def test_taxii(self):
"""
Objective: Test if we can transmit data to MITRE's TAXII test server.
Note: This actually also tests the StixTransformer since the event is parsed by the transformer
before transmission.
"""
config = ConfigParser()
config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg')
config.read(config_file)
config.set('taxii', 'enabled', True)
test_event = {
'remote': ('127.0.0.1', 54872),
'data_type': 's7comm',
'timestamp': datetime.now(),
'session_id': '101d9884-b695-4d8b-bf24-343c7dda1b68',
'data': {
0: {
'request': 'who are you',
'response': 'mr. blue'
},
1: {
'request': 'give me apples',
'response': 'no way'
}
}
}
dom = etree.parse('conpot/templates/default.xml')
taxiiLogger = TaxiiLogger(config, dom)
taxii_result = taxiiLogger.log(test_event)
# TaxiiLogger returns false if the message could not be delivered
self.assertTrue(taxii_result)
def test_taxii(self):
"""
Objective: Test if we can transmit data to MITRE's TAXII test server.
Note: This actually also tests the StixTransformer since the event is parsed by the transformer
before transmission.
"""
config = ConfigParser()
config_file = os.path.join(os.path.dirname(__file__), "../conpot.cfg")
config.read(config_file)
config.set("taxii", "enabled", True)
test_event = {
"remote": ("127.0.0.1", 54872),
"data_type": "s7comm",
"timestamp": datetime.now(),
"public_ip": "111.222.111.222",
"session_id": str(uuid.uuid4()),
"data": {
0: {
"request": "who are you",
"response": "mr. blue"
},
1: {
"request": "give me apples",
"response": "no way"
},
},
}
dom = etree.parse("conpot/templates/default/template.xml")
taxiiLogger = TaxiiLogger(config, dom)
taxii_result = taxiiLogger.log(test_event)
# TaxiiLogger returns false if the message could not be delivered
self.assertTrue(taxii_result)
def __init__(self, config, dom, session_manager, public_ip):
self.config = config
self.log_queue = session_manager.log_queue
self.session_manager = session_manager
self.sqlite_logger = None
# self.mysql_logger = None
self.json_logger = None
self.friends_feeder = None
self.syslog_client = None
self.public_ip = public_ip
self.taxii_logger = None
if config.getboolean('sqlite', 'enabled'):
self.sqlite_logger = SQLiteLogger()
# if config.getboolean('mysql', 'enabled'):
# host = config.get('mysql', 'host')
# port = config.getint('mysql', 'port')
# db = config.get('mysql', 'db')
# username = config.get('mysql', 'username')
# passphrase = config.get('mysql', 'passphrase')
# logdevice = config.get('mysql', 'device')
# logsocket = config.get('mysql', 'socket')
# sensorid = config.get('common', 'sensorid')
# self.mysql_logger = MySQLlogger(host, port, db, username, passphrase, logdevice, logsocket, sensorid)
if config.getboolean('json', 'enabled'):
todaydate = datetime.now()
todaystr = todaydate.strftime('%Y-%m-%d')
filename = config.get('json', 'filename') + '.' + todaystr
sensorid = config.get('common', 'sensorid')
self.json_logger = JsonLogger(filename, sensorid, public_ip)
if config.getboolean('hpfriends', 'enabled'):
host = config.get('hpfriends', 'host')
port = config.getint('hpfriends', 'port')
ident = config.get('hpfriends', 'ident')
secret = config.get('hpfriends', 'secret')
channels = eval(config.get('hpfriends', 'channels'))
try:
self.friends_feeder = HPFriendsLogger(host, port, ident,
secret, channels)
except Exception as e:
logger.exception(e.message)
self.friends_feeder = None
if config.getboolean('syslog', 'enabled'):
host = config.get('syslog', 'host')
port = config.getint('syslog', 'port')
facility = config.get('syslog', 'facility')
logdevice = config.get('syslog', 'device')
logsocket = config.get('syslog', 'socket')
self.syslog_client = SysLogger(host, port, facility, logdevice,
logsocket)
if config.getboolean('taxii', 'enabled'):
# TODO: support for certificates
self.taxii_logger = TaxiiLogger(config, dom)
self.enabled = True
def __init__(self, config, dom, session_manager, public_ip):
self.config = config
self.log_queue = session_manager.log_queue
self.session_manager = session_manager
self.sqlite_logger = None
# self.mysql_logger = None
self.json_logger = None
self.friends_feeder = None
self.syslog_client = None
self.public_ip = public_ip
self.taxii_logger = None
if config.getboolean("sqlite", "enabled"):
self.sqlite_logger = SQLiteLogger()
