from hawkAPI.lib.core.hawkcore import hawkcore
from hawkAPI.lib.core.hawkapi import hawkapi
from hawkAPI.lib.core.hawklib import hawklib
from hawkAPI.lib.plugins.hawkDOCX import hawkDOCX
from datetime import datetime
from operator import itemgetter
hawk = hawkcore("ipserver")
hawk.login("user", "pass")
#hawk.debug()
res = hawkapi(hawk)
lib = hawklib(hawk)
#start = lib.getDateUtc('h',delta=24)
#end = lib.getDateUtc()
start = "2014-09-28 00:00:00"
end = "2014-09-28 01:00:00"
dates = lib.getDates(str(start), str(end))
group = "groupname"
c = []
#sn = datetime.now()
for i in dates:
nstart, nend, idit = i
print "%s:%s --- %s" % (nstart, nend, idit)
f = res.getIDSAlertsByGroup(nstart, nend, group)
if not f:
pass
else:
for i in f:
c.append(i)
c.sort(key=itemgetter('date_added'))
page = hawkDOCX("payload.docx", "landscape.docx", hawk)
from hawkAPI.lib.core.hawkcore import hawkcore
from hawkAPI.lib.core.hawkapi import hawkapi
from hawkAPI.lib.core.hawklib import hawklib
from hawkAPI.lib.plugins.hawkDOCX import hawkDOCX
from datetime import datetime
from operator import itemgetter
hawk = hawkcore("ipserver")
hawk.login("user","pass")
#hawk.debug()
res = hawkapi(hawk)
lib = hawklib(hawk)
#start = lib.getDateUtc('h',delta=24)
#end = lib.getDateUtc()
start = "2014-09-28 00:00:00"
end = "2014-09-28 01:00:00"
dates = lib.getDates(str(start),str(end))
group = "groupname"
c = []
#sn = datetime.now()
for i in dates:
nstart,nend,idit = i
print "%s:%s --- %s" %(nstart,nend,idit)
f = res.getIDSAlertsByGroup(nstart,nend,group)
if not f:
pass
else:
for i in f:
c.append(i)
c.sort(key=itemgetter('date_added'))
import argparse
usage = 'GetIDSData -u "id" -p "pass" -i "server" -c "client" -d days'
parser = argparse.ArgumentParser(description="Pulls out IDS data for processing",epilog=usage)
parser.add_argument("-u","--user",help="Username",type=str,required=True)
parser.add_argument("-p","--passw",help="Password",type=str,required=True)
parser.add_argument("-i","--server",help="The hawk server IP",type=str,required=True)
parser.add_argument("-c","--client",help="Client name",type=str,required=True)
parser.add_argument("-d","--days",help="Number of Days",type=int,required=True)
opt = parser.parse_args()
if len(sys.argv) < 5:
parser.print_help()
sys.exit()
hawk = hawkcore(opt.server)
hawk.login(opt.user,opt.passw)
client = MongoClient('localhost', 27017)
db = client["%s" % opt.client]
col = db.alerts
res = hawkapi(hawk)
lib = hawklib(hawk)
start = lib.getDateLocal(dtype="d",delta=opt.days).strftime("%Y-%m-%d")
end = lib.getDateLocal().strftime("%Y-%m-%d")
nend = str(start) + " 23:59:59"
nstart = str(start) + " 00:00:00"
alldates = lib.getDates(nstart,nend)
myque = Queue()
mainque = Queue()
from bson.son import SON
usage = 'IdsClientDB -c client -l dir -o -a -b'
parser = argparse.ArgumentParser(description="PDF output by client for IDS alerts",epilog=usage)
parser.add_argument("-l","--dir",help="location to store",type=str,required=True)
parser.add_argument("-o","--logo",help="path to logo",type=str,required=False)
parser.add_argument("-a","--plogo",help="path to page logo",type=str,required=False)
parser.add_argument("-b","--alerts",help="Add all alerts",action="store_true",required=False)
parser.add_argument("-c","--client",help="client",type=str,required=True)
if len(sys.argv) < 3:
parser.print_help()
sys.exit()
opt = parser.parse_args()
hawk = hawkcore(None)
graph = hawkGraph()
client = MongoClient('localhost', 27017)
db = client["%s" % opt.client]
col = db.alerts
start = col.find_one()
nstart = start["date"]
nstart = nstart[0:10] + " 00:00:00"
end = col.find().sort('date',-1).limit(1)
for i in end:
nend = i["date"]
fend = nend[0:10] + " 23:55:55"
col.create_index([("src",DESCENDING)])
"--client",
help="Client name",
type=str,
required=True)
parser.add_argument("-d",
"--days",
help="Number of Days",
type=int,
required=True)
opt = parser.parse_args()
if len(sys.argv) < 5:
parser.print_help()
sys.exit()
hawk = hawkcore(opt.server)
hawk.login(opt.user, opt.passw)
client = MongoClient('localhost', 27017)
db = client["%s" % opt.client]
col = db.alerts
res = hawkapi(hawk)
lib = hawklib(hawk)
start = lib.getDateLocal(dtype="d", delta=opt.days).strftime("%Y-%m-%d")
end = lib.getDateLocal().strftime("%Y-%m-%d")
nend = str(start) + " 23:59:59"
nstart = str(start) + " 00:00:00"
alldates = lib.getDates(nstart, nend)
myque = Queue()
mainque = Queue()
from hawkAPI.lib.plugins.hawkXLSX import hawkXLSX
import argparse
from pymongo import *
from bson.son import SON
usage = 'IdsClientcsv -c client -l dir'
parser = argparse.ArgumentParser(description="PDF output by client for IDS alerts",epilog=usage)
parser.add_argument("-l","--dir",help="location to store",type=str,required=True)
parser.add_argument("-c","--client",help="client",type=str,required=True)
if len(sys.argv) < 2:
parser.print_help()
sys.exit()
opt = parser.parse_args()
hawk = hawkcore([None])
client = MongoClient('localhost', 27017)
db = client["%s" % opt.client]
col = db.alerts
col.create_index([("date",DESCENDING)])
srcs = col.find().sort('date')
fin = []
for i in srcs:
tax = {"date":i["date"],
"ip_src":i["src"],
"ip_sport":i["ipsport"],
"ip_dst":i["dst"],
"ip_dport":i["ipdport"],
"alert_name":i["an"],
"priority":i["pri"]}
fin.append(tax)
help="path to page logo",
type=str,
required=False)
parser.add_argument("-b",
"--alerts",
help="Add all alerts",
action="store_true",
required=False)
parser.add_argument("-c", "--client", help="client", type=str, required=True)
if len(sys.argv) < 3:
parser.print_help()
sys.exit()
opt = parser.parse_args()
hawk = hawkcore(None)
graph = hawkGraph()
client = MongoClient('localhost', 27017)
db = client["%s" % opt.client]
col = db.alerts
start = col.find_one()
nstart = start["date"]
nstart = nstart[0:10] + " 00:00:00"
end = col.find().sort('date', -1).limit(1)
for i in end:
nend = i["date"]
fend = nend[0:10] + " 23:55:55"
col.create_index([("src", DESCENDING)])
pipe = [{