def test_stix_transform(self): """ Objective: Test if our STIX xml can be validated. """ config = ConfigParser() config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg') config.read(config_file) config.set('taxii', 'enabled', True) test_event = {'remote': ('127.0.0.1', 54872), 'data_type': 's7comm', 'public_ip': '111.222.111.222', 'timestamp': datetime.now(), 'session_id': str(uuid.uuid4()), 'data': {0: {'request': 'who are you', 'response': 'mr. blue'}, 1: {'request': 'give me apples', 'response': 'no way'}}} dom = etree.parse('conpot/templates/default/template.xml') stixTransformer = StixTransformer(config, dom) stix_package_xml = stixTransformer.transform(test_event) validator = validators.STIXSchemaValidator() result = validator.validate(StringIO(stix_package_xml.encode('utf-8'))).as_dict() has_errors = False error_string = '' if 'errors' in result: has_errors = True for error in result['errors']: error_string += error['message'] error_string += ', ' self.assertFalse(has_errors, 'Error while validations STIX xml: {0}'. format(error_string))
def test_stix_transform(self): """ Objective: Test if our STIX xml can be validated. """ config = ConfigParser() config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg') config.read(config_file) config.set('taxii', 'enabled', True) config.set('taxii', 'use_contact_info', True) config.set('taxii', 'contact_name', 'conpot') config.set('taxii', 'contact_mail', '[email protected]') config.set('taxii', 'contact_domain', 'http://conpot.org/stix-1') test_event = {'remote': ('127.0.0.1', 54872), 'data_type': 's7comm', 'public_ip': '111.222.111.222', 'timestamp': datetime.now(), 'session_id': str(uuid.uuid4()), 'data': {0: {'request': 'who are you', 'response': 'mr. blue'}, 1: {'request': 'give me apples', 'response': 'no way'}}} dom = etree.parse('conpot/templates/default/template.xml') stixTransformer = StixTransformer(config, dom) stix_package_xml = stixTransformer.transform(test_event) xmlValidator = STIXValidator(None, True, False) result_dict = xmlValidator.validate(StringIO(stix_package_xml.encode('utf-8'))) errors = '' if 'errors' in result_dict: errors = ', '.join(result_dict['errors']) self.assertTrue(result_dict['result'], 'Error while validations STIX xml: {0}'. format(errors))
def __init__(self, config, dom): self.host = config.get('taxii', 'host') self.port = config.getint('taxii', 'port') self.inbox_path = config.get('taxii', 'inbox_path') self.use_https = config.getboolean('taxii', 'use_https') self.client = HttpClient() self.client.setProxy('noproxy') self.stix_transformer = StixTransformer(config, dom)
def __init__(self, config, dom): self.host = config.get("taxii", "host") self.port = config.getint("taxii", "port") self.inbox_path = config.get("taxii", "inbox_path") self.use_https = config.getboolean("taxii", "use_https") self.client = HttpClient() self.client.setProxy("noproxy") self.stix_transformer = StixTransformer(config, dom)
class TaxiiLogger(object): def __init__(self, config, dom): self.host = config.get("taxii", "host") self.port = config.getint("taxii", "port") self.inbox_path = config.get("taxii", "inbox_path") self.use_https = config.getboolean("taxii", "use_https") self.client = HttpClient() self.client.setProxy("noproxy") self.stix_transformer = StixTransformer(config, dom) def log(self, event): # converts from conpot log format to STIX compatible xml stix_package = self.stix_transformer.transform(event) # wrapping the stix message in a TAXII envelope content_block = ContentBlock(libtaxii.CB_STIX_XML_11, stix_package.encode("utf-8")) inbox_message = InboxMessage(message_id=generate_message_id(), content_blocks=[content_block]) inbox_xml = inbox_message.to_xml() # the actual call to the TAXII web service response = self.client.callTaxiiService2( self.host, self.inbox_path, libtaxii.VID_TAXII_XML_11, inbox_xml, self.port ) response_message = libtaxii.get_message_from_http_response(response, "0") if response_message.status_type != libtaxii.messages.ST_SUCCESS: logger.error("Error while transmitting message to TAXII server: {0}".format(response_message.message)) return False else: return True