# if config.getboolean('mysql', 'enabled'):
# host = config.get('mysql', 'host')
# port = config.getint('mysql', 'port')
# db = config.get('mysql', 'db')
# username = config.get('mysql', 'username')
# passphrase = config.get('mysql', 'passphrase')
# logdevice = config.get('mysql', 'device')
# logsocket = config.get('mysql', 'socket')
# sensorid = config.get('common', 'sensorid')
# self.mysql_logger = MySQLlogger(host, port, db, username, passphrase, logdevice, logsocket, sensorid)
if config.getboolean("json", "enabled"):
filename = config.get("json", "filename")
sensorid = config.get("common", "sensorid")
self.json_logger = JsonLogger(filename, sensorid, public_ip)
if config.getboolean("hpfriends", "enabled"):
host = config.get("hpfriends", "host")
port = config.getint("hpfriends", "port")
ident = config.get("hpfriends", "ident")
secret = config.get("hpfriends", "secret")
channels = eval(config.get("hpfriends", "channels"))
try:
self.friends_feeder = HPFriendsLogger(host, port, ident,
secret, channels)
except Exception as e:
logger.exception(e)
self.friends_feeder = None
if config.getboolean("syslog", "enabled"):
host = config.get("syslog", "host")
port = config.getint("syslog", "port")
facility = config.get("syslog", "facility")
logdevice = config.get("syslog", "device")
logsocket = config.get("syslog", "socket")
self.syslog_client = SysLogger(host, port, facility, logdevice,
logsocket)
if config.getboolean("taxii", "enabled"):
# TODO: support for certificates
self.taxii_logger = TaxiiLogger(config, dom)
self.enabled = True
def __init__(self, config, dom, session_manager, public_ip):
self.config = config
self.log_queue = session_manager.log_queue
self.session_manager = session_manager
self.sqlite_logger = None
self.friends_feeder = None
self.syslog_client = None
self.public_ip = public_ip
self.taxii_logger = None
if config.getboolean('sqlite', 'enabled'):
self.sqlite_logger = SQLiteLogger()
if config.getboolean('hpfriends', 'enabled'):
host = config.get('hpfriends', 'host')
port = config.getint('hpfriends', 'port')
ident = config.get('hpfriends', 'ident')
secret = config.get('hpfriends', 'secret')
channels = eval(config.get('hpfriends', 'channels'))
try:
self.friends_feeder = HPFriendsLogger(host, port, ident,
secret, channels)
except Exception as e:
logger.exception(e.message)
self.friends_feeder = None
if config.getboolean('syslog', 'enabled'):
host = config.get('syslog', 'host')
port = config.getint('syslog', 'port')
facility = config.get('syslog', 'facility')
logdevice = config.get('syslog', 'device')
logsocket = config.get('syslog', 'socket')
self.syslog_client = SysLogger(host, port, facility, logdevice,
logsocket)
if config.getboolean('taxii', 'enabled'):
# TODO: support for certificates
self.taxii_logger = TaxiiLogger(config, dom)
self.enabled = True
def __init__(self, config, dom, session_manager, public_ip):
self.config = config
self.log_queue = session_manager.log_queue
self.session_manager = session_manager
self.sqlite_logger = None
# self.mysql_logger = None
self.json_logger = None
self.friends_feeder = None
self.syslog_client = None
self.public_ip = public_ip
self.taxii_logger = None
if config.getboolean('sqlite', 'enabled'):
self.sqlite_logger = SQLiteLogger()
if config.getboolean('json', 'enabled'):
filename = config.get('json', 'filename')
sensorid = config.get('common', 'sensorid')
self.json_logger = JsonLogger(filename, sensorid, public_ip)
if config.getboolean('hpfriends', 'enabled'):
host = config.get('hpfriends', 'host')
port = config.getint('hpfriends', 'port')
ident = config.get('hpfriends', 'ident')
secret = config.get('hpfriends', 'secret')
channels = eval(config.get('hpfriends', 'channels'))
if config.get('hpfriends', 'reported_ip'):
self.reported_ip = config.get('hpfriends', 'reported_ip')
if self.reported_ip == 'UNSET_REPORTED_IP':
self.reported_ip = None
try:
self.tags = [
tag.strip()
for tag in config.get('hpfriends', 'tags').split(',')
]
except Exception as e:
logger.exception(e.message)
self.tags = []
try:
self.friends_feeder = HPFriendsLogger(host, port, ident,
secret, channels)
except Exception as e:
logger.exception(e.message)
self.friends_feeder = None
if config.getboolean('syslog', 'enabled'):
host = config.get('syslog', 'host')
port = config.getint('syslog', 'port')
facility = config.get('syslog', 'facility')
logdevice = config.get('syslog', 'device')
logsocket = config.get('syslog', 'socket')
self.syslog_client = SysLogger(host, port, facility, logdevice,
logsocket)
if config.getboolean('taxii', 'enabled'):
# TODO: support for certificates
self.taxii_logger = TaxiiLogger(config, dom)
self.enabled = True
