Esempio n. 1
0
    def __init__(self, config):
        self.host = config.get('taxii', 'host')
        self.port = config.getint('taxii', 'port')
        self.inbox_path = config.get('taxii', 'inbox_path')
        self.use_https = config.getboolean('taxii', 'use_https')

        self.client = HttpClient()
        self.client.setProxy('noproxy')
        self.stix_transformer = StixTransformer(config)
Esempio n. 2
0
class TaxiiLogger(object):
    def __init__(self, config):
        self.host = config.get('taxii', 'host')
        self.port = config.getint('taxii', 'port')
        self.inbox_path = config.get('taxii', 'inbox_path')
        self.use_https = config.getboolean('taxii', 'use_https')

        self.client = HttpClient()
        self.client.setProxy('noproxy')
        self.stix_transformer = StixTransformer(config)

    def log(self, event):
        # converts from conpot log format to STIX compatible xml
        stix_package = self.stix_transformer.transform(event)

        # wrapping the stix message in a TAXII envelope
        content_block = ContentBlock(libtaxii.CB_STIX_XML_10, stix_package)
        inbox_message = InboxMessage(message_id=generate_message_id(), content_blocks=[content_block])
        inbox_xml = inbox_message.to_xml()

        # the actual call to the TAXII web service
        response = self.client.callTaxiiService2(self.host, self.inbox_path, libtaxii.VID_TAXII_XML_10, inbox_xml, self.port)
        response_message = libtaxii.get_message_from_http_response(response, '0')

        if response_message.status_type != libtaxii.messages.ST_SUCCESS:
            logger.error('Error while transmitting message to TAXII server: {0}'.format(response_message.status_detail))
            return False
        else:
            return True
Esempio n. 3
0
class TaxiiLogger(object):
    def __init__(self, config):
        self.host = config.get('taxii', 'host')
        self.port = config.getint('taxii', 'port')
        self.inbox_path = config.get('taxii', 'inbox_path')
        self.use_https = config.getboolean('taxii', 'use_https')

        self.client = HttpClient()
        self.client.setProxy('noproxy')
        self.stix_transformer = StixTransformer(config)

    def log(self, event):
        # converts from conpot log format to STIX compatible xml
        stix_package = self.stix_transformer.transform(event)

        # wrapping the stix message in a TAXII envelope
        content_block = ContentBlock(libtaxii.CB_STIX_XML_10, stix_package)
        inbox_message = InboxMessage(message_id=generate_message_id(),
                                     content_blocks=[content_block])
        inbox_xml = inbox_message.to_xml()

        # the actual call to the TAXII web service
        response = self.client.callTaxiiService2(self.host, self.inbox_path,
                                                 libtaxii.VID_TAXII_XML_10,
                                                 inbox_xml, self.port)
        response_message = libtaxii.get_message_from_http_response(
            response, '0')

        if response_message.status_type != libtaxii.messages.ST_SUCCESS:
            logger.error(
                'Error while transmitting message to TAXII server: {0}'.format(
                    response_message.status_detail))
            return False
        else:
            return True
Esempio n. 4
0
    def __init__(self, config):
        self.host = config.get('taxii', 'host')
        self.port = config.getint('taxii', 'port')
        self.inbox_path = config.get('taxii', 'inbox_path')
        self.use_https = config.getboolean('taxii', 'use_https')

        self.client = HttpClient()
        self.client.setProxy('noproxy')
        self.stix_transformer = StixTransformer(config)
Esempio n. 5
0
    def test_stix_transform(self):
        """
        Objective: Test if our STIX xml can be validated.
        """
        config = ConfigParser()
        config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg')
        config.read(config_file)
        config.set('taxii', 'enabled', True)
        config.set('taxii', 'use_contact_info', True)
        config.set('taxii', 'contact_name', 'James Bond')
        config.set('taxii', 'contact_mail', '[email protected]')

        test_event = {
            'remote': ('127.0.0.1', 54872),
            'data_type': 's7comm',
            'public_ip': '111.222.111.222',
            'timestamp': datetime.now(),
            'session_id': '101d9884-b695-4d8b-bf24-343c7dda1b68',
            'data': {
                0: {
                    'request': 'who are you',
                    'response': 'mr. blue'
                },
                1: {
                    'request': 'give me apples',
                    'response': 'no way'
                }
            }
        }
        stixTransformer = StixTransformer(config)
        stix_package_xml = stixTransformer.transform(test_event)
        xmlValidator = STIXValidator(None, True, False)
        (isvalid, validation_error,
         best_practice_warnings) = xmlValidator.validate(
             StringIO(stix_package_xml.encode('utf-8')))
        self.assertTrue(
            isvalid,
            'Error while parsing STIX xml: {0}'.format(validation_error))
Esempio n. 6
0
    def test_stix_transform(self):
        """
        Objective: Test if our STIX xml can be validated.
        """
        config = ConfigParser()
        config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg')
        config.read(config_file)
        config.set('taxii', 'enabled', True)
        config.set('taxii', 'use_contact_info', True)
        config.set('taxii', 'contact_name', 'James Bond')
        config.set('taxii', 'contact_mail', '[email protected]')

        test_event = {'remote': ('127.0.0.1', 54872), 'data_type': 's7comm',
                      'public_ip': '111.222.111.222',
                      'timestamp': datetime.now(),
                      'session_id': '101d9884-b695-4d8b-bf24-343c7dda1b68',
                      'data': {0: {'request': 'who are you', 'response': 'mr. blue'},
                               1: {'request': 'give me apples', 'response': 'no way'}}}
        stixTransformer = StixTransformer(config)
        stix_package_xml = stixTransformer.transform(test_event)
        xmlValidator = STIXValidator(None, True, False)
        (isvalid, validation_error, best_practice_warnings) = xmlValidator.validate(StringIO(stix_package_xml.encode('utf-8')))
        self.assertTrue(isvalid, 'Error while parsing STIX xml: {0}'.format(validation_error))