def __add_comment(issue_key, body):
try:
logger.debug(f'[JIRA ] Adding comment to issue `{issue_key}`.')
return jc.add_comment(issue_key, body)
except JIRAError as jc_err:
logger.error(jc_err)
except Exception as err:
logger.error(err)
def __search_assignable_users_for_projects():
try:
logger.debug(
f'[JIRA ] Searching for assignable users for project `{JIRA_PROJECT_KEY}`.'
)
assignable = jc.search_assignable_users_for_projects(
'', JIRA_PROJECT_KEY)
except JIRAError as jc_err:
logger.error(jc_err)
except Exception as err:
logger.error(err)
def __assign_user(issue_key, accountId=None):
assigned = False
try:
logger.debug(f'[JIRA ] Assigning user for issue `{issue_key}`..')
if not accountId:
logger.debug(
f'[JIRA ] No accountId provided. Selecting random user.')
users = __search_assignable_users_for_projects()
if users:
logger.debug(
f'[JIRA ] User search: {len(users)} users found.')
accountId = random.choice(users).accountId
else:
logger.error(
f'[JIRA ] No assignable users were found for this project.'
)
return assigned
assigned = jc.assign_issue(issue_key, accountId)
logger.debug(f'[JIRA ] User assigned: {assigned}')
except JIRAError as jc_err:
logger.error(jc_err)
except Exception as err:
logger.error(err)
return assigned
def main():
if len(sys.argv) > 1:
hosts = sys.argv[1]
hosts = hosts.split(',')
results = is_threat(hosts)
if results:
for result in results:
logger.debug(f'[TH-INT] From feed: {result["feed_url"]}')
print(f'Host: {result["host"]}')
print(f'Threat: {"true" if result["found"] else "false"}')
print(f'Confidence: {result["confidence"]}')
print()
else:
logger.error(f'[TH-INT] Missing argument for `host`')
print('Please specify a host to look for as the first argument.')
def __determine_priority(issue, classification):
logger.debug(f'[JIRA ] Determining priority for issue `{issue.key}`.')
pri = '2'
classification = classification.lower()
if classification == 'malware':
pri = '1'
elif classification == 'phishing':
pri = '2'
elif classification == 'fraud':
pri = '2'
elif classification == 'spam':
pri = '3'
elif classification == 'legitimate':
pri = '5'
__set_priority(issue, pri)
def __set_priority(issue, priority_key):
try:
logger.debug(f'[JIRA ] Setting priority for issue `{issue.key}`.')
issue.update(fields={
'priority': {
'id': priority_key,
'name': PRIORITIES.get(priority_key)
}
})
logger.debug(
f'[JIRA ] Priority for issue `{issue.key}` set to `{PRIORITIES.get(priority_key)}` ({priority_key}).'
)
except JIRAError as jc_err:
logger.error(jc_err)
except Exception as err:
logger.error(err)
def __add_attachment(issue_key, filepath, filename='email'):
try:
logger.debug(f'[JIRA ] Adding attachment to issue `{issue_key}`.')
return jc.add_attachment(issue_key, filepath, filename)
except JIRAError as jc_err:
logger.error(jc_err)
__add_comment(issue_key,
f'Uploading of email attachment `{filename}` failed.')
except FileNotFoundError:
logger.error(f'[JIRA ] File `{filepath}` does not exist.')
except Exception as err:
logger.error(
f'[JIRA ] An error occurred while uploading an attachment to issue `{issue_key}`.'
)
logger.error(err)
__add_comment(issue_key,
f'Uploading of email attachment `{filename}` failed.')
def __create_issue(summary, description, issue_type='Task'):
try:
logger.debug(
f'[JIRA ] Creating new issue for project `{JIRA_PROJECT_KEY}`.')
issue = {
'project': {
'key': JIRA_PROJECT_KEY
},
'summary': summary,
'description': description,
'issuetype': {
'name': issue_type
},
}
return jc.create_issue(fields=issue)
except JIRAError as jc_err:
logger.error(jc_err)
except Exception as err:
logger.error(err)
def create_issue(classification,
confidence_level,
recipient,
email_sender,
email_subject,
timedate,
attachment_filepath=None,
comment=''):
try:
summary, desc = __parse_template(classification, confidence_level,
recipient, email_sender,
email_subject, timedate)
issue = __create_issue(summary, desc)
if issue:
__determine_priority(issue, classification)
if int(float(confidence_level)) < MIN_CONFIDENCE_LEVEL:
logger.debug(
f'[JIRA ] Assigning user to handle manually due to low confidence level [level: {confidence_level}]'
)
assigned = __assign_user(issue.key)
logger.debug(
f'[JIRA ] Setting priority to `Highest` due to low confidence level [level: {confidence_level}]'
)
__set_priority(issue, '1')
if attachment_filepath:
__add_attachment(issue.key, attachment_filepath, 'email')
if comment:
__add_comment(issue.key, comment)
else:
logger.error(
f'[JIRA ] An error occurred while creating the issue in JIRA.'
)
except JIRAError as jc_err:
logger.error(jc_err)
except Exception as err:
logger.error(err)
def __is_in_feed(host, feed):
feed = __strip_feed(feed)
if __is_ip(host):
if host in feed:
logger.debug(f'[TH-INT] Host {host} found in feed (src: IP, exact)')
return True, 1.0
if __is_url(host):
fqdn_path = __get_fqdn_path(host)
if fqdn_path in feed:
logger.debug(f'[TH-INT] Host {host} found in feed (src: FQDN/path, exact)')
return True, 1.0
fqdn = __get_fqdn(host)
if fqdn in feed:
logger.debug(f'[TH-INT] Host {host} found in feed (src: FQDN, exact)')
return True, 1.0
if host in feed:
logger.debug(f'[TH-INT] Host {host} found in feed (src: full, exact)')
return True, 1.0
# No direct match, look deeper.
# Look for partial matches
match = [line for line in feed if host in line]
if __is_url(host):
fqdn_path = __get_fqdn_path(host)
match = [line for line in feed if fqdn_path in line]
if match:
logger.debug(f'[TH-INT] Host {host} found in feed (src: FQDN/path, partial) [match: {match}]')
return True, 0.8
fqdn = __get_fqdn(host)
match = [line for line in feed if fqdn in line]
if match:
logger.debug(f'[TH-INT] Host {host} found in feed (src: FQDN, partial) [match: {match}]')
return True, 0.6
if __is_ip(host):
match = [line for line in feed if host in line]
if match:
logger.debug(f'[TH-INT] Host {host} found in feed (src: IP, partial) [match: {match}]')
return True, 0.6
if match:
logger.debug(f'[TH-INT] Host {host} found in feed (src: full, partial) [match: {match}]')
return True, 0.7
return False, 0.0
