rosetta-ce 1.3.3__tar.gz → 1.3.4__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rosetta-ce might be problematic. Click here for more details.

Files changed (21) hide show
  1. {rosetta-ce-1.3.3/rosetta_ce.egg-info → rosetta-ce-1.3.4}/PKG-INFO +1 -1
  2. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/rosetta/rfaker.py +50 -23
  3. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4/rosetta_ce.egg-info}/PKG-INFO +1 -1
  4. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/setup.py +1 -1
  5. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/LICENSE +0 -0
  6. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/README.md +0 -0
  7. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/rosetta/__init__.py +0 -0
  8. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/rosetta/constants/__init__.py +0 -0
  9. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/rosetta/constants/sensors.py +0 -0
  10. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/rosetta/constants/sources.py +0 -0
  11. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/rosetta/constants/systems.py +0 -0
  12. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/rosetta/rconverter.py +0 -0
  13. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/rosetta/rsender.py +0 -0
  14. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/rosetta_ce.egg-info/SOURCES.txt +0 -0
  15. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/rosetta_ce.egg-info/dependency_links.txt +0 -0
  16. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/rosetta_ce.egg-info/requires.txt +0 -0
  17. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/rosetta_ce.egg-info/top_level.txt +0 -0
  18. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/setup.cfg +0 -0
  19. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/tests/test_rconverter.py +0 -0
  20. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/tests/test_rfaker.py +0 -0
  21. {rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/tests/test_rsender.py +0 -0
{rosetta-ce-1.3.3/rosetta_ce.egg-info → rosetta-ce-1.3.4}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: rosetta-ce
3
- Version: 1.3.3
3
+ Version: 1.3.4
4
4
  Summary: Rosetta is a Python package that can be used to fake security logs and alerts for testing different detection and response use cases.
5
5
  Home-page: https://github.com/ayman-m/rosetta
6
6
  Author: Ayman Mahmoud
{rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/rosetta/rfaker.py RENAMED
@@ -29,11 +29,6 @@ class ObservableKnown(Enum):
29
29
  GOOD = 'good'
30
30
 
31
31
 
32
- class CEFDevices(Enum):
33
- Firewall = "Firewall"
34
- EmailGW = "EmailGW"
35
-
36
-
37
32
  class Observables:
38
33
  def __init__(self, src_ip: list = None, dst_ip: Optional[list] = None, src_host: Optional[list] = None,
39
34
  dst_host: Optional[list] = None, src_domain: Optional[list] = None, dst_domain: Optional[list] = None,
@@ -148,7 +143,7 @@ class Observables:
148
143
  - A list of generated observables.
149
144
 
150
145
  Raises:
151
- - Exception: If the function fails to retrieve data from any configured source with a HTTP status code other
146
+ - Exception: If the function fails to retrieve data from any configured source with an HTTP status code other
152
147
  than 200.
153
148
  """
154
149
  faker = cls._create_faker()
@@ -274,7 +269,8 @@ class Events:
274
269
  return Observables()
275
270
 
276
271
  @classmethod
277
- def syslog(cls, count: int, timestamp: Optional[datetime] = None, observables: Optional[Observables] = None) -> List[str]:
272
+ def syslog(cls, count: int, timestamp: Optional[datetime] = None, observables: Optional[Observables] = None) -> \
273
+ List[str]:
278
274
  """
279
275
  Generate fake syslog messages.
280
276
 
@@ -282,7 +278,8 @@ class Events:
282
278
  count: The number of syslog messages to generate.
283
279
  timestamp: Optional. The starting timestamp for the syslog messages. If not provided, a random time during
284
280
  the past hour from now will be used.
285
- observables: Optional. An observables object. If not provided, random objservable will be generated and used.
281
+ observables: Optional. An observables object. If not provided, random objservable will be generated
282
+ and used.
286
283
  Returns:
287
284
  A list of syslog messages.
288
285
 
