def mitigation_policy(self, mp_path): """Populate Mitigation Policies""" print("[*] Populating Mitigation Policies...") if mp_path: mp_list = glob.glob(mp_path + '*.yml') else: mp_dir = ATCconfig.get('mitigation_policies_directory') mp_list = glob.glob(mp_dir + '/*.yml') for mp_file in mp_list: try: mp = MitigationPolicy(mp_file, apipath=self.apipath, auth=self.auth, space=self.space) mp.render_template("confluence") confluence_data = { "title": mp.mp_parsed_file["title"], "spacekey": self.space, "parentid": str(ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Mitigation Policies")), "confluencecontent": mp.content, } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: MP '" + mp.mp_parsed_file['title'] + "'") except Exception as err: print(mp_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Mitigation Policies populated!")
def hardening_policy(self, hp_path): """Populate Hardening Policies""" print("[*] Populating Hardening Policies...") if hp_path: hp_list = glob.glob(hp_path + '*.yml') else: hp_dir = ATCconfig.get('hardening_policies_directory') hp_list = glob.glob(hp_dir + '/*.yml') for hp_file in hp_list: try: hp = HardeningPolicy(hp_file) hp.render_template("confluence") confluence_data = { "title": hp.hp_parsed_file["title"], "spacekey": self.space, "parentid": str(ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Hardening Policies")), "confluencecontent": hp.content, } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: HP '" + hp.hp_parsed_file['title'] + "'") except Exception as err: print(hp_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Hardening Policies populated!")
def detection_rule(self, dr_path): """Desc""" print("[*] Populating Detection Rules...") if dr_path: dr_list = glob.glob(dr_path + '*.yml') else: dr_dirs = ATCconfig.get('detection_rules_directories') # check if config provides multiple directories for detection rules if isinstance(dr_dirs, list): dr_list = [] for directory in dr_dirs: dr_list += glob.glob(directory + '/*.yml') elif isinstance(dr_dirs, str): dr_list = glob.glob(dr_dirs + '/*.yml') for dr_file in dr_list: try: dr = DetectionRule(dr_file, apipath=self.apipath, auth=self.auth, space=self.space) dr.render_template("confluence") confluence_data = { "title": dr.fields['title'], "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Detection Rules")), "confluencecontent": dr.content, } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: DR '" + dr.fields['title'] + "' (" + dr_file + ")") # print("Done: ", dr.fields['title']) except Exception as err: print(dr_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Detection Rules populated!")
def enrichment(self, en_path): """Nothing here yet""" print("[*] Populating Enrichments...") if en_path: en_list = glob.glob(en_path + '*.yml') else: en_dir = ATCconfig.get('enrichments_directory') en_list = glob.glob(en_dir + '/*.yml') for en_file in en_list: try: en = Enrichment(en_file, apipath=self.apipath, auth=self.auth, space=self.space) en.render_template("confluence") confluence_data = { "title": en.en_parsed_file['title'], "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Enrichments")), "confluencecontent": en.content, } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: EN '" + en.en_parsed_file['title'] + "'") # print("Done: ", en.en_parsed_file['title']) except Exception as err: print(en_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Enrichments populated!")
def data_needed(self, dn_path): """Desc""" print("[*] Populating Data Needed...") if dn_path: dn_list = glob.glob(dn_path + '*.yml') else: dn_dir = ATCconfig.get('data_needed_dir') dn_list = glob.glob(dn_dir + '/*.yml') for dn_file in dn_list: try: dn = DataNeeded(dn_file, apipath=self.apipath, auth=self.auth, space=self.space) dn.render_template("confluence") confluence_data = { "title": dn.dn_fields["title"], "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Data Needed")), "confluencecontent": dn.content, } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: DN '" + dn.dn_fields['title'] + "'") # print("Done: ", dn.dn_fields['title']) except Exception as err: print(dn_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Data Needed populated!")
def usecases(self, uc_path): """Nothing here yet""" print("[+] Populating UseCases...") if uc_path: uc_list = glob.glob(uc_path + '*.yml') else: uc_dir = ATCconfig.get('usecases_directory') uc_list = glob.glob(uc_dir + '/*.yml') for uc_file in uc_list: try: uc = Usecase(uc_file, apipath=self.apipath, auth=self.auth, space=self.space) uc.render_template("confluence") confluence_data = { "title": uc.title, "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Use Cases")), "confluencecontent": uc.content } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: UC '" + uc.usecase_name + "'") # print("Done: ", cu.title) except Exception as err: print(uc_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] UseCases populated!")
def customer(self, cu_path): """Nothing here yet""" print("[+] Populating Customers...") if cu_path: cu_list = glob.glob(cu_path + '*.yml') else: cu_dir = ATCconfig.get('customers_directory') cu_list = glob.glob(cu_dir + '/*.yml') for cu_file in cu_list: try: cu = Customer(cu_file, apipath=self.apipath, auth=self.auth, space=self.space) cu.render_template("confluence") confluence_data = { "title": cu.customer_name, "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Customers")), "confluencecontent": cu.content } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: CU '" + cu.customer_name + "'") # print("Done: ", cu.title) except Exception as err: print(cu_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Customers populated!")
