示例#1
0
    def run(self, data, persistentData, actionResult):
        indicator = helpers.evalString(self.indicator, {"data": data})
        otxType = helpers.evalString(self.otxType, {"data": data})
        if re.search('(\.|\\|\/)', otxType):
            actionResult["result"] = False
            actionResult["rc"] = 255
            return actionResult

        actionResult["data"]["otxIndicators"] = []

        if os.path.isfile(Path(
                "plugins/otx/cache/ioc_{0}.csv".format(otxType))):
            f = csv.reader(open(Path(
                "plugins/otx/cache/ioc_{0}.csv".format(otxType)),
                                "rt",
                                encoding='utf-8'),
                           quoting=csv.QUOTE_ALL,
                           dialect='excel')
            for line in f:
                if indicator == line[12]:
                    actionResult["data"]["otxIndicators"].append(line)

        if len(actionResult["data"]["otxIndicators"]) > 0:
            actionResult["result"] = True
            actionResult["rc"] = 0
        else:
            actionResult["result"] = False
            actionResult["rc"] = 404
        return actionResult
示例#2
0
    def run(self,data,persistentData,actionResult):
        ip = helpers.evalString(self.ip,{"data" : data})
        domain = helpers.evalString(self.domain,{"data" : data})
        scanName = helpers.evalString(self.scanName,{"data" : data})

        scanResult = inga._inga().getAsClass(query={ "scanName" : scanName, "ip" : ip },fields=["scanName","ip","domains"])
        if len(scanResult) == 1:
            scanResult = scanResult[0]
            domainFound = False
            for domainKey,domainItem in scanResult.domains.items():
                if domainItem["domain"] == domain:
                    domainFound = True
                    break
            if not domainFound:
                scanResult._dbCollection.update_one({ "scanName" : scanName, "ip" : ip },{ "$push" : { "domains" : { "domain" : domain, "ip" : ip, "lastSeen" : time.time() } } })
            actionResult["result"] = True
            actionResult["rc"] = 0
        elif len(scanResult) == 0:
            newId = inga._inga().new(self.acl,scanName,str(ip),False)
            scanResult = inga._inga().getAsClass(id=str(newId.inserted_id),fields=["scanName","ip","domains"])
            scanResult.domains.append({ "domain" : domain, "ip" : ip, "lastSeen" : time.time() })
            scanResult.update(["domains"])
            actionResult["result"] = True
            actionResult["rc"] = 201
        else:
            actionResult["result"] = False
            actionResult["rc"] = 502
        return actionResult
示例#3
0
    def run(self, data, persistentData, actionResult):
        ip = helpers.evalString(self.ip, {"data": data})
        mask = helpers.evalString(self.mask, {"data": data})
        asn = helpers.evalString(self.asn, {"data": data})
        apiToken = auth.getPasswordFromENC(self.apiToken)

        result = None
        if asn:
            result = whoisxmlapi._whoisxmlapi(apiToken).netblock(asn=asn)
        elif ip and mask:
            result = whoisxmlapi._whoisxmlapi(apiToken).netblock(ip=ip,
                                                                 mask=mask)
        elif ip:
            result = whoisxmlapi._whoisxmlapi(apiToken).netblock(ip=ip)

        if result:
            actionResult["result"] = True
            actionResult["rc"] = 0
            actionResult["apiResult"] = result
        else:
            actionResult["result"] = False
            actionResult["rc"] = 404
            actionResult[
                "msg"] = "Failed to get a valid response from whoisxmlapi API"
        return actionResult
示例#4
0
    def run(self, data, persistentData, actionResult):
        headers = {"Content-Type": "application/json; charset=UTF-8"}
        url = helpers.evalString(self.url, {"data": data})
        body = helpers.evalString(self.body, {"data": data})

        timeout = 60
        if self.timeout > 0:
            timeout = self.timeout

        kwargs = {}
        kwargs["headers"] = headers
        kwargs["timeout"] = timeout
        kwargs["data"] = json.dumps({"text": body})
        if self.ca:
            kwargs["verify"] == Path(self.ca)
        if self.proxy:
            kwargs["proxies"] = self.proxy

        response = requests.post(url, **kwargs)

