AIL-framework/bin/alertHandler.py

#!/usr/bin/env python2
# -*-coding:UTF-8 -*

"""
The Browse_warning_paste module
====================

This module saved signaled paste (logged as 'warning') in redis for further usage
like browsing by category

Its input comes from other modules, namely:
    Credential, CreditCard, SQLinjection, CVE, Keys, Mail and Phone

"""

import redis
import time
from datetime import datetime, timedelta
from packages import Paste
from pubsublogger import publisher
from Helper import Process

from pymisp import PyMISP
import ailleakObject
from ../mispKEYS import misp_url, misp_key, misp_verifycert

if __name__ == "__main__":
    publisher.port = 6380
    publisher.channel = "Script"

    config_section = 'alertHandler'

    p = Process(config_section)
    pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
    eventID = "9356"
    mispTYPE = 'ail-leak'

    # port generated automatically depending on the date
    curYear = datetime.now().year
    server = redis.StrictRedis(
                host=p.config.get("Redis_Level_DB", "host"),
                port=curYear,
                db=p.config.get("Redis_Level_DB", "db"))

    # FUNCTIONS #
    publisher.info("Script duplicate started")

    while True:
            message = p.get_from_set()
            if message is not None:
                module_name, p_path = message.split(';')
                #PST = Paste.Paste(p_path)
            else:
                publisher.debug("Script Attribute is idling 10s")
                time.sleep(10)
                continue

            # Add in redis for browseWarningPaste
            # Format in set: WARNING_moduleName -> p_path
            key = "WARNING_" + module_name
            server.sadd(key, p_path)

            publisher.info('Saved warning paste {}'.format(p_path))

            # Create MISP AIL-leak object
            misp_object = AilleakObject(moduleName, path)
            print('validate mispobj', misp_object._validate())
            print(misp_object)

            # Publish object to MISP
            try:
                    templateID = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == mispTYPE
                except IndexError:
                    valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])
                    print ("Template for type %s not found! Valid types are: %s" % (mispTYPE, valid_types))
            continue
            #r = pymisp.add_object(eventID, templateID, misp_object)
Added warning_paste module and created related webpages. Fixed a Faup bug in credential (multiple instanciation) and added correc populate_set_out in concerned modules (creditcard, credential, ...). Linked browse_warning_paste module and Flask function with redis (created new sets). 2016-08-08 09:17:44 +02:00			`#!/usr/bin/env python2`
			`# --coding:UTF-8 -`

			`"""`
			`The Browse_warning_paste module`
			`====================`

			`This module saved signaled paste (logged as 'warning') in redis for further usage`
			`like browsing by category`

			`Its input comes from other modules, namely:`
			`Credential, CreditCard, SQLinjection, CVE, Keys, Mail and Phone`

			`"""`

			`import redis`
			`import time`
			`from datetime import datetime, timedelta`
			`from packages import Paste`
			`from pubsublogger import publisher`
			`from Helper import Process`

Added draft support of MISP ail-leak object 2017-11-16 09:52:37 +01:00			`from pymisp import PyMISP`
			`import ailleakObject`
			`from ../mispKEYS import misp_url, misp_key, misp_verifycert`

Added warning_paste module and created related webpages. Fixed a Faup bug in credential (multiple instanciation) and added correc populate_set_out in concerned modules (creditcard, credential, ...). Linked browse_warning_paste module and Flask function with redis (created new sets). 2016-08-08 09:17:44 +02:00			`if __name__ == "__main__":`
			`publisher.port = 6380`
			`publisher.channel = "Script"`

Renamed BrowseWarningPaste into alertHandler 2017-11-15 16:15:43 +01:00			`config_section = 'alertHandler'`
Added warning_paste module and created related webpages. Fixed a Faup bug in credential (multiple instanciation) and added correc populate_set_out in concerned modules (creditcard, credential, ...). Linked browse_warning_paste module and Flask function with redis (created new sets). 2016-08-08 09:17:44 +02:00
			`p = Process(config_section)`
Added draft support of MISP ail-leak object 2017-11-16 09:52:37 +01:00			`pymisp = PyMISP(misp_url, misp_key, misp_verifycert)`
			`eventID = "9356"`
			`mispTYPE = 'ail-leak'`
Added warning_paste module and created related webpages. Fixed a Faup bug in credential (multiple instanciation) and added correc populate_set_out in concerned modules (creditcard, credential, ...). Linked browse_warning_paste module and Flask function with redis (created new sets). 2016-08-08 09:17:44 +02:00
Dynamically choose correct port for LevelDB in script 2017-08-22 17:52:15 +02:00			`# port generated automatically depending on the date`
			`curYear = datetime.now().year`
Added warning_paste module and created related webpages. Fixed a Faup bug in credential (multiple instanciation) and added correc populate_set_out in concerned modules (creditcard, credential, ...). Linked browse_warning_paste module and Flask function with redis (created new sets). 2016-08-08 09:17:44 +02:00			`server = redis.StrictRedis(`
			`host=p.config.get("Redis_Level_DB", "host"),`
Dynamically choose correct port for LevelDB in script 2017-08-22 17:52:15 +02:00			`port=curYear,`
Added warning_paste module and created related webpages. Fixed a Faup bug in credential (multiple instanciation) and added correc populate_set_out in concerned modules (creditcard, credential, ...). Linked browse_warning_paste module and Flask function with redis (created new sets). 2016-08-08 09:17:44 +02:00			`db=p.config.get("Redis_Level_DB", "db"))`

			`# FUNCTIONS #`
			`publisher.info("Script duplicate started")`

			`while True:`
			`message = p.get_from_set()`
			`if message is not None:`
			`module_name, p_path = message.split(';')`
			`#PST = Paste.Paste(p_path)`
			`else:`
			`publisher.debug("Script Attribute is idling 10s")`
			`time.sleep(10)`
			`continue`

Renamed BrowseWarningPaste into alertHandler 2017-11-15 16:15:43 +01:00			`# Add in redis for browseWarningPaste`
Added warning_paste module and created related webpages. Fixed a Faup bug in credential (multiple instanciation) and added correc populate_set_out in concerned modules (creditcard, credential, ...). Linked browse_warning_paste module and Flask function with redis (created new sets). 2016-08-08 09:17:44 +02:00			`# Format in set: WARNING_moduleName -> p_path`
			`key = "WARNING_" + module_name`
			`server.sadd(key, p_path)`

Renamed BrowseWarningPaste into alertHandler 2017-11-15 16:15:43 +01:00			`publisher.info('Saved warning paste {}'.format(p_path))`
Added warning_paste module and created related webpages. Fixed a Faup bug in credential (multiple instanciation) and added correc populate_set_out in concerned modules (creditcard, credential, ...). Linked browse_warning_paste module and Flask function with redis (created new sets). 2016-08-08 09:17:44 +02:00
Added draft support of MISP ail-leak object 2017-11-16 09:52:37 +01:00			`# Create MISP AIL-leak object`
			`misp_object = AilleakObject(moduleName, path)`
			`print('validate mispobj', misp_object._validate())`
			`print(misp_object)`

			`# Publish object to MISP`
			`try:`
			`templateID = [x['ObjectTemplate']['id'] for x in pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == mispTYPE`
			`except IndexError:`
			`valid_types = ", ".join([x['ObjectTemplate']['name'] for x in pymisp.get_object_templates_list()])`
			`print ("Template for type %s not found! Valid types are: %s" % (mispTYPE, valid_types))`
			`continue`
			`#r = pymisp.add_object(eventID, templateID, misp_object)`