@@ -317,7 +314,7 @@ class Events:
317
314
  return syslog_messages
318
315
 
319
316
  @classmethod
320
- def cef(cls, count: int, vendor: Optional[str] = None, product: Optional[CEFDevices] = CEFDevices.Firewall,
317
+ def cef(cls, count: int, vendor: Optional[str] = None, product: Optional[str] = None,
321
318
  version: Optional[str] = None, timestamp: Optional[datetime] = None,
322
319
  observables: Optional[Observables] = None) -> List[str]:
323
320
  """
@@ -331,7 +328,8 @@ class Events:
331
328
  - Firewall
332
329
  - EmailGW
333
330
  version: Optional. The version.
334
- observables: Optional. An observables object. If not provided, random objservable will be generated and used.
331
+ observables: Optional. An observables object. If not provided, random objservable will be generated
332
+ and used.
335
333
  Returns:
336
334
  A list of fake CEF messages in string format.
337
335
 
@@ -357,7 +355,7 @@ class Events:
357
355
  if timestamp is None:
358
356
  timestamp = datetime.now() - timedelta(hours=1)
359
357
  timestamp += timedelta(seconds=faker.random_int(min=0, max=3599))
360
- if product.name == "Firewall":
358
+ if product == "Firewall":
361
359
  for i in range(count):
362
360
  log_id = faker.uuid4()
363
361
  timestamp += timedelta(seconds=1)
@@ -374,7 +372,8 @@ class Events:
374
372
  else Observables.generator(observable_type=ObservableType.URL, known=ObservableKnown.BAD, count=1)
375
373
  inbound_bytes = random.choice(observables.inbound_bytes) if observables and observables.inbound_bytes \
376
374
  else faker.random_int(min=10, max=1073741824)
377
- outbound_bytes = random.choice(observables.outbound_bytes) if observables and observables.outbound_bytes \
375
+ outbound_bytes = random.choice(observables.outbound_bytes) if observables and \
376
+ observables.outbound_bytes \
378
377
  else faker.random_int(min=10, max=1073741824)
379
378
  protocol = random.choice(observables.protocol) if observables and observables.protocol \
380
379
  else random.choice(PROTOCOLS)
@@ -382,12 +381,13 @@ class Events:
382
381
  else faker.random_int(min=1, max=200)
383
382
  action = random.choice(observables.action) if observables and observables.action \
384
383
  else random.choice(ACTIONS)
385
- event_description = f"Firewall {action} {protocol} traffic from {src_ip}:{src_port} to {dst_ip}:{dst_port}"
386
- cef_messages.append(f"CEF:0|{vendor}|{product.name}|{version}|{log_id}|{timestamp}|{severity}|"
387
- f"{event_description}|src={src_ip} spt={src_port} dst={dst_ip} url={dst_url}"
388
- f"dpt={dst_port} in_bytes={inbound_bytes} out_bytes={outbound_bytes} proto={protocol}"
389
- f" rule={rule_id} act={action}")
390
- elif product.name == "EmailGW":
384
+ event_description = f"Firewall {action} {protocol} traffic from {src_ip}:{src_port} to " \
385
+ f"{dst_ip}:{dst_port}"
386
+ cef_messages.append(f"CEF:0|{vendor}|{product}|{version}|{log_id}|{timestamp}|{severity}|"
387
+ f"{event_description}|src_ip={src_ip} src_port={src_port} dst_ip={dst_ip} "
388
+ f"url={dst_url} dst_port={dst_port} in_bytes={inbound_bytes} "
389
+ f"out_bytes={outbound_bytes} proto={protocol} rule={rule_id} act={action}")
390
+ elif product == "EmailGW":
391
391
  for i in range(count):
392
392
  mail_id = faker.uuid4()
393
393
  timestamp += timedelta(seconds=1)
@@ -399,8 +399,8 @@ class Events:
399
399
  else faker.email()
400
400
  recipient_email = random.choice(observables.recipient_email) if observables and \
401
401
  observables.recipient_email else faker.email()
402
- email_subject = random.choice(observables.email_subject) if observables and observables.email_subject else \
403
- faker.sentence(nb_words=6)
402
+ email_subject = random.choice(observables.email_subject) if observables and observables.email_subject \
403
+ else faker.sentence(nb_words=6)
404
404
  email_body = random.choice(observables.email_body) if observables and observables.email_body else \
405
405
  faker.sentence(nb_words=50)
406
406
  attachment_hash = random.choice(observables.file_hash) if observables and observables.file_hash \
@@ -409,11 +409,37 @@ class Events:
409
409
  spam_score = faker.random_int(min=1, max=5)
410
410
  action = random.choice(observables.action) if observables and observables.action \
411
411
  else random.choice(ACTIONS)
412
- cef_messages.append(f"CEF:0|{vendor}|{product.name}|{version}|{mail_id}|{timestamp}|"
413
- f"src={src_ip} src_domain={src_domain} sender_email={sender_email} "
412
+ cef_messages.append(f"CEF:0|{vendor}|{product}|{version}|{mail_id}|{timestamp}|"
413
+ f"src_ip={src_ip} src_domain={src_domain} sender_email={sender_email} "
414
414
  f"recipient_email={recipient_email} email_subject={email_subject} "
415
415
  f"email_body={email_body} attachment_hash={attachment_hash} spam_score={spam_score}"
416
416
  f" action={action}")
417
+ else:
418
+ for i in range(count):
419
+ log_id = faker.uuid4()
420
+ timestamp += timedelta(seconds=1)
421
+ severity = random.choice(observables.severity) if observables and observables.severity \
422
+ else faker.random_int(min=1, max=5)
423
+ src_ip = random.choice(observables.src_ip) if observables and observables.src_ip \
424
+ else faker.ipv4()
425
+ src_port = faker.random_int(min=1024, max=65535)
426
+ dst_ip = random.choice(observables.dst_ip) if observables and observables.dst_ip \
427
+ else Observables.generator(observable_type=ObservableType.IP, known=ObservableKnown.BAD, count=1)
428
+ dst_port = random.choice(observables.port) if observables and observables.port \
429
+ else faker.random_int(min=1024, max=65535)
430
+ protocol = random.choice(observables.protocol) if observables and observables.protocol \
431
+ else random.choice(PROTOCOLS)
432
+ rule_id = random.choice(observables.event_id) if observables and observables.event_id \
433
+ else faker.random_int(min=1, max=200)
434
+ action = random.choice(observables.action) if observables and observables.action \
435
+ else random.choice(ACTIONS)
436
+ generic_cef = f"CEF:0|{vendor}|{product}|{version}|{log_id}|{timestamp}|{severity}|src_ip={src_ip} " \
437
+ f"src_port={src_port} dst_ip={dst_ip} dst_port={dst_port} proto={protocol} " \
438
+ f"rule={rule_id} act={action}"
439
+ if observables:
440
+ for observable, observable_value in vars(observables).items():
441
+ generic_cef += f" {observable}={observable_value}"
442
+ cef_messages.append(generic_cef)
417
443
  return cef_messages
418
444
 