        actionResult["result"] = True
        actionResult["rc"] = response.status_code
        actionResult["data"] = {
            "headers": response.headers,
            "text": response.text
        }
        return actionResult
示例#5
0
    def run(self, data, persistentData, actionResult):
        ip = helpers.evalString(self.ip, {"data": data})
        domain = helpers.evalString(self.domain, {"data": data})
        scanName = helpers.evalString(self.scanName, {"data": data})

        scanResult = inga._inga().getAsClass(
            query={
                "scanName": scanName,
                "ip": ip,
                "domains.domain": domain
            },
            fields=["scanName", "ip", "domains"])
        if len(scanResult) == 1:
            scanResult = scanResult[0]
            scanResult._dbCollection.update_one(
                {
                    "scanName": scanName,
                    "ip": ip,
                    "domains.domain": domain
                }, {"$pull": {
                    "domains": {
                        "domain": domain
                    }
                }})
            actionResult["result"] = True
            actionResult["rc"] = 200
        else:
            actionResult["result"] = False
            actionResult["rc"] = 502
        return actionResult
示例#6
0
    def doAction(self, data):
        host = helpers.evalString(self.host, {"data": data["flowData"]})
        port = helpers.evalString(self.port, {"data": data["flowData"]})
        deviceHostname = helpers.evalString(self.deviceHostname,
                                            {"data": data["flowData"]})
        user = helpers.evalString(self.user, {"data": data["flowData"]})
        if self.password.startswith("ENC"):
            password = auth.getPasswordFromENC(self.password)
        else:
            password = ""

        client = fortigate.fortigate(host,
                                     deviceHostname,
                                     user,
                                     password=password,
                                     port=port,
                                     maxRecvTime=self.maxRecvTime)

        if client.client != None:
            data["eventData"]["remote"] = {"client": client}
            return {"result": True, "rc": 0, "msg": "Connection successful"}
        else:
            return {
                "result": False,
                "rc": 403,
                "msg": "Connection failed - {0}".format(client.error)
            }
示例#7
0
    def run(self, data, persistentData, actionResult):
        from email.mime.text import MIMEText
        body = helpers.evalString(self.body, {"data": data})
        subject = helpers.evalString(self.subject, {"data": data})
        if self.password.startswith("ENC") and self.password != "":
            password = auth.getPasswordFromENC(self.password)
        elif "%%" in self.password:
            password = helpers.evalString(self.password,
                                          {"data": data["flowData"]})
        else:
            password = ""
        if self.html:
            msg = MIMEText(body, "html")
        else:
            msg = MIMEText(body)
        msg['Subject'] = subject
        msg['From'] = self.sender
        msg['To'] = self.to
        if password != "":
            self.sendEmailAuth(msg, smtplib.SMTP(self.host, self.port),
                               self.sender, password)
        else:
            self.sendEmail(msg, smtplib.SMTP(self.host, self.port))

        actionResult["result"] = True
        actionResult["rc"] = 0
        return actionResult
示例#8
0
    def run(self, data, persistentData, actionResult):
        relationshipData = helpers.evalDict(self.relationshipData,
                                            {"data": data})
        fromAsset = helpers.evalString(self.fromAsset, {"data": data})
        toAsset = helpers.evalString(self.toAsset, {"data": data})

        timespan = 3600
        if self.timespan > 0:
            timespan = self.timespan
        timespan = helpers.roundTime(roundTo=timespan).timestamp()

        match = "{0}={1}->{2}".format(timespan, fromAsset, toAsset)
        # This will cause a memory leak overtime as globalCache is not cleared down --- this needs to be fixed
        relationship = cache.globalCache.get("assetRelationshipCache",
                                             match,
                                             getAssetRelationshipObject,
                                             timespan,
                                             fromAsset,
                                             toAsset,
                                             extendCacheTime=True)
        if not relationship:
            relationshipItem = _assetRelationship().bulkNew(
                self.acl, timespan, fromAsset, toAsset, relationshipData,
                self.bulkClass)
            if relationshipItem:
                cache.globalCache.insert("assetRelationshipCache", match,
                                         [relationshipItem])

