def __init__(self, name, configfile, work_directory=None, logfile=None):
CbIntegrationDaemon.__init__(self,
name,
configfile=configfile,
logfile=logfile)
self.validate_config()
self.logfile = logfile
self.log_level = logging.DEBUG if self.bridge_options[
'debug'] is "1" else logging.INFO
self.initialize_logging()
self.cb = CbResponseAPI(
url=self.bridge_options['carbonblack_server_url'],
token=self.bridge_options['carbonblack_server_token'],
ssl_verify=self.bridge_options['carbonblack_server_sslverify'])
self.session = Session()
tls_adapter = CbAPISessionAdapter(force_tls_1_2=True)
self.session.mount("https://", tls_adapter)
self.juniper_apikey = self.get_config_string("juniper_apikey", None)
self.juniper_client = JuniperSkyAtpClient(
session=self.session,
api_token=self.juniper_apikey,
log_level=self.log_level)
self.watchlists = self.bridge_options['watchlists'].split(",")
specs = {
"M": "minutes",
"W": "weeks",
"D": "days",
"S": "seconds",
"H": "hours"
}
time_increment = self.bridge_options.get('time_increment', "5M")
spec = specs[time_increment[-1].upper()]
val = int(time_increment[:-1])
self.TIME_INCREMENT = timedelta(**{spec: val})
def __init__(self, name, **kwargs):
work_directory = kwargs.pop('work_directory', None)
CbIntegrationDaemon.__init__(self, name, **kwargs)
self.cb = None
self.work_queue = None
self.work_directory = work_directory or os.path.join("usr", "share", "cb", "integrations", "%s" % self.name)
self.database_file = os.path.join(self.work_directory, "sqlite.db")
self._queue_initialized = False
self.done = False
self.feed_dirty = Event()
self.feed_url = None
def __init__(self, name, **kwargs):
work_directory = kwargs.pop('work_directory', None)
CbIntegrationDaemon.__init__(self, name, **kwargs)
self.cb = None
self.work_queue = None
self.work_directory = work_directory or os.path.join(
"usr", "share", "cb", "integrations", "%s" % self.name)
self.database_file = os.path.join(self.work_directory, "sqlite.db")
self._queue_initialized = False
self.done = False
self.feed_dirty = Event()
self.feed_url = None
def __init__(self, name, configfile):
CbIntegrationDaemon.__init__(self, name, configfile=configfile)
self.forwarder_options = self.options.get("bridge")
self.debug = False
self.retry_interval = 5
self.max_retry_attempts = 1000
self.retry_attempts = 0
self.capture_events = None
self.channel = None
self.connection = None
self.queue_name = None
self.event_processor = None
self.processor_pool = None
self.testing = False
def __init__(self, name, configfile):
CbIntegrationDaemon.__init__(self, name, configfile=configfile)
self.forwarder_options = self.options.get("bridge")
self.debug = False
self.retry_interval = 5
self.max_retry_attempts = 1000
self.retry_attempts = 0
self.capture_events = None
self.channel = None
self.connection = None
self.queue_name = None
self.event_processor = None
self.processor_pool = None
self.testing = False
self.cb_server_hostname = self.forwarder_options.get("cb_server_hostname", "localhost")
def __init__(self, name, configfile, logfile=None, pidfile=None, debug=False):
CbIntegrationDaemon.__init__(self, name, configfile=configfile, logfile=logfile, pidfile=pidfile, debug=debug)
template_folder = "/usr/share/cb/integrations/carbonblack_threatconnect_bridge/content"
self.flask_feed = cbint.utils.flaskfeed.FlaskFeed(__name__, False, template_folder)
self.bridge_options = {}
self.bridge_auth = {}
self.api_urns = {}
self.validated_config = False
if 'bridge' in self.options:
self.debug = self.options['bridge'].get("debug", 0)
if self.debug:
self.logger.setLevel(logging.DEBUG)
