def create_thehive_instance(instance_id, settings, logger): """ This function is used to create an instance of TheHive """ # Initialize settings token = settings["sessionKey"] if "sessionKey" in settings else settings["session_key"] spl = client.connect(app="TA-thehive-cortex",owner="nobody",token=token) logger.debug("[TH5] Connection to Splunk done") configuration = Settings(spl, settings, logger) logger.debug("[TH6] Settings recovered") defaults = { "MAX_CASES_DEFAULT": configuration.getTheHiveCasesMax(), "SORT_CASES_DEFAULT": configuration.getTheHiveCasesSort(), "MAX_ALERTS_DEFAULT": configuration.getTheHiveAlertsMax(), "SORT_ALERTS_DEFAULT": configuration.getTheHiveAlertsSort() } # Create the TheHive instance (thehive_username, thehive_secret) = configuration.getInstanceUsernameApiKey(instance_id) thehive_url = configuration.getInstanceURL(instance_id) thehive_authentication_type = configuration.getInstanceSetting(instance_id,"authentication_type") thehive_proxies = configuration.getInstanceSetting(instance_id,"proxies") thehive_cert = configuration.getInstanceSetting(instance_id,"cert") thehive_organisation = configuration.getInstanceSetting(instance_id,"organisation") thehive_version = configuration.getInstanceSetting(instance_id,"type") thehive = None if (thehive_authentication_type == "password"): logger.debug("[TH15] TheHive instance will be initialized with a password (not an API key)") thehive = TheHive(url=thehive_url, username=thehive_username, password=thehive_secret, proxies=thehive_proxies, cert=thehive_cert, organisation=thehive_organisation, version=thehive_version, sid=settings["sid"], logger=logger) elif (thehive_authentication_type == "api_key"): logger.debug("[TH16] TheHive instance will be initialized with an API Key (not a password)") thehive = TheHive(url=thehive_url, apiKey=thehive_secret, proxies=thehive_proxies, cert=thehive_cert, organisation=thehive_organisation, version=thehive_version, sid=settings["sid"], logger=logger) else: logger.error("[TH20-ERROR] WRONG_AUTHENTICATION_TYPE - Authentication type is not one of the expected values (password or api_key), given value: "+thehive_authentication_type) exit(20) return (thehive, configuration, defaults, logger)
def create_cortex_instance(instance_id, settings, logger): """ This function is used to create an instance of TheHive """ # Initialize settings token = settings["sessionKey"] if "sessionKey" in settings else settings[ "session_key"] spl = client.connect(app="TA-thehive-cortex", owner="nobody", token=token) logger.debug("[C5] Connection to Splunk done") configuration = Settings(spl, settings, logger) logger.debug("[C6] Settings recovered") defaults = { "MAX_JOBS_DEFAULT": configuration.getCortexJobsMax(), "SORT_JOBS_DEFAULT": configuration.getCortexJobsSort() } # Create the Cortex instance (cortex_username, cortex_secret) = configuration.getInstanceUsernameApiKey(instance_id) cortex_url = configuration.getInstanceURL(instance_id) cortex_authentication_type = configuration.getInstanceSetting( instance_id, "authentication_type") cortex_proxies = configuration.getInstanceSetting(instance_id, "proxies") cortex_cert = configuration.getInstanceSetting(instance_id, "client_cert") cortex_cert = None if cortex_cert == "-" else cortex_cert cortex_verify = configuration.getInstanceSetting(instance_id, "verify") cortex_organisation = configuration.getInstanceSetting( instance_id, "organisation") cortex_version = configuration.getInstanceSetting(instance_id, "type") cortex = None if (cortex_authentication_type == "password"): logger.error( "[C7-ERROR] Cortex instance will be initialized with a password (not an API key) - This is not supported for Cortex" ) elif (cortex_authentication_type == "api_key"): logger.debug( "[C8] Cortex instance will be initialized with an API Key (not a password)" ) cortex = Cortex(url=cortex_url, apiKey=cortex_secret, sid=settings["sid"], logger=logger) else: logger.error( "[C9-ERROR] WRONG_AUTHENTICATION_TYPE - Authentication type is not one of the expected values (password or api_key), given value: " + cortex_authentication_type) exit(20) return (cortex, configuration, defaults, logger)