def __init__(self, connection, configuration):
self.logger = logger.set_logger(__name__)
self.endpoint_start = ''
headers = dict()
host_port = connection.get('host') + ':' + str(
connection.get('port', ''))
headers['accept'] = 'application/json'
auth = configuration.get('auth')
if auth is not None and auth.get('token', None) is not None:
headers['Authorization'] = 'token {}'.format(auth.get('token'))
url_modifier_function = None
headers['user-agent'] = _USER_AGENT
self.timeout = connection['options'].get('timeout')
self.result_limit = connection['options'].get('result_limit')
if self.result_limit > _MAX_RESULT:
self.logger.warning(
"The length exceeds length limit. Use default length: %s",
_MAX_RESULT)
self.result_limit = _MAX_RESULT
self.client = RestApiClient(host_port,
None,
headers,
url_modifier_function,
cert_verify=connection.get(
'selfSignedCert', True),
sni=connection.get('sni', None))
def translate_results(self, data_source, data):
# A proxy translation call passes the entire data source connection object in as the options
# Top-most connection host and port are for the proxy
proxy_host = self.options['proxy_host']
proxy_port = self.options['proxy_port']
connection, configuration = unwrap_connection_options(self.options)
client = RestApiClient(
proxy_host,
proxy_port,
url_modifier_function=lambda host_port, endpoint, headers:
f'http://{host_port}{endpoint}')
response = client.call_api('/translate_results',
'POST',
data=json.dumps({
'module':
connection['type'],
"data_source":
data_source,
"results":
data,
"options":
connection['options']
}),
timeout=self.options.get('timeout'))
return json.loads(response.bytes)
def parse_query(self, data):
proxy_host = self.options['proxy_host']
proxy_port = self.options['proxy_port']
connection, configuration = unwrap_connection_options(self.options)
client = RestApiClient(
proxy_host,
proxy_port,
url_modifier_function=lambda host_port, endpoint, headers:
f'https://{host_port}{endpoint}',
cert_verify=self.options.get('proxy_cert'))
response = client.call_api('/parse_query',
'POST',
data=json.dumps({
'module':
connection['type'],
'data_source': {},
'data':
data,
'options':
connection['options']
}),
timeout=self.options.get('timeout'))
return json.loads(response.bytes)
def __init__(self, connection, configuration):
"""Initialization.
:param connection: dict, connection dict
:param configuration: dict,config dict"""
headers = dict()
url_modifier_function = None
default_api_version = 'v1.0'
auth = configuration.get('auth')
self.endpoint = '{api_version}/security/alerts'.format(
api_version=default_api_version)
self.host = connection.get('host')
self.search_timeout = connection['options'].get('timeout')
if auth:
if 'access_token' in auth:
headers['Authorization'] = "Bearer " + auth['access_token']
self.client = RestApiClient(
connection.get('host'),
connection.get('port', None),
headers,
url_modifier_function=url_modifier_function,
cert_verify=connection.get('selfSignedCert', True),
sni=connection.get('sni', None))
def __init__(self, connection, configuration):
self.auth = configuration.get('auth')
self.logger = logger.set_logger(__name__)
nonce = "".join([
secrets.choice(string.ascii_letters + string.digits)
for _ in range(64)
])
timestamp = int(datetime.now(timezone.utc).timestamp()) * 1000
self.auth = configuration.get('auth')
auth_key = f"{self.auth['api_key']}{nonce}{timestamp}"
auth_key = auth_key.encode("utf-8")
api_key_hash = hashlib.sha256(auth_key).hexdigest()
headers = {
"x-xdr-timestamp": str(timestamp),
"x-xdr-nonce": nonce,
"x-xdr-auth-id": str(self.auth['api_key_id']),
"Authorization": api_key_hash
}
self.client = RestApiClient(
connection.get('host'),
connection.get('port', None),
headers,
url_modifier_function=None,
)
self.result_limit = connection['options'].get('result_limit')
self.timeout = connection['options']['timeout']
self.quota_threshold = connection['quota_threshold']
self.connector = __name__.split('.')[1]
def __init__(self, connection, configuration):
headers = dict()
url_modifier_function = None
auth = configuration.get('auth')
self.indices = configuration.get('elastic_ecs',
{}).get('indices', None)
if isinstance(self.indices, list): # Get list of all indices
self.indices = ",".join(self.indices)
if self.indices:
self.endpoint = self.indices + '/' + '_search'
else:
self.endpoint = '_search'
if auth:
if 'username' in auth and 'password' in auth:
headers['Authorization'] = b"Basic " + base64.b64encode(
(auth['username'] + ':' +
auth['password']).encode('ascii'))
