def cli_entry(entry=False, logfile=False):
"""Quick function to perform easy cmd insertions
:param entry: Log entry to be inserted
"""
task_id = config.get_config(config_format="cmdline")
if not task_id:
config.sneeze(
error_message=
"Insert a log entry using the --log option, without an active case or task.",
error_fix=
"Run pollen with the --cmd option to set an active case and task.")
if task_id:
# Combine entry together
entry = ' '.join(entry)
# Logic to handle entries with or without file attachments
if logfile:
task_entry = CaseTaskLog(message=entry, file=str(logfile))
else:
task_entry = CaseTaskLog(message=entry)
api = config.get_api()
resp = api.create_task_log(task_id, task_entry)
if resp.status_code == 201:
print(
"Bzz Bzz Bzz...successfully inserted into task log. Happy analyzing!"
)
def run(self, task_id, log):
api = TheHiveApi(self.config['thehive_url'],
self.config['thehive_api_key'])
case_task_log = CaseTaskLog(message=log)
response = api.create_task_log(task_id, case_task_log)
return response.json()
def add_task_log(full_task_id, body, file_array):
hive_address = ''.join(settings.stored_hive_address[0])
hive_api = ''.join(settings.stored_api_key[0])
#Define the connection to thehive installation (including the generated API key).
api = TheHiveApi(hive_address, hive_api, None, {'http': '', 'https': ''})
#Strip the message of any old replies---difficult as I have already made it a plain text file so all encoded stuff gone!.
#string_list = re.findall(r"\w+\s+\w+[,]\s+\w+\s+\d+[,]\s+\d+\s+\w+\s+\d+[:]\d+\s+\w+.*", body) # regex for On Thu, Mar 24, 2011 at 3:51 PM
#res = body.split(string_list[0]) # split on that match
#print(res[0]) # get before string of the regex
#print("So is this the split message?:",res[0])
#Later add on file=file_array
tasklog = CaseTaskLog(message=body, file="")
#Need to also add some observables to this
response = api.create_task_log(full_task_id, tasklog)
if response.status_code == 201:
#print(json.dumps(response.json(), indent=4, sort_keys=True))
print(str(datetime.datetime.now()) + " Task Log succesfully created.")
else:
print('ko: {}/{}'.format(response.status_code, response.text))
sys.exit(0)
def addTaskLog(self, taskId, filename):
response = self.api.create_task_log(
taskId, CaseTaskLog(message='Autogenerated report', file=filename))
if response.status_code == 201:
return (json.dumps(response.json(), indent=4, sort_keys=True))
else:
self.error('ko: {}/{}'.format(response.status_code, response.text))
def do_logfile(self, arg):
'''Insert a log file and a supporting file'''
log_details = arg.split('&&')
print(
"Inserting the following log entry:\n\n{0}\n\nAnd attaching the following file: {1}"
.format(log_details[0], log_details[1]))
self.api.create_task_log(
self.task_id,
CaseTaskLog(message=log_details[0], file=log_details[1].lstrip()))
def craftTaskLog(self, textLog):
self.logger.info('%s.craftTaskLog starts', __name__)
log = CaseTaskLog(message=textLog)
return log
def do_log(self, arg):
'''Insert a log entry for this task!'''
print("Inserting the following log entry:\n\n{0}".format(arg))
self.api.create_task_log(self.task_id, CaseTaskLog(message=arg))
def craftTaskLog(self, **attributes):
self.log.info('%s.craftTaskLog starts', __name__)
log = CaseTaskLog(**attributes)
return log
def case_tasks_log_model(event):
entity = event['entity']
return CaseTaskLog(
message="{} {} {}".format(entity, event['type'], event[entity]['url']))
def __init__(self, event, tenant):
priority = event['case']['priority']
tasklog = CaseTaskLog(
message="Priority updated to {}".format(priority))
self.tasklog = tasklog
