def users(): """ Route for users page """ if 'username' not in session: abort(401) if session['secret'] == "token": sigsci = sigsciapi.SigSciApi(email=session['username'], api_token=session['password']) else: sigsci = sigsciapi.SigSciApi(email=session['username'], password=session['password']) sigsci.corp = session['corp'] corp_users = sigsci.get_corp_users() if 'message' in corp_users: abort(401) javascript = 'get_corp_users("' + sigsci.corp + '");' return render_template('users.html', javascript=javascript, corp_users=corp_users)
def deploy_power_rules(): """ Deploy power rules to site """ if 'username' not in session: abort(401) target_site = request.args.get('target', None) rulepack = request.args.get('rulepack', None) if session['secret'] == "token": sigsci = sigsciapi.SigSciApi(email=session['username'], api_token=session['password']) else: sigsci = sigsciapi.SigSciApi(email=session['username'], password=session['password']) sigsci.corp = session['corp'] sigsci.site = target_site powerrulepack = powerrules.PowerRules() response = powerrulepack.deploy_rule_pack(sigsci, rulepack, True) if 'message' in response: abort(401) return jsonify(response)
def site(): """ Route for site page """ if 'username' not in session: abort(401) name = request.args.get('name', None) display_name = '' if session['secret'] == "token": sigsci = sigsciapi.SigSciApi(email=session['username'], api_token=session['password']) else: sigsci = sigsciapi.SigSciApi(email=session['username'], password=session['password']) sigsci.corp = session['corp'] corp_site = sigsci.get_corp_site(name) if 'message' in corp_site: abort(401) display_name = corp_site['displayName'] session['site'] = corp_site['name'] #$(document).ready(function() {{$("#copy_to_these_sites").multiselect();}}); javascript = 'get_request_rules("{}", "{}");'.format(session['corp'], name) javascript += 'get_sites_dropdown_html("{}");'.format(name) return render_template('site.html', javascript=javascript, display_name=display_name)
def login(): """ Route for login """ email = request.form.get('email', None) secret = request.form.get('secret', None) password = request.form.get('password', None) session['secret'] = secret if secret == "token": sigsci = sigsciapi.SigSciApi(email=email, api_token=password) else: sigsci = sigsciapi.SigSciApi(email=email, password=password) if 'token' not in sigsci.bearer_token: abort(401) corps = sigsci.get_corps() if 'message' in corps: abort(403) sigsci.corp = corps['data'][0]['name'] user = sigsci.get_corp_user(email) if 'message' in user: abort(403) session['username'] = email session['password'] = password session['corp'] = sigsci.corp session['name'] = user['name'] session['role'] = user['role'] return redirect(url_for('default'))
def site(): """ Route for site page """ if 'username' not in session: abort(401) name = request.args.get('name', None) display_name = '' sigsci = sigsciapi.SigSciApi(session['username'], session['password']) sigsci.corp = session['corp'] if 'token' in sigsci.token: corp_site = sigsci.get_corp_site(name) else: abort(401) display_name = corp_site['displayName'] session['site'] = corp_site['name'] javascript = 'get_request_rules("{}", "{}");'.format(session['corp'], name) return render_template('site.html', javascript=javascript, display_name=display_name)
def login(): """ Route for login """ email = request.form.get('email', None) password = request.form.get('password', None) sigsci = sigsciapi.SigSciApi(email, password) result = "False" if 'token' in sigsci.token: result = "True" sigsci.corp = sigsci.get_corps()['data'][0]['name'] user = sigsci.get_corp_user(email) if 'message' in user: abort(403) else: session['username'] = email session['password'] = password session['corp'] = sigsci.corp session['name'] = user['name'] session['role'] = user['role'] return redirect(url_for('default')) return render_template('index.html', result=result)
def get_corp_users(): """ Return list of corp users from SigSci API. """ if 'username' not in session: abort(401) if session['secret'] == "token": sigsci = sigsciapi.SigSciApi(email=session['username'], api_token=session['password']) else: sigsci = sigsciapi.SigSciApi(email=session['username'], password=session['password']) sigsci.corp = session['corp'] response = sigsci.get_corp_users() if 'message' in response: abort(401) return jsonify(response)
