コード例 #1
0
from __future__ import absolute_import

import threatingestor.artifacts
from threatingestor.operators import Operator
from threatingestor.exceptions import DependencyError

try:
    import pymisp
except ImportError:
    raise DependencyError(
        "Dependency PyMISP required for MISP operator is not installed")


class Plugin(Operator):
    """Operator for MISP."""
    def __init__(self,
                 url,
                 key,
                 ssl=True,
                 tags=None,
                 artifact_types=None,
                 filter_string=None,
                 allowed_sources=None):
        """MISP operator."""
        self.api = pymisp.ExpandedPyMISP(url, key, ssl)
        if tags:
            self.tags = tags
        else:
            self.tags = ['type:OSINT']
        self.event_info = 'ThreatIngestor Event: {source_name}'
コード例 #2
0
ファイル: git.py プロジェクト: horialex/threatingestor 
import os
import io
import subprocess

from loguru import logger

from threatingestor.sources import Source
from threatingestor.exceptions import DependencyError

try:
    subprocess.check_output('git')
except FileNotFoundError:
    raise DependencyError(
        "System dependency Git required for Git source is not installed")
except subprocess.CalledProcessError:
    # Non-zero exit codes are fine.
    pass

YARA_FILE_EXTS = [
    '.rule',
    '.yar',
    '.yara',
    '.rules',
]


class Plugin(Source):
    def __init__(self, name, url, local_path):
        self.name = name
        self.url = url
        self.local_path = local_path
コード例 #3
0
ファイル: sqs.py プロジェクト: reanimat0r/ThreatIngestor 
import json

import requests

from threatingestor.exceptions import DependencyError
from threatingestor.sources import Source

try:
    import boto3
except ImportError:
    raise DependencyError(
        "Dependency boto3 required for SQS operator is not installed")


class Plugin(Source):
    """Source for Amazon SQS"""
    def __init__(self, name, aws_access_key_id, aws_secret_access_key,
                 aws_region, queue_name):
        """SQS source"""
        self.name = name
        self.sqs = boto3.client('sqs',
                                region_name=aws_region,
                                aws_access_key_id=aws_access_key_id,
                                aws_secret_access_key=aws_secret_access_key)
        self.queue = self.sqs.get_queue_by_name(QueueName=queue_name)

    def run(self, saved_state):

        artifact_list = []
        for message in self.queue.receive_messages():
            # Process a link.
コード例 #4
0
from __future__ import absolute_import


import threatingestor.artifacts
from threatingestor.operators import Operator
from threatingestor.exceptions import DependencyError


try:
    import threatkb
except ImportError:
    raise DependencyError("Dependency threatkb required for ThreatKB operator is not installed")


class Plugin(Operator):
    """Operator for InQuest ThreatKB."""
    def __init__(self, url, token, secret_key, state, artifact_types=None, filter_string=None, allowed_sources=None, use_https=False):
        """ThreatKB operator."""
        self.state = state
        self.api = threatkb.ThreatKB(url, token, secret_key, use_https=use_https)

        super(Plugin, self).__init__(artifact_types, filter_string, allowed_sources)
        self.artifact_types = artifact_types or [
            threatingestor.artifacts.Domain,
            threatingestor.artifacts.IPAddress,
            threatingestor.artifacts.YARASignature,
        ]


    def handle_artifact(self, artifact):
        """Operate on a single artifact."""
コード例 #5
0
ファイル: beanstalk.py プロジェクト: horialex/threatingestor 
import json

from threatingestor.exceptions import DependencyError
import threatingestor.artifacts
from threatingestor.operators import abstract_json

try:
    import greenstalk
except ImportError:
    raise DependencyError(
        "Dependency greenstalk required for Beanstalk operator is not installed"
    )


class Plugin(abstract_json.AbstractPlugin):
    """Operator for Beanstalk work queue."""
    def __init__(self,
                 host,
                 port,
                 queue_name,
                 artifact_types=None,
                 filter_string=None,
                 allowed_sources=None,
                 **kwargs):
        """Beanstalk operator."""
        self.queue = greenstalk.Client(host, port, use=queue_name)

        super(Plugin, self).__init__(artifact_types=artifact_types,
                                     filter_string=filter_string,
                                     allowed_sources=allowed_sources,
                                     **kwargs)
コード例 #6
0
import threatingestor.artifacts
from threatingestor.operators import Operator
from threatingestor.exceptions import DependencyError

try:
    import pymysql
except ImportError:
    raise DependencyError(
        "Dependency pymysql required for MySQL operator is not installed")


class Plugin(Operator):
    """Operator for MySQL."""
    def __init__(self,
                 host,
                 database,
                 table,
                 user=None,
                 password='',
                 port=3306,
                 artifact_types=None,
                 filter_string=None,
                 allowed_sources=None):
        """MySQL operator."""
        super(Plugin, self).__init__(artifact_types, filter_string,
                                     allowed_sources)
        self.artifact_types = artifact_types or [
            threatingestor.artifacts.Domain,
            threatingestor.artifacts.Hash,
            threatingestor.artifacts.IPAddress,
            threatingestor.artifacts.URL,