceKey = getConfig('serviceKey', 'APIKEYHERE', self.configfile)
def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options # example: set a default time zone for when it's not specified self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile)
def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options # cymon options self.options.cymonapikey = getConfig('cymonapikey', '', self.configfile)
def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options # options # comma separated list of usernames to exclude # from the data self.options.ignoreusernames = getConfig('ignoreusernames', '', self.configfile)
def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options # change this to your default zone for when it's not specified self.options.serviceKey = getConfig('serviceKey', 'APIKEYHERE', self.configfile) self.options.keywords = getConfig('keywords', 'KEYWORDS', self.configfile) self.options.clienturl = getConfig('clienturl', 'CLIENTURL', self.configfile) try: self.options.docs = json.loads(getConfig('docs', {}, self.configfile)) except: self.options.docs = {}
def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options # change this to your default zone for when it's not specified self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile) # threat exchange options self.options.appid = getConfig('appid', '', self.configfile) self.options.appsecret=getConfig('appsecret', '', self.configfile)
def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options # change this to your default zone for when it's not specified self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile) # boto options self.options.region = getConfig('region', 'us-west-2', self.configfile) self.options.aws_access_key_id=getConfig('aws_access_key_id', '', self.configfile) self.options.aws_secret_access_key=getConfig('aws_secret_access_key', '', self.configfile) self.options.aws_queue_name=getConfig('aws_queue_name', '', self.configfile)
def initConfiguration(self): myparser = OptionParser() # setup self.options by sending empty list [] to parse_args (self.options, args) = myparser.parse_args([]) # fill self.options with plugin-specific options self.options.mongohost = getConfig( 'mongohost', 'localhost', self.configfile) self.options.mongoport = getConfig( 'mongoport', 3001, self.configfile) # FQDN whitelist as a comma separted list of example.com or foo.bar.com style names self.options.fqdn_whitelist_file = getConfig('fqdn_whitelist_file', '/dev/null', self.configfile) # optional statuspage.io integration self.options.statuspage_api_key = getConfig( 'statuspage_api_key', '', self.configfile) self.options.statuspage_page_id = getConfig( 'statuspage_page_id', '', self.configfile) self.options.statuspage_url = 'https://api.statuspage.io/v1/pages/{0}/incidents.json'.format( self.options.statuspage_page_id) self.options.statuspage_component_id = getConfig( 'statuspage_component_id', '', self.configfile) self.options.statuspage_sub_component_id = getConfig( 'statuspage_sub_component_id', '', self.configfile)
# queue topic options.alerttopic = get_config( 'alerttopic', 'mozdef.*', options.configfile) # how many messages to ask for at once options.prefetch = get_config('prefetch', 50, options.configfile) options.mq_alert_server = get_config('mqalertserver', 'localhost', options.configfile) options.mq_user = get_config('mquser', 'guest', options.configfile) options.mq_password = get_config('mqpassword', 'guest', options.configfile) options.mq_port = get_config('mqport', 5672, options.configfile) # mqack=True sets persistant delivery, False sets transient delivery options.mq_ack = get_config('mqack', True, options.configfile) if __name__ == "__main__": parser = OptionParser() parser.add_option( "-c", dest='configfile', default=sys.argv[0].replace('.py', '.conf'), help="configuration file to use") (options, args) = parser.parse_args() init_config() bot = SlackBot(options.slack_token, options.channels, options.name) monitor_alerts_thread = Thread(target=consume_alerts, args=[bot]) monitor_alerts_thread.daemon = True monitor_alerts_thread.start() bot.run()
# syslog hostname options.sysloghostname = getConfig('sysloghostname', 'localhost', options.configfile) options.syslogport = getConfig('syslogport', 514, options.configfile) options.esservers = list( getConfig('esservers', 'http://localhost:9200', options.configfile).split(',')) options.indices = list( getConfig('backup_indices', 'events,alerts,.kibana', options.configfile).split(',')) options.dobackup = list( getConfig('backup_dobackup', '1,1,1', options.configfile).split(',')) options.rotation = list( getConfig('backup_rotation', 'daily,monthly,none', options.configfile).split(',')) options.pruning = list( getConfig('backup_pruning', '20,0,0', options.configfile).split(',')) options.aws_bucket = getConfig('aws_bucket', '', options.configfile) if __name__ == '__main__': parser = OptionParser() defaultconfigfile = sys.argv[0].replace('.py', '.conf') parser.add_option("-c", dest='configfile', default=defaultconfigfile, help="configuration file to use") (options, args) = parser.parse_args() initConfig() main()
def initConfiguration(self): myparser = OptionParser() (self.config, args) = myparser.parse_args([]) self.config.hostfilter = getConfig('hostfilter', '', self.config_file) self.config.user = getConfig('user', '', self.config_file) self.config.skiphosts = getConfig('skiphosts', '', self.config_file).split()