elif 'api_key' in auth and 'id' in auth:
headers['Authorization'] = b"ApiKey " + base64.b64encode(
(auth['id'] + ':' + auth['api_key']).encode('ascii'))
elif 'access_token' in auth:
headers['Authorization'] = "Bearer " + auth['access_token']
self.client = RestApiClient(
connection.get('host'),
connection.get('port'),
connection.get('cert', None),
headers,
url_modifier_function=url_modifier_function,
cert_verify=connection.get('selfSignedCert', True),
mutual_auth=connection.get('use_securegateway', False),
sni=connection.get('sni', None))
def get_api_client(self):
api_client = RestApiClient(self.connection.get('host'),
self.connection.get('port'),
self.headers,
cert_verify=self.connection.get(
'selfSignedCert', True),
sni=self.connection.get('sni', None))
return api_client
def __init__(self, connection, configuration):
self.auth = configuration.get('auth')
headers = {'Accept': 'application/json'}
self.client = RestApiClient(connection.get('host'),
connection.get('port'),
headers,
cert_verify=connection.get(
'selfSignedCert', True))
def get_api_client(self):
api_client = RestApiClient(self.connection.get('host'),
self.connection.get('port'),
self.connection.get('cert', None),
self.headers, cert_verify=self.connection.get('selfSignedCert', True),
mutual_auth=self.connection.get('use_securegateway', False),
sni=self.connection.get('sni', None)
)
return api_client
def __init__(self, connection, configuration):
self.logger = logger.set_logger(__name__)
headers = {'Content-Type': 'application/json'}
url_modifier_function = None
self.auth = configuration.get('auth')
self.client = RestApiClient(
connection.get('host'),
connection.get('port', None),
headers,
url_modifier_function=url_modifier_function)
self.timeout = connection['options'].get('timeout')
def __init__(self, connection, configuration):
self.logger = logger.set_logger(__name__)
headers = {}
url_modifier_function = None
self.auth = configuration.get('auth')
self.client = RestApiClient(
connection.get('host'),
port=None,
headers=headers,
cert_verify=False,
url_modifier_function=url_modifier_function)
def __init__(self, connection, configuration):
self.endpoint_start = 'api/v1/'
auth = configuration.get('auth')
headers = dict()
headers['X-Auth-Token'] = auth.get('token')
self.client = RestApiClient(connection.get('host'),
connection.get('port'),
headers,
cert_verify=connection.get(
'selfSignedCert', True),
sni=connection.get('sni', None))
self.timeout = connection['options'].get('timeout')
def __init__(self, connection, configuration):
headers = dict()
self.auth = configuration.get('auth')
self.api_key = "ApiToken " + self.auth.get('apitoken')
headers['Authorization'] = self.api_key
headers['Content-type'] = 'application/json'
self.timeout = connection['options']['timeout']
self.client = RestApiClient(connection.get('host'),
connection.get('port', None),
headers,
url_modifier_function=None)
def __init__(self, connection, configuration):
self.connection = connection
self.configuration = configuration
self.timeout = connection['options'].get('timeout')
self.bundle_url = self.connection.get('url')
auth = None
conf_auth = configuration.get('auth', {})
if 'username' in conf_auth and 'password' in conf_auth:
auth = (conf_auth['username'], conf_auth['password'])
self.client = RestApiClient(None,
auth=auth,
url_modifier_function=lambda host_port, endpoint, headers: f'{endpoint}')
def __init__(self, connection, configuration):
self.endpoint_start = 'api/v1/'
auth = configuration.get('auth')
headers = dict()
headers['X-Auth-Token'] = auth.get('token')
self.client = RestApiClient(
connection.get('host'),
connection.get('port'),
connection.get('cert', None),
headers,
cert_verify=connection.get('selfSignedCert', True),
mutual_auth=connection.get('use_securegateway', False),
sni=connection.get('sni', None))
def __init__(self, connection, configuration):
self.request_http_path = "https://{}:{}".format(
connection['options']['proxy_host'],
connection['options']['proxy_port'])
self.timeout = connection['options']['timeout']
self.connection, self.configuration = self._unwrap_connection_options(
copy.deepcopy(connection), copy.deepcopy(configuration))
self.client = RestApiClient(
connection['options']['proxy_host'],
connection['options']['proxy_port'],
url_modifier_function=lambda host_port, endpoint, headers:
f'https://{host_port}{endpoint}',
cert_verify=connection['options'].get('proxy_cert'))
def __init__(self, connection, configuration):
self.endpoint_start_v1 = 'api/v1/' # Uses API v1 for `ping` and `processes search` endpoints.