self.cb = None
self.sync_needed = False
self.feed_name = "threatconnectintegration"
self.display_name = "ThreatConnect"
self.feed = {}
self.directory = template_folder
self.cb_image_path = "/carbonblack.png"
self.integration_image_path = "/threatconnect.png"
self.integration_image_small_path = "/threatconnect-small.png"
self.json_feed_path = "/threatconnect/json"
self.feed_lock = threading.RLock()
self.flask_feed.app.add_url_rule(self.cb_image_path, view_func=self.handle_cb_image_request)
self.flask_feed.app.add_url_rule(self.integration_image_path, view_func=self.handle_integration_image_request)
self.flask_feed.app.add_url_rule(self.json_feed_path, view_func=self.handle_json_feed_request, methods=['GET'])
self.flask_feed.app.add_url_rule("/", view_func=self.handle_index_request, methods=['GET'])
self.flask_feed.app.add_url_rule("/feed.html", view_func=self.handle_html_feed_request, methods=['GET'])
self.logger.debug("generating feed metadata")
with self.feed_lock:
self.feed = cbint.utils.feed.generate_feed(
self.feed_name,
summary="Threat intelligence data provided by ThreatConnect to the Carbon Black Community",
tech_data="There are no requirements to share any data to receive this feed.",
provider_url="http://www.threatconnect.com/",
icon_path="%s/%s" % (self.directory, self.integration_image_path),
small_icon_path="%s/%s" % (self.directory, self.integration_image_small_path),
display_name=self.display_name,
category="Partner")
self.last_sync = "No sync performed"
self.last_successful_sync = "No sync performed"
def __init__(self,
name,
configfile,
logfile=None,
pidfile=None,
debug=False):
CbIntegrationDaemon.__init__(self,
name,
configfile=configfile,
logfile=logfile,
pidfile=pidfile,
debug=debug)
template_folder = "/usr/share/cb/integrations/cb-threatconnect-connector/content"
self.flask_feed = cbint.utils.flaskfeed.FlaskFeed(
__name__, False, template_folder)
self.bridge_options = {}
self.bridge_auth = {}
self.api_urns = {}
self.validated_config = False
self.cb = None
self.sync_needed = False
self.feed_name = "threatconnectintegration"
self.display_name = "ThreatConnect"
self.feed = {}
self.directory = template_folder
self.cb_image_path = "/carbonblack.png"
self.integration_image_path = "/threatconnect.png"
self.integration_image_small_path = "/threatconnect-small.png"
self.json_feed_path = "/threatconnect/json"
self.feed_lock = threading.RLock()
self.logfile = logfile
self.flask_feed.app.add_url_rule(
self.cb_image_path, view_func=self.handle_cb_image_request)
self.flask_feed.app.add_url_rule(
self.integration_image_path,
view_func=self.handle_integration_image_request)
self.flask_feed.app.add_url_rule(
self.json_feed_path,
view_func=self.handle_json_feed_request,
methods=['GET'])
self.flask_feed.app.add_url_rule("/",
view_func=self.handle_index_request,
methods=['GET'])
self.flask_feed.app.add_url_rule(
"/feed.html",
view_func=self.handle_html_feed_request,
methods=['GET'])
self.initialize_logging()
logger.debug("generating feed metadata")
with self.feed_lock:
self.feed = cbint.utils.feed.generate_feed(
self.feed_name,
summary=
"Threat intelligence data provided by ThreatConnect to the Carbon Black Community",
tech_data=
"There are no requirements to share any data to receive this feed.",
provider_url="http://www.threatconnect.com/",
icon_path="%s/%s" %
(self.directory, self.integration_image_path),
small_icon_path="%s/%s" %
(self.directory, self.integration_image_small_path),
display_name=self.display_name,
category="Partner")
self.last_sync = "No sync performed"
self.last_successful_sync = "No sync performed"