django-restit 4.2.165__py3-none-any.whl → 4.2.167__py3-none-any.whl
Sign up to get free protection for your applications and to get access to all the features.
- {django_restit-4.2.165.dist-info → django_restit-4.2.167.dist-info}/METADATA +1 -1
- {django_restit-4.2.165.dist-info → django_restit-4.2.167.dist-info}/RECORD +7 -7
- incident/__init__.py +3 -0
- incident/rpc.py +83 -58
- rest/__init__.py +1 -1
- {django_restit-4.2.165.dist-info → django_restit-4.2.167.dist-info}/LICENSE.md +0 -0
- {django_restit-4.2.165.dist-info → django_restit-4.2.167.dist-info}/WHEEL +0 -0
|
@@ -95,7 +95,7 @@ inbox/utils/parsing.py,sha256=y_71dwz8bm3JvF35ol8698XJ36sBF8fQWUrn0sYd2Fs,5597
|
|
|
95
95
|
inbox/utils/render.py,sha256=CU_F2qUBQE7mjb9Q6Dn9ro5CS_O_zEY-wDMHEClKkIA,4331
|
|
96
96
|
inbox/utils/sending.py,sha256=BKelTZnbkdSLGpjOY6IRTrzj-Hnw2pPZ7RYQGwe-tqk,2179
|
|
97
97
|
incident/README.md,sha256=4vbZTJj7uUmq8rogYngxqNYjFTlBOujfWUGheLoFKMc,1114
|
|
98
|
-
incident/__init__.py,sha256=
|
|
98
|
+
incident/__init__.py,sha256=FXNMmcGP6YAKjwik84ppze33uL0kDTa7YFr3aOEXhhk,3658
|
|
99
99
|
incident/migrations/0001_initial.py,sha256=KmJRau3a2QFRaUwUrFUgY2p7FQZCODv3F-Sl0ZArpu0,9720
|
|
100
100
|
incident/migrations/0002_event_component_event_component_id.py,sha256=Qfu3ndJKh4v7953ULTUZlSa3mVI-lnFIq9VFN1Rbs7Q,595
|
|
101
101
|
incident/migrations/0003_rule_action.py,sha256=LNqV52qOjxxe3L8qEdln-Hd2voFcpyjOZ_cEsasrv7s,425
|
|
@@ -122,7 +122,7 @@ incident/models/ticket.py,sha256=S3kqGQpYLE6Y4M9IKu_60sgW-f592xNr8uufqHnvDoU,230
|
|
|
122
122
|
incident/parsers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
123
123
|
incident/parsers/ossec.py,sha256=fouUsSnrdkEuqDzJ-MxmCP7ny5pCGFS3Tyf6lQSMBc4,11609
|
|
124
124
|
incident/periodic.py,sha256=eX1rQK6v65A9ugofTvJPSmAWei6C-3EYgzCMuGZ03jM,381
|
|
125
|
-
incident/rpc.py,sha256=
|
|
125
|
+
incident/rpc.py,sha256=7sJCrUasXMSVm6RUkna3xG15oSD_9Vbnqp8ezdPiepo,9448
|
|
126
126
|
incident/templates/email/incident_change.html,sha256=tQYphypwLukkVdwH0TB2Szz2VEJ7GnsfRS3_ZJ-MYeE,13895
|
|
127
127
|
incident/templates/email/incident_msg.html,sha256=MZdKhTddUF2MpiH8Z3RTQEmW_ko1n3ajeZ11KLtiLlU,13780
|
|
128
128
|
incident/templates/email/incident_new.html,sha256=W6nwFQROnyDfMlXub8s02ws4hGnJp16pfgp9xTm_aEc,15185
|
|
@@ -379,7 +379,7 @@ pushit/utils.py,sha256=IeTCGa-164nmB1jIsK1lu1O1QzUhS3BKfuXHGjCW-ck,2121
|
|
|
379
379
|
rest/.gitignore,sha256=TbEvWRMnAiajCTOdhiNrd9eeCAaIjRp9PRjE_VkMM5g,118
|
|
380
380
|
rest/README.md,sha256=V3ETc-cJu8PZIbKr9xSe_pA4JEUpC8Dhw4bQeVCDJPw,5460
|
|
381
381
|
rest/RemoteEvents.py,sha256=nL46U7AuxIrlw2JunphR1tsXyqi-ep_gD9CYGpYbNgE,72
|
|
382
|
-
rest/__init__.py,sha256=
|
|
382
|
+
rest/__init__.py,sha256=eBXKeTBaSN_87SpMKDrp3hqPYpVdDv_zx8hKsvRrrbI,122
|
|
383
383
|
rest/arc4.py,sha256=y644IbF1ec--e4cUJ3KEYsewTCITK0gmlwa5mJruFC0,1967
|
|
384
384
|
rest/cache.py,sha256=1Qg0rkaCJCaVP0-l5hZg2CIblTdeBSlj_0fP6vlKUpU,83
|
|
385
385
|
rest/crypto/__init__.py,sha256=Tl0U11rgj1eBYqd6OXJ2_XSdNLumW_JkBZnaJqI6Ldw,72
|
|
