rosetta-ce 1.2.9__py3.11.egg → 1.3.1__py3.11.egg

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rosetta-ce might be problematic. Click here for more details.

Files changed (5) hide show
  1. EGG-INFO/PKG-INFO +1 -1
  2. rosetta/__pycache__/rfaker.cpython-311.pyc +0 -0
  3. rosetta/__pycache__/rsender.cpython-311.pyc +0 -0
  4. rosetta/rfaker.py +8 -2
  5. rosetta/rsender.py +14 -3
EGG-INFO/PKG-INFO CHANGED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: rosetta-ce
3
- Version: 1.2.9
3
+ Version: 1.3.1
4
4
  Summary: Rosetta is a Python package that can be used to fake security logs and alerts for testing different detection and response use cases.
5
5
  Home-page: https://github.com/ayman-m/rosetta
6
6
  Author: Ayman Mahmoud
rosetta/__pycache__/rfaker.cpython-311.pyc CHANGED
Binary file
rosetta/__pycache__/rsender.cpython-311.pyc CHANGED
Binary file
rosetta/rfaker.py CHANGED
@@ -546,6 +546,7 @@ class Events:
546
546
 
547
547
  @classmethod
548
548
  def incidents(cls, count, fields: Optional[str] = None, timestamp: Optional[datetime] = None,
549
+ vendor: Optional[str] = None, product: Optional[str] = None, version: Optional[str] = None,
549
550
  observables: Optional[Observables] = None) -> List[dict]:
550
551
  """
551
552
  Generates a list of fake incident data.
@@ -555,6 +556,9 @@ class Events:
555
556
  fields (str, optional): A comma-separated list of incident fields to include in the output. If None,
556
557
  all fields will be included. Valid options are: 'id', 'duration', 'type', 'analyst', 'severity',
557
558
  'description', 'events'.
559
+ vendor: Optional. The vendor.
560
+ product: Optional. The product.
561
+ version: Optional. The version.
558
562
  timestamp: Optional. The starting timestamp for the syslog messages. If not provided, a random time during
559
563
  observables: An observables object. If not provided, random objservable will be generated and used.
560
564
 
@@ -628,8 +632,10 @@ class Events:
628
632
  if 'events' in field_list:
629
633
  incident['events'] = [
630
634
  {"event": cls.syslog(count=1, timestamp=timestamp, observables=observables)[0]},
631
- {"event": cls.cef(count=1, timestamp=timestamp, observables=observables)[0]},
632
- {"event": cls.leef(count=1, timestamp=timestamp, observables=observables)[0]},
635
+ {"event": cls.cef(count=1, timestamp=timestamp, vendor=vendor, product=product,
636
+ version=version, observables=observables)[0]},
637
+ {"event": cls.leef(count=1, timestamp=timestamp, vendor=vendor, product=product,
638
+ version=version, observables=observables)[0]},
633
639
  {"event": cls.winevent(count=1, timestamp=timestamp, observables=observables)[0]},
634
640
  {"event": cls.json(count=1, timestamp=timestamp, observables=observables)[0]}
635
641
  ]
rosetta/rsender.py CHANGED
@@ -57,7 +57,8 @@ class Sender:
57
57
 
58
58
  def __init__(self, data_type: str, destination: str,
59
59
  worker_name: Optional[str] = 'worker_'+str(datetime.now()), count: Optional[int] = 1,
60
- interval: Optional[int] = 1, observables: Optional[Observables] = None, fields: Optional[str] = None,
60
+ interval: Optional[int] = 1, vendor: Optional[str] = None, product: Optional[str] = None,
61
+ version: Optional[str] = None, observables: Optional[Observables] = None, fields: Optional[str] = None,
61
62
  verify_ssl: Optional[bool] = None, datetime_obj: Optional[datetime] = None):
62
63
  """
63
64
  Constructor for DataSenderWorker class.
@@ -73,6 +74,9 @@ class Sender:
73
74
  :param worker_name: str, name of the worker.
74
75
  :param count: int, number of times to send the data.
75
76
  :param interval: int, time interval between two consecutive data sends.
77
+ :param vendor: Optional. The vendor.
78
+ :param product: Optional. The product.
79
+ :param version: Optional. The version.
76
80
  :param observables: Observables, list of observables.
77
81
  :param fields: str, comma-separated list of fields to include in incident data.
78
82
  :param verify_ssl: bool, handling ssl verification errors.
@@ -84,6 +88,9 @@ class Sender:
84
88
  self.data_type = data_type
85
89
  self.count = count
86
90
  self.interval = interval
91
+ self.vendor = vendor
92
+ self.product = product
93
+ self.version = version
87
94
  self.destination = destination
88
95
  self.created_at = datetime.now()
89
96
  self.status = "Stopped"
@@ -133,9 +140,13 @@ class Sender:
133
140
  if self.data_type == "SYSLOG":
134
141
  fake_message = Events.syslog(count=1, timestamp=self.datetime_obj, observables=self.observables)
135
142
  if self.data_type == "CEF":
136
- fake_message = Events.cef(count=1, timestamp=self.datetime_obj, observables=self.observables)
143
+ fake_message = Events.cef(count=1, timestamp=self.datetime_obj, vendor=self.vendor,
144
+ product=self.product, version=self.version,
145
+ observables=self.observables)
137
146
  if self.data_type == "LEEF":
138
- fake_message = Events.leef(count=1, timestamp=self.datetime_obj, observables=self.observables)
147
+ fake_message = Events.leef(count=1, timestamp=self.datetime_obj, vendor=self.vendor,
148
+ product=self.product, version=self.version,
149
+ observables=self.observables)
139
150
  ip_address = self.destination.split(':')[1]
140
151
  port = self.destination.split(':')[2]
141
152
  if 'tcp' in self.destination: