Пример #1
0
def Main(IPList, TicketID):
    conf = LoadConfig.Load()
    otx = OTXv2(conf["api_keys"]["AlienVaultAPI"])
    for IP in IPList:
        logging.info("[AlienVault] OTX Searching %s" % IP)
        result = pformat(
            otx.get_indicator_details_full(IndicatorTypes.IPv4, IP))

        otrs_functions.UpdateTicket("", "AlienVault OTX - %s Results" % IP,
                                    result, TicketID)
Пример #2
0
def CreateTicket(SIEM_Events):
    conf = LoadConfig.Load()
    client = Client("%s" % conf['otrs']['server'], "%s" % conf['otrs']['user'],
                    "%s" % conf['otrs']['pass'])
    client.session_create()

    with open("siem_events.csv", "rt") as events:
        data = csv.reader(events)
        for event in data:
            ticket = Ticket.create_basic(Title=event[0],
                                         Queue=event[1],
                                         State=event[2],
                                         Priority=event[3],
                                         CustomerUser=event[4])
            article = Article({"Subject": event[5], "Body": event[6]})
            logging.info(client.ticket_create(ticket, article))
            sleep(30)
Пример #3
0
def RequestIP(IP):

    ## Load Configuration and set VirusTotal configuration
    conf = LoadConfig.Load()
    url = 'https://www.virustotal.com/vtapi/v2/ip-address/report'
    params = { 'apikey': conf["api_keys"]["VirusTotalAPI"], 'ip': IP }

    ## Send Request to VirusTotal and Retrieve Response
    response = requests.get(url, params=params)

    ## Check if Response is valid
    if str(response) == "<Response [200]>":
        return response.json()
    
    ## If Response isn't valid (e.g. API limit exceeded), log this, wait a minute, then try again
    else:
        logging.info("VirusTotal API limit exceeded. Waiting 60 seconds to try again.")
        sleep(60)
        Request(IP)
Пример #4
0
def CreateSocket():

    ## Load Configuration File
    conf = LoadConfig.Load()

    ## Log that IoCSpector is listening on the configuration-defined port
    logging.info(f"[IoCSpector] Listening on port {conf['LPort']}")

    ## Start Socket Listener on Port from Configuration Port
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    s.bind((socket.gethostname(), conf['LPort']))
    s.listen(1)

    ## Receive Connections
    conn, address = s.accept()

    ## Start Multithreading to accept multiple incoming connections
    Thread(target=ProcessRequest, args=(conn, conf)).start()

    ## Close the Socket
    s.close()
Пример #5
0
    CreateSocket()


if __name__ == '__main__':

    ## Check if another instance is running and kill process if it is
    logging.info(
        f"[PID: {os.getpid()} Checking if another instance is running...")
    try:
        self = Check.SingleInstance()
    except:
        exit()

    ## Welcome Greeting
    logging.info("[IoCSpector] Welcome to IoCSpector!")
    logging.info("[IoCSpector] Author: Vaelwolf")
    logging.info("[IoCSpector] All rights reserved")

    ## Load Configuration File and iterate through values
    conf = LoadConfig.Load()
    for module, value in conf['modules'].items():
        if value[0] == True:
            logging.info(
                f"[+] Loaded Module '{module}' from configuration file")
        else:
            logging.info(
                f"[+] Skipping Module '{module}' from configuration file")

    ## Launch Main Socket Listener (starts program from this function)
    CreateSocket()