def execute(event): analysts = {} for analyst, email, txt in [x.split(',') for x in containmentAnalystsEmails.split('|')]: analysts[analyst] = {'email': email, 'txt': txt} perimeterBlock = getUserIn("Request Perimeter Block (Yes/No)") in YES event.setAttribute('perimeter_block', perimeterBlock) if perimeterBlock and (notifyContainmentAnalysts or event._analystUsername not in analysts): selectedAnalysts = getUserMultiChoice('Choose Containment Analysts', 'Analysts', analysts.keys(), numCols=1, default=['All'], allChoice=True) subject = 'CIRTA Perimeter Block' msg = ''' CIRTA ID -- %s Analyst -- %s IP -- %s Host -- %s MAC-- %s''' % (event.cirta_id, event._analystUsername, event.ip_address, event.hostname, event.mac_address) smsFilePath = event._baseFilePath + '.sms' f = open(smsFilePath, 'w') f.write(subject + msg) f.close() subprocess.call(['nano', smsFilePath]) f = open(smsFilePath, 'r') msg = f.read() f.close() printStatusMsg('Final Request', 22, '>', color=colors.HEADER2) print(msg) printStatusMsg('Final Request', 22, '<', color=colors.HEADER2) if getUserIn('Send Request (Yes/No)') in YES: m = MailServer(fromAddr=fromAddr, server=mailServerName) m.sendMail(subject + ' - %s' % event.cirta_id, msg, fromAddr, toAddr=[v['email'] for k,v in analysts.items() if k in selectedAnalysts]) m.sendText(msg, fromAddr, toAddr=[v['txt'] for k,v in analysts.items() if k in selectedAnalysts])
def execute(event): def splitAndStrip(raw): return [x.strip() for x in raw.split(',')] #subject = getUserInWithDef('Subject', '%s %s' % (subjectStart, event.Category.split(',')[0])) event.ir_ticket = getUserIn('IR Ticket') toAddress = splitAndStrip(getUserInWithDef('Recipient(s)', confVars.toAddr)) if confVars.cc: cc = [confVars.cc] else: cc = [] if confVars.bcc: bcc = [confVars.bcc] else: bcc = [] mailServer = MailServer(confVars.fromAddr, toAddress, server=confVars.mailServerName) if event.hostname: subjectAdd = "%s - %s" % (event.hostname, event.description) else: subjectAdd = "%s - %s" % (event.ip_address, event.description) subject = getUserInWithDef('Subject', '%s - %s' % (confVars.subject, subjectAdd)) print('') msg = confVars.header eventStage = splitAndStrip(confVars.eventStage) eventDefaultStage = splitAndStrip(confVars.eventDefaultStage) containmentActions = splitAndStrip( confVars.containmentActions) containmentPreferred = splitAndStrip( confVars.containmentPreferred) containmentAlternative = splitAndStrip( confVars.containmentAlternative) containmentTimeline = splitAndStrip( confVars.containmentTimeline) containmentDefaultTimeline = splitAndStrip( confVars.containmentDefaultTimeline) eradicationActions = splitAndStrip( confVars.eradicationActions) eradicationDefaultActions = splitAndStrip( confVars.eradicationDefaultActions) eradicationTimeline = splitAndStrip( confVars.eradicationTimeline) eradicationDefaultTimeline = splitAndStrip( confVars.eradicationDefaultTimeline) event.eventStage = ', '.join(getUserMultiChoice('Current Event Stage', 'Selection', eventStage, numCols=1, default=eventDefaultStage, allowMultiple=False)) event.containmentPreferred = ', '.join(getUserMultiChoice('Preferred Containment', 'Selection', containmentActions, numCols=2, default=containmentPreferred, allowMultiple=True, other=True)) event.containmentAlternative = ', '.join(getUserMultiChoice('Alternative Containment', 'Selection', containmentActions, numCols=2, default=containmentAlternative, allowMultiple=True, other=True)) event.containmentTimeline = ', '.join(getUserMultiChoice('Containment Timeline', 'Selection', containmentTimeline, numCols=2, default=containmentDefaultTimeline, allowMultiple=False, other=True)) event.eradicationActions = ', '.join(getUserMultiChoice('Mitigation Actions', 'Selection', eradicationActions, numCols=1, default=eradicationDefaultActions, allowMultiple=True, other=True)) event.eradicationTimeline = ', '.join(getUserMultiChoice('Mitigation Timeline', 'Selection', eradicationTimeline, numCols=2, default=eradicationDefaultTimeline, allowMultiple=False, other=True)) msg += 'Incident Response Details\n' msg += '------------------------------------------------\n' msg += 'Response Stage -- %s\n\n' % event.eventStage msg += 'Containment Timeline -- %s\n' % event.containmentTimeline msg += 'Containment Preference -- %s\n\n' % event.containmentPreferred msg += 'Containment Alternatives -- %s\n\n' % event.containmentAlternative msg += 'Mitigation Timeline -- %s\n' % event.eradicationTimeline msg += 'Mitigation Action -- %s\n' % event.eradicationActions emailSections = splitAndStrip(confVars.emailSections) for emailSection in emailSections: sectionAttrs = [attr for attr in event._fifoAttrs.values() if attr.value and attr.verify and attr.emailSection == emailSection] if sectionAttrs: msg += '\n%s\n' % emailSection msg += '------------------------------------------------\n' for attr in sectionAttrs: msg += '%s -- %s\n' % (attr.formalName, attr.value) msg += confVars.footer ticketFilePath = event._baseFilePath + '.ticket' f = open(ticketFilePath, 'w') f.write(msg) f.close() subprocess.call(['nano', ticketFilePath]) f = open(ticketFilePath, 'r') msg = f.read() f.close() printStatusMsg('IR Final Ticket', 22, '>', color=colors.HEADER2) print('Subject: %s\n' % subject) print(msg + '\n') printStatusMsg('IR Final Ticket', 22, '<', color=colors.HEADER2) raw_input(colors.BOLDON + "Hit 'Enter' to continue..." + colors.BOLDOFF) printStatusMsg('Email Final Ticket', 22, '-', color=colors.HEADER2) f = open(ticketFilePath, 'w') f.write(msg) f.close() print('From: %s' % confVars.fromAddr) print('To: %s' % ', '.join(toAddress)) if cc: print('CC: %s' % ', '.join(cc)) if bcc: print('BCC: %s' % ', '.join(bcc)) print('Subject: %s\n' % subject) print(msg + '\n') if getUserIn('Send Email?') in YES: if not event._testing: mailServer.sendMail(subject, msg, ccAddr=cc, bccAddr=bcc, prior=priority)