def test_taxii(self): """ Objective: Test if we can transmit data to MITRE's TAXII test server. Note: This actually also tests the StixTransformer since the event is parsed by the transformer before transmission. """ config = ConfigParser() config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg') config.read(config_file) config.set('taxii', 'enabled', True) test_event = { 'remote': ('127.0.0.1', 54872), 'data_type': 's7comm', 'timestamp': datetime.now(), 'session_id': '101d9884-b695-4d8b-bf24-343c7dda1b68', 'data': { 0: { 'request': 'who are you', 'response': 'mr. blue' }, 1: { 'request': 'give me apples', 'response': 'no way' } } } dom = etree.parse('conpot/templates/default.xml') taxiiLogger = TaxiiLogger(config, dom) taxii_result = taxiiLogger.log(test_event) # TaxiiLogger returns false if the message could not be delivered self.assertTrue(taxii_result)
def test_taxii(self): """ Objective: Test if we can transmit data to MITRE's TAXII test server. Note: This actually also tests the StixTransformer since the event is parsed by the transformer before transmission. """ config = ConfigParser() config_file = os.path.join(os.path.dirname(__file__), "../conpot.cfg") config.read(config_file) config.set("taxii", "enabled", True) test_event = { "remote": ("127.0.0.1", 54872), "data_type": "s7comm", "timestamp": datetime.now(), "public_ip": "111.222.111.222", "session_id": str(uuid.uuid4()), "data": { 0: { "request": "who are you", "response": "mr. blue" }, 1: { "request": "give me apples", "response": "no way" }, }, } dom = etree.parse("conpot/templates/default/template.xml") taxiiLogger = TaxiiLogger(config, dom) taxii_result = taxiiLogger.log(test_event) # TaxiiLogger returns false if the message could not be delivered self.assertTrue(taxii_result)
def __init__(self, config, dom, session_manager, public_ip): self.config = config self.log_queue = session_manager.log_queue self.session_manager = session_manager self.sqlite_logger = None # self.mysql_logger = None self.json_logger = None self.friends_feeder = None self.syslog_client = None self.public_ip = public_ip self.taxii_logger = None if config.getboolean('sqlite', 'enabled'): self.sqlite_logger = SQLiteLogger() # if config.getboolean('mysql', 'enabled'): # host = config.get('mysql', 'host') # port = config.getint('mysql', 'port') # db = config.get('mysql', 'db') # username = config.get('mysql', 'username') # passphrase = config.get('mysql', 'passphrase') # logdevice = config.get('mysql', 'device') # logsocket = config.get('mysql', 'socket') # sensorid = config.get('common', 'sensorid') # self.mysql_logger = MySQLlogger(host, port, db, username, passphrase, logdevice, logsocket, sensorid) if config.getboolean('json', 'enabled'): todaydate = datetime.now() todaystr = todaydate.strftime('%Y-%m-%d') filename = config.get('json', 'filename') + '.' + todaystr sensorid = config.get('common', 'sensorid') self.json_logger = JsonLogger(filename, sensorid, public_ip) if config.getboolean('hpfriends', 'enabled'): host = config.get('hpfriends', 'host') port = config.getint('hpfriends', 'port') ident = config.get('hpfriends', 'ident') secret = config.get('hpfriends', 'secret') channels = eval(config.get('hpfriends', 'channels')) try: self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels) except Exception as e: logger.exception(e.message) self.friends_feeder = None if config.getboolean('syslog', 'enabled'): host = config.get('syslog', 'host') port = config.getint('syslog', 'port') facility = config.get('syslog', 'facility') logdevice = config.get('syslog', 'device') logsocket = config.get('syslog', 'socket') self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket) if config.getboolean('taxii', 'enabled'): # TODO: support for certificates self.taxii_logger = TaxiiLogger(config, dom) self.enabled = True
