def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile)
# options for your custom/internal ip blocking service
# mozilla's is called banhammer
# and uses an intermediary mysql DB
# here we set credentials
self.options.banhammerdbhost = getConfig(
'banhammerdbhost',
'localhost',
self.configfile)
self.options.banhammerdbuser = getConfig(
'banhammerdbuser',
'auser',
self.configfile)
self.options.banhammerdbpasswd = getConfig(
'banhammerdbpasswd',
'',
self.configfile)
self.options.banhammerdbdb = getConfig(
'banhammerdbdb',
'banhammer',
self.configfile)
def parse_config(self, config_filename, config_keys):
myparser = OptionParser()
self.config = None
(self.config, args) = myparser.parse_args([])
for config_key in config_keys:
temp_value = getConfig(config_key, "", config_filename)
setattr(self.config, config_key, temp_value)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.serviceKey = getConfig('serviceKey', 'APIKEYHERE', self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# example: set a default time zone for when it's not specified
self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# cymon options
self.options.cymonapikey = getConfig('cymonapikey',
'',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# options
# comma separated list of usernames to exclude
# from the data
self.options.ignoreusernames = getConfig('ignoreusernames',
'',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.serviceKey = getConfig('serviceKey', 'APIKEYHERE', self.configfile)
self.options.keywords = getConfig('keywords', 'KEYWORDS', self.configfile)
self.options.clienturl = getConfig('clienturl', 'CLIENTURL', self.configfile)
try:
self.options.docs = json.loads(getConfig('docs', {}, self.configfile))
except:
self.options.docs = {}
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile)
# threat exchange options
self.options.appid = getConfig('appid',
'',
self.configfile)
self.options.appsecret=getConfig('appsecret',
'',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
# change this to your default zone for when it's not specified
self.options.defaultTimeZone = getConfig('defaulttimezone', 'US/Pacific', self.configfile)
# boto options
self.options.region = getConfig('region',
'us-west-2',
self.configfile)
self.options.aws_access_key_id=getConfig('aws_access_key_id',
'',
self.configfile)
self.options.aws_secret_access_key=getConfig('aws_secret_access_key',
'',
self.configfile)
self.options.aws_queue_name=getConfig('aws_queue_name',
'',
self.configfile)
def initConfiguration(self):
myparser = OptionParser()
# setup self.options by sending empty list [] to parse_args
(self.options, args) = myparser.parse_args([])
# fill self.options with plugin-specific options
self.options.mongohost = getConfig(
'mongohost',
'localhost',
self.configfile)
self.options.mongoport = getConfig(
'mongoport',
3001,
self.configfile)
# FQDN whitelist as a comma separted list of example.com or foo.bar.com style names
self.options.fqdn_whitelist_file = getConfig('fqdn_whitelist_file', '/dev/null', self.configfile)
# optional statuspage.io integration
self.options.statuspage_api_key = getConfig(
'statuspage_api_key',
'',
self.configfile)
self.options.statuspage_page_id = getConfig(
'statuspage_page_id',
'',
self.configfile)
self.options.statuspage_url = 'https://api.statuspage.io/v1/pages/{0}/incidents.json'.format(
self.options.statuspage_page_id)
self.options.statuspage_component_id = getConfig(
'statuspage_component_id',
'',
self.configfile)
self.options.statuspage_sub_component_id = getConfig(
'statuspage_sub_component_id',
'',
self.configfile)
# queue topic
options.alerttopic = get_config(
'alerttopic',
'mozdef.*',
options.configfile)
# how many messages to ask for at once
options.prefetch = get_config('prefetch', 50, options.configfile)
options.mq_alert_server = get_config('mqalertserver', 'localhost', options.configfile)
options.mq_user = get_config('mquser', 'guest', options.configfile)
options.mq_password = get_config('mqpassword', 'guest', options.configfile)
options.mq_port = get_config('mqport', 5672, options.configfile)
# mqack=True sets persistant delivery, False sets transient delivery
options.mq_ack = get_config('mqack', True, options.configfile)
if __name__ == "__main__":
parser = OptionParser()
parser.add_option(
"-c", dest='configfile',
default=sys.argv[0].replace('.py', '.conf'),
help="configuration file to use")
(options, args) = parser.parse_args()
init_config()
bot = SlackBot(options.slack_token, options.channels, options.name)
monitor_alerts_thread = Thread(target=consume_alerts, args=[bot])
monitor_alerts_thread.daemon = True
monitor_alerts_thread.start()
bot.run()
# syslog hostname
options.sysloghostname = getConfig('sysloghostname', 'localhost',
options.configfile)
options.syslogport = getConfig('syslogport', 514, options.configfile)
options.esservers = list(
getConfig('esservers', 'http://localhost:9200',
options.configfile).split(','))
options.indices = list(
getConfig('backup_indices', 'events,alerts,.kibana',
options.configfile).split(','))
options.dobackup = list(
getConfig('backup_dobackup', '1,1,1', options.configfile).split(','))
options.rotation = list(
getConfig('backup_rotation', 'daily,monthly,none',
options.configfile).split(','))
options.pruning = list(
getConfig('backup_pruning', '20,0,0', options.configfile).split(','))
options.aws_bucket = getConfig('aws_bucket', '', options.configfile)
if __name__ == '__main__':
parser = OptionParser()
defaultconfigfile = sys.argv[0].replace('.py', '.conf')
parser.add_option("-c",
dest='configfile',
default=defaultconfigfile,
help="configuration file to use")
(options, args) = parser.parse_args()
initConfig()
main()
def initConfiguration(self):
myparser = OptionParser()
(self.config, args) = myparser.parse_args([])
self.config.hostfilter = getConfig('hostfilter', '', self.config_file)
self.config.user = getConfig('user', '', self.config_file)
self.config.skiphosts = getConfig('skiphosts', '', self.config_file).split()
def initConfiguration(self):
myparser = OptionParser()
(self.config, args) = myparser.parse_args([])
self.config.hostfilter = getConfig('hostfilter', '', self.config_file)
self.config.user = getConfig('user', '', self.config_file)
self.config.skiphosts = getConfig('skiphosts', '', self.config_file).split()
