rosetta-ce 1.3.4__py3.11.egg → 1.3.6__py3.11.egg

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rosetta-ce might be problematic. Click here for more details.

Files changed (3) hide show
  1. EGG-INFO/PKG-INFO +1 -1
  2. rosetta/__pycache__/rfaker.cpython-311.pyc +0 -0
  3. rosetta/rfaker.py +66 -30
EGG-INFO/PKG-INFO CHANGED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: rosetta-ce
3
- Version: 1.3.4
3
+ Version: 1.3.6
4
4
  Summary: Rosetta is a Python package that can be used to fake security logs and alerts for testing different detection and response use cases.
5
5
  Home-page: https://github.com/ayman-m/rosetta
6
6
  Author: Ayman Mahmoud
rosetta/__pycache__/rfaker.cpython-311.pyc CHANGED
Binary file
rosetta/rfaker.py CHANGED
@@ -438,7 +438,8 @@ class Events:
438
438
  f"rule={rule_id} act={action}"
439
439
  if observables:
440
440
  for observable, observable_value in vars(observables).items():
441
- generic_cef += f" {observable}={observable_value}"
441
+ if observable_value:
442
+ generic_cef += f" {observable}={random.choice(observable_value)}"
442
443
  cef_messages.append(generic_cef)
443
444
  return cef_messages
444
445
 
@@ -477,39 +478,74 @@ class Events:
477
478
  """
478
479
  leef_messages = []
479
480
  faker = cls._create_faker()
481
+ vendor = vendor or faker.company()
480
482
  version = version or faker.numerify("1.0.#")
481
483
  if timestamp is None:
482
484
  timestamp = datetime.now() - timedelta(hours=1)
483
485
  timestamp += timedelta(seconds=faker.random_int(min=0, max=3599))