419
445
  @classmethod
@@ -487,7 +513,8 @@ class Events:
487
513
  return leef_messages
488
514
 
489
515
  @classmethod
490
- def winevent(cls, count, timestamp: Optional[datetime] = None, observables: Optional[Observables] = None) -> List[str]:
516
+ def winevent(cls, count, timestamp: Optional[datetime] = None, observables: Optional[Observables] = None) -> \
517
+ List[str]:
491
518
  """
492
519
  Generates fake Windows Event Log messages.
493
520
 
{rosetta-ce-1.3.3 → rosetta-ce-1.3.4/rosetta_ce.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: rosetta-ce
3
- Version: 1.3.3
3
+ Version: 1.3.4
4
4
  Summary: Rosetta is a Python package that can be used to fake security logs and alerts for testing different detection and response use cases.
5
5
  Home-page: https://github.com/ayman-m/rosetta
6
6
  Author: Ayman Mahmoud
{rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/setup.py RENAMED
@@ -5,7 +5,7 @@ with open("README.md", "r") as fh:
5
5
 
6
6
  setuptools.setup(
7
7
  name="rosetta-ce",
8
- version="1.3.3",
8
+ version="1.3.4",
9
9
  author="Ayman Mahmoud",
10
10
  author_email="content@ayman.online",
11
11
  description="Rosetta is a Python package that can be used to fake security logs and alerts for testing different "
{rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/LICENSE RENAMED
File without changes
{rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/README.md RENAMED
File without changes
{rosetta-ce-1.3.3 → rosetta-ce-1.3.4}/setup.cfg RENAMED
File without changes