def load_decoders_from_file(decoder_file, decoder_path, decoder_status): try: decoders = list() position = 0 root = load_wazuh_xml(os.path.join(common.wazuh_path, decoder_path, decoder_file)) for xml_decoder in list(root): # New decoder if xml_decoder.tag.lower() == "decoder": decoder = {'filename': decoder_file, 'relative_dirname': decoder_path, 'status': decoder_status, 'name': xml_decoder.attrib['name'], 'position': position, 'details': dict()} position += 1 for k in xml_decoder.attrib: if k != 'name': decoder['details'][k] = xml_decoder.attrib[k] for xml_decoder_tags in list(xml_decoder): tag = xml_decoder_tags.tag.lower() value = xml_decoder_tags.text attribs = xml_decoder_tags.attrib if tag in DYNAMIC_OPTIONS: add_dynamic_detail(tag, value, attribs, decoder['details']) else: decoder['details'][tag] = value decoders.append(decoder) except OSError: raise WazuhError(1502, extra_message=os.path.join('WAZUH_HOME', decoder_path, decoder_file)) except Exception: raise WazuhInternalError(1501, extra_message=os.path.join('WAZUH_HOME', decoder_path, decoder_file)) return decoders
def load_rules_from_file(rule_filename, rule_relative_path, rule_status): try: rules = list() root = load_wazuh_xml( os.path.join(common.wazuh_path, rule_relative_path, rule_filename)) for xml_group in list(root): if xml_group.tag.lower() == "group": general_groups = xml_group.attrib['name'].split(',') for xml_rule in list(xml_group): # New rule if xml_rule.tag.lower() == "rule": groups = list() rule = { 'filename': rule_filename, 'relative_dirname': rule_relative_path, 'id': int(xml_rule.attrib['id']), 'level': int(xml_rule.attrib['level']), 'status': rule_status, 'details': dict(), 'pci_dss': list(), 'gpg13': list(), 'gdpr': list(), 'hipaa': list(), 'nist_800_53': list(), 'tsc': list(), 'mitre': list(), 'groups': list(), 'description': '' } for k in xml_rule.attrib: if k != 'id' and k != 'level': rule['details'][k] = xml_rule.attrib[k] for xml_rule_tags in list(xml_rule): tag = xml_rule_tags.tag.lower() value = xml_rule_tags.text attribs = xml_rule_tags.attrib if value is None: value = '' if tag == "group": groups.extend(value.split(",")) elif tag == "mitre": for mitre_id in list(xml_rule_tags): groups.append(f'mitre_{mitre_id.text}') elif tag == "description": rule['description'] += value elif tag in ("list", "info"): list_detail = {'name': value} for attrib, attrib_value in attribs.items(): list_detail[attrib] = attrib_value add_detail(tag, list_detail, rule['details']) # show rule variables elif tag in DYNAMIC_OPTIONS: if value != '' and value[0] == '$': for variable in filter( lambda x: x.get('name') == value[1: ], root.findall('var')): value = variable.text if tag == 'field': tag = xml_rule_tags.attrib.pop('name') add_dynamic_detail(tag, value, attribs, rule['details']) else: add_detail(tag, value, rule['details']) # Set groups set_groups(groups=groups, general_groups=general_groups, rule=rule) rules.append(rule) except OSError as e: if e.errno == 2: raise WazuhError(1201) elif e.errno == 13: raise WazuhError(1207) else: raise e return rules