        actionResult["result"] = True
        actionResult["rc"] = 0
        return actionResult
示例#9
0
    def doAction(self, data):
        activityData = helpers.evalDict(self.activityData,
                                        {"data": data["flowData"]})
        conversationId = helpers.evalString(self.conversationId,
                                            {"data": data["flowData"]})
        activityId = helpers.evalString(self.activityId,
                                        {"data": data["flowData"]})
        if not self.client_id:
            azureBotTrigger = data["persistentData"]["system"]["trigger"]
            if not hasattr(azureBotTrigger, "azurebotservice"):
                azureBotTrigger.azurebotservice = azurebotservice._azurebotservice(
                    clientId=azureBotTrigger.client_id,
                    clientSecret=jimi.auth.getPasswordFromENC(
                        azureBotTrigger.client_secret),
                    serviceUrl=data["flowData"]["event"]["serviceUrl"])
        else:
            azureBotTrigger.azurebotservice = azurebotservice._azurebotservice(
                clientId=self.client_id,
                clientSecret=jimi.auth.getPasswordFromENC(self.client_secret),
                serviceUrl=self.service_url)

        result = azureBotTrigger.azurebotservice.updateActivity(
            activityData, conversationId, activityId)

        if result:
            return {"result": True, "rc": 0, "msg": "Activity updated."}
        else:
            return {
                "result": False,
                "rc": 400,
                "msg": "Invalid response from web service, check your url."
            }
示例#10
0
 def run(self, data, persistentData, actionResult):
     endpointID = helpers.evalString(self.endpointID, {"data": data})
     tenant = helpers.evalString(self.tenant, {"data": data})
     client_secret = auth.getPasswordFromENC(self.client_secret)
     actionResult["data"] = "Not yet implemented"
     actionResult["result"] = False
     actionResult["rc"] = 0
     return actionResult
示例#11
0
    def doAction(self, data):
        host = helpers.evalString(self.host, {"data": data["flowData"]})
        user = helpers.evalString(self.user, {"data": data["flowData"]})
        port = helpers.evalString(self.port_forward,
                                  {"data": data["flowData"]})
        if self.password.startswith("ENC"):
            password = auth.getPasswordFromENC(self.password)
        elif "%%" in self.password:
            password = helpers.evalString(self.password,
                                          {"data": data["flowData"]})
        else:
            password = ""
        keyfile = helpers.evalString(self.keyfile, {"data": data["flowData"]})

        if self.isPortForward:
            if keyfile != "":
                if password:
                    client = linux.linux(
                        host,
                        user,
                        keyFile=keyfile,
                        password=password,
                        port_forward=True,
                        port=port,
                    )
                else:
                    client = linux.linux(host,
                                         user,
                                         keyFile=keyfile,
                                         port_forward=True,
                                         port=port)
            else:
                client = linux.linux(host, user, password=password)
        else:
            if keyfile != "":
                if password != "":
                    client = linux.linux(host,
                                         user,
                                         keyFile=keyfile,
                                         password=password)
                else:
                    client = linux.linux(host, user, keyFile=keyfile)
            else:
                client = linux.linux(host, user, password=password)

        if client.client != None:
            data["eventData"]["remote"] = {}
            data["eventData"]["remote"]["client"] = client

            if self.isPortForward:
                data["eventData"]["remote"]["port"] = client.tunnelPort
            return {"result": True, "rc": 0, "msg": "Connection successful"}
        else:
            return {
                "result": False,
                "rc": 403,
                "msg": "Connection failed - {0}".format(client.error),
            }
示例#12
0
    def run(self, data, persistentData, actionResult):
        host = helpers.evalString(self.host, {"data": data})
        user = helpers.evalString(self.user, {"data": data})
        port = helpers.evalString(self.port_forward, {"data": data})
        if self.password.startswith("ENC"):
            password = auth.getPasswordFromENC(self.password)
        else:
            password = ""
        keyfile = helpers.evalString(self.keyfile, {"data": data})

        if self.isPortForward:
            if keyfile != "":
                if password:
                    client = linux.linux(host,
                                         user,
                                         keyFile=keyfile,
                                         password=password,
                                         port_forward=True,
                                         port=port)
                else:
                    client = linux.linux(host,
                                         user,
                                         keyFile=keyfile,
                                         port_forward=True,
                                         port=port)
            else:
                client = linux.linux(host, user, password=password)
        else:
            if keyfile != "":
                if password != "":
                    client = linux.linux(host,
                                         user,
                                         keyFile=keyfile,
                                         password=password)
                else:
                    client = linux.linux(host, user, keyFile=keyfile)
            else:
                client = linux.linux(host, user, password=password)