self.endpoint_start_v4 = 'api/v4/' # Uses API v4 for `events search` endpoint.
auth = configuration.get('auth')
headers = dict()
headers['X-Auth-Token'] = auth.get('token')
self.client = RestApiClient(connection.get('host'),
connection.get('port'),
headers,
cert_verify=connection.get(
'selfSignedCert', True),
sni=connection.get('sni', None))
self.timeout = connection['options'].get('timeout')
def __init__(self, connection, configuration):
self.endpoint_start = 'alertflex-ctrl/rest/stix-alerts'
headers = dict()
auth = configuration.get('auth')
headers['Authorization'] = b"Basic " + base64.b64encode(
(auth['username'] + ':' + auth['password']).encode('ascii'))
url_modifier_function = None
self.client = RestApiClient(connection.get('host'),
connection.get('port'),
headers,
url_modifier_function,
cert_verify=connection.get(
'selfSignedCert', False))
def __init__(self, connection, configuration):
# Uncomment when implementing data source API client.
auth = configuration.get('auth')
headers = dict()
if auth:
if 'principal' in auth and 'secret' in auth:
headers['Authorization'] = b"Basic " + base64.b64encode(
(auth['principal'] + ':' + auth['secret']).encode('ascii'))
self.client = RestApiClient(connection.get('host'),
port=None,
headers=headers,
url_modifier_function=None,
cert_verify=True,
sni=None,
auth=None)
def __init__(self, connection, configuration):
auth = configuration.get('auth')
headers = dict()
headers['X-Auth-Token'] = auth.get('token')
headers['Accept'] = 'application/json'
headers['Content-Type'] = 'application/json'
self.org_key = auth.get('org_key')
self.client = RestApiClient(connection.get('host'),
connection.get('port'),
headers,
cert_verify=connection.get(
'selfSignedCert', True),
sni=connection.get('sni', None))
self.timeout = connection['options'].get('timeout')
self.result_limit = connection['options'].get('result_limit')
def __init__(self, params, host, port, headers, url_modifier_function,
cert_verify, sni, auth):
self.client = RestApiClient(host, port, headers, url_modifier_function,
cert_verify, sni, auth)
self.logger = logger.set_logger(__name__)
self.url = params["url"]
self.secret = params["client_secret"]
self.user = params["config_uname"]
self.password = params["config_pass"]
self.client_id = params["client_id"]
self.token_target = 'oauth/token'
self.report_target = 'restAPI/online_report'
self.qs_target = 'restAPI/quick_search'
self.fields_target = 'restAPI/fieldsTitles'
self.fields = {}
self.get_token()
def __init__(self, connection, configuration):
