def __init__(self): Responder.__init__(self) self.ct_server = self.get_param('config.ct_server', '127.0.0.1') self.ct_port = self.get_param('config.ct_port', '9443') self.ct_username = self.get_param('config.ct_username', None, 'Missing investigation username') self.ct_password = self.get_param( 'config.ct_password', None, 'Missing investigation user password') self.ct_upload_hash = self.get_param('config.ct_upload_hash', True) self.ct_upload_file = self.get_param('config.ct_upload_file', False) self.__req_headers = { 'Content-Type': 'application/json', 'restApiKey': self.get_param('config.ct_api_key', None, 'Missing CyberTriage API Key') } self.__verify_server_cert = False self.ct_sid = None
def __init__(self): Responder.__init__(self) self.wazuh_manager = self.get_param('config.wazuh_manager', None, 'https://localhost:55000') self.wazuh_user = self.get_param('config.wazuh_user', None, 'Username missing!') self.wazuh_password = self.get_param('config.wazuh_password', None, 'Password missing!') self.wazuh_agent_id = self.get_param( 'data.case.customFields.wazuh_agent_id.string', None, "Agent ID Missing!") self.wazuh_alert_id = self.get_param( 'data.case.customFields.wazuh_alert_id.string', None, " Missing!") self.wazuh_rule_id = self.get_param( 'data.case.customFields.wazuh_rule_id.string', None, "Agent ID Missing!") self.observable = self.get_param('data.data', None, "Data is empty") self.observable_type = self.get_param('data.dataType', None, "Data type is empty")
def __init__(self): Responder.__init__(self) self.remote = self.get_param('config.remote', None, 'Missing CIF remote') self.token = self.get_param('config.token', None, 'Missing CIF token') self.d_confidence = self.get_param('config.confidence') self.verify_ssl = self.get_param('config.verify_ssl') self.group = self.get_param('config.group') self.custom_tlp_map = self.get_param('config.tlp_map') self.TLP_MAP = { "0": 'WHITE', "1": 'GREEN', "2": 'AMBER', "3": 'RED' } # load in custom tlp map if self.custom_tlp_map and self.custom_tlp_map != '': try: self.TLP_MAP.update(json.loads(self.custom_tlp_map)) except Exception as e: self.error("Error loading tlp map: {}".format(e))
def __init__(self): Responder.__init__(self) self.minemeld_url = self.get_param('config.minemeld_url', None, 'URL missing!') self.minemeld_user = self.get_param('config.minemeld_user', None, 'Username missing!') self.minemeld_password = self.get_param('config.minemeld_password', None, 'Password missing!') self.minemeld_indicator_list = self.get_param( 'config.minemeld_indicator_list', None, "List missing!") self.minemeld_share_level = self.get_param( 'config.minemeld_share_level', None, "Share level missing!") self.minemeld_confidence = self.get_param('config.minemeld_confidence', None, "Confidence level missing!") self.minemeld_ttl = self.get_param('config.minemeld_ttl', None, "TTL missing!") self.observable_type = self.get_param('data.dataType', None, "Data type is empty") self.observable_description = self.get_param('data.message', None, "Message is empty") self.observable = self.get_param('data.data', None, "Data is empty")
def __init__(self): Responder.__init__(self) self.instance_name = self.get_param('config.instance_name', 'redmine') self.instance_url = self.get_param('config.url', None, 'Missing Redmine URL') self.client = redmine_client.RedmineClient( baseurl=self.instance_url, username=self.get_param('config.username', None, 'Missing username'), password=self.get_param('config.password', None, 'Missing password')) self.project_field = self.get_param( 'config.project_field', None, 'Missing custom field for Redmine project') self.tracker_field = self.get_param( 'config.tracker_field', None, 'Missing custom field for Redmine tracker') self.assignee_field = self.get_param( 'config.assignee_field', None, 'Missing custom field for Redmine assignee') self.reference_field = self.get_param('config.reference_field', None) self.closing_task = self.get_param('config.closing_task', False)
