def __add_comment(issue_key, body): try: logger.debug(f'[JIRA ] Adding comment to issue `{issue_key}`.') return jc.add_comment(issue_key, body) except JIRAError as jc_err: logger.error(jc_err) except Exception as err: logger.error(err)
def __search_assignable_users_for_projects(): try: logger.debug( f'[JIRA ] Searching for assignable users for project `{JIRA_PROJECT_KEY}`.' ) assignable = jc.search_assignable_users_for_projects( '', JIRA_PROJECT_KEY) except JIRAError as jc_err: logger.error(jc_err) except Exception as err: logger.error(err)
def __assign_user(issue_key, accountId=None): assigned = False try: logger.debug(f'[JIRA ] Assigning user for issue `{issue_key}`..') if not accountId: logger.debug( f'[JIRA ] No accountId provided. Selecting random user.') users = __search_assignable_users_for_projects() if users: logger.debug( f'[JIRA ] User search: {len(users)} users found.') accountId = random.choice(users).accountId else: logger.error( f'[JIRA ] No assignable users were found for this project.' ) return assigned assigned = jc.assign_issue(issue_key, accountId) logger.debug(f'[JIRA ] User assigned: {assigned}') except JIRAError as jc_err: logger.error(jc_err) except Exception as err: logger.error(err) return assigned
def main(): if len(sys.argv) > 1: hosts = sys.argv[1] hosts = hosts.split(',') results = is_threat(hosts) if results: for result in results: logger.debug(f'[TH-INT] From feed: {result["feed_url"]}') print(f'Host: {result["host"]}') print(f'Threat: {"true" if result["found"] else "false"}') print(f'Confidence: {result["confidence"]}') print() else: logger.error(f'[TH-INT] Missing argument for `host`') print('Please specify a host to look for as the first argument.')
def __determine_priority(issue, classification): logger.debug(f'[JIRA ] Determining priority for issue `{issue.key}`.') pri = '2' classification = classification.lower() if classification == 'malware': pri = '1' elif classification == 'phishing': pri = '2' elif classification == 'fraud': pri = '2' elif classification == 'spam': pri = '3' elif classification == 'legitimate': pri = '5' __set_priority(issue, pri)
def __set_priority(issue, priority_key): try: logger.debug(f'[JIRA ] Setting priority for issue `{issue.key}`.') issue.update(fields={ 'priority': { 'id': priority_key, 'name': PRIORITIES.get(priority_key) } }) logger.debug( f'[JIRA ] Priority for issue `{issue.key}` set to `{PRIORITIES.get(priority_key)}` ({priority_key}).' ) except JIRAError as jc_err: logger.error(jc_err) except Exception as err: logger.error(err)
def __add_attachment(issue_key, filepath, filename='email'): try: logger.debug(f'[JIRA ] Adding attachment to issue `{issue_key}`.') return jc.add_attachment(issue_key, filepath, filename) except JIRAError as jc_err: logger.error(jc_err) __add_comment(issue_key, f'Uploading of email attachment `{filename}` failed.') except FileNotFoundError: logger.error(f'[JIRA ] File `{filepath}` does not exist.') except Exception as err: logger.error( f'[JIRA ] An error occurred while uploading an attachment to issue `{issue_key}`.' ) logger.error(err) __add_comment(issue_key, f'Uploading of email attachment `{filename}` failed.')
def __create_issue(summary, description, issue_type='Task'): try: logger.debug( f'[JIRA ] Creating new issue for project `{JIRA_PROJECT_KEY}`.') issue = { 'project': { 'key': JIRA_PROJECT_KEY }, 'summary': summary, 'description': description, 'issuetype': { 'name': issue_type }, } return jc.create_issue(fields=issue) except JIRAError as jc_err: logger.error(jc_err) except Exception as err: logger.error(err)
def create_issue(classification, confidence_level, recipient, email_sender, email_subject, timedate, attachment_filepath=None, comment=''): try: summary, desc = __parse_template(classification, confidence_level, recipient, email_sender, email_subject, timedate) issue = __create_issue(summary, desc) if issue: __determine_priority(issue, classification) if int(float(confidence_level)) < MIN_CONFIDENCE_LEVEL: logger.debug( f'[JIRA ] Assigning user to handle manually due to low confidence level [level: {confidence_level}]' ) assigned = __assign_user(issue.key) logger.debug( f'[JIRA ] Setting priority to `Highest` due to low confidence level [level: {confidence_level}]' ) __set_priority(issue, '1') if attachment_filepath: __add_attachment(issue.key, attachment_filepath, 'email') if comment: __add_comment(issue.key, comment) else: logger.error( f'[JIRA ] An error occurred while creating the issue in JIRA.' ) except JIRAError as jc_err: logger.error(jc_err) except Exception as err: logger.error(err)
def __is_in_feed(host, feed): feed = __strip_feed(feed) if __is_ip(host): if host in feed: logger.debug(f'[TH-INT] Host {host} found in feed (src: IP, exact)') return True, 1.0 if __is_url(host): fqdn_path = __get_fqdn_path(host) if fqdn_path in feed: logger.debug(f'[TH-INT] Host {host} found in feed (src: FQDN/path, exact)') return True, 1.0 fqdn = __get_fqdn(host) if fqdn in feed: logger.debug(f'[TH-INT] Host {host} found in feed (src: FQDN, exact)') return True, 1.0 if host in feed: logger.debug(f'[TH-INT] Host {host} found in feed (src: full, exact)') return True, 1.0 # No direct match, look deeper. # Look for partial matches match = [line for line in feed if host in line] if __is_url(host): fqdn_path = __get_fqdn_path(host) match = [line for line in feed if fqdn_path in line] if match: logger.debug(f'[TH-INT] Host {host} found in feed (src: FQDN/path, partial) [match: {match}]') return True, 0.8 fqdn = __get_fqdn(host) match = [line for line in feed if fqdn in line] if match: logger.debug(f'[TH-INT] Host {host} found in feed (src: FQDN, partial) [match: {match}]') return True, 0.6 if __is_ip(host): match = [line for line in feed if host in line] if match: logger.debug(f'[TH-INT] Host {host} found in feed (src: IP, partial) [match: {match}]') return True, 0.6 if match: logger.debug(f'[TH-INT] Host {host} found in feed (src: full, partial) [match: {match}]') return True, 0.7 return False, 0.0