CIRCL
/
AIL-framework
mirror of https://github.com/CIRCL/AIL-framework
2
1
Fork 0
Code Issues Releases Wiki Activity

Fixed Webhook integration with Trackers

pull/586/head
TonyJabbour 2021-09-30 14:20:08 +02:00
parent ac9df0b9fb
commit 912956c73c
3 changed files with 56 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
bin/trackers/Tracker_Regex.py
View File

@ -5,7 +5,7 @@ The Tracker_Regex trackers module
=================== ===================
This Module is used for regex tracking. This Module is used for regex tracking.
It processes every item coming from the global module and test the regexs It processes every item coming from the global module and test the regex
""" """
import os import os
@ -76,6 +76,8 @@ class Tracker_Regex(AbstractModule):
for tracker_uuid in uuid_list: for tracker_uuid in uuid_list:
# Source Filtering # Source Filtering
item_source = item.get_source() item_source = item.get_source()
item_date = item.get_date()
tracker_sources = Tracker.get_tracker_uuid_sources(tracker_uuid) tracker_sources = Tracker.get_tracker_uuid_sources(tracker_uuid)
if tracker_sources and item_source not in tracker_sources: if tracker_sources and item_source not in tracker_sources:
continue continue
@ -93,13 +95,25 @@ class Tracker_Regex(AbstractModule):
mail_body = Tracker_Regex.mail_body_template.format(tracker, item_id, self.full_item_url, item_id) mail_body = Tracker_Regex.mail_body_template.format(tracker, item_id, self.full_item_url, item_id)
for mail in mail_to_notify: for mail in mail_to_notify:
NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body) NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body)
# Webhook
webhook_to_post = Term.get_term_webhook(tracker_uuid) webhook_to_post = Term.get_term_webhook(tracker_uuid)
if webhook_to_post: if webhook_to_post:
request_body = {"itemId": item_id, "url": self.full_item_url, "type": "REGEX"} json_request = {"trackerId": tracker_uuid,
r = requests.post(webhook_to_post, data=request_body) "itemId": item_id,
if (r.status_code >= 400): "itemURL": self.full_item_url + item_id,
raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {r.reason}") "tracker": tracker,
if __name__ == "__main__": "itemSource": item_source,
"itemDate": item_date,
"tags": tags_to_add,
"emailNotification": f'{mail_to_notify}',
"trackerType": tracker_type
}
response = requests.post(webhook_to_post, json=json_request)
if response.status_code >= 400:
raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}")
if __name__ == "__main__":
module = Tracker_Regex() module = Tracker_Regex()
module.run() module.run()

20
bin/trackers/Tracker_Term.py
View File

@ -119,7 +119,7 @@ class Tracker_Term(AbstractModule):
uuid_list = Term.get_term_uuid_list(term, term_type) uuid_list = Term.get_term_uuid_list(term, term_type)
self.redis_logger.info(f'new tracked term found: {term} in {item_id}') self.redis_logger.info(f'new tracked term found: {term} in {item_id}')
print(f'new tracked term found: {term} in {item_id}') print(f'new tracked term found: {term} in {item_id}')
item_date = Item.get_date()
for term_uuid in uuid_list: for term_uuid in uuid_list:
tracker_sources = Tracker.get_tracker_uuid_sources(term_uuid) tracker_sources = Tracker.get_tracker_uuid_sources(term_uuid)
if not tracker_sources or item_source in tracker_sources: if not tracker_sources or item_source in tracker_sources:
@ -139,12 +139,22 @@ class Tracker_Term(AbstractModule):
print(f'S print(item_content)end Mail {mail_subject}') print(f'S print(item_content)end Mail {mail_subject}')
NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body) NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body)
# Webhook
webhook_to_post = Term.get_term_webhook(term_uuid) webhook_to_post = Term.get_term_webhook(term_uuid)
if webhook_to_post: if webhook_to_post:
request_body = {"itemId": item_id, "url": self.full_item_url, "type": "Term", "term": term} json_request = {"trackerId": term_uuid,
r = requests.post(webhook_to_post, data=request_body) "itemId": item_id,
if (r.status_code >= 400): "itemURL": self.full_item_url + item_id,
raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {r.reason}") "term": term,
"itemSource": item_source,
"itemDate": item_date,
"tags": tags_to_add,
"emailNotification": f'{mail_to_notify}',
"trackerType": term_type
}
response = requests.post(webhook_to_post, json=json_request)
if response.status_code >= 400:
raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}")
if __name__ == '__main__': if __name__ == '__main__':

32
bin/trackers/Tracker_Yara.py
View File

@ -1,10 +1,8 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# -*-coding:UTF-8 -* # -*-coding:UTF-8 -*
""" ##################################
The Tracker_Yara trackers module # The Tracker_Yara trackers module
=================== ##################################
"""
################################## ##################################
# Import External packages # Import External packages
@ -25,7 +23,7 @@ from packages import Term
from packages.Item import Item from packages.Item import Item
from lib import Tracker from lib import Tracker
import NotificationHelper # # TODO: refractor import NotificationHelper # # TODO: refactor
class Tracker_Yara(AbstractModule): class Tracker_Yara(AbstractModule):
@ -72,6 +70,7 @@ class Tracker_Yara(AbstractModule):
tracker_uuid = data['namespace'] tracker_uuid = data['namespace']
item_id = self.item.get_id() item_id = self.item.get_id()
item_source = self.item.get_source() item_source = self.item.get_source()
item_date = self.item.get_date()
# Source Filtering # Source Filtering
tracker_sources = Tracker.get_tracker_uuid_sources(tracker_uuid) tracker_sources = Tracker.get_tracker_uuid_sources(tracker_uuid)
@ -96,16 +95,27 @@ class Tracker_Yara(AbstractModule):
self.redis_logger.debug(f'Send Mail {mail_subject}') self.redis_logger.debug(f'Send Mail {mail_subject}')
print(f'Send Mail {mail_subject}') print(f'Send Mail {mail_subject}')
NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body) NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body)
# Webhook
webhook_to_post = Term.get_term_webhook(tracker_uuid) webhook_to_post = Term.get_term_webhook(tracker_uuid)
if webhook_to_post: if webhook_to_post:
request_body = {"itemId": item_id, "url": self.full_item_url, "type": "YARA"} json_request = {"trackerId": tracker_uuid,
r = requests.post(webhook_to_post, data=request_body) "itemId": item_id,
if (r.status_code >= 400): "itemURL": self.full_item_url + item_id,
raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {r.reason}") "dataRule": data["rule"],
"itemSource": item_source,
"itemDate": item_date,
"tags": tags_to_add,
"emailNotification": f'{mail_to_notify}',
"trackerType": "yara"
}
response = requests.post(webhook_to_post, json=json_request)
if response.status_code >= 400:
raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}")
return yara.CALLBACK_CONTINUE return yara.CALLBACK_CONTINUE
if __name__ == '__main__': if __name__ == '__main__':
module = Tracker_Yara() module = Tracker_Yara()
module.run() module.run()