Esempio n. 1
0
    def yara_rules_match(self, data):
        tracker_uuid = data['namespace']
        item_id = self.item.get_id()
        item_source = self.item.get_source()
        item_date = self.item.get_date()

        # Source Filtering
        tracker_sources = Tracker.get_tracker_uuid_sources(tracker_uuid)
        if tracker_sources and item_source not in tracker_sources:
            print(f'Source Filtering: {data["rule"]}')
            return yara.CALLBACK_CONTINUE

        Tracker.add_tracked_item(tracker_uuid, item_id)

        # Tags
        tags_to_add = Tracker.get_tracker_tags(tracker_uuid)
        for tag in tags_to_add:
            msg = '{};{}'.format(tag, item_id)
            self.send_message_to_queue(msg, 'Tags')

        # Mails
        mail_to_notify = Tracker.get_tracker_mails(tracker_uuid)
        if mail_to_notify:
            mail_subject = Tracker.get_email_subject(tracker_uuid)
            mail_body = Tracker_Yara.mail_body_template.format(
                data['rule'], item_id, self.full_item_url, item_id)
        for mail in mail_to_notify:
            self.redis_logger.debug(f'Send Mail {mail_subject}')
            print(f'Send Mail {mail_subject}')
            NotificationHelper.sendEmailNotification(mail, mail_subject,
                                                     mail_body)

        # Webhook
        webhook_to_post = Term.get_term_webhook(tracker_uuid)
        if webhook_to_post:
            json_request = {
                "trackerId": tracker_uuid,
                "itemId": item_id,
                "itemURL": self.full_item_url + item_id,
                "dataRule": data["rule"],
                "itemSource": item_source,
                "itemDate": item_date,
                "tags": tags_to_add,
                "emailNotification": f'{mail_to_notify}',
                "trackerType": "yara"
            }
            try:
                response = requests.post(webhook_to_post, json=json_request)
                if response.status_code >= 400:
                    self.redis_logger.error(
                        f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}"
                    )
            except:
                self.redis_logger.error(
                    f"Webhook request failed for {webhook_to_post}\nReason: Something went wrong"
                )

        return yara.CALLBACK_CONTINUE
Esempio n. 2
0
    def new_term_found(self, term, term_type, item_id, item_source):
        uuid_list = Term.get_term_uuid_list(term, term_type)
        self.redis_logger.info(f'new tracked term found: {term} in {item_id}')
        print(f'new tracked term found: {term} in {item_id}')
        item_date = Item.get_date()
        for term_uuid in uuid_list:
            tracker_sources = Tracker.get_tracker_uuid_sources(term_uuid)
            if not tracker_sources or item_source in tracker_sources:
                Tracker.add_tracked_item(term_uuid, item_id)

                tags_to_add = Term.get_term_tags(term_uuid)
                for tag in tags_to_add:
                    msg = '{};{}'.format(tag, item_id)
                    self.send_message_to_queue(msg, 'Tags')

                mail_to_notify = Term.get_term_mails(term_uuid)
                if mail_to_notify:
                    mail_subject = Tracker.get_email_subject(term_uuid)
                    mail_body = Tracker_Term.mail_body_template.format(
                        term, item_id, self.full_item_url, item_id)
                for mail in mail_to_notify:
                    self.redis_logger.debug(f'Send Mail {mail_subject}')
                    print(
                        f'S        print(item_content)end Mail {mail_subject}')
                    NotificationHelper.sendEmailNotification(
                        mail, mail_subject, mail_body)

                # Webhook
                webhook_to_post = Term.get_term_webhook(term_uuid)
                if webhook_to_post:
                    json_request = {
                        "trackerId": term_uuid,
                        "itemId": item_id,
                        "itemURL": self.full_item_url + item_id,
                        "term": term,
                        "itemSource": item_source,
                        "itemDate": item_date,
                        "tags": tags_to_add,
                        "emailNotification": f'{mail_to_notify}',
                        "trackerType": term_type
                    }
                    try:
                        response = requests.post(webhook_to_post,
                                                 json=json_request)
                        if response.status_code >= 400:
                            self.redis_logger.error(
                                f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}"
                            )
                    except:
                        self.redis_logger.error(
                            f"Webhook request failed for {webhook_to_post}\nReason: Something went wrong"
                        )
    def new_tracker_found(self, tracker, tracker_type, item):
        uuid_list = Tracker.get_tracker_uuid_list(tracker, tracker_type)

        item_id = item.get_id()
        print(f'new tracked regex found: {tracker} in {item_id}')

        for tracker_uuid in uuid_list:
            # Source Filtering
            item_source =  item.get_source()
            item_date =    item.get_date()

            tracker_sources = Tracker.get_tracker_uuid_sources(tracker_uuid)
            if tracker_sources and item_source not in tracker_sources:
                continue

            Tracker.add_tracked_item(tracker_uuid, item_id)

            tags_to_add = Tracker.get_tracker_tags(tracker_uuid)
            for tag in tags_to_add:
                msg = f'{tag};{item_id}'
                self.send_message_to_queue(msg, 'Tags')

            mail_to_notify = Tracker.get_tracker_mails(tracker_uuid)
            if mail_to_notify:
                mail_subject = Tracker.get_email_subject(tracker_uuid)
                mail_body = Tracker_Regex.mail_body_template.format(tracker, item_id, self.full_item_url, item_id)
            for mail in mail_to_notify:
                NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body)

            # Webhook
            webhook_to_post = Term.get_term_webhook(tracker_uuid)
            if webhook_to_post:
                json_request = {"trackerId": tracker_uuid,
                                "itemId": item_id,
                                "itemURL": self.full_item_url + item_id,
                                "tracker": tracker,
                                "itemSource": item_source,
                                "itemDate": item_date,
                                "tags": tags_to_add,
                                "emailNotification": f'{mail_to_notify}',
                                "trackerType": tracker_type
                                }
                try:
                    response = requests.post(webhook_to_post, json=json_request)
                    if response.status_code >= 400:
                        self.redis_logger.error(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}")
                except:
                    self.redis_logger.error(f"Webhook request failed for {webhook_to_post}\nReason: Something went wrong")