def detection_rule(self, dr_path): """Desc""" print("Populating Detection Rules..") if dr_path: dr_list = glob.glob(dr_path + '*.yml') else: dr_dirs = ATCconfig.get('detection_rules_directories') # check if config provides multiple directories for detection rules if isinstance(dr_dirs, list): dr_list = [] for directory in dr_dirs: dr_list += glob.glob(directory + '/*.yml') elif isinstance(dr_dirs, str): dr_list = glob.glob(dr_dirs + '/*.yml') for dr_file in dr_list: try: dr = DetectionRule(dr_file, apipath=self.apipath, auth=self.auth, space=self.space) dr.render_template("confluence") confluence_data = { "title": dr.fields['title'], "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Detection Rules")), "confluencecontent": dr.content, } ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) # print("Done: ", dr.fields['title']) except Exception as err: print(dr_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("Detection Rules populated!")
def data_needed(self, dn_path): """Desc""" print("[*] Populating Data Needed...") if dn_path: dn_list = glob.glob(dn_path + '*.yml') else: dn_dir = ATCconfig.get('data_needed_dir') dn_list = glob.glob(dn_dir + '/*.yml') for dn_file in dn_list: try: dn = DataNeeded(dn_file, apipath=self.apipath, auth=self.auth, space=self.space) dn.render_template("confluence") confluence_data = { "title": dn.dn_fields["title"], "spacekey": self.space, "parentid": str(ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Data Needed")), "confluencecontent": dn.content, } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: DN '" + dn.dn_fields['title'] + "'") # print("Done: ", dn.dn_fields['title']) except Exception as err: print(dn_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Data Needed populated!")
def logging_policy(self, lp_path): """Desc""" print("[*] Populating Logging Policies...") if lp_path: lp_list = glob.glob(lp_path + '*.yml') else: lp_dir = ATCconfig.get('logging_policies_dir') lp_list = glob.glob(lp_dir + '/*.yml') for lp_file in lp_list: try: lp = LoggingPolicy(lp_file) lp.render_template("confluence") confluence_data = { "title": lp.fields["title"], "spacekey": self.space, "parentid": str(ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Logging Policies")), "confluencecontent": lp.content, } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: LP '" + lp.fields['title'] + "'") # print("Done: ", lp.fields['title']) except Exception as err: print(lp_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Logging Policies populated!")
def mitigation_policy(self, mp_path): """Populate Mitigation Policies""" print("[*] Populating Mitigation Policies...") if mp_path: mp_list = glob.glob(mp_path + '*.yml') else: mp_dir = ATCconfig.get('mitigation_policies_directory') mp_list = glob.glob(mp_dir + '/*.yml') for mp_file in mp_list: try: mp = MitigationPolicy(mp_file, apipath=self.apipath, auth=self.auth, space=self.space) mp.render_template("confluence") confluence_data = { "title": mp.mp_parsed_file["title"], "spacekey": self.space, "parentid": str(ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Mitigation Policies")), "confluencecontent": mp.content, } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: MP '" + mp.mp_parsed_file['title'] + "'") except Exception as err: print(mp_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Mitigation Policies populated!")
def hardening_policy(self, hp_path): """Populate Hardening Policies""" print("[*] Populating Hardening Policies...") if hp_path: hp_list = glob.glob(hp_path + '*.yml') else: hp_dir = ATCconfig.get('hardening_policies_directory') hp_list = glob.glob(hp_dir + '/*.yml') for hp_file in hp_list: try: hp = HardeningPolicy(hp_file) hp.render_template("confluence") confluence_data = { "title": hp.hp_parsed_file["title"], "spacekey": self.space, "parentid": str(ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Hardening Policies")), "confluencecontent": hp.content, } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: HP '" + hp.hp_parsed_file['title'] + "'") except Exception as err: print(hp_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Hardening Policies populated!")
def response_playbook(self, rp_path): """Nothing here yet""" print("Populating Response Playbooks..") if rp_path: rp_list = glob.glob(rp_path + '*.yml') else: rp_list = glob.glob('../response_playbooks/*.yml') for rp_file in rp_list: try: rp = ResponsePlaybook(rp_file, apipath=self.apipath, auth=self.auth, space=self.space) rp.render_template("confluence") base = os.path.basename(rp_file) confluence_data = { "title": base, "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Response Playbooks")), "confluencecontent": rp.content, } ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) # print("Done: ", rp.rp_parsed_file['title']) except Exception as err: print(rp_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("Response Playbooks populated!")
def customer(self, cu_path): """Nothing here yet""" print("Populating Customers..") if cu_path: cu_list = glob.glob(cu_path + '*.yml') else: cu_list = glob.glob( ATCconfig.get('customers_directory') + '/*.yml') for cu_file in cu_list: try: cu = Customer(cu_file, apipath=self.apipath, auth=self.auth, space=self.space) cu.render_template("confluence") confluence_data = { "title": cu.customer_name, "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Customers")), "confluencecontent": cu.content, } ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) # print("Done: ", cu.title) except Exception as err: print(cu_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("Customers populated!")