def __init__(self): Responder.__init__(self) # Mail settings self.smtp_host = self.get_param("config.smtp_host", "localhost") self.smtp_port = self.get_param("config.smtp_port", "25") self.mail_from = self.get_param("config.from", None, "Missing sender email address") self.smtp_user = self.get_param("config.smtp_user", "user", None) self.smtp_pwd = self.get_param("config.smtp_pwd", "pwd", None) # TheHive4py settings self.thehive_url = self.get_param("config.thehive_url", None, "TheHive URL missing!") self.thehive_apikey = self.get_param("config.thehive_apikey", None, "TheHive API key missing!") self.tlp_green_mail_domains = self.get_param( "config.tlp_green_mail_domains", None, "Error reading tlp_green_mail_domains", ) self.tlp_amber_mail_addresses = self.get_param( "config.tlp_amber_mail_addresses", None, "Error reading tlp_amber_mail_addresses", )
def __init__(self): Responder.__init__(self) self.API_hostname = self.get_param('config.API_hostname', None, "API hostname is missing") self.iKey = self.get_param('config.Integration_Key', None, "Integration Key is missing") self.sKey = self.get_param('config.Secret_Key', None, "Secret Key is missing")
def __init__(self): Responder.__init__(self) self.smtp_host = self.get_param('config.smtp_host', 'localhost') self.smtp_port = self.get_param('config.smtp_port', '25') self.mail_from = self.get_param('config.from', None, 'Missing sender email address')
def __init__(self): Responder.__init__(self) self.smtp_host = self.get_param( 'config.smtp_host', 'localhost') self.mail_from = self.get_param( 'config.from', None, 'Missing sender email address')
def __init__(self): Responder.__init__(self) self.QRadar_URL = self.get_param('config.QRadar_Url', None, "QRadar URL is Missing") self.QRadar_API_Key = self.get_param('config.QRadar_API_Key', None, "QRadar API Key is Missing") self.Offense_Id = self.get_param('data.customFields.externalReferences', None, "QRadar Offense ID is Missing") self.Cert_Path = self.get_param('config.Cert_Path')
def __init__(self): Responder.__init__(self) self.api_key = self.get_param('config.api_key', 'CHANGE_ME') self.from_email = self.get_param('config.from', None, 'Missing sender email address')
def __init__(self): Responder.__init__(self) self.integration_url = self.get_param('config.integration_url', None, "Integration URL Missing")
def __init__(self): Responder.__init__(self) self.checkpoint_apikey = self.get_param('config.checkpoint_apikey', None, "Checkpoint API key missing!") self.server_ip = self.get_param('config.server_ip', None, "Checkpoint Server IP missing!") self.rule_name = self.get_param('config.rule_name', None, "Rule Name missing!")
def __init__(self): Responder.__init__(self) self.api_key = self.get_param("config.api_key", "") self.url = self.get_param("config.url", "") self.workflow_id = self.get_param("config.workflow_id", "") self.verify = self.get_param('config.verifyssl', True, None)
def __init__(self): Responder.__init__(self) self.slack_webhook = self.get_param('config.slack_webhook', None, "webhook missing")
def __init__(self): Responder.__init__(self) self.hosts = self.get_param('config.hosts', 'localhost') self.wdir = os.getcwd() + '/Scanner'
def __init__(self): Responder.__init__(self) self.account_username = self.get_param('config.account_username', None, "Service account username missing") self.account_password = self.get_param('config.account_password', None, "Service account password missing") self.account_region = self.get_param('config.account_region', None, "Service account region missing")
def __init__(self): Responder.__init__(self) self.User = self.get_param('config.User', '') self.Token_Telegram = self.get_param('config.Token_Telegram', '')
def __init__(self): Responder.__init__(self)
def __init__(self): Responder.__init__(self) self.username = self.get_param('config.username', None, "Checkpoint username missing!") self.password = self.get_param('config.password', None, "Checkpoint password missing!") self.host_ip = self.get_param('config.host_ip', None, "Host IP missing!")
def __init__(self): Responder.__init__(self) self.api_key = self.get_param("config.api_key", "") self.url = self.get_param("config.url", "") self.workflow_id = self.get_param("config.workflow_id", "")