def __init__(self, config, dom, session_manager, public_ip): self.config = config self.log_queue = session_manager.log_queue self.session_manager = session_manager self.sqlite_logger = None # self.mysql_logger = None self.json_logger = None self.friends_feeder = None self.syslog_client = None self.public_ip = public_ip self.taxii_logger = None if config.getboolean("sqlite", "enabled"): self.sqlite_logger = SQLiteLogger() # if config.getboolean('mysql', 'enabled'): # host = config.get('mysql', 'host') # port = config.getint('mysql', 'port') # db = config.get('mysql', 'db') # username = config.get('mysql', 'username') # passphrase = config.get('mysql', 'passphrase') # logdevice = config.get('mysql', 'device') # logsocket = config.get('mysql', 'socket') # sensorid = config.get('common', 'sensorid') # self.mysql_logger = MySQLlogger(host, port, db, username, passphrase, logdevice, logsocket, sensorid) if config.getboolean("json", "enabled"): filename = config.get("json", "filename") sensorid = config.get("common", "sensorid") self.json_logger = JsonLogger(filename, sensorid, public_ip) if config.getboolean("hpfriends", "enabled"): host = config.get("hpfriends", "host") port = config.getint("hpfriends", "port") ident = config.get("hpfriends", "ident") secret = config.get("hpfriends", "secret") channels = eval(config.get("hpfriends", "channels")) try: self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels) except Exception as e: logger.exception(e) self.friends_feeder = None if config.getboolean("syslog", "enabled"): host = config.get("syslog", "host") port = config.getint("syslog", "port") facility = config.get("syslog", "facility") logdevice = config.get("syslog", "device") logsocket = config.get("syslog", "socket") self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket) if config.getboolean("taxii", "enabled"): # TODO: support for certificates self.taxii_logger = TaxiiLogger(config, dom) self.enabled = True
def __init__(self, config, dom, session_manager, public_ip): self.config = config self.log_queue = session_manager.log_queue self.session_manager = session_manager self.sqlite_logger = None self.friends_feeder = None self.syslog_client = None self.public_ip = public_ip self.taxii_logger = None if config.getboolean('sqlite', 'enabled'): self.sqlite_logger = SQLiteLogger() if config.getboolean('hpfriends', 'enabled'): host = config.get('hpfriends', 'host') port = config.getint('hpfriends', 'port') ident = config.get('hpfriends', 'ident') secret = config.get('hpfriends', 'secret') channels = eval(config.get('hpfriends', 'channels')) try: self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels) except Exception as e: logger.exception(e.message) self.friends_feeder = None if config.getboolean('syslog', 'enabled'): host = config.get('syslog', 'host') port = config.getint('syslog', 'port') facility = config.get('syslog', 'facility') logdevice = config.get('syslog', 'device') logsocket = config.get('syslog', 'socket') self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket) if config.getboolean('taxii', 'enabled'): # TODO: support for certificates self.taxii_logger = TaxiiLogger(config, dom) self.enabled = True
def __init__(self, config, dom, session_manager, public_ip): self.config = config self.log_queue = session_manager.log_queue self.session_manager = session_manager self.sqlite_logger = None # self.mysql_logger = None self.json_logger = None self.friends_feeder = None self.syslog_client = None self.public_ip = public_ip self.taxii_logger = None if config.getboolean('sqlite', 'enabled'): self.sqlite_logger = SQLiteLogger() if config.getboolean('json', 'enabled'): filename = config.get('json', 'filename') sensorid = config.get('common', 'sensorid') self.json_logger = JsonLogger(filename, sensorid, public_ip) if config.getboolean('hpfriends', 'enabled'): host = config.get('hpfriends', 'host') port = config.getint('hpfriends', 'port') ident = config.get('hpfriends', 'ident') secret = config.get('hpfriends', 'secret') channels = eval(config.get('hpfriends', 'channels')) if config.get('hpfriends', 'reported_ip'): self.reported_ip = config.get('hpfriends', 'reported_ip') if self.reported_ip == 'UNSET_REPORTED_IP': self.reported_ip = None try: self.tags = [ tag.strip() for tag in config.get('hpfriends', 'tags').split(',') ] except Exception as e: logger.exception(e.message) self.tags = [] try: self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels) except Exception as e: logger.exception(e.message) self.friends_feeder = None if config.getboolean('syslog', 'enabled'): host = config.get('syslog', 'host') port = config.getint('syslog', 'port') facility = config.get('syslog', 'facility') logdevice = config.get('syslog', 'device') logsocket = config.get('syslog', 'socket') self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket) if config.getboolean('taxii', 'enabled'): # TODO: support for certificates self.taxii_logger = TaxiiLogger(config, dom) self.enabled = True