def test_taxii(self): """ Objective: Test if we can transmit data to MITRE's TAXII test server. Note: This actually also tests the StixTransformer since the event is parsed by the transformer before transmission. """ config = ConfigParser() config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg') config.read(config_file) config.set('taxii', 'enabled', True) test_event = { 'remote': ('127.0.0.1', 54872), 'data_type': 's7comm', 'timestamp': datetime.now(), 'session_id': '101d9884-b695-4d8b-bf24-343c7dda1b68', 'data': { 0: { 'request': 'who are you', 'response': 'mr. blue' }, 1: { 'request': 'give me apples', 'response': 'no way' } } } taxiiLogger = TaxiiLogger(config) taxii_result = taxiiLogger.log(test_event) # TaxiiLogger returns false if the message could not be delivered self.assertTrue(taxii_result)
def test_taxii(self): """ Objective: Test if we can transmit data to MITRE's TAXII test server. Note: This actually also tests the StixTransformer since the event is parsed by the transformer before transmission. """ config = ConfigParser() config_file = os.path.join(os.path.dirname(__file__), '../conpot.cfg') config.read(config_file) config.set('taxii', 'enabled', True) test_event = {'remote': ('127.0.0.1', 54872), 'data_type': 's7comm', 'timestamp': datetime.now(), 'session_id': '101d9884-b695-4d8b-bf24-343c7dda1b68', 'data': {0: {'request': 'who are you', 'response': 'mr. blue'}, 1: {'request': 'give me apples', 'response': 'no way'}}} taxiiLogger = TaxiiLogger(config) taxii_result = taxiiLogger.log(test_event) # TaxiiLogger returns false if the message could not be delivered self.assertTrue(taxii_result)
class LogWorker(object): def __init__(self, config, log_queue, public_ip): self.log_queue = log_queue self.sqlite_logger = None self.friends_feeder = None self.syslog_client = None self.public_ip = public_ip self.taxii_logger = None if config.getboolean('sqlite', 'enabled'): self.sqlite_logger = SQLiteLogger() if config.getboolean('hpfriends', 'enabled'): host = config.get('hpfriends', 'host') port = config.getint('hpfriends', 'port') ident = config.get('hpfriends', 'ident') secret = config.get('hpfriends', 'secret') channels = eval(config.get('hpfriends', 'channels')) try: self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels) except Exception as e: logger.exception(e.message) self.friends_feeder = None if config.getboolean('syslog', 'enabled'): host = config.get('syslog', 'host') port = config.getint('syslog', 'port') facility = config.get('syslog', 'facility') logdevice = config.get('syslog', 'device') logsocket = config.get('syslog', 'socket') self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket) if config.getboolean('taxii', 'enabled'): # TODO: support for certificates self.taxii_logger = TaxiiLogger(config) self.enabled = True def start(self): self.enabled = True while self.enabled: event = self.log_queue.get() assert 'data_type' in event assert 'timestamp' in event if self.public_ip: event['public_ip'] = self.public_ip if self.friends_feeder: self.friends_feeder.log(json.dumps(event, default=self.json_default)) if self.sqlite_logger: self.sqlite_logger.log(event) if self.syslog_client: self.syslog_client.log(event) if self.taxii_logger: self.taxii_logger.log(event) def stop(self): self.enabled = False def json_default(self, obj): if isinstance(obj, datetime): return obj.isoformat() elif isinstance(obj, uuid.UUID): return str(obj) else: return None
class LogWorker(object): def __init__(self, config, log_queue, public_ip): self.log_queue = log_queue self.sqlite_logger = None self.friends_feeder = None self.syslog_client = None self.public_ip = public_ip self.taxii_logger = None if config.getboolean('sqlite', 'enabled'): self.sqlite_logger = SQLiteLogger() if config.getboolean('hpfriends', 'enabled'): host = config.get('hpfriends', 'host') port = config.getint('hpfriends', 'port') ident = config.get('hpfriends', 'ident') secret = config.get('hpfriends', 'secret') channels = eval(config.get('hpfriends', 'channels')) try: self.friends_feeder = HPFriendsLogger(host, port, ident, secret, channels) except Exception as e: logger.exception(e.message) self.friends_feeder = None if config.getboolean('syslog', 'enabled'): host = config.get('syslog', 'host') port = config.getint('syslog', 'port') facility = config.get('syslog', 'facility') logdevice = config.get('syslog', 'device') logsocket = config.get('syslog', 'socket') self.syslog_client = SysLogger(host, port, facility, logdevice, logsocket) if config.getboolean('taxii', 'enabled'): # TODO: support for certificates self.taxii_logger = TaxiiLogger(config) self.enabled = True def start(self): self.enabled = True while self.enabled: event = self.log_queue.get() assert 'data_type' in event assert 'timestamp' in event if self.public_ip: event['public_ip'] = self.public_ip if self.friends_feeder: self.friends_feeder.log( json.dumps(event, default=self.json_default)) if self.sqlite_logger: self.sqlite_logger.log(event) if self.syslog_client: self.syslog_client.log(event) if self.taxii_logger: self.taxii_logger.log(event) def stop(self): self.enabled = False def json_default(self, obj): if isinstance(obj, datetime): return obj.isoformat() elif isinstance(obj, uuid.UUID): return str(obj) else: return None