        if client.client != None:
            persistentData["remote"] = {}
            persistentData["remote"]["client"] = client

            if self.isPortForward:
                # print(f"MAIN port is {client.tunnelPort}")
                persistentData["remote"]["port"] = client.tunnelPort
            actionResult["result"] = True
            actionResult["rc"] = 0
            actionResult["msg"] = "Connection successful"
            return actionResult
        else:
            actionResult["result"] = False
            actionResult["rc"] = 403
            actionResult["msg"] = "Connection failed - {0}".format(
                client.error)
            return actionResult
示例#13
0
    def run(self,data,persistentData,actionResult):
        apiAddress = helpers.evalString(self.apiAddress,{"data" : data})
        user = helpers.evalString(self.user,{"data" : data})

        sensors = cache.globalCache.get("philipshueList","sensors",getPhilipshueList,apiAddress,user,forceUpdate=True)

        actionResult["result"] = True
        actionResult["data"]["sensors"] = sensors
        actionResult["rc"] = 0
        return actionResult
示例#14
0
    def doAction(self,data):
        actionResult = {}
        ip = helpers.evalString(self.ip,{"data" : data["flowData"]})
        port = helpers.evalString(self.port,{"data" : data["flowData"]})
        scanName = helpers.evalString(self.scanName,{"data" : data["flowData"]})
        domainName = helpers.evalString(self.domainName,{"data" : data["flowData"]})

        result = []
        protocols = ["http", "https"]
        for protocol in protocols:
            timeout = 5
            if self.timeout != 0:
                timeout = self.timeout
                
            response = remoteHelpers.runRemoteFunction(self.runRemote,data["eventData"],webserverConnect,{"protocol" : protocol, "ip" : ip, "port" : port, "timeout" : timeout, "domainName" : domainName},False)
            if "error" not in response:
                headers = helpers.lower_dict(response["headers"])
                for excludeHeader in self.excludeHeaders:
                    if excludeHeader in headers:
                        del headers[excludeHeader]
                # Update scan if updateScan mapping was provided
                if len(scanName) > 0:
                    if domainName == "":
                        inga._inga()._dbCollection.update_one({ "scanName": scanName, "ip": ip, "ports.tcp.port" : port },{ "$set" : { "ports.tcp.$.data.webServerDetect" : { "protocol" : protocol, "headers" : headers, "lastSeen" : time.time()  } } })
                        url = "{0}://{1}:{2}".format(protocol,ip,port)
                    else:
                        inga._inga()._dbCollection.update_one({ "scanName": scanName, "ip": ip, "domains.domain" : domainName },{ "$set" : { "domains.$.data.webServerDetect.{0}".format(protocol) : { "protocol" : protocol, "headers" : headers, "lastSeen" : time.time()  } } })
                        url = "{0}://{1}".format(protocol,domainName)
                # Detect HTTP -> HTTPS redirect upgrade
                insecureUpgrade = None
                try:
                    if protocol == "http" and "https://" in headers["location"]:
                        insecureUpgrade = True
                except KeyError:
                    if protocol == "http":
                        insecureUpgrade = False
                result.append({ "protocol" : protocol, "headers" : headers, "url" : url, "insecureUpgrade" : insecureUpgrade })
            else:
                actionResult["result"] = False
                actionResult["rc"] = 500
                actionResult["msg"] = response["error"]
                actionResult["stderr"] = response["stderr"]
                actionResult["stdout"] = response["stdout"]
                return actionResult

        if result:
            actionResult["result"] = True
            actionResult["rc"] = 0
            actionResult["serverDetails"] = result
        else:
            actionResult["result"] = False
            actionResult["rc"] = 404
        return actionResult
示例#15
0
    def run(self,data,persistentData,actionResult):
        apiAddress = helpers.evalString(self.apiAddress,{"data" : data})
        user = helpers.evalString(self.user,{"data" : data})
        groupName = helpers.evalString(self.groupName,{"data" : data})

        hueApi = hue.hue(apiAddress,user)
        groups = hueApi.getGroups()
        result = hueApi.groupOff(groups[groupName])

        actionResult["result"] = result
        actionResult["rc"] = 0
        return actionResult
示例#16
0
    def run(self,data,persistentData,actionResult):
        apiAddress = helpers.evalString(self.apiAddress,{"data" : data})
        user = helpers.evalString(self.user,{"data" : data})
        lightName = helpers.evalString(self.lightName,{"data" : data})

