mirror of https://github.com/CIRCL/AIL-framework
Fixed Webhook integration with Trackers
parent
ac9df0b9fb
commit
912956c73c
|
@ -5,7 +5,7 @@ The Tracker_Regex trackers module
|
|||
===================
|
||||
|
||||
This Module is used for regex tracking.
|
||||
It processes every item coming from the global module and test the regexs
|
||||
It processes every item coming from the global module and test the regex
|
||||
|
||||
"""
|
||||
import os
|
||||
|
@ -76,6 +76,8 @@ class Tracker_Regex(AbstractModule):
|
|||
for tracker_uuid in uuid_list:
|
||||
# Source Filtering
|
||||
item_source = item.get_source()
|
||||
item_date = item.get_date()
|
||||
|
||||
tracker_sources = Tracker.get_tracker_uuid_sources(tracker_uuid)
|
||||
if tracker_sources and item_source not in tracker_sources:
|
||||
continue
|
||||
|
@ -93,13 +95,25 @@ class Tracker_Regex(AbstractModule):
|
|||
mail_body = Tracker_Regex.mail_body_template.format(tracker, item_id, self.full_item_url, item_id)
|
||||
for mail in mail_to_notify:
|
||||
NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body)
|
||||
|
||||
# Webhook
|
||||
webhook_to_post = Term.get_term_webhook(tracker_uuid)
|
||||
if webhook_to_post:
|
||||
request_body = {"itemId": item_id, "url": self.full_item_url, "type": "REGEX"}
|
||||
r = requests.post(webhook_to_post, data=request_body)
|
||||
if (r.status_code >= 400):
|
||||
raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {r.reason}")
|
||||
if __name__ == "__main__":
|
||||
json_request = {"trackerId": tracker_uuid,
|
||||
"itemId": item_id,
|
||||
"itemURL": self.full_item_url + item_id,
|
||||
"tracker": tracker,
|
||||
"itemSource": item_source,
|
||||
"itemDate": item_date,
|
||||
"tags": tags_to_add,
|
||||
"emailNotification": f'{mail_to_notify}',
|
||||
"trackerType": tracker_type
|
||||
}
|
||||
response = requests.post(webhook_to_post, json=json_request)
|
||||
if response.status_code >= 400:
|
||||
raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
module = Tracker_Regex()
|
||||
module.run()
|
||||
|
|
|
@ -119,7 +119,7 @@ class Tracker_Term(AbstractModule):
|
|||
uuid_list = Term.get_term_uuid_list(term, term_type)
|
||||
self.redis_logger.info(f'new tracked term found: {term} in {item_id}')
|
||||
print(f'new tracked term found: {term} in {item_id}')
|
||||
|
||||
item_date = Item.get_date()
|
||||
for term_uuid in uuid_list:
|
||||
tracker_sources = Tracker.get_tracker_uuid_sources(term_uuid)
|
||||
if not tracker_sources or item_source in tracker_sources:
|
||||
|
@ -139,12 +139,22 @@ class Tracker_Term(AbstractModule):
|
|||
print(f'S print(item_content)end Mail {mail_subject}')
|
||||
NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body)
|
||||
|
||||
# Webhook
|
||||
webhook_to_post = Term.get_term_webhook(term_uuid)
|
||||
if webhook_to_post:
|
||||
request_body = {"itemId": item_id, "url": self.full_item_url, "type": "Term", "term": term}
|
||||
r = requests.post(webhook_to_post, data=request_body)
|
||||
if (r.status_code >= 400):
|
||||
raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {r.reason}")
|
||||
json_request = {"trackerId": term_uuid,
|
||||
"itemId": item_id,
|
||||
"itemURL": self.full_item_url + item_id,
|
||||
"term": term,
|
||||
"itemSource": item_source,
|
||||
"itemDate": item_date,
|
||||
"tags": tags_to_add,
|
||||
"emailNotification": f'{mail_to_notify}',
|
||||
"trackerType": term_type
|
||||
}
|
||||
response = requests.post(webhook_to_post, json=json_request)
|
||||
if response.status_code >= 400:
|
||||
raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}")
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*-coding:UTF-8 -*
|
||||
"""
|
||||
The Tracker_Yara trackers module
|
||||
===================
|
||||
|
||||
"""
|
||||
##################################
|
||||
# The Tracker_Yara trackers module
|
||||
##################################
|
||||
|
||||
##################################
|
||||
# Import External packages
|
||||
|
@ -25,7 +23,7 @@ from packages import Term
|
|||
from packages.Item import Item
|
||||
from lib import Tracker
|
||||
|
||||
import NotificationHelper # # TODO: refractor
|
||||
import NotificationHelper # # TODO: refactor
|
||||
|
||||
class Tracker_Yara(AbstractModule):
|
||||
|
||||
|
@ -72,6 +70,7 @@ class Tracker_Yara(AbstractModule):
|
|||
tracker_uuid = data['namespace']
|
||||
item_id = self.item.get_id()
|
||||
item_source = self.item.get_source()
|
||||
item_date = self.item.get_date()
|
||||
|
||||
# Source Filtering
|
||||
tracker_sources = Tracker.get_tracker_uuid_sources(tracker_uuid)
|
||||
|
@ -96,16 +95,27 @@ class Tracker_Yara(AbstractModule):
|
|||
self.redis_logger.debug(f'Send Mail {mail_subject}')
|
||||
print(f'Send Mail {mail_subject}')
|
||||
NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body)
|
||||
|
||||
# Webhook
|
||||
webhook_to_post = Term.get_term_webhook(tracker_uuid)
|
||||
if webhook_to_post:
|
||||
request_body = {"itemId": item_id, "url": self.full_item_url, "type": "YARA"}
|
||||
r = requests.post(webhook_to_post, data=request_body)
|
||||
if (r.status_code >= 400):
|
||||
raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {r.reason}")
|
||||
json_request = {"trackerId": tracker_uuid,
|
||||
"itemId": item_id,
|
||||
"itemURL": self.full_item_url + item_id,
|
||||
"dataRule": data["rule"],
|
||||
"itemSource": item_source,
|
||||
"itemDate": item_date,
|
||||
"tags": tags_to_add,
|
||||
"emailNotification": f'{mail_to_notify}',
|
||||
"trackerType": "yara"
|
||||
}
|
||||
response = requests.post(webhook_to_post, json=json_request)
|
||||
if response.status_code >= 400:
|
||||
raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}")
|
||||
|
||||
return yara.CALLBACK_CONTINUE
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
||||
module = Tracker_Yara()
|
||||
module.run()
|
||||
|
|
Loading…
Reference in New Issue