def triggers(self, tg_path): """Populate Triggers""" print("[*] Populating Triggers...") if tg_path: tg_list = glob.glob(tg_path + '*.yml') else: tg_list = glob.glob( ATCconfig.get("triggers_directory") + '/T*/*.yaml') for tg_file in tg_list: try: tg = Triggers(tg_file) tg.render_template("confluence") title = tg.fields["attack_technique"] + ": " + \ te_mapping.get(tg.fields["attack_technique"]) confluence_data = { "title": title, "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Triggers")), "confluencecontent": tg.content, } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: TR '" + title + "'") # print("Done: ", tg.fields["attack_technique"]) except Exception as err: print(tg_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Triggers populated!")
def logging_policy(self, lp_path): """Desc""" print("[*] Populating Logging Policies...") if lp_path: lp_list = glob.glob(lp_path + '*.yml') else: lp_dir = ATCconfig.get('logging_policies_dir') lp_list = glob.glob(lp_dir + '/*.yml') for lp_file in lp_list: try: lp = LoggingPolicy(lp_file) lp.render_template("confluence") confluence_data = { "title": lp.fields["title"], "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Logging Policies")), "confluencecontent": lp.content, } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: LP '" + lp.fields['title'] + "'") # print("Done: ", lp.fields['title']) except Exception as err: print(lp_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Logging Policies populated!")
def main(c_auth=None): try: ATCconfig = ATCutils.load_config("config.yml") confluence_space_name = ATCconfig.get('confluence_space_name') confluence_space_home_page_name = ATCconfig.get( 'confluence_space_home_page_name') confluence_rest_api_url = ATCconfig.get('confluence_rest_api_url') confluence_name_of_root_directory = ATCconfig.get( 'confluence_name_of_root_directory') except Exception as e: raise e pass if not c_auth: mail = input("Login: "******"" print("[*] Creating ATC root page...") data = { "title": confluence_name_of_root_directory, "spacekey": confluence_space_name, "parentid": str( ATCutils.confluence_get_page_id(url, auth, confluence_space_name, confluence_space_home_page_name)), "confluencecontent": content, } if not ATCutils.push_to_confluence(data, url, auth): raise Exception("[-] Could not create or update the page. " + "Is the parent name correct?") pages = [ "Detection Rules", "Logging Policies", "Data Needed", "Triggers", "Enrichments", "Customers", "Mitigation Systems", "Mitigation Policies", "Hardening Policies", "Use Cases" ] page_contents = { "Customers": "<p><ac:structured-macro ac:name=\"detailssummary\" ac:schema-version=\"2\" ><ac:parameter ac:name=\"cql\">label = "atc_customer" and space = currentSpace()</ac:parameter></ac:structured-macro></p>", "Use Cases": "<p><ac:structured-macro ac:name=\"detailssummary\" ac:schema-version=\"2\" ><ac:parameter ac:name=\"cql\">label = "atc_usecases" and space = currentSpace()</ac:parameter></ac:structured-macro></p>", } for page in pages: print("Creating %s..." % page) data = { "title": page, "spacekey": confluence_space_name, "parentid": str( ATCutils.confluence_get_page_id( url, auth, confluence_space_name, confluence_name_of_root_directory)), "confluencecontent": page_contents.get(page, content), } if not ATCutils.push_to_confluence(data, url, auth): raise Exception("[-] Could not create or update the page. " + "Is the parent name correct?") print("[+] Initial Confluence page structure created!") return True
def main(c_auth=None): try: ATCconfig = ATCutils.load_config("config.yml") confluence_space_name = ATCconfig.get('confluence_space_name') confluence_space_home_page_name = ATCconfig.get( 'confluence_space_home_page_name') confluence_rest_api_url = ATCconfig.get('confluence_rest_api_url') confluence_name_of_root_directory = ATCconfig.get( 'confluence_name_of_root_directory') except Exception as e: raise e pass if not c_auth: mail = input("Login: "******"" print("[*] Creating ATC root page...") data = { "title": confluence_name_of_root_directory, "spacekey": confluence_space_name, "parentid": str( ATCutils.confluence_get_page_id(url, auth, confluence_space_name, confluence_space_home_page_name)), "confluencecontent": content, } if not ATCutils.push_to_confluence(data, url, auth): raise Exception("[-] Could not create or update the page. " + "Is the parent name correct?") pages = ["Logging Policies", "Data Needed", "Enrichments"] for page in pages: print("Creating %s..." % page) data = { "title": page, "spacekey": confluence_space_name, "parentid": str( ATCutils.confluence_get_page_id( url, auth, confluence_space_name, confluence_name_of_root_directory)), "confluencecontent": content, } if not ATCutils.push_to_confluence(data, url, auth): raise Exception("[-] Could not create or update the page. " + "Is the parent name correct?") print("[+] Initial Confluence page structure created!") return True