示例#1
0
def putSSConfig():
    config = {
        'defaultIsolate': 0,
        'defaultLogRetention': 0,
        'defaultMonitor': 0,
        'defaultFW': 0
    }
    config['lastModified'] = str(int(round(time.time() * 1000)))
    es.write(esService, config, 'sweet_security', 'configuration')
    return "done"
示例#2
0
def dnsSearch(ip, mac):
    numFound = 0
    dnsData = getLogs(ip, '/opt/nsm/bro/logs/current/dns.log')
    knownQueries = []
    knownDnsQuery = {"query": {"match_phrase": {"mac": {"query": mac}}}}
    knownDnsData = es.search(esService, knownDnsQuery, 'tardis',
                             'known_dnsqueries')
    for query in knownDnsData['hits']['hits']:
        if query['_source']['query'] not in knownQueries:
            knownQueries.append(query['_source']['query'])
    for log in dnsData['hits']['hits']:
        if log['_source']['query'] not in knownQueries:
            numFound += 1
            knownQueries.append(log['_source']['query'])
            dnsData = {'mac': mac, 'query': log['_source']['query']}
            es.write(esService, dnsData, 'tardis', 'known_dnsqueries')
            alertMessage = 'A new DNS query was added to the baseline: %s' % log[
                '_source']['query']
            alert.send('Baseliner', alertMessage, log['_id'], log['_index'])
    return numFound
示例#3
0
def connSearch(ip, mac):
    numFound = 0
    connData = getLogs(ip, '/opt/nsm/bro/logs/current/conn.log')
    knownHosts = []
    knownHostQuery = {"query": {"match_phrase": {"mac": {"query": mac}}}}
    knownHostData = es.search(esService, knownHostQuery, 'tardis',
                              'known_hosts')
    for device in knownHostData['hits']['hits']:
        if device['_source']['ip'] not in knownHosts:
            knownHosts.append(device['_source']['ip'])

    for log in connData['hits']['hits']:
        if log['_source']['resp_h'] not in knownHosts:
            numFound += 1
            knownHosts.append(log['_source']['resp_h'])
            hostData = {'mac': mac, 'ip': log['_source']['resp_h']}
            es.write(esService, hostData, 'tardis', 'known_hosts')
            alertMessage = 'A new IP was added to the baseline: %s' % log[
                '_source']['resp_h']
            alert.send('Baseliner', alertMessage, log['_id'], log['_index'])
    return numFound
示例#4
0
def httpSearch(ip, mac):
    numFound = 0
    httpData = getLogs(ip, '/opt/nsm/bro/logs/current/http.log')
    knownWebsites = []
    knownHostQuery = {"query": {"match_phrase": {"mac": {"query": mac}}}}
    knownHostData = es.search(esService, knownHostQuery, 'tardis',
                              'known_websites')
    for url in knownHostData['hits']['hits']:
        if url['_source']['server_name'] not in knownWebsites:
            knownWebsites.append(url['_source']['server_name'])
    for log in httpData['hits']['hits']:
        if log['_source']['server_name'] not in knownWebsites:
            numFound += 1
            knownWebsites.append(log['_source']['server_name'])
            hostData = {
                'mac': mac,
                'server_name': log['_source']['server_name']
            }
            es.write(esService, hostData, 'tardis', 'known_websites')
            alertMessage = 'A new website was added to the baseline: %s' % log[
                '_source']['server_name']
            alert.send('Baseliner', alertMessage, log['_id'], log['_index'])
    return numFound