from socfaker import SocFaker sc = SocFaker() # Agent print(sc.agent.ephermeral_id) print(sc.agent.id) print(sc.agent.type) print(sc.agent.name) print(sc.agent.version) print(sc.agent) # Alert print(sc.alert.summary) print(sc.alert.signature_name) print(sc.alert.type) print(sc.alert.status) print(sc.alert.action) print(sc.alert.direction) print(sc.alert.location) # Application print(sc.application.status) print(sc.application.account_status) print(sc.application.name) print(sc.application.logon_timestamp) # Cloud print(sc.cloud.id) print(sc.cloud.zone) print(sc.cloud.instance_id)
from socfaker import SocFaker
import sys
path_file = sys.argv[1]
clients = int(sys.argv[2])
minutes = int(sys.argv[3])
sf = SocFaker()
count = 0
while count < minutes:
logs = sf.logs.access(type='test', path_file=path_file, clients=clients)
with open("/app/logs/access.log", "a") as f:
for line in logs:
f.write(line + "\n")
count += 1
from socfaker import SocFaker sc = SocFaker(github_token='YOUR GITHUB TOKEN') # Alert print(sc.alert.summary) print(sc.alert.signature_name) print(sc.alert.type) print(sc.alert.status) print(sc.alert.action) print(sc.alert.direction) print(sc.alert.location) # Computer print(sc.computer.name) print(sc.computer.disk) print(sc.computer.memory) print(sc.computer.platform) print(sc.computer.mac_address) print(sc.computer.os) # Application print(sc.application.status) print(sc.application.account_status) print(sc.application.name) print(sc.application.logon_timestamp) # Employee print(sc.employee.name) print(sc.employee.first_name) print(sc.employee.username)
def socfaker_fixture():
from socfaker import SocFaker
return SocFaker()
def socfaker_fixture():
from socfaker import SocFaker
return SocFaker(github_token='')
from socfaker import SocFaker
import requests, json
from requests.auth import HTTPBasicAuth
_HOST = 'https://0.0.0.0:9200'
_INDEX = 'winlogbeat' # if it doesn't it exist it will be created
_USERNAME = '******'
_PASSWORD = '******'
headers = {'kbn-xsrf': 'elk-tls-docker', 'Content-Type': 'application/json'}
ENDPOINT = f'/{_INDEX}/_doc'
soc_faker = SocFaker()
import pprint, pendulum
count = 1
while count <= 100:
for doc in soc_faker.products.elastic.document.get(count=1):
doc['event']['created'] = pendulum.now().to_iso8601_string()
doc['event']['start'] = pendulum.now().to_iso8601_string()
response = requests.post(_HOST + ENDPOINT,
headers=headers,
data=json.dumps(doc),
auth=HTTPBasicAuth(_USERNAME, _PASSWORD),
verify=False)
print(response.json())
count += 1
def main():
fire.Fire(SocFaker())
from socfaker import SocFaker sc = SocFaker() # Agent print(sc.agent.ephermeral_id) print(sc.agent.id) print(sc.agent.type) print(sc.agent.name) print(sc.agent.version) print(sc.agent) # Alert print(sc.alert.summary) print(sc.alert.signature_name) print(sc.alert.type) print(sc.alert.status) print(sc.alert.action) print(sc.alert.direction) print(sc.alert.location) print(sc.alert) # Application print(sc.application.status) print(sc.application.account_status) print(sc.application.name) print(sc.application.logon_timestamp) print(sc.application) # Cloud