def enrichment(self, en_path): """Nothing here yet""" print("Populating Enrichments..") if en_path: en_list = glob.glob(en_path + '*.yml') else: en_list = glob.glob('../enrichments/*.yml') for en_file in en_list: try: en = Enrichment(en_file, apipath=self.apipath, auth=self.auth, space=self.space) en.render_template("confluence") confluence_data = { "title": en.en_parsed_file['title'], "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Enrichments")), "confluencecontent": en.content, } ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) # print("Done: ", en.en_parsed_file['title']) except Exception as err: print(en_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("Enrichments populated!")
def triggers(self, tg_path): """Populate Triggers""" print("Populating Triggers..") if tg_path: tg_list = glob.glob(tg_path + '*.yml') else: tg_list = glob.glob( ATCconfig.get("triggers_directory") + '/T*/*.yaml') for tg_file in tg_list: try: tg = Triggers(tg_file) tg.render_template("confluence") title = tg.fields["attack_technique"] + ": " + \ te_mapping.get(tg.fields["attack_technique"]) confluence_data = { "title": title, "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Triggers")), "confluencecontent": tg.content, } ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) # print("Done: ", tg.fields["attack_technique"]) except Exception as err: print(tg_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("Triggers populated!")
def mitigation_system(self, ms_path): """Populate Mitigation Systems""" print("Populating Mitigation Systems..") if ms_path: ms_list = glob.glob(ms_path + '*.yml') else: ms_dir = ATCconfig.get('mitigation_systems_directory') ms_list = glob.glob(ms_dir + '/*.yml') for ms_file in ms_list: try: ms = MitigationSystem(ms_file) ms.render_template("confluence") confluence_data = { "title": ms.ms_parsed_file["title"], "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Mitigation Systems")), "confluencecontent": ms.content, } ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) except Exception as err: print(ms_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("Mitigation Systems populated!")
def response_action(self, ra_path): """Nothing here yet""" print("Populating Response Actions..") if ra_path: ra_list = glob.glob(ra_path + '*.yml') else: ra_dir = ATCconfig.get('response_actions_dir') ra_list = glob.glob(ra_dir + '/*.yml') for ra_file in ra_list: try: ra = ResponseAction(ra_file, apipath=self.apipath, auth=self.auth, space=self.space) ra.render_template("confluence") confluence_data = { "title": ra.ra_parsed_file['title'], "spacekey": self.space, "parentid": str( ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Response Actions")), "confluencecontent": ra.content, } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: RA '" + ra.ra_parsed_file['title'] + "'") # print("Done: ", ra.ra_parsed_file['title']) except Exception as err: print(ra_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("Response Actions populated!")
def response_stage(self, rs_path): """Nothing here yet""" print("[*] Populating Response Stages...") if rs_path: rs_list = glob.glob(rs_path + '*.yml') else: rs_dir = ATCconfig.get('response_stages_dir') rs_list = glob.glob(rs_dir + '/*.yml') for rs_file in rs_list: try: rs = ResponseStage(rs_file, apipath=self.apipath, auth=self.auth, space=self.space) rs.render_template("confluence") base = os.path.basename(rs_file) confluence_data = { "title": rs.rs_parsed_file['title'], "spacekey": self.space, "parentid": str(ATCutils.confluence_get_page_id( self.apipath, self.auth, self.space, "Response Stages")), "confluencecontent": rs.content, } res = ATCutils.push_to_confluence(confluence_data, self.apipath, self.auth) if res == 'Page updated': print("==> updated page: RS '" + base + "'") # print("Done: ", rp.rp_parsed_file['title']) except Exception as err: print(rs_file + " failed") print("Err message: %s" % err) print('-' * 60) traceback.print_exc(file=sys.stdout) print('-' * 60) print("[+] Response Stages populated!")
def main(c_auth=None): try: ATCconfig = ATCutils.load_config("config.yml") confluence_space_name = ATCconfig.get('confluence_space_name') confluence_space_home_page_name = ATCconfig.get( 'confluence_space_home_page_name') confluence_rest_api_url = ATCconfig.get('confluence_rest_api_url') confluence_name_of_root_directory = ATCconfig.get( 'confluence_name_of_root_directory') except Exception as e: raise e pass if not c_auth: mail = input("Login: "******"" print("Creating ATC page..") # print(str(ATCutils.confluence_get_page_id(url, # auth, confluence_space_name, confluence_space_home_page_name))) data = { "title": confluence_name_of_root_directory, "spacekey": confluence_space_name, "parentid": str( ATCutils.confluence_get_page_id(url, auth, confluence_space_name, confluence_space_home_page_name)), "confluencecontent": content, } # print(push_to_confluence(data, url, auth)) if not ATCutils.push_to_confluence(data, url, auth): raise Exception("Could not create or update the page. " + "Is the parent name correct?") spaces = [ "Detection Rules", "Logging Policies", "Data Needed", "Triggers", "Response Actions", "Response Playbooks", "Enrichments", "Customers", "Mitigation Systems", "Mitigation Policies", "Hardening Policies" ] for space in spaces: print("Creating %s.." % space) data = { "title": space, "spacekey": confluence_space_name, "parentid": str( ATCutils.confluence_get_page_id( url, auth, confluence_space_name, confluence_name_of_root_directory)), "confluencecontent": content, } # print(push_to_confluence(data, url, auth)) if not ATCutils.push_to_confluence(data, url, auth): raise Exception("Could not create or update the page. " + "Is the parent name correct?") print("Done!") return True