def handler():
default = binding.handler()
def request(url, message, **kwargs):
response = default(url, message, **kwargs)
print "%s %s => %d (%s)" % (
message['method'], url, response['status'], response['reason'])
return response
return request
def handler():
default = binding.handler()
def request(url, message, **kwargs):
response = default(url, message, **kwargs)
print "%s %s => %d (%s)" % (
message['method'], url, response['status'], response['reason'])
return response
return request
def test_handlers(self):
paths = ["/services", "authentication/users", "search/jobs"]
handlers = [binding.handler(), urllib2_handler] # default handler
for handler in handlers:
logging.debug("Connecting with handler %s", handler)
context = binding.connect(handler=handler, **self.opts.kwargs)
for path in paths:
body = context.get(path).body.read()
self.assertTrue(isatom(body))
def test_handlers(self):
paths = ["/services", "authentication/users", "search/jobs"]
handlers = [
binding.handler(), # default handler
urllib2_handler
]
for handler in handlers:
logging.debug("Connecting with handler %s", handler)
context = binding.connect(handler=handler, **self.opts.kwargs)
for path in paths:
body = context.get(path).body.read()
self.assertTrue(isatom(body))
def _create_handler(cls):
script_dir = os.path.dirname(os.path.realpath(__file__))
key_file_location = os.path.join(script_dir, '..', '..', '..', 'certs',
'privkey.pem')
cert_file_location = os.path.join(script_dir, '..', '..', '..',
'certs', 'cert.pem')
key_file_exists = os.path.isfile(key_file_location)
cert_file_exists = os.path.isfile(cert_file_location)
if key_file_exists and cert_file_exists:
logger.debug('action=enable_client_certicates')
else:
key_file_location = cert_file_location = None
if key_file_exists != cert_file_exists:
logger.warn(
'Unable to enable client certificate because the key or the certificate is missing.' \
'certs application folder should contain privkey.pem and cert.pem files')
custom_handler = handler(key_file=key_file_location,
cert_file=cert_file_location)
# we wrap the handler to intercept any SSL exception to give a meaningful message to end user
def handler_wrapper(url, message, **kwargs):
logger.debug('action=sending_request url=%s message=%s kwargs=%s',
url, message, kwargs)
try:
return custom_handler(url, message, **kwargs)
except ssl.SSLError:
message = 'Unable to communicate with Splunkd. ' \
'If you enable requireClientCert please make sure certs folder contains privkey.pem and cert.pem files. ' \
'Also make sure cert.pem has been signed by the root CA used by Splunkd.'
logger.error(message, exc_info=True)
raise ssl.SSLError(message)
return handler_wrapper
def main():
parser = argparse.ArgumentParser(description=(
"Fetch alerts generated by DNS Analytics for Splunk and write them to standard output. "
"This script requires connection with Splunk instance on which alerts are stored. Please provide "
"connection settings in configuration file. Unfold options allows to divide alerts into single "
"threat and returns flattened stream of json objects. By default script will search for alerts "
"in all available indexes but you can narrow search scope to specific index."
))
parser.add_argument("-c", "--config", help="path to configuration file")
args = parser.parse_args()
try:
config = params.create_config(args.config)
params_connection = params.Connection.from_config(config)
params_query = params.Query.from_config(config)
params_output = params.Output.from_config(config)
except Exception as exc:
logging.critical(str(exc))
return
service = client.connect(
scheme=params_connection.scheme,
host=params_connection.host,
port=params_connection.port,
username=params_connection.username,
password=params_connection.password,
)
if params_query.timeout > 0:
service.http = binding.HttpLib(binding.handler(timeout=params_query.timeout))
ag = getter.Getter(service, config, args.config, params_query, params_output)
for alert in ag.run():
print(json.dumps(alert))
def _request_handler(context):
"""
:param context: Http connection context can contain the following
key/values: {
'proxy_hostname': string,
'proxy_port': int,
'proxy_username': string,
'proxy_password': string,
'key_file': string,
'cert_file': string
'pool_connections', int,
'pool_maxsize', int,
}
:type content: dict
"""
try:
import requests
except ImportError:
# FIXME proxy ?
return binding.handler(
key_file=context.get("key_file"), cert_file=context.get("cert_file")
)
try:
requests.urllib3.disable_warnings()
except AttributeError:
pass
proxies = _get_proxy_info(context)
verify = context.get("verify", False)
if context.get("key_file") and context.get("cert_file"):
# cert = ('/path/client.cert', '/path/client.key')
cert = context["key_file"], context["cert_file"]
elif context.get("cert_file"):
cert = context["cert_file"]
else:
cert = None
if context.get("pool_connections", 0):
logging.info("Use HTTP connection pooling")
session = requests.Session()
adapter = requests.adapters.HTTPAdapter(
pool_connections=context.get("pool_connections", 10),
pool_maxsize=context.get("pool_maxsize", 10),
)
session.mount("https://", adapter)
req_func = session.request
else:
req_func = requests.request
def request(url, message, **kwargs):
"""
:param url: URL
:type url: string
:param message: Can contain following key/values: {
'method': 'GET' or 'DELETE', or 'PUT' or 'POST'
'headers': [[key, value], [key, value], ...],
'body': string
}
:type message: dict
"""
body = message.get("body")
headers = {
"User-Agent": "curl",
"Accept": "*/*",
"Connection": "Keep-Alive",
}
if body:
headers["Content-Length"] = str(len(body))
for key, value in message["headers"]:
headers[key] = value
method = message.get("method", "GET")
try:
resp = req_func(
method,
url,
data=body,
headers=headers,
stream=False,
verify=verify,
proxies=proxies,
cert=cert,
**kwargs,
)
except Exception:
logging.error(
"Failed to issue http request=%s to url=%s, error=%s",
method,
url,
traceback.format_exc(),
)
raise
return {
"status": resp.status_code,
"reason": resp.reason,
"headers": dict(resp.headers),
"body": BytesIO(resp.content),
}
return request
def _request_handler(context):
'''
:param context: Http connection context can contain the following
key/values: {
'proxy_hostname': string,
'proxy_port': int,
'proxy_username': string,
'proxy_password': string,
'key_file': string,
'cert_file': string
'pool_connections', int,
'pool_maxsize', int,
}
:type content: dict
'''
try:
import requests
except ImportError:
# FIXME proxy ?
return binding.handler(key_file=context.get('key_file'),
cert_file=context.get('cert_file'))
try:
requests.urllib3.disable_warnings()
except AttributeError:
pass
proxies = _get_proxy_info(context)
verify = context.get('verify', False)
if context.get('key_file') and context.get('cert_file'):
# cert = ('/path/client.cert', '/path/client.key')
cert = context['key_file'], context['cert_file']
elif context.get('cert_file'):
cert = context['cert_file']
else:
cert = None
if context.get('pool_connections', 0):
logging.info('Use HTTP connection pooling')
session = requests.Session()
adapter = requests.adapters.HTTPAdapter(
pool_connections=context.get('pool_connections', 10),
pool_maxsize=context.get('pool_maxsize', 10))
session.mount('https://', adapter)
req_func = session.request
else:
req_func = requests.request
def request(url, message, **kwargs):
'''
:param url: URL
:type url: string
:param message: Can contain following key/values: {
'method': 'GET' or 'DELETE', or 'PUT' or 'POST'
'headers': [[key, value], [key, value], ...],
'body': string
}
:type message: dict
'''
body = message.get('body')
headers = {
'User-Agent': 'curl',
'Accept': '*/*',
'Connection': 'Keep-Alive',
}
if body:
headers['Content-Length'] = str(len(body))
for key, value in message['headers']:
headers[key] = value
method = message.get('method', 'GET')
try:
resp = req_func(method,
url,
data=body,
headers=headers,
stream=False,
verify=verify,
proxies=proxies,
cert=cert,
**kwargs)
except Exception as e:
logging.error(
'Failed to issue http request=%s to url=%s, error=%s', method,
url, traceback.format_exc())
raise
return {
'status': resp.status_code,
'reason': resp.reason,
'headers': dict(resp.headers),
'body': BytesIO(resp.content),
}
return request
import site, sys
import ssl
if hasattr(ssl, '_create_unverified_context'):
ssl._create_default_https_context = ssl._create_unverified_context
site.addsitedir('splunk-sdk-python-1.6.13')
## https://github.com/splunk/splunk-sdk-python/releases
import splunklib.client as client
import splunklib.results as results
import splunklib.binding as binding
## https://github.com/splunk/splunk-sdk-python/tree/master/examples
connectionHandler = binding.handler(timeout=10)
splunk_props = {
"host": "127.0.0.1",
"scheme": "https",
"port": 8089,
"app": "search",
"username": "",
"password": "",
"handler": connectionHandler
}
try:
service = client.connect(**splunk_props)
except Exception as e:
print "Error connecting to the splunk platform : {}".format(str(e))