# Uncomment when implementing data source API client.
auth_values = configuration.get('auth')
auth = (auth_values['username'], auth_values['password'])
headers = dict()
headers['Accept'] = 'application/json'
connection['host'] = 'data.reversinglabs.com'
url_modifier_function = None
self.client = RestApiClient(
host=connection.get('host'),
port=None,
headers=headers,
url_modifier_function=url_modifier_function,
auth=auth)
self.connection = connection
self.namespace = connection.get('namespace')
def __init__(self, connection, configuration):
# This version of the ariel APIClient is designed to function with
# version 6.0 of the ariel API.
self.endpoint_start = 'api/ariel/'
self.urldata = {}
headers = dict()
host_port = connection.get('host') + ':' + \
str(connection.get('port', ''))
headers['version'] = '8.0'
headers['accept'] = 'application/json'
auth = configuration.get('auth')
if auth != None and auth.get('SEC', None) != None:
headers['sec'] = auth.get('SEC')
url_modifier_function = None
proxy = connection.get('proxy')
if proxy is not None:
proxy_url = proxy.get('url')
proxy_auth = proxy.get('auth')
if (proxy_url is not None and proxy_auth is not None):
headers['proxy'] = proxy_url
headers['proxy-authorization'] = 'Basic ' + proxy_auth
if proxy.get('x_forward_proxy', None) is not None:
headers['x-forward-url'] = 'https://' + \
host_port + '/' # + endpoint, is set by 'add_endpoint_to_url_header'
host_port = proxy.get('x_forward_proxy')
if proxy.get('x_forward_proxy_auth', None) is not None:
headers['x-forward-auth'] = proxy.get(
'x_forward_proxy_auth')
headers['user-agent'] = 'UDS'
url_modifier_function = self.add_endpoint_to_url_header
self.data_lake = connection.get('data_lake')
if self.data_lake:
print('QRadar Cloud Data Lake enabled')
self.client = RestApiClient(
host_port,
None,
connection.get('cert', None),
headers,
url_modifier_function,
cert_verify=connection.get('selfSignedCert', True),
mutual_auth=connection.get('use_securegateway', False),
sni=connection.get('sni', None))
def __init__(self, connection, configuration):
self.headers = dict()
self.headers['Accept'] = 'application/json'
url_modifier_function = None
auth = configuration.get('auth')
self.host = connection.get('host')
self.client = RestApiClient(
connection.get('host'),
None,
self.headers,
url_modifier_function=url_modifier_function,
cert_verify=connection.get('selfSignedCert', True),
sni=connection.get('sni', None))
self.timeout = connection['options'].get('timeout')
self.app_id = auth['app_id']
self.secret_key = auth['secret_key']
self.token = None
self.token_expiresat = None
def __init__(self, connection, configuration):
# This version of the Splunk APIClient is designed to function with
# Splunk Enterprise version >= 6.5.0 and <= 7.1.2
# http://docs.splunk.com/Documentation/Splunk/7.1.2/RESTREF/RESTprolog
self.output_mode = 'json'
self.endpoint_start = 'services/'
self.authenticated = False
headers = dict()
self.client = RestApiClient(connection.get('host'),
connection.get('port'),
headers,
cert_verify=connection.get(
'selfSignedCert', True),
sni=connection.get('sni', None))
self.auth = configuration.get('auth')
self.headers = headers
self.timeout = connection['options'].get('timeout')
def __init__(self, connection, configuration):
self.logger = logger.set_logger(__name__)
headers = dict()
url_modifier_function = None
auth = configuration.get('auth')
# self.endpoint_start = 'incidents/'
self.host = connection.get('host')
self.client = RestApiClient(
connection.get('host'),
connection.get('port', None),
headers,
url_modifier_function=url_modifier_function,
cert_verify=connection.get('selfSignedCert', False),
sni=connection.get('sni', None))
self.timeout = connection['options'].get('timeout')
self._client_id = auth['clientId']
self._client_secret = auth['clientSecret']
self._token = None
self._token_time = None
def __init__(self, connection, configuration):