        hueApi = hue.hue(apiAddress,user)
        lights = hueApi.getLights()
        result = hueApi.lightOff(lights[lightName])

        actionResult["result"] = result
        actionResult["rc"] = 0
        return actionResult
示例#17
0
    def run(self,data,persistentData,actionResult):
        apiAddress = helpers.evalString(self.apiAddress,{"data" : data})
        user = helpers.evalString(self.user,{"data" : data})
        lightName = helpers.evalString(self.lightName,{"data" : data})

        lights = cache.globalCache.get("philipshueList","lights",getPhilipshueList,apiAddress,user,dontCheck=self.refreshLight)
        if self.refreshLight:
            hueApi = hue.hue(apiAddress,user)
            lights[lightName] = hueApi.refreshLight(lights[lightName])

        actionResult["result"] = True
        actionResult["data"]["light"] = lights[lightName]
        actionResult["rc"] = 0
        return actionResult
示例#18
0
    def run(self,data,persistentData,actionResult):
        ip = helpers.evalString(self.ip,{"data" : data})
        scanName = helpers.evalString(self.scanName,{"data" : data})

        scanResult = inga._inga().getAsClass(query={ "scanName" : scanName, "ip" : ip },fields=["scanName","ip"])
        if len(scanResult) == 1:
            scanResult = scanResult[0]
            scanResult.delete()
            actionResult["result"] = True
            actionResult["rc"] = 0
        else:
            actionResult["result"] = False
            actionResult["rc"] = 502
        return actionResult
示例#19
0
	def run(self,data,persistentData,actionResult):
		headers = helpers.evalDict(self.headers,{"data" : data})
		url = helpers.evalString(self.url,{"data" : data})
		method = helpers.evalString(self.method,{"data" : data}).upper()
		postData = helpers.evalString(self.postData,{"data" : data})

		kwargs={}
		kwargs["headers"] = headers
		if self.timeout == 0:
			kwargs["timeout"] = 5
		else:
			kwargs["timeout"] = self.timeout
		if self.ca:
			kwargs["verify"] = Path(self.ca)
		if self.proxy:
			kwargs["proxies"] = self.proxy
		else:
			kwargs["proxies"] = { "http": None, "https": None }
		if self.cookies:
			cookies = helpers.evalDict(self.cookies,{"data" : data})
			kwargs["cookies"] = cookies

		try:
			if method == "GET":
				response = requests.get(url,**kwargs)
			elif method == "POST":
				kwargs["data"] = postData
				response = requests.post(url,**kwargs)
			elif method == "PUT":
				kwargs["data"] = postData
				response = requests.put(url,**kwargs)
			elif method == "DELETE":
				response = requests.delete(url,**kwargs)

			text = response.text
			if self.returnsJson:
				try:
					text = response.json()
				except:
					text = response.text		

			actionResult["result"] = True
			actionResult["rc"] = response.status_code
			actionResult["data"] = { "headers" : dict(response.headers), "text" : text }
		
		except:
			actionResult["result"] = False
			actionResult["rc"] = 404

		return actionResult
示例#20
0
    def run(self, data, persistentData, actionResult):
        endpointID = helpers.evalString(self.endpointID, {"data": data})
        tenant = helpers.evalString(self.tenant, {"data": data})
        client_secret = auth.getPasswordFromENC(self.client_secret)

        sophos = sophosApi.sophos(None, self.client_id, client_secret,
                                  self.XOrganizationID)
        sophos.setTenant(tenant)
        res = sophos.getTamperProtection(endpointID)
        if res["result"]:
            actionResult["result"] = True
            actionResult["rc"] = 0
            actionResult["data"] = res["data"]
        return actionResult
示例#21
0
    def run(self,data,persistentData,actionResult):
        apiAddress = helpers.evalString(self.apiAddress,{"data" : data})
        user = helpers.evalString(self.user,{"data" : data})
        sensorName = helpers.evalString(self.sensorName,{"data" : data})

        sensors = cache.globalCache.get("philipshueList","sensors",getPhilipshueList,apiAddress,user,dontCheck=self.refreshSensor)
        if self.refreshSensor:
            hueApi = hue.hue(apiAddress,user)
            sensors[sensorName] = hueApi.refreshSensor(sensors[sensorName])