@@ -515,7 +515,7 @@ ws4redis/servers/uwsgi.py,sha256=VyhoCI1DnVFqBiJYHoxqn5Idlf6uJPHvfBKgkjs34mo,172
|
|
|
515
515
|
ws4redis/settings.py,sha256=KKq00EwoGnz1yLwCZr5Dfoq2izivmAdsNEEM4EhZwN4,1610
|
|
516
516
|
ws4redis/utf8validator.py,sha256=S0OlfjeGRP75aO6CzZsF4oTjRQAgR17OWE9rgZdMBZA,5122
|
|
517
517
|
ws4redis/websocket.py,sha256=R0TUyPsoVRD7Y_oU7w2I6NL4fPwiz5Vl94-fUkZgLHA,14848
|
|
518
|
-
django_restit-4.2.
|
|
519
|
-
django_restit-4.2.
|
|
520
|
-
django_restit-4.2.
|
|
521
|
-
django_restit-4.2.
|
|
518
|
+
django_restit-4.2.167.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
|
|
519
|
+
django_restit-4.2.167.dist-info/METADATA,sha256=6AEOSN6ApDMK6jAJsPqm3T4I3EJLbO894J6lhA5p_4E,7663
|
|
520
|
+
django_restit-4.2.167.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
|
|
521
|
+
django_restit-4.2.167.dist-info/RECORD,,
|
incident/__init__.py
CHANGED
|
@@ -15,6 +15,9 @@ def _request_to_meta(request, metadata):
|
|
|
15
15
|
metadata["buid"] = request.buid
|
|
16
16
|
if "username" not in metadata and hasattr(request, "member") and request.member is not None:
|
|
17
17
|
metadata["username"] = request.member.username
|
|
18
|
+
# if "group_name" not in metadata and hasattr(request, "group") and request.group is not None:
|
|
19
|
+
# metadata['group_name'] = request.group.name
|
|
20
|
+
# metadata['group_id'] = request.group.id
|
|
18
21
|
return metadata
|
|
19
22
|
|
|
20
23
|
|
incident/rpc.py
CHANGED
|
@@ -7,6 +7,7 @@ from .parsers import ossec
|
|
|
7
7
|
from taskqueue.models import Task
|
|
8
8
|
from location.providers.iplookup import abuse
|
|
9
9
|
import incident
|
|
10
|
+
from objict import objict
|
|
10
11
|
|
|
11
12
|
LOG_REST_PREFIX = settings.get("REST_PREFIX", "api/")
|
|
12
13
|
if not LOG_REST_PREFIX.startswith("/"):
|
|
@@ -56,69 +57,93 @@ if settings.REPORT_PERMISSION_DENIED:
|
|
|
56
57
|
rv.restPermissionDenied = patched_restPermissionDenied
|
|
57
58
|
|
|
58
59
|
|
|
60
|
+
@rd.urlPOST(r'^ossec/alert/batch$')
|
|
61
|
+
def batch_ossec_alert_creat_from_request(request):
|
|
62
|
+
batch = request.DATA.get("batch")
|
|
63
|
+
if isinstance(batch, str):
|
|
64
|
+
batch = objict.fromJSON(batch)
|
|
65
|
+
if not isinstance(batch, list):
|
|
66
|
+
rh.debug("ossec batch data", batch)
|
|
67
|
+
rh.debug("ossec data", request.DATA.asDict())
|
|
68
|
+
data_format = str(type(batch))
|
|
69
|
+
return rv.restStatus(request, False, error=f"invalid format {data_format}")
|
|
70
|
+
for alert in batch:
|
|
71
|
+
on_ossec_alert(request, alert)
|
|
72
|
+
return rv.restStatus(request, True)
|
|
73
|
+
|
|
74
|
+
|
|
59
75
|
@rd.urlPOST(r'^ossec/alert$')
|
|
60
76
|
def ossec_alert_creat_from_request(request):
|
|
61
77
|
payload = request.DATA.get("payload")
|
|
62
|
-
if payload:
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
# rh.log_exception("during ossec alert", payload)
|
|
113
|
-
metadata = dict(ip=request.ip, payload=payload)
|
|
114
|
-
am.Event.createFromDict(None, {
|
|
115
|
-
"hostname": request.get_host(),
|
|
116
|
-
