def __init__(self):
Responder.__init__(self)
self.ct_server = self.get_param('config.ct_server', '127.0.0.1')
self.ct_port = self.get_param('config.ct_port', '9443')
self.ct_username = self.get_param('config.ct_username', None,
'Missing investigation username')
self.ct_password = self.get_param(
'config.ct_password', None, 'Missing investigation user password')
self.ct_upload_hash = self.get_param('config.ct_upload_hash', True)
self.ct_upload_file = self.get_param('config.ct_upload_file', False)
self.__req_headers = {
'Content-Type':
'application/json',
'restApiKey':
self.get_param('config.ct_api_key', None,
'Missing CyberTriage API Key')
}
self.__verify_server_cert = False
self.ct_sid = None
def __init__(self):
Responder.__init__(self)
self.wazuh_manager = self.get_param('config.wazuh_manager', None,
'https://localhost:55000')
self.wazuh_user = self.get_param('config.wazuh_user', None,
'Username missing!')
self.wazuh_password = self.get_param('config.wazuh_password', None,
'Password missing!')
self.wazuh_agent_id = self.get_param(
'data.case.customFields.wazuh_agent_id.string', None,
"Agent ID Missing!")
self.wazuh_alert_id = self.get_param(
'data.case.customFields.wazuh_alert_id.string', None, " Missing!")
self.wazuh_rule_id = self.get_param(
'data.case.customFields.wazuh_rule_id.string', None,
"Agent ID Missing!")
self.observable = self.get_param('data.data', None, "Data is empty")
self.observable_type = self.get_param('data.dataType', None,
"Data type is empty")
def __init__(self):
Responder.__init__(self)
self.remote = self.get_param('config.remote', None, 'Missing CIF remote')
self.token = self.get_param('config.token', None, 'Missing CIF token')
self.d_confidence = self.get_param('config.confidence')
self.verify_ssl = self.get_param('config.verify_ssl')
self.group = self.get_param('config.group')
self.custom_tlp_map = self.get_param('config.tlp_map')
self.TLP_MAP = {
"0": 'WHITE',
"1": 'GREEN',
"2": 'AMBER',
"3": 'RED'
}
# load in custom tlp map
if self.custom_tlp_map and self.custom_tlp_map != '':
try:
self.TLP_MAP.update(json.loads(self.custom_tlp_map))
except Exception as e:
self.error("Error loading tlp map: {}".format(e))
def __init__(self):
Responder.__init__(self)
self.minemeld_url = self.get_param('config.minemeld_url', None,
'URL missing!')
self.minemeld_user = self.get_param('config.minemeld_user', None,
'Username missing!')
self.minemeld_password = self.get_param('config.minemeld_password',
None, 'Password missing!')
self.minemeld_indicator_list = self.get_param(
'config.minemeld_indicator_list', None, "List missing!")
self.minemeld_share_level = self.get_param(
'config.minemeld_share_level', None, "Share level missing!")
self.minemeld_confidence = self.get_param('config.minemeld_confidence',
None,
"Confidence level missing!")
self.minemeld_ttl = self.get_param('config.minemeld_ttl', None,
"TTL missing!")
self.observable_type = self.get_param('data.dataType', None,
"Data type is empty")
self.observable_description = self.get_param('data.message', None,
"Message is empty")
self.observable = self.get_param('data.data', None, "Data is empty")
def __init__(self):
Responder.__init__(self)
self.instance_name = self.get_param('config.instance_name', 'redmine')
self.instance_url = self.get_param('config.url', None,
'Missing Redmine URL')
self.client = redmine_client.RedmineClient(
baseurl=self.instance_url,
username=self.get_param('config.username', None,
'Missing username'),
password=self.get_param('config.password', None,
'Missing password'))
self.project_field = self.get_param(
'config.project_field', None,
'Missing custom field for Redmine project')
self.tracker_field = self.get_param(
'config.tracker_field', None,
'Missing custom field for Redmine tracker')
self.assignee_field = self.get_param(
'config.assignee_field', None,
'Missing custom field for Redmine assignee')
self.reference_field = self.get_param('config.reference_field', None)
self.closing_task = self.get_param('config.closing_task', False)
def __init__(self):
Responder.__init__(self)
# Mail settings
self.smtp_host = self.get_param("config.smtp_host", "localhost")
self.smtp_port = self.get_param("config.smtp_port", "25")
self.mail_from = self.get_param("config.from", None,
"Missing sender email address")
self.smtp_user = self.get_param("config.smtp_user", "user", None)
self.smtp_pwd = self.get_param("config.smtp_pwd", "pwd", None)
# TheHive4py settings
self.thehive_url = self.get_param("config.thehive_url", None,
"TheHive URL missing!")
