def main():
configfile = os.path.join(os.path.dirname(os.path.abspath(__file__)), '..',
'config.conf')
config = ConfigParser()
populate = False
report = False
try:
opts, args = getopt.getopt(sys.argv[1:], "pr", ["populate", "report"])
except getopt.GetoptError:
print 'reporter.py -p -r'
sys.exit(2)
for opt, arg in opts:
if opt in ('-p', '--populate'):
populate = True
elif opt in ('-r', '--report'):
report = True
if not os.path.exists(configfile):
s = models.Session()
# Well there wasn't a config file located along side the downloader
# script, so we should create a new one.
config.add_section('SecurityCenter')
config.set('SecurityCenter', 'host',
raw_input('SecurityCenter Address : '))
config.set('SecurityCenter', 'user',
raw_input('SecurityCenter Username : '******'SecurityCenter', 'pass',
b64encode(getpass.getpass('SecurityCenter Password : '******'SecurityCenter', 'expire',
raw_input('Expiration Threshhold (in days) : '))
config.set('SecurityCenter', 'path',
raw_input('Folder to place reports : '))
marker = True
assets = []
while marker:
aid = raw_input('Asset List ID to Restrict to : ')
rname = raw_input('Report Name? : ')
if aid is not '' and rname is not '':
s.add(models.AssetList(id=int(aid), name=rname))
assets.append(aid)
else:
marker = False
config.set('SecurityCenter', 'asset_ids', ','.join(assets))
s.commit()
s.close()
with open(configfile, 'wb') as fobj:
config.write(fobj)
else:
config.read(configfile)
if populate:
sc = SecurityCenter(config.get('SecurityCenter', 'host'))
sc.login(config.get('SecurityCenter', 'user'),
b64decode(config.get('SecurityCenter', 'pass')))
for asset_id in config.get('SecurityCenter', 'asset_ids').split(','):
population.gen(sc, int(asset_id),
config.getint('SecurityCenter', 'expire'))
if report:
for asset_id in config.get('SecurityCenter', 'asset_ids').split(','):
reporter.generate_html_report(config.get('SecurityCenter', 'path'),
int(asset_id))
from securitycenter import SecurityCenter
import time
import re
username = '******'
password = '******'
hostname = 'HOSTNAME'
days = 7
sc = SecurityCenter(hostname, username, password)
queries = [{
'eventName': 'Unique_Windows_Executable',
'regex': re.compile(r'invoked \'(.*?)\''),
'regex_type': 'single',
}, {
'eventName': 'Daily_Command_Summary',
'regex': re.compile(r'day: (.*?) \('),
'regex_type': 'multiple',
}]
procs = set()
for query in queries:
data = sc.query('syslog',
source='lce',
eventName=query['eventName'],
endtime=int(time.time()),
starttime=(int(time.time()) - (86400 * days)))
for item in data:
values = query['regex'].findall(item['message'])
# Verison: Build 042
# Date: 05/01/2012
import sccsv
from securitycenter import SecurityCenter
import json
import os
from ConfigParser import ConfigParser
conf = ConfigParser()
conf.read('csv_gen.conf')
sccsv.debug.DEBUG = conf.getboolean('Settings', 'debug')
sc = SecurityCenter(conf.get('Settings', 'address'),
conf.get('Settings', 'username'),
conf.get('Settings', 'password'),
port=conf.getint('Settings', 'port'))
def build_and_email(section):
# The first thing that we need to do is get all of the email configuration
# stuff loaded up. This will involve some minor parsing and in some cases
# we will need to check to see if there is a local variable set to override
# the global one that is set in the Settings stanza.
email_to = conf.get(section, 'email_to').split(',')
email_from = conf.get('Settings', 'email_from')
email_host = conf.get('Settings', 'smtp_host')
if conf.has_option(section, 'email_msg'):
email_msg = conf.get(section, 'email_msg')
else:
email_msg = conf.get('Settings', 'email_msg')