# This version of the ariel APIClient is designed to function with
# version 6.0 of the ariel API.
self.logger = logger.set_logger(__name__)
self.endpoint_start = 'api/ariel/'
headers = dict()
host_port = connection.get('host') + ':' + \
str(connection.get('port', ''))
headers['version'] = '8.0'
headers['accept'] = 'application/json'
auth = configuration.get('auth')
if auth != None and auth.get('sec', None) != None:
headers['sec'] = auth.get('sec')
url_modifier_function = None
proxy = connection.get('proxy')
if proxy is not None:
proxy_url = proxy.get('url')
proxy_auth = proxy.get('auth')
if (proxy_url is not None and proxy_auth is not None):
headers['proxy'] = proxy_url
headers['proxy-authorization'] = 'Basic ' + proxy_auth
if proxy.get('x_forward_proxy', None) is not None:
headers['x-forward-url'] = 'https://' + \
host_port + '/' # + endpoint, is set by 'add_endpoint_to_url_header'
host_port = proxy.get('x_forward_proxy')
if proxy.get('x_forward_proxy_auth', None) is not None:
headers['x-forward-auth'] = proxy.get(
'x_forward_proxy_auth')
headers['user-agent'] = 'UDS'
url_modifier_function = self.add_endpoint_to_url_header
self.timeout = connection['options'].get('timeout')
self.client = RestApiClient(host_port,
None,
headers,
url_modifier_function,
cert_verify=connection.get(
'selfSignedCert', True),
sni=connection.get('sni', None))
def __init__(self, connection, configuration):
self.logger = logger.set_logger(__name__)
headers = dict()
url_modifier_function = None
auth = configuration.get('auth')
self.indices = connection.get('indices', None)
if self.indices and type(self.indices) == str:
self.indices = self.indices.split(",")
if isinstance(self.indices, list): # Get list of all indices
self.indices = [i.strip(' ') for i in self.indices]
self.indices = ",".join(self.indices)
if self.indices:
self.endpoint = self.indices + '/' + '_search'
else:
self.endpoint = '_search'
if auth:
if 'username' in auth and 'password' in auth:
headers['Authorization'] = b"Basic " + base64.b64encode(
(auth['username'] + ':' +
auth['password']).encode('ascii'))
elif 'api_key' in auth and 'id' in auth:
headers['Authorization'] = b"ApiKey " + base64.b64encode(
(auth['id'] + ':' + auth['api_key']).encode('ascii'))
elif 'access_token' in auth:
headers['Authorization'] = "Bearer " + auth['access_token']
self.client = RestApiClient(
connection.get('host'),
connection.get('port'),
headers,
url_modifier_function=url_modifier_function,
cert_verify=connection.get('selfSignedCert', True),
sni=connection.get('sni', None))
self.timeout = connection['options'].get('timeout')
def __init__(self, connection, configuration):
self.logger = logger.set_logger(__name__)
self.endpoint_start = 'v2.0/xdr/'
headers = dict()
host_port = connection.get('host') + ':' + str(
connection.get('port', ''))
headers['accept'] = 'application/json'
auth = configuration.get('auth')
if auth is not None and auth.get('token', None) is not None:
headers['Authorization'] = 'Bearer {}'.format(auth.get('token'))
url_modifier_function = None
headers['user-agent'] = _USER_AGENT
self.timeout = connection['options'].get('timeout')
self.client = RestApiClient(host_port,
None,
headers,
url_modifier_function,
cert_verify=connection.get(
'selfSignedCert', True),
sni=connection.get('sni', None))
def __init__(self, connection, configuration):
"""Initialization.
:param connection: dict, connection dict
:param configuration: dict,config dict"""
headers = dict()
url_modifier_function = None
auth = configuration.get('auth')
# self.endpoint_start = 'incidents/'
self.host = connection.get('host')
self.client = RestApiClient(connection.get('host'),
connection.get('port', None),
headers,
url_modifier_function=url_modifier_function,
cert_verify=connection.get('selfSignedCert', True),
sni=connection.get('sni', None)
)
self.timeout = connection['options'].get('timeout')
self._client_id = auth['client_id']
self._client_secret = auth['client_secret']
self._token = None
self._token_time = None