def __create_alert(self, element):
source = element['_source']
index = element['_id']
timestamp = source['@timestamp']
uri = source['requestURI']
method = source['verb']
user = ''
if 'username' in source['user']:
user = source['user']['username']
response = 0
if 'responseStatus' in source:
response = source['responseStatus']['code']
pod = 'N/A'
if 'objectRef' in source:
if 'name' in source['objectRef']:
pod = source['objectRef']['name']
alert = None
if regsearch(pods_limit, uri):
alert = self.__find_pods_limit(timestamp, index, user)
elif regsearch(namespaces_n_pods, uri):
alert = self.__find_namespace_n_pods(timestamp, index, user, uri,
method, response, pod)
elif regsearch(pods_include, uri):
alert = self.__find_pods_include(timestamp, index, user)
elif regsearch(namespace_n_pods_include, uri):
alert = self.__find_namespace_n_pods_include(
timestamp, index, user, uri)
elif regsearch(namespaces_n_pods_p, uri):
alert = self.__find_namespaces_n_pods_p(timestamp, index, user,
uri, method, response)
elif regsearch(secrets_limit, uri):
alert = self.__find_secrets_limit(timestamp, index, user, response)
elif regsearch(namespaces_n_secrets_limit, uri):
alert = self.__find_namespaces_n_secrets_limit(
timestamp, index, user, uri, response)
elif regsearch(namespaces_n_secrets_p, uri):
alert = self.__find_namespaces_n_secrets_p(timestamp, index, user,
uri, response)
elif regsearch(namespaces_n_pods_p_exec, uri):
alert = self.__find_namespaces_n_pods_p_exec(
timestamp, index, user, uri)
if alert:
self.push_queue_dict[alert.a_type].put(alert)
def __find_container(self, uri):
hit = regsearch(r'container=[\w\d_-]+', uri)
if hit:
substring = hit.group(0)
tokens = substring.split('=')
return tokens[1]
else:
return 'N/A'
def __find_secrets_pod(self, uri):
hit = regsearch(r'secrets/[\w\d_-]+', uri)
if hit:
substring = hit.group(0)
tokens = substring.split('/')
return tokens[1]
else:
return 'N/A'
def __find_namespace(self, uri):
hit = regsearch(r'namespaces/[\w\d_-]+', uri)
if hit:
substring = hit.group(0)
tokens = substring.split('/')
return tokens[1]
else:
return 'N/A'
def get_encoding(self):
from re import search as regsearch
encoding = regsearch("xml.*encoding=[\'\"]([0-9a-zA-Z-]+)[\"\']",
self.xml).groups()[0]
if encoding.lower() in ["windows-1251", "cp1251"]:
return 'windows-1251'
elif encoding.lower() in ["utf-8", "utf8"]:
return "utf-8"
else:
return None
def get_encoding(self):
from re import search as regsearch
encoding = regsearch("xml.*encoding=[\'\"]([0-9a-zA-Z-]+)[\"\']",
self.xml).groups()[0]
if encoding.lower() in ["windows-1251", "cp1251"]:
return 'windows-1251'
elif encoding.lower() in ["utf-8", "utf8"]:
return "utf-8"
else:
return None
def dynmodloads(_path='.', subdef=False, pattern='.*', logger=None):
loaded = {}
_path = expanduser(_path)
for mfile in listdir(_path):
name, ext = splitext(mfile)
# Ignore "." and "__init__.py" and everything not matched by "*.py"
if name in ['.', '__init__'] or ext != '.py':
continue
logger.info("Load '{0}' ...".format(name))
try:
module = load_source(name, joinpath(_path, mfile))
except ImportError as err:
logger.error('Impossible to import {0}: {1}'.format(name, err))
else:
loaded[name] = module
if subdef:
alldefs = dir(module)
builtindefs = [
'__builtins__',
'__doc__',
'__file__',
'__name__',
'__package__'
]
for mydef in alldefs:
if mydef not in builtindefs and regsearch(pattern, mydef):
logger.debug('from {0} import {1}'.format(
name, mydef
))
loaded[mydef] = getattr(module, mydef)
return loaded
def getAutoCatg(self,ext):
""""""
catg = 'none'
if regsearch('\.(jpg|jpeg|gif|png)',ext):
catg = 'images'
elif regsearch('\.(txt|doc|odt|csv|pdf)',ext):
catg = 'doc'
elif regsearch('\.(sh|py|c|cpp|h|php|bash)',ext):
catg = 'code'
elif regsearch('\.(mp4|avi|mpg|mpeg|flv|ogv)',ext):
catg = 'films'
elif regsearch('\.(mp3|ogg|flac)',ext):
catg = 'music'
elif regsearch('\.(zip|7z|tar|gz|rar|bz|xz|jar|bz2)',ext):
catg = 'archives'
return catg
def getHead(self):
"""Gets the user headers for future connections
"""
head = {
"Accept":
"application/json, text/plain, */*",
"Accept-Encoding":
"gzip, deflate, br",
"Accept-Language":
"en-GB,en;q=0.9",
"Authorization":
f"{self.auth['type'].title()} {self.auth['token']}",
"Connection":
"keep-alive",
"Host":
regsearch("(?<=https://).*(?=/)", self.site)[0],
"Referer":
f"{self.site}/apphost/TylerSis",
"User-Agent":
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36"
}
return head
def getByUser(self,user):
"""Get ids corresponding to category
:Returns: `[uid]`|None matchIds
"""
l = None
r = [ k for i,k in enumerate(self.dic) if not k.startswith(self.SEP_KEY_INTERN) and regsearch(user,self.getUser(self.dic[k][self.USER])) is not None ]
l = [self.dic[k][self.UID] for k in r]
return l
def getByCategory(self,category):
"""Get ids corresponding to category
:Returns: `[uid]`|None matchIds
"""
l = None
r = [ k for i,k in enumerate(self.dic) if not k.startswith(self.SEP_KEY_INTERN) and regsearch(category,self.dic[k][self.CATG]) is not None ]
l = [self.dic[k][self.UID] for k in r]
return l
def getByPattern(self,pattern):
"""Get ids corresponding to label matching the pattern in the index
:Returns: `[uid]`|None matchIds
"""
l = None
r = [ k for i,k in enumerate(self.dic) if not k.startswith(self.SEP_KEY_INTERN) and regsearch(pattern,self.dic[k][self.LABEL]) is not None ]
l = [self.dic[k][self.UID] for k in r]
return l