        actionResult["result"] = True
        actionResult["data"]["sensor"] = sensors[sensorName]
        actionResult["rc"] = 0
        return actionResult
示例#22
0
    def doAction(self, data):
        host = helpers.evalString(self.host, {"data": data["flowData"]})
        user = helpers.evalString(self.user, {"data": data["flowData"]})
        password = auth.getPasswordFromENC(self.password)

        client = windows.windows(host, user, password)
        if client.client != None:
            data["eventData"]["remote"] = {"client": client}
            return {"result": True, "rc": 0, "msg": "Connection successful"}
        else:
            return {
                "result": False,
                "rc": 403,
                "msg": "Connection failed - {0}".format(client.error)
            }
示例#23
0
    def run(self,data,persistentData,actionResult):
        apiAddress = helpers.evalString(self.apiAddress,{"data" : data})
        user = helpers.evalString(self.user,{"data" : data})
        sensorName = helpers.evalString(self.sensorName,{"data" : data})

        hueApi = hue.hue(apiAddress,user)
        sensors = cache.globalCache.get("philipshueList","sensors",getPhilipshueList,apiAddress,user,dontCheck=self.refreshSensor)
        detectionPause = 1
        if self.detectionPause > 0:
            detectionPause = self.detectionPause
        motionDetected = hueApi.sensorMotion(sensors[sensorName],pause=detectionPause,autoUpdate=self.refreshSensor)

        actionResult["result"] = motionDetected
        actionResult["rc"] = 0
        return actionResult
示例#24
0
    def doAction(self, data):
        remoteFile = helpers.evalString(self.remoteFile,
                                        {"data": data["flowData"]})
        localFile = helpers.evalString(self.localFile,
                                       {"data": data["flowData"]})

        if self.useStorage:
            try:
                localFileClass = jimi.storage._storage().getAsClass(
                    query={
                        "fileData": localFile,
                        "systemStorage": True,
                        "source": "remoteDownload"
                    })[0]
            except:
                localFileClass = jimi.storage._storage()
                localFileClass.new(self.acl, "remoteDownload", localFile, True)
            localFile = localFileClass.getFullFilePath()

        client = None
        if "remote" in data["eventData"]:
            if "client" in data["eventData"]["remote"]:
                client = data["eventData"]["remote"]["client"]
        if client:
            if client.download(remoteFile, localFile,
                               self.createMissingFolders):
                if self.useStorage:
                    localFileClass.calculateHash()
                    return {
                        "result": True,
                        "rc": 0,
                        "msg": "File transfered successful",
                        "storage": {
                            "fileHash": localFileClass.fileHash,
                            "_id": localFileClass._id
                        }
                    }
                return {
                    "result": True,
                    "rc": 0,
                    "msg": "File transfered successful"
                }

        return {
            "result": False,
            "rc": 403,
            "msg": "File transfer failed - {0}".format(client.error)
        }
示例#25
0
    def run(self, data, persistentData, actionResult):
        relationshipData = helpers.evalDict(self.relationshipData,
                                            {"data": data})
        events = helpers.evalString(self.eventField, {"data": data})

        timespan = 3600
        if self.timespan > 0:
            timespan = self.timespan
        timespan = helpers.roundTime(roundTo=timespan).timestamp()

        matches = {}
        for event in events:
            matches["{0}->{1}".format(event[self.fromAssetField],
                                      event[self.toAssetField])] = event

        results = _assetRelationship().query(query={"timespan": timespan},
                                             fields=["fromAsset",
                                                     "toAsset"])["results"]
        for result in results:
            match = "{0}->{1}".format(result["fromAsset"], result["toAsset"])
            if match in matches:
                del matches[match]

        for match in matches:
            _assetRelationship().bulkNew(self.acl, timespan,
                                         matches[match][self.fromAssetField],
                                         matches[match][self.toAssetField],
                                         relationshipData, self.bulkClass)

