Exemplo n.º 1
0
from socfaker import SocFaker

sc = SocFaker()

# Agent
print(sc.agent.ephermeral_id)
print(sc.agent.id)
print(sc.agent.type)
print(sc.agent.name)
print(sc.agent.version)
print(sc.agent)

# Alert
print(sc.alert.summary)
print(sc.alert.signature_name)
print(sc.alert.type)
print(sc.alert.status)
print(sc.alert.action)
print(sc.alert.direction)
print(sc.alert.location)

# Application
print(sc.application.status)
print(sc.application.account_status)
print(sc.application.name)
print(sc.application.logon_timestamp)

# Cloud
print(sc.cloud.id)
print(sc.cloud.zone)
print(sc.cloud.instance_id)
Exemplo n.º 2
0
from socfaker import SocFaker
import sys

path_file = sys.argv[1]
clients = int(sys.argv[2])
minutes = int(sys.argv[3])

sf = SocFaker()

count = 0
while count < minutes:
    logs = sf.logs.access(type='test', path_file=path_file, clients=clients)

    with open("/app/logs/access.log", "a") as f:
        for line in logs:
            f.write(line + "\n")
    count += 1
Exemplo n.º 3
0
from socfaker import SocFaker

sc = SocFaker(github_token='YOUR GITHUB TOKEN')

# Alert
print(sc.alert.summary)
print(sc.alert.signature_name)
print(sc.alert.type)
print(sc.alert.status)
print(sc.alert.action)
print(sc.alert.direction)
print(sc.alert.location)

# Computer
print(sc.computer.name)
print(sc.computer.disk)
print(sc.computer.memory)
print(sc.computer.platform)
print(sc.computer.mac_address)
print(sc.computer.os)

# Application
print(sc.application.status)
print(sc.application.account_status)
print(sc.application.name)
print(sc.application.logon_timestamp)

# Employee
print(sc.employee.name)
print(sc.employee.first_name)
print(sc.employee.username)
Exemplo n.º 4
0
def socfaker_fixture():
    from socfaker import SocFaker
    return SocFaker()
Exemplo n.º 5
0
def socfaker_fixture():
    from socfaker import SocFaker
    return SocFaker(github_token='')
Exemplo n.º 6
0
from socfaker import SocFaker
import requests, json
from requests.auth import HTTPBasicAuth

_HOST = 'https://0.0.0.0:9200'
_INDEX = 'winlogbeat'  # if it doesn't it exist it will be created
_USERNAME = '******'
_PASSWORD = '******'

headers = {'kbn-xsrf': 'elk-tls-docker', 'Content-Type': 'application/json'}

ENDPOINT = f'/{_INDEX}/_doc'

soc_faker = SocFaker()

import pprint, pendulum
count = 1
while count <= 100:
    for doc in soc_faker.products.elastic.document.get(count=1):
        doc['event']['created'] = pendulum.now().to_iso8601_string()
        doc['event']['start'] = pendulum.now().to_iso8601_string()
        response = requests.post(_HOST + ENDPOINT,
                                 headers=headers,
                                 data=json.dumps(doc),
                                 auth=HTTPBasicAuth(_USERNAME, _PASSWORD),
                                 verify=False)
        print(response.json())
    count += 1
Exemplo n.º 7
0
def main():
    fire.Fire(SocFaker())
Exemplo n.º 8
0
from socfaker import SocFaker

sc = SocFaker()

# Agent

print(sc.agent.ephermeral_id)
print(sc.agent.id)
print(sc.agent.type)
print(sc.agent.name)
print(sc.agent.version)
print(sc.agent)

# Alert
print(sc.alert.summary)
print(sc.alert.signature_name)
print(sc.alert.type)
print(sc.alert.status)
print(sc.alert.action)
print(sc.alert.direction)
print(sc.alert.location)
print(sc.alert)

# Application
print(sc.application.status)
print(sc.application.account_status)
print(sc.application.name)
print(sc.application.logon_timestamp)
print(sc.application)

# Cloud