"description": f"error parseing alert: {err}",
|
|
117
|
-
"details": stack,
|
|
118
|
-
"level": 8,
|
|
119
|
-
"category": "ossec_error",
|
|
78
|
+
if not payload:
|
|
79
|
+
return rv.restStatus(request, False, error="no alert data")
|
|
80
|
+
on_ossec_alert(request, payload)
|
|
81
|
+
return rv.restStatus(request, True)
|
|
82
|
+
|
|
83
|
+
|
|
84
|
+
def on_ossec_alert(request, alert):
|
|
85
|
+
try:
|
|
86
|
+
# TODO make this a task (background it)
|
|
87
|
+
# rh.log_error("parsing payload", payload)
|
|
88
|
+
od = ossec.parseAlert(request, alert)
|
|
89
|
+
# lets now create a local event
|
|
90
|
+
if od is not None:
|
|
91
|
+
level = 10
|
|
92
|
+
if od.level > 10:
|
|
93
|
+
level = 1
|
|
94
|
+
elif od.level > 7:
|
|
95
|
+
level = 2
|
|
96
|
+
elif od.level == 6:
|
|
97
|
+
level = 3
|
|
98
|
+
elif od.level == 5:
|
|
99
|
+
level = 4
|
|
100
|
+
elif od.level == 4:
|
|
101
|
+
level = 6
|
|
102
|
+
elif od.level <= 3:
|
|
103
|
+
level = 8
|
|
104
|
+
metadata = od.toDict(graph="default")
|
|
105
|
+
metadata.update(od.metadata)
|
|
106
|
+
# we reuse the ssh_sig because it is a text field to store urls
|
|
107
|
+
# ssh_sig = metadata.get("ssh_sig", None)
|
|
108
|
+
# if ssh_sig is not None and ssh_sig.startswith("http"):
|
|
109
|
+
# metadata["url"] = ssh_sig
|
|
110
|
+
# metadata["domain"] = ossec.extractDomain(ssh_sig)
|
|
111
|
+
# metadata["path"] = ossec.extractUrlPath(ssh_sig)
|
|
112
|
+
# metadata.pop("ssh_sig")
|
|
113
|
+
if od.geoip:
|
|
114
|
+
metadata["country"] = od.geoip.country
|
|
115
|
+
metadata["city"] = od.geoip.city
|
|
116
|
+
metadata["province"] = od.geoip.state
|
|
117
|
+
metadata["isp"] = od.geoip.isp
|
|
118
|
+
|
|
119
|
+
evt = am.Event.createFromDict(None, {
|
|
120
|
+
"hostname": od.hostname,
|
|
121
|
+
"description": od.title,
|
|
122
|
+
"details": od.text,
|
|
123
|
+
"level": level,
|
|
124
|
+
"category": "ossec",
|
|
125
|
+
"component": "incident.ServerOssecAlert",
|
|
126
|
+
"component_id": od.id,
|
|
127
|
+
"reporter_ip": od.src_ip,
|
|
120
128
|
"metadata": metadata
|
|
121
129
|
})
|
|
130
|
+
# fix the created datetime to be from when it was actually happening
|
|
131
|
+
evt.created = od.when
|
|
132
|
+
evt.save()
|
|
133
|
+
return rv.restStatus(request, True)
|
|
134
|
+
except Exception as err:
|
|
135
|
+
rh.log_exception()
|
|
136
|
+
stack = rh.getStackString()
|
|
137
|
+
# rh.log_exception("during ossec alert", payload)
|
|
138
|
+
metadata = dict(ip=request.ip, payload=alert)
|
|
139
|
+
am.Event.createFromDict(None, {
|
|
140
|
+
"hostname": request.get_host(),
|
|
141
|
+
"description": f"error parseing alert: {err}",
|
|
142
|
+
"details": stack,
|
|
143
|
+
"level": 8,
|
|
144
|
+
"category": "ossec_error",
|
|
145
|
+
"metadata": metadata
|
|
146
|
+
})
|
|
122
147
|
# rh.log_error("ossec alert", request.DATA.asDict())
|
|
123
148
|
return rv.restStatus(request, False, error="no alert data")
|
|
124
149
|
|
rest/__init__.py
CHANGED
|
File without changes
|
|
File without changes
|