        actionResult["result"] = True
        actionResult["rc"] = 0
        return actionResult
示例#26
0
 def run(self,data,persistentData,actionResult):
     correlationID = helpers.evalString(self.correlationID,{"data" : data})
     correlatedRelationship = event._eventCorrelation().query(id=correlationID)["results"][0]
     actionResult["result"] = True
     actionResult["rc"] = 0
     actionResult["correlation"] = correlatedRelationship
     return actionResult
示例#27
0
    def run(self,data,persistentData,actionResult):
        eventIndex = helpers.evalString(self.eventIndex,{"data" : data})
        try:
            currentEvent = persistentData["plugin"]["event"][eventIndex]
            if self.zeroUpdate:
                currentEvent.layer = self.layer
                currentEvent.accuracy = self.accuracy
                currentEvent.impact = self.impact
                currentEvent.benign = self.benign
            else:
                if self.layer > 0:
                    currentEvent.layer = self.layer
                if self.accuracy > 0:
                    currentEvent.accuracy = self.accuracy
                if self.impact > 0:
                    currentEvent.impact = self.impact
                if self.benign > 0:
                    currentEvent.benign = self.benign
            try:
                score = ((currentEvent.accuracy*(currentEvent.impact*currentEvent.layer))/currentEvent.benign)
            except ZeroDivisionError:
                score = 0
            
            currentEvent.score = score

            currentEvent.update(["layer","accuracy","impact","benign","score"])
            actionResult["result"] = True
            actionResult["rc"] = 0
            actionResult["score"] = score
        except KeyError:
            actionResult["result"] = False
            actionResult["rc"] = 404
            actionResult["msg"] = "No event found within current flow"
        return actionResult
示例#28
0
    def doAction(self, data):
        command = helpers.evalString(self.command, {"data": data["flowData"]})
        try:
            client = data["eventData"]["remote"]["client"]
        except KeyError:
            client = None
        if client:
            exitCode, output, errors = client.command(command,
                                                      elevate=self.elevate,
                                                      runAs=self.runAs,
                                                      timeout=self.timeout)

            if exitCode != None:
                return {
                    "result": True,
                    "rc": exitCode,
                    "msg": "Command succesfull",
                    "data": output,
                    "errors": errors
                }
            else:
                return {
                    "result": False,
                    "rc": 255,
                    "msg": client.error,
                    "data": "",
                    "errors": ""
                }
        else:
            return {"result": False, "rc": 403, "msg": "No connection found"}
示例#29
0
 def run(self, data, persistentData, actionResult):
     eventIndex = helpers.evalString(self.eventIndex, {"data": data})
     eventValues = helpers.evalDict(self.eventValues, {"data": data})
     try:
         currentEvent = persistentData["plugin"]["event"][eventIndex]
         if self.updateMode == 0:
             for key, value in eventValues.items():
                 currentEvent.eventValues[key] = value
         elif self.updateMode == 1:
             currentEvent.eventValues = eventValues
         elif self.updateMode == 2:
             for key, value in eventValues.items():
                 if value:
                     if key in currentEvent.eventValues:
                         if type(currentEvent.eventValues[key]) != list:
                             currentEvent.eventValues[key] = [
                                 currentEvent.eventValues[key]
                             ]
                         if type(value) is list:
                             currentEvent.eventValues[key] += value
                         else:
                             currentEvent.eventValues[key].append(value)
                     else:
                         currentEvent.eventValues[key] = value
         currentEvent.eventFields = list(currentEvent.eventValues.keys())
         currentEvent.update(["eventValues", "eventFields"])
         actionResult["result"] = True
         actionResult["rc"] = 0
     except KeyError:
         actionResult["result"] = False
         actionResult["rc"] = 404
         actionResult["msg"] = "No event found within current flow"
     return actionResult
示例#30
0
 def doAction(self, data):
     actionResult = {}
     scanName = helpers.evalString(self.scanName,
                                   {"data": data["flowData"]})
     customSearch = helpers.evalDict(self.customSearch,
                                     {"data": data["flowData"]})
     if scanName != "":
         search = {"scanName": scanName}
     else:
         search = {}
     if customSearch:
         for key, value in customSearch.items():
             search[key] = value
     actionResult["result"] = True
     actionResult["rc"] = 0
     if self.limit > 0:
         actionResult["events"] = inga._inga().query(
             query=search,
             limit=self.limit,
             sort=[("ports.scanDetails.lastPortScan", 1)])["results"]
     else:
         actionResult["events"] = inga._inga().query(
             query=search,
             sort=[("ports.scanDetails.lastPortScan", 1)])["results"]
     return actionResult