import sys
sys.path.append('.')
sys.path.append('..')
sys.path.append('./.libs')
sys.path.append('../.libs')
import gvgen
try:
import LibIodefEasy
except Exception, e:
print "Import failed: ", e
print "Try 'cd ./.libs && ln -s libiodef_python.so _LibIodefEasy.so'"
sys.exit(1)
client = LibIodefEasy.Client("LibIodefGvGen")
client.Init()
client.PoolInit("localhost", 1)
sourceslist = {}
targetslist = {}
alertslist = {}
graph = gvgen.GvGen()
def sighandler(sig, frame):
graph.dot()
sys.exit(0)
print "Import failed: ",e
print "Try 'cd ./.libs && ln -s libiodef_python.so _LibIodefEasy.so'"
sys.exit(1)
src_dir = "alerts"
if len(sys.argv) > 1:
src_dir = sys.argv[1]
if os.path.exists(src_dir) == 0:
print "dir ",src_dir," does not exist"
sys.exit(1)
def replay(alert):
""" The real code goes here """
print alert
for root, dirs, files in os.walk(src_dir):
for name in files:
if name.endswith(".iodef"):
iodef = LibIodefEasy.IODEF()
f = open( os.path.join(src_dir,name), "r")
iodef >> f
f.close()
replay(iodef)
#
# known bu^Wfeatures: directory must exist, and old alerts are overwritten if present
##################
i = 0
dest_dir = "alerts"
if len(sys.argv) > 1:
dest_dir = sys.argv[1]
if os.path.exists(dest_dir) == 0:
print "dir ",dest_dir," does not exist"
sys.exit(1)
client = LibIodefEasy.ClientEasy("PolluxTest", LibIodefEasy.Client.IODEFV2_READ)
client.SetFlags(client.GetFlags() & ~LibIodefEasy.Client.HEARTBEAT)
#client.Init()
client.Start()
#ret = client.PoolInit("192.168.33.215", 1)
#print "PoolInit =>",ret
def handle_alert(iodefv2):
global i
try:
print iodefv2
i += 1
f = open( "%s/%d.iodefv2" % (dest_dir,i), "w" )
iodefv2 >> f
import rtg_cli
except:
print "Cannot import rtg_cli"
try:
import LibIodefEasy
except:
print "Import failed"
print "Try 'cd ./.libs && ln -s libiodefv2_python.so _LibIodefEasy.so'"
sys.exit(1)
#
# GD Constants
#
client = LibIodefEasy.Client("LibIodefRTG")
client.Init()
client.PoolInit("192.168.33.215", 1)
#
# 10000 could be considered as the maximum, since
# it would cover already a big classification.text
#
def unique_alert_number(ClassificationText):
number = 0
for c in ClassificationText:
number += ord(c)
#!/usr/bin/python
import sys
sys.path.append('.')
sys.path.append('./.libs')
try:
import LibIodefEasy
except Exception,e:
print "Import failed: ",e
print "Try 'cd ./.libs && ln -s libiodefv2_python.so _LibIodefEasy.so'"
sys.exit(1)
iodefv2 = LibIodefEasy.IODEFV2()
iodefv2.Set("alert.classification.text", "Bar")
iodefv2.WriteToFile("foo.bin")
def foo(id):
print "callback: id = " + str(id)
iodef = LibIodefEasy._get_IODEF(id)
iodef.PrintToStdout()
#print bar.Get("alert.classification.text") # XXX not yet implemented
return 0
import time
import sys
sys.path.append('.')
sys.path.append('./.libs')
import gvgen
try:
import LibIodefEasy
except Exception, e:
print "Import failed: ", e
print "Try 'cd ./.libs && ln -s libiodefv2_python.so _LibIodefEasy.so'"
sys.exit(1)
client = LibIodefEasy.Client("PoolingTest")
client.Init()
client.PoolInit("192.168.33.215", 1)
def handle_alert(iodefv2):
graph = gvgen.GvGen()
alert_g = graph.newItem("IODEFV2 Alert")
value = iodefv2.Get("alert.classification.text")
if value:
act = graph.newItem("alert.classification.text", None, distinct=1)
actc = graph.newItem(value, act, distinct=1)
graph.newLink(alert_g, actc)
#!/usr/bin/python
import sys
sys.path.append('.')
sys.path.append('./.libs')
try:
import LibIodefEasy
except:
print "Import failed"
print "Try 'cd ./.libs && ln -s libiodef_python.so _LibIodefEasy.so'"
sys.exit(1)
def foo(id):
print "callback: id = " + str(id)
iodef = LibIodefEasy._get_IODEF(id)
iodef.PrintToStdout()
#print bar.Get("alert.classification.text") # XXX not yet implemented
return 0
LibIodefEasy.set_pymethod(foo)
LibIodefEasy.test_fct()
##################
# this program will save all alerts to the "alerts" directory.
#
# known bu^Wfeatures: directory must exist, and old alerts are overwritten if present
##################
i = 0
dest_dir = "alerts"
if len(sys.argv) > 1:
dest_dir = sys.argv[1]
if os.path.exists(dest_dir) == 0:
print "dir ", dest_dir, " does not exist"
sys.exit(1)
client = LibIodefEasy.ClientEasy("PolluxTest", LibIodefEasy.Client.IODEF_READ)
client.SetFlags(client.GetFlags() & ~LibIodefEasy.Client.HEARTBEAT)
#client.Init()
client.Start()
#ret = client.PoolInit("192.168.33.215", 1)
#print "PoolInit =>",ret
def handle_alert(iodef):
global i
try:
print iodef
i += 1
f = open("%s/%d.iodef" % (dest_dir, i), "w")
iodef >> f
#!/usr/bin/python
import sys
import LibIodefEasy
iodef = LibIodefEasy.IODEF()
iodef.Set("alert.classification.text", "Bar")
client = LibIodefEasy.ClientEasy("MyTest")
client << iodef
def foo(id):
print "callback: id = " + str(id)
iodef = LibIodefEasy._get_IODEF(id)
iodef.PrintToStdout()
#print bar.Get("alert.classification.text") # XXX not yet implemented
return 0
#!/usr/bin/python
import sys
sys.path.append('.')
sys.path.append('./.libs')
try:
import LibIodefEasy
except:
print "Import failed"
print "Try 'cd ./.libs && ln -s libiodef_python.so _LibIodefEasy.so'"
sys.exit(1)
def foo(id):
print "callback: id = " + str(id)
iodef = LibIodefEasy._get_IODEF(id)
iodef.PrintToStdout()
#print bar.Get("alert.classification.text") # XXX not yet implemented
return 0
LibIodefEasy.set_pymethod(foo)
LibIodefEasy.test_fct()
