def test_taxii(self): """ Objective: Test if we can transmit data to MITRE's TAXII test server. Note: This actually also tests the StixTransformer since the event is parsed by the transformer before transmission. """ config = ConfigParser() config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg') config.read(config_file) config.set('taxii', 'enabled', True) test_event = { 'remote': ('127.0.0.1', 54872), 'data_type': 's7comm', 'timestamp': datetime.now(), 'session_id': '101d9884-b695-4d8b-bf24-343c7dda1b68', 'data': { 0: { 'request': 'who are you', 'response': 'mr. blue' }, 1: { 'request': 'give me apples', 'response': 'no way' } } } taxiiLogger = TaxiiLogger(config) taxii_result = taxiiLogger.log(test_event) # TaxiiLogger returns false if the message could not be delivered self.assertTrue(taxii_result)
def __init__(self, config, log_queue, public_ip): self.log_queue = log_queue self.sqlite_logger = None self.friends_feeder = None self.syslog_client = None self.public_ip = public_ip self.taxii_logger = None if config.getboolean('sqlite', 'enabled'): self.sqlite_logger = SQLiteLogger() if config.getboolean('hpfriends', 'enabled'): host = config.get('hpfriends', 'host') port = config.getint('hpfriends', 'port') ident = config.get('hpfriends', 'ident') secret = config.get('hpfriends', 'secret') channels = eval(config.get('hpfriends', 'channels')) try: self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels) except Exception as e: logger.exception(e.message) self.friends_feeder = None if config.getboolean('syslog', 'enabled'): host = config.get('syslog', 'host') port = config.getint('syslog', 'port') facility = config.get('syslog', 'facility') logdevice = config.get('syslog', 'device') logsocket = config.get('syslog', 'socket') self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket) if config.getboolean('taxii', 'enabled'): # TODO: support for certificates self.taxii_logger = TaxiiLogger(config) self.enabled = True