class TaxiiLogger(object): def __init__(self, config, dom): self.host = config.get('taxii', 'host') self.port = config.getint('taxii', 'port') self.inbox_path = config.get('taxii', 'inbox_path') self.use_https = config.getboolean('taxii', 'use_https') self.client = HttpClient() self.client.setProxy('noproxy') self.stix_transformer = StixTransformer(config, dom) def log(self, event): # converts from conpot log format to STIX compatible xml stix_package = self.stix_transformer.transform(event) # wrapping the stix message in a TAXII envelope content_block = ContentBlock(libtaxii.CB_STIX_XML_11, stix_package.encode('utf-8')) inbox_message = InboxMessage(message_id=generate_message_id(), content_blocks=[content_block]) inbox_xml = inbox_message.to_xml() # the actual call to the TAXII web service response = self.client.callTaxiiService2(self.host, self.inbox_path, libtaxii.VID_TAXII_XML_11, inbox_xml, self.port) response_message = libtaxii.get_message_from_http_response(response, '0') if response_message.status_type != libtaxii.messages.ST_SUCCESS: logger.error('Error while transmitting message to TAXII server: {0}'.format(response_message.message)) return False else: return True
def test_stix_transform(self): """ Objective: Test if our STIX xml can be validated. """ config = ConfigParser() config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg') config.read(config_file) config.set('taxii', 'enabled', True) test_event = { 'remote': ('127.0.0.1', 54872), 'data_type': 's7comm', 'public_ip': '111.222.111.222', 'timestamp': datetime.now(), 'session_id': str(uuid.uuid4()), 'data': { 0: { 'request': 'who are you', 'response': 'mr. blue' }, 1: { 'request': 'give me apples', 'response': 'no way' } } } dom = etree.parse('conpot/templates/default/template.xml') stixTransformer = StixTransformer(config, dom) stix_package_xml = stixTransformer.transform(test_event) validator = validators.STIXSchemaValidator() result = validator.validate(StringIO( stix_package_xml.encode('utf-8'))).as_dict() has_errors = False error_string = '' if 'errors' in result: has_errors = True for error in result['errors']: error_string += error['message'] error_string += ', ' self.assertFalse( has_errors, 'Error while validations STIX xml: {0}'.format(error_string))
def test_stix_transform(self): """ Objective: Test if our STIX xml can be validated. """ config = ConfigParser() config_file = os.path.join(os.path.dirname(__file__), "../conpot.cfg") config.read(config_file) config.set("taxii", "enabled", True) test_event = { "remote": ("127.0.0.1", 54872), "data_type": "s7comm", "public_ip": "111.222.111.222", "timestamp": datetime.now(), "session_id": str(uuid.uuid4()), "data": { 0: { "request": "who are you", "response": "mr. blue" }, 1: { "request": "give me apples", "response": "no way" }, }, } dom = etree.parse("conpot/templates/default/template.xml") stixTransformer = StixTransformer(config, dom) stix_package_xml = stixTransformer.transform(test_event) validator = validators.STIXSchemaValidator() result = validator.validate(StringIO( stix_package_xml.encode("utf-8"))).as_dict() has_errors = False error_string = "" if "errors" in result: has_errors = True for error in result["errors"]: error_string += error["message"] error_string += ", " self.assertFalse( has_errors, "Error while validations STIX xml: {0}".format(error_string))
def test_stix_transform(self): """ Objective: Test if our STIX xml can be validated. """ config = ConfigParser() config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg') config.read(config_file) config.set('taxii', 'enabled', True) config.set('taxii', 'use_contact_info', True) config.set('taxii', 'contact_name', 'James Bond') config.set('taxii', 'contact_mail', '[email protected]') test_event = { 'remote': ('127.0.0.1', 54872), 'data_type': 's7comm', 'public_ip': '111.222.111.222', 'timestamp': datetime.now(), 'session_id': '101d9884-b695-4d8b-bf24-343c7dda1b68', 'data': { 0: { 'request': 'who are you', 'response': 'mr. blue' }, 1: { 'request': 'give me apples', 'response': 'no way' } } } dom = etree.parse('conpot/templates/default.xml') stixTransformer = StixTransformer(config, dom) stix_package_xml = stixTransformer.transform(test_event) xmlValidator = STIXValidator(None, True, False) result_dict = xmlValidator.validate( StringIO(stix_package_xml.encode('utf-8'))) errors = '' if 'errors' in result_dict: errors = ', '.join(result_dict['errors']) self.assertTrue(result_dict['result'], 'Error while validations STIX xml: {0}'.format(errors))