def get_templated_rules(): """ Return templated rules from SigSci API. """ if 'username' not in session: abort(401) if session['secret'] == "token": sigsci = sigsciapi.SigSciApi(email=session['username'], api_token=session['password']) else: sigsci = sigsciapi.SigSciApi(email=session['username'], password=session['password']) sigsci.corp = session['corp'] sigsci.site = request.args.get('name', None) response = sigsci.get_templated_rules() if 'message' in response: abort(401) return jsonify(response)
def get_memberships(): """ Return list of user memberships from SigSci API. """ if 'username' not in session: abort(401) if session['secret'] == "token": sigsci = sigsciapi.SigSciApi(email=session['username'], api_token=session['password']) else: sigsci = sigsciapi.SigSciApi(email=session['username'], password=session['password']) sigsci.corp = session['corp'] email = request.args.get('email', None) response = sigsci.get_memberships(email) if 'message' in response: abort(401) return jsonify(response)
def get_corp_sites(): """ Return list of corp sites from SigSci API. """ if 'username' not in session: abort(401) sigsci = sigsciapi.SigSciApi(session['username'], session['password']) sigsci.corp = session['corp'] if 'token' in sigsci.token: response = sigsci.get_corp_sites() else: abort(401) return jsonify(response)
def main(): """ Example main function """ # create sigsci api object sigsci = sigsciapi.SigSciApi() if "SIGSCI_CORP" in os.environ: sigsci.corp = os.environ['SIGSCI_CORP'] else: print('SIGSCI_CORP required.') sys.exit() if "SIGSCI_SITE" in os.environ: sigsci.site = os.environ['SIGSCI_SITE'] else: print('SIGSCI_SITE required.') sys.exit() if sigsci.auth(EMAIL, PASSWORD): print(sigsci.bearer_token) # List corps print(sigsci.get_corps()) # Get corp by name print(sigsci.get_corp()) # Update corp by name data = {"displayName": "My Display Name"} print(sigsci.update_corp(data)) # List corp users print(sigsci.get_corp_users()) # List custom alerts print(sigsci.get_custom_alerts()) # List events print(sigsci.get_events()) # List requests sigsci.site = "mysite" params = {"q": "from:-1d tag:XSS"} print(sigsci.get_requests(parameters=params)) # Get request feed sigsci.site = "mysite" params = { "from": parse_time_delta("-1d"), "until": parse_time_delta("-5m"), "tags": "xss" } print(sigsci.get_request_feed(parameters=params))
def get_advanced_rules(): """ Return advanced rules from SigSci API. """ if 'username' not in session: abort(401) sigsci = sigsciapi.SigSciApi(session['username'], session['password']) sigsci.corp = session['corp'] sigsci.site = request.args.get('name', None) if 'token' in sigsci.token: response = sigsci.get_advanced_rules() else: abort(401) return jsonify(response)
def init_api(username, password, token, corp, dry_run=False): api = sigsciapi.SigSciApi(email=username, password=password, api_token=token) api.corp = corp # Work around missing functionality in pysigsci setattr(sigsciapi.SigSciApi, 'update_corp_user', update_corp_user) if dry_run: # When doing a dry run override the API methods that make changes so # that they do nothing. Still need the methods that get things to # work so that changes can be determined. print('Dry run...') api.create_corp_site = noop api.add_rule_lists = noop api.add_custom_signals = noop api.add_request_rules = noop api.add_site_rules = noop api.add_signal_rules = noop api.add_templated_rules = noop api.add_custom_alert = noop api.update_rule_lists = noop api.update_custom_alert = noop api.update_site_member = noop api.add_integration = noop api.update_integration = noop api.add_corp_user = noop api.delete_corp_user = noop api.update_corp_user = noop api.get_requests = noop api.add_members_to_site = noop api.delete_site_member = noop api.copy_advanced_rule = noop return api