self.thehive_apikey = self.get_param("config.thehive_apikey", None,
"TheHive API key missing!")
self.tlp_green_mail_domains = self.get_param(
"config.tlp_green_mail_domains",
None,
"Error reading tlp_green_mail_domains",
)
self.tlp_amber_mail_addresses = self.get_param(
"config.tlp_amber_mail_addresses",
None,
"Error reading tlp_amber_mail_addresses",
)
def __init__(self):
Responder.__init__(self)
self.API_hostname = self.get_param('config.API_hostname', None, "API hostname is missing")
self.iKey = self.get_param('config.Integration_Key', None, "Integration Key is missing")
self.sKey = self.get_param('config.Secret_Key', None, "Secret Key is missing")
def __init__(self):
Responder.__init__(self)
self.smtp_host = self.get_param('config.smtp_host', 'localhost')
self.smtp_port = self.get_param('config.smtp_port', '25')
self.mail_from = self.get_param('config.from', None,
'Missing sender email address')
def __init__(self):
Responder.__init__(self)
self.smtp_host = self.get_param(
'config.smtp_host', 'localhost')
self.mail_from = self.get_param(
'config.from', None, 'Missing sender email address')
def __init__(self):
Responder.__init__(self)
self.QRadar_URL = self.get_param('config.QRadar_Url', None, "QRadar URL is Missing")
self.QRadar_API_Key = self.get_param('config.QRadar_API_Key', None, "QRadar API Key is Missing")
self.Offense_Id = self.get_param('data.customFields.externalReferences', None, "QRadar Offense ID is Missing")
self.Cert_Path = self.get_param('config.Cert_Path')
def __init__(self):
Responder.__init__(self)
self.api_key = self.get_param('config.api_key', 'CHANGE_ME')
self.from_email = self.get_param('config.from', None,
'Missing sender email address')
def __init__(self):
Responder.__init__(self)
self.integration_url = self.get_param('config.integration_url', None, "Integration URL Missing")
def __init__(self):
Responder.__init__(self)
self.checkpoint_apikey = self.get_param('config.checkpoint_apikey', None, "Checkpoint API key missing!")
self.server_ip = self.get_param('config.server_ip', None, "Checkpoint Server IP missing!")
self.rule_name = self.get_param('config.rule_name', None, "Rule Name missing!")
def __init__(self):
Responder.__init__(self)
self.api_key = self.get_param("config.api_key", "")
self.url = self.get_param("config.url", "")
self.workflow_id = self.get_param("config.workflow_id", "")
self.verify = self.get_param('config.verifyssl', True, None)
def __init__(self):
Responder.__init__(self)
self.slack_webhook = self.get_param('config.slack_webhook', None, "webhook missing")
def __init__(self):
Responder.__init__(self)
self.hosts = self.get_param('config.hosts', 'localhost')
self.wdir = os.getcwd() + '/Scanner'
def __init__(self):
Responder.__init__(self)
self.account_username = self.get_param('config.account_username', None, "Service account username missing")
self.account_password = self.get_param('config.account_password', None, "Service account password missing")
self.account_region = self.get_param('config.account_region', None, "Service account region missing")
def __init__(self):
Responder.__init__(self)
self.User = self.get_param('config.User', '')
self.Token_Telegram = self.get_param('config.Token_Telegram', '')
def __init__(self):
Responder.__init__(self)
def __init__(self):
Responder.__init__(self)
self.username = self.get_param('config.username', None, "Checkpoint username missing!")
self.password = self.get_param('config.password', None, "Checkpoint password missing!")
self.host_ip = self.get_param('config.host_ip', None, "Host IP missing!")
def __init__(self):
Responder.__init__(self)
self.integration_url = self.get_param('config.integration_url', None,
"Integration URL Missing")
def __init__(self):
Responder.__init__(self)
self.api_key = self.get_param("config.api_key", "")
self.url = self.get_param("config.url", "")
self.workflow_id = self.get_param("config.workflow_id", "")
