Exemplo n.º 1
0
    def test_print(self):
        data = download_testing_data()
        manager = msiempy.NitroList(alist=data[:30])
        manager[10]['County'] = msiempy.NitroList(alist=data[:5])
        manager[20]['County'] = data[:5]

        print('CSV')
        print(manager.get_text(format='csv'))

        print('NORMAL')
        print(manager.text)

        print('SPECIFIC FIELDS')
        print(manager.get_text(fields=['County', 'Eco_Name']))
Exemplo n.º 2
0
    def test_print(self):
        data = get_testing_data()
        manager = msiempy.NitroList(alist=data[:30])
        # Messing arround with the list
        manager[10]['Rule.msg'] = msiempy.NitroList(alist=data[:5])
        manager[20]['Rule.msg'] = data[:5]

        print('CSV')
        print(manager.get_text(format='csv'))

        print('NORMAL')
        print(manager.text)

        print('SPECIFIC FIELDS')
        print(manager.get_text(fields=['Rule.msg', 'Alert.LastTime']))
Exemplo n.º 3
0
    def test_manager(self):
        sublist = msiempy.NitroList(
            alist=[item for item in T.manager if item['CLIM_RANK'] == '1']
        )  #.search('CLIM_RANK.*0','Eco_Name.*north')#.search('County.*GLENN') #len = 52

        sublist.perform(test_add_money_money,
                        progress=True,
                        asynch=True,
                        workers=500)
        for item in sublist:
            self.assertRegex(item['pct_hex'], '1|2', "Perform method issue ")

        sublist.perform(test_add_money_money,
                        progress=True,
                        asynch=True,
                        func_args=dict(how_much=2),
                        workers=500)
        for item in sublist:
            self.assertRegex(item['pct_hex'], '2|3|4', "Perform method issue ")

        mycouty = sublist.search('County.*GLENN')
        self.assertGreater(len(mycouty), 0, 'Search method issue')

        mycouty.perform(test_add_money_money,
                        progress=True,
                        asynch=True,
                        func_args=dict(how_much=500),
                        workers=500)
        for item in mycouty:
            self.assertRegex(item['pct_hex'], '502|503|504',
                             "Perform method issue ")
Exemplo n.º 4
0
class T(unittest.TestCase):

    manager = msiempy.NitroList(alist=get_testing_data())

    def test_json(self):

        json_dump = T.manager.json
        try:
            loaded = json.loads(json_dump)
            self.assertEqual(
                len(T.manager), len(loaded),
                "Json dump doesn't have the same lengh as manger object")
            for i in range(len(loaded)):
                self.assertEqual(
                    dict(T.manager[i]), loaded[i],
                    "Json dump doesn't present the same info in the same order"
                )
        except Exception as e:
            self.fail("Can't load json object :" + str(e))

    def test_item(self):
        pass

    def test_manager(self):
        sublist = msiempy.NitroList(
            alist=[
                item for item in T.manager if item['Alert.EventCount'] == '1'
            ]
        )  #.search('CLIM_RANK.*0','Eco_Name.*north')#.search('County.*GLENN') #len = 52

        # sublist.perform(self.test_add_money_money, progress=True, asynch=True, workers=500)
        # for item in sublist :
        #     self.assertRegex(item['CLIM_RANK'], '1|2', "Perform method issue ")

        # sublist.perform(self.test_add_money_money, progress=True, asynch=True, func_args=dict(how_much=2), workers=500)
        # for item in sublist :
        #     self.assertRegex(item['pct_hex'], '2|3|4', "Perform method issue ")

        # mycouty=sublist.search('County.*GLENN')
        # self.assertGreater(len(mycouty), 0, 'Search method issue')

        # mycouty.perform(self.test_add_money_money, progress=True, asynch=True, func_args=dict(how_much=500), workers=500)
        # for item in mycouty :
        #     self.assertRegex(item['pct_hex'], '502|503|504', "Perform method issue ")

    def test_print(self):
        data = get_testing_data()
        manager = msiempy.NitroList(alist=data[:30])
        # Messing arround with the list
        manager[10]['Rule.msg'] = msiempy.NitroList(alist=data[:5])
        manager[20]['Rule.msg'] = data[:5]

        print('CSV')
        print(manager.get_text(format='csv'))

        print('NORMAL')
        print(manager.text)

        print('SPECIFIC FIELDS')
        print(manager.get_text(fields=['Rule.msg', 'Alert.LastTime']))
Exemplo n.º 5
0
def find(time_range, hostname_must_contains=[], vendors=[]):

    events = msiempy.event.EventManager(
        fields=["HostID", "UserIDSrc", "SrcIP", "SrcMac", "DSIDSigID"],
        time_range=time_range,
        filters=[
            msiempy.event.FieldFilter("Alert.DSIDSigID",
                                      [DHCP_RENEW, RADIUS_START])
        ],
        limit=500,
    )

    print("Loading data...")
    events.load_data(slots=10, workers=5, max_query_depth=2)
    print("{} events have been loaded from the SIEM".format(len(events)))

    if len(vendors) > 0:
        print("Filtering vendors...")
        mac = manuf.MacParser(update=True)
        vendor_filtered_events = list()

        for event in events:

            device_vendor = mac.get_manuf(event["Alert.SrcMac"])
            if device_vendor == None:
                continue

            for vendor in vendors:
                if vendor.lower() in device_vendor.lower():
                    vendor_filtered_events.append(event)
                    break

        events = vendor_filtered_events
    print("{} events matches the vendor(s)".format(len(events)))

    print("Aggregating events and devices...")
    devices = aggregate_list_based_on_SrcMac(events)
    print("{} unique devices in total".format(len(devices)))

    # Apply host filters
    host_filtered_devices = list()
    for dev in devices:
        if len(hostname_must_contains) == 0 or any([
                match.lower() in dev.get("host").lower()
                for match in hostname_must_contains
        ]):
            host_filtered_devices.append(dev)
    if len(devices) > len(host_filtered_devices):
        devices = host_filtered_devices
        print("{} devices matches hostname filter(s)".format(len(devices)))

    return msiempy.NitroList(alist=devices)
Exemplo n.º 6
0
 def test_manager(self):
     sublist = msiempy.NitroList(
         alist=[item for item in T.manager if item['CLIM_RANK'] == '1']
     )  #.search('CLIM_RANK.*0','Eco_Name.*north')#.search('County.*GLENN') #len = 52