rosetta-ce 1.2.8__py3-none-any.whl → 1.3.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rosetta-ce might be problematic. Click here for more details.

Files changed (6) hide show
  1. rosetta/rfaker.py +14 -7
  2. {rosetta_ce-1.2.8.dist-info → rosetta_ce-1.3.0.dist-info}/METADATA +1 -1
  3. {rosetta_ce-1.2.8.dist-info → rosetta_ce-1.3.0.dist-info}/RECORD +6 -6
  4. {rosetta_ce-1.2.8.dist-info → rosetta_ce-1.3.0.dist-info}/LICENSE +0 -0
  5. {rosetta_ce-1.2.8.dist-info → rosetta_ce-1.3.0.dist-info}/WHEEL +0 -0
  6. {rosetta_ce-1.2.8.dist-info → rosetta_ce-1.3.0.dist-info}/top_level.txt +0 -0
rosetta/rfaker.py CHANGED
@@ -545,7 +545,9 @@ class Events:
545
545
  return json_messages
546
546
 
547
547
  @classmethod
548
- def incidents(cls, count, fields: Optional[str] = None, observables: Optional[Observables] = None) -> List[dict]:
548
+ def incidents(cls, count, fields: Optional[str] = None, timestamp: Optional[datetime] = None,
549
+ vendor: Optional[str] = None, product: Optional[str] = None, version: Optional[str] = None,
550
+ observables: Optional[Observables] = None) -> List[dict]:
549
551
  """
550
552
  Generates a list of fake incident data.
551
553
 
@@ -554,6 +556,10 @@ class Events:
554
556
  fields (str, optional): A comma-separated list of incident fields to include in the output. If None,
555
557
  all fields will be included. Valid options are: 'id', 'duration', 'type', 'analyst', 'severity',
556
558
  'description', 'events'.
559
+ vendor: Optional. The vendor.
560
+ product: Optional. The product.
561
+ version: Optional. The version.
562
+ timestamp: Optional. The starting timestamp for the syslog messages. If not provided, a random time during
557
563
  observables: An observables object. If not provided, random objservable will be generated and used.
558
564
 
559
565
  Returns:
@@ -586,7 +592,6 @@ class Events:
586
592
  analysts = observables.analysts if observables and observables.analysts \
587
593
  else [faker.unique.first_name() for _ in range(10)]
588
594
  analyst_incident_map = {}
589
-
590
595
  for analyst in analysts:
591
596
  mapped_incident_type = incident_types.pop(0)
592
597
  analyst_incident_map[analyst] = mapped_incident_type
@@ -626,11 +631,13 @@ class Events:
626
631
  incident['description'] = incident_description
627
632
  if 'events' in field_list:
628
633
  incident['events'] = [
629
- {"event": cls.syslog(count=1, observables=observables)[0]},
630
- {"event": cls.cef(count=1, observables=observables)[0]},
631
- {"event": cls.leef(count=1, observables=observables)[0]},
632
- {"event": cls.winevent(count=1, observables=observables)[0]},
633
- {"event": cls.json(count=1, observables=observables)[0]}
634
+ {"event": cls.syslog(count=1, timestamp=timestamp, observables=observables)[0]},
635
+ {"event": cls.cef(count=1, timestamp=timestamp, vendor=vendor, product=product,
636
+ version=version, observables=observables)[0]},
637
+ {"event": cls.leef(count=1, timestamp=timestamp, vendor=vendor, product=product,
638
+ version=version, observables=observables)[0]},
639
+ {"event": cls.winevent(count=1, timestamp=timestamp, observables=observables)[0]},
640
+ {"event": cls.json(count=1, timestamp=timestamp, observables=observables)[0]}
634
641
  ]
635
642
  else:
636
643
  incident = {
{rosetta_ce-1.2.8.dist-info → rosetta_ce-1.3.0.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: rosetta-ce
3
- Version: 1.2.8
3
+ Version: 1.3.0
4
4
  Summary: Rosetta is a Python package that can be used to fake security logs and alerts for testing different detection and response use cases.
5
5
  Home-page: https://github.com/ayman-m/rosetta
6
6
  Author: Ayman Mahmoud
{rosetta_ce-1.2.8.dist-info → rosetta_ce-1.3.0.dist-info}/RECORD RENAMED
@@ -1,13 +1,13 @@
1
1
  rosetta/__init__.py,sha256=9rqZF7bpDMRN5H-rjNRUfzQAOIqyc21hTTZfYufTy04,92
2
2
  rosetta/rconverter.py,sha256=oPdWMtO6_aeQC8PqCl4nHKEpVb1kaBACSaNXsz-o00Q,3008
3
- rosetta/rfaker.py,sha256=ltbpB5rQIYHKhtQmidy-ZCW0DE--a9MdN63WI9JNo7c,32828
3
+ rosetta/rfaker.py,sha256=nYo1YF0sOWkWxFa7unBpjLpqO-nBvcsp8w6HYOPW-6k,33530
4
4
  rosetta/rsender.py,sha256=jWbyOXsh2t2TV3c0G_ZauyEdmeLa9FoZ7S9TZ733sSA,7785
5
5
  rosetta/constants/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
6
6
  rosetta/constants/sensors.py,sha256=ZxPWFrNqDFKRVn9ai-5vtvIiU4-3FAXQIRj7gFoBRPk,1936
7
7
  rosetta/constants/sources.py,sha256=b3ynlKGw1gw7VBA4yCYkJ7aq4vVPfypqA8W_kuAZaBA,1658
8
8
  rosetta/constants/systems.py,sha256=WHOD21CaBgVm3IiF1m-RY2pFRNRaGMZ18pIf0q6ekOI,6697
9
- rosetta_ce-1.2.8.dist-info/LICENSE,sha256=jF5fCbmI1A-yyvPAEeQ5VHM094tRLlWsMyun-UlX-pQ,1070
10
- rosetta_ce-1.2.8.dist-info/METADATA,sha256=ElNIjlRDtTB0c3gGWsbI__gHGkXnCGGKPktZTZYOAxE,11321
11
- rosetta_ce-1.2.8.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
12
- rosetta_ce-1.2.8.dist-info/top_level.txt,sha256=HLxDc6BJxHZDzVIlOwpCGH0DqIf65OhZcHniRDaUUZc,8
13
- rosetta_ce-1.2.8.dist-info/RECORD,,
9
+ rosetta_ce-1.3.0.dist-info/LICENSE,sha256=jF5fCbmI1A-yyvPAEeQ5VHM094tRLlWsMyun-UlX-pQ,1070
10
+ rosetta_ce-1.3.0.dist-info/METADATA,sha256=ciV5RVnMB2uUwu1I3BeMHmnnAUMFajiIHGW1HhMC5G8,11321
11
+ rosetta_ce-1.3.0.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
12
+ rosetta_ce-1.3.0.dist-info/top_level.txt,sha256=HLxDc6BJxHZDzVIlOwpCGH0DqIf65OhZcHniRDaUUZc,8
13
+ rosetta_ce-1.3.0.dist-info/RECORD,,