from __future__ import print_function import os import sys import json from pyad import adgroup, aduser from pysigsci import sigsciapi MAP_FILE = "sigsci-ad-map.json" if __name__ == '__main__': try: with open('{}'.format(MAP_FILE)) as f: mappings = json.load(f) sigsci = sigsciapi.SigSciApi(email=os.environ["SIGSCI_EMAIL"], api_token=os.environ["SIGSCI_API_TOKEN"]) print('Syncing {} to {}'.format(mappings['ADDomain'], mappings['SigSciCorp'])) sigsci.corp = mappings['SigSciCorp'] for group_map in mappings["GroupMappings"]: print('----> Syncing users in AD group {}'.format( group_map['ADGroup'])) sites = [] group_users = [] dc_parts = mappings['ADDomain'].split(".") DC = ',DC='.join(dc_parts)
def copy_configuration(): """ Route for copying configuration """ if 'username' not in session: abort(401) config_type = request.args.get('type', None) target_site = request.args.get('target', None) config_data = None sigsci = sigsciapi.SigSciApi(session['username'], session['password']) sigsci.corp = session['corp'] sigsci.site = session['site'] if 'token' in sigsci.token: result = '{ "status": "success" }' identifier = request.form.get('identifier', None) if config_type == 'request_rules': config_data = sigsci.get_request_rules() elif config_type == 'signal_rules': config_data = sigsci.get_signal_rules() elif config_type == 'templated_rules': config_data = sigsci.get_templated_rules() elif config_type == 'advanced_rules': config_data = sigsci.get_advanced_rules() elif config_type == 'rule_lists': config_data = sigsci.get_rule_lists() elif config_type == 'custom_signals': config_data = sigsci.get_custom_signals() elif config_type == 'custom_alerts': config_data = sigsci.get_custom_alerts() elif config_type == 'redactions': config_data = sigsci.get_redactions() elif config_type == 'header_links': config_data = sigsci.get_header_links() elif config_type == 'integrations': config_data = sigsci.get_integrations() if 'data' in config_data: if config_type != 'templated_rules': for config in config_data['data']: if 'id' not in config: # a bit of a hack for objects that don't have an id config['id'] = config['tagName'] if identifier == config['id']: # this is the config we want, break out of loop # disable config before copying config['enabled'] = False if 'id' in config: del config['id'] if 'updated' in config: del config['updated'] if 'created' in config: del config['created'] if 'createdBy' in config: del config['createdBy'] break else: # handle structure for templated rules # prep and build payload payload = { 'alertAdds': [], 'alertDeletes': [], 'alertUpdates': [], 'detectionAdds': [], 'detectionDeletes': [], 'detectionUpdates': [] } # let's gather up the detections for config in config_data['data']: for detection in config['detections']: if identifier == config['name']: # this is the signal we want # disable rule before copying detection_add = { 'name': detection['name'], 'enabled': False, 'fields': detection['fields'] } payload['detectionAdds'].append(detection_add) for config in config_data['data']: for alert in config['alerts']: if identifier == alert['tagName']: # this is the signal we want # disable rule before copying alert_add = { 'action': alert['action'], 'enabled': False, 'interval': alert['interval'], 'skipNotifications': alert['skipNotifications'], 'longName': alert['longName'], 'threshold': alert['threshold'] } payload['alertAdds'].append(alert_add) else: config = config_data # copy config to target site sigsci.site = target_site if config_type == 'request_rules': response = sigsci.add_request_rules(config) elif config_type == 'signal_rules': response = sigsci.add_signal_rules(config) elif config_type == 'templated_rules': response = sigsci.add_templated_rules(identifier, payload) elif config_type == 'advanced_rules': response = sigsci.add_advanced_rules(config) elif config_type == 'rule_lists': response = sigsci.add_rule_lists(config) elif config_type == 'custom_signals': response = sigsci.add_custom_signals(config) elif config_type == 'custom_alerts': response = sigsci.add_custom_alert(config) elif config_type == 'redactions': response = sigsci.add_redactions(config) elif config_type == 'header_links': response = sigsci.add_header_links(config) elif config_type == 'integrations': response = sigsci.add_integration(config) if 'message' in response: result = '{{"status": "failed", "message": {}}}'.format( response['message']) else: abort(401) return result