def handler(): default = binding.handler() def request(url, message, **kwargs): response = default(url, message, **kwargs) print "%s %s => %d (%s)" % ( message['method'], url, response['status'], response['reason']) return response return request
def test_handlers(self): paths = ["/services", "authentication/users", "search/jobs"] handlers = [binding.handler(), urllib2_handler] # default handler for handler in handlers: logging.debug("Connecting with handler %s", handler) context = binding.connect(handler=handler, **self.opts.kwargs) for path in paths: body = context.get(path).body.read() self.assertTrue(isatom(body))
def test_handlers(self): paths = ["/services", "authentication/users", "search/jobs"] handlers = [ binding.handler(), # default handler urllib2_handler ] for handler in handlers: logging.debug("Connecting with handler %s", handler) context = binding.connect(handler=handler, **self.opts.kwargs) for path in paths: body = context.get(path).body.read() self.assertTrue(isatom(body))
def _create_handler(cls): script_dir = os.path.dirname(os.path.realpath(__file__)) key_file_location = os.path.join(script_dir, '..', '..', '..', 'certs', 'privkey.pem') cert_file_location = os.path.join(script_dir, '..', '..', '..', 'certs', 'cert.pem') key_file_exists = os.path.isfile(key_file_location) cert_file_exists = os.path.isfile(cert_file_location) if key_file_exists and cert_file_exists: logger.debug('action=enable_client_certicates') else: key_file_location = cert_file_location = None if key_file_exists != cert_file_exists: logger.warn( 'Unable to enable client certificate because the key or the certificate is missing.' \ 'certs application folder should contain privkey.pem and cert.pem files') custom_handler = handler(key_file=key_file_location, cert_file=cert_file_location) # we wrap the handler to intercept any SSL exception to give a meaningful message to end user def handler_wrapper(url, message, **kwargs): logger.debug('action=sending_request url=%s message=%s kwargs=%s', url, message, kwargs) try: return custom_handler(url, message, **kwargs) except ssl.SSLError: message = 'Unable to communicate with Splunkd. ' \ 'If you enable requireClientCert please make sure certs folder contains privkey.pem and cert.pem files. ' \ 'Also make sure cert.pem has been signed by the root CA used by Splunkd.' logger.error(message, exc_info=True) raise ssl.SSLError(message) return handler_wrapper
def main(): parser = argparse.ArgumentParser(description=( "Fetch alerts generated by DNS Analytics for Splunk and write them to standard output. " "This script requires connection with Splunk instance on which alerts are stored. Please provide " "connection settings in configuration file. Unfold options allows to divide alerts into single " "threat and returns flattened stream of json objects. By default script will search for alerts " "in all available indexes but you can narrow search scope to specific index." )) parser.add_argument("-c", "--config", help="path to configuration file") args = parser.parse_args() try: config = params.create_config(args.config) params_connection = params.Connection.from_config(config) params_query = params.Query.from_config(config) params_output = params.Output.from_config(config) except Exception as exc: logging.critical(str(exc)) return service = client.connect( scheme=params_connection.scheme, host=params_connection.host, port=params_connection.port, username=params_connection.username, password=params_connection.password, ) if params_query.timeout > 0: service.http = binding.HttpLib(binding.handler(timeout=params_query.timeout)) ag = getter.Getter(service, config, args.config, params_query, params_output) for alert in ag.run(): print(json.dumps(alert))
def _request_handler(context): """ :param context: Http connection context can contain the following key/values: { 'proxy_hostname': string, 'proxy_port': int, 'proxy_username': string, 'proxy_password': string, 'key_file': string, 'cert_file': string 'pool_connections', int, 'pool_maxsize', int, } :type content: dict """ try: import requests except ImportError: # FIXME proxy ? return binding.handler( key_file=context.get("key_file"), cert_file=context.get("cert_file") ) try: requests.urllib3.disable_warnings() except AttributeError: pass proxies = _get_proxy_info(context) verify = context.get("verify", False) if context.get("key_file") and context.get("cert_file"): # cert = ('/path/client.cert', '/path/client.key') cert = context["key_file"], context["cert_file"] elif context.get("cert_file"): cert = context["cert_file"] else: cert = None if context.get("pool_connections", 0): logging.info("Use HTTP connection pooling") session = requests.Session() adapter = requests.adapters.HTTPAdapter( pool_connections=context.get("pool_connections", 10), pool_maxsize=context.get("pool_maxsize", 10), ) session.mount("https://", adapter) req_func = session.request else: req_func = requests.request def request(url, message, **kwargs): """ :param url: URL :type url: string :param message: Can contain following key/values: { 'method': 'GET' or 'DELETE', or 'PUT' or 'POST' 'headers': [[key, value], [key, value], ...], 'body': string } :type message: dict """ body = message.get("body") headers = { "User-Agent": "curl", "Accept": "*/*", "Connection": "Keep-Alive", } if body: headers["Content-Length"] = str(len(body)) for key, value in message["headers"]: headers[key] = value method = message.get("method", "GET") try: resp = req_func( method, url, data=body, headers=headers, stream=False, verify=verify, proxies=proxies, cert=cert, **kwargs, ) except Exception: logging.error( "Failed to issue http request=%s to url=%s, error=%s", method, url, traceback.format_exc(), ) raise return { "status": resp.status_code, "reason": resp.reason, "headers": dict(resp.headers), "body": BytesIO(resp.content), } return request
def _request_handler(context): ''' :param context: Http connection context can contain the following key/values: { 'proxy_hostname': string, 'proxy_port': int, 'proxy_username': string, 'proxy_password': string, 'key_file': string, 'cert_file': string 'pool_connections', int, 'pool_maxsize', int, } :type content: dict ''' try: import requests except ImportError: # FIXME proxy ? return binding.handler(key_file=context.get('key_file'), cert_file=context.get('cert_file')) try: requests.urllib3.disable_warnings() except AttributeError: pass proxies = _get_proxy_info(context) verify = context.get('verify', False) if context.get('key_file') and context.get('cert_file'): # cert = ('/path/client.cert', '/path/client.key') cert = context['key_file'], context['cert_file'] elif context.get('cert_file'): cert = context['cert_file'] else: cert = None if context.get('pool_connections', 0): logging.info('Use HTTP connection pooling') session = requests.Session() adapter = requests.adapters.HTTPAdapter( pool_connections=context.get('pool_connections', 10), pool_maxsize=context.get('pool_maxsize', 10)) session.mount('https://', adapter) req_func = session.request else: req_func = requests.request def request(url, message, **kwargs): ''' :param url: URL :type url: string :param message: Can contain following key/values: { 'method': 'GET' or 'DELETE', or 'PUT' or 'POST' 'headers': [[key, value], [key, value], ...], 'body': string } :type message: dict ''' body = message.get('body') headers = { 'User-Agent': 'curl', 'Accept': '*/*', 'Connection': 'Keep-Alive', } if body: headers['Content-Length'] = str(len(body)) for key, value in message['headers']: headers[key] = value method = message.get('method', 'GET') try: resp = req_func(method, url, data=body, headers=headers, stream=False, verify=verify, proxies=proxies, cert=cert, **kwargs) except Exception as e: logging.error( 'Failed to issue http request=%s to url=%s, error=%s', method, url, traceback.format_exc()) raise return { 'status': resp.status_code, 'reason': resp.reason, 'headers': dict(resp.headers), 'body': BytesIO(resp.content), } return request
import site, sys import ssl if hasattr(ssl, '_create_unverified_context'): ssl._create_default_https_context = ssl._create_unverified_context site.addsitedir('splunk-sdk-python-1.6.13') ## https://github.com/splunk/splunk-sdk-python/releases import splunklib.client as client import splunklib.results as results import splunklib.binding as binding ## https://github.com/splunk/splunk-sdk-python/tree/master/examples connectionHandler = binding.handler(timeout=10) splunk_props = { "host": "127.0.0.1", "scheme": "https", "port": 8089, "app": "search", "username": "", "password": "", "handler": connectionHandler } try: service = client.connect(**splunk_props) except Exception as e: print "Error connecting to the splunk platform : {}".format(str(e))