PyMISP/pymisp/tools/fail2banobject.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

from datetime import datetime
from .abstractgenerator import AbstractMISPObjectGenerator
import logging
from dateutil.parser import parse

logger = logging.getLogger('pymisp')


class Fail2BanObject(AbstractMISPObjectGenerator):

    def __init__(self, parameters, standalone=True, **kwargs):
        super(Fail2BanObject, self).__init__('fail2ban', standalone=standalone, **kwargs)
        self.__parameters = parameters
        self.generate_attributes()

    def generate_attributes(self):
        self.add_attribute('banned-ip', value=self.__parameters['banned-ip'])
        self.add_attribute('attack-type', value=self.__parameters['attack-type'])
        try:
            timestamp = parse(self.__parameters['processing-timestamp'])
        except Exception:
            timestamp = datetime.now()

        self.add_attribute('processing-timestamp', value=timestamp.isoformat())

        if 'failures' in self.__parameters:
            self.add_attribute('failures', value=self.__parameters['failures'])
        if 'sensor' in self.__parameters:
            self.add_attribute('', value=self.__parameters['sensor'])
        if 'victim' in self.__parameters:
            self.add_attribute('victim', value=self.__parameters['victim'])
        if 'logline' in self.__parameters:
            self.add_attribute('logline', value=self.__parameters['logline'])
        if 'logfile' in self.__parameters:
            self.add_attribute('logfile', value=self.__parameters['logfile'][0],
                               data=self.__parameters['logfile'][1])
new: add preliminary fail2ban object 2018-03-26 12:07:40 +02:00			`#!/usr/bin/env python`
			`# -- coding: utf-8 --`

			`from datetime import datetime`
			`from .abstractgenerator import AbstractMISPObjectGenerator`
			`import logging`
			`from dateutil.parser import parse`

			`logger = logging.getLogger('pymisp')`


			`class Fail2BanObject(AbstractMISPObjectGenerator):`

			`def __init__(self, parameters, standalone=True, **kwargs):`
			`super(Fail2BanObject, self).__init__('fail2ban', standalone=standalone, **kwargs)`
			`self.__parameters = parameters`
			`self.generate_attributes()`

			`def generate_attributes(self):`
			`self.add_attribute('banned-ip', value=self.__parameters['banned-ip'])`
			`self.add_attribute('attack-type', value=self.__parameters['attack-type'])`
			`try:`
			`timestamp = parse(self.__parameters['processing-timestamp'])`
			`except Exception:`
			`timestamp = datetime.now()`

			`self.add_attribute('processing-timestamp', value=timestamp.isoformat())`

			`if 'failures' in self.__parameters:`
			`self.add_attribute('failures', value=self.__parameters['failures'])`
			`if 'sensor' in self.__parameters:`
			`self.add_attribute('', value=self.__parameters['sensor'])`
			`if 'victim' in self.__parameters:`
			`self.add_attribute('victim', value=self.__parameters['victim'])`
chg: Update fail2ban helper & example 2018-03-27 10:29:57 +02:00			`if 'logline' in self.__parameters:`
			`self.add_attribute('logline', value=self.__parameters['logline'])`
			`if 'logfile' in self.__parameters:`
			`self.add_attribute('logfile', value=self.__parameters['logfile'][0],`
			`data=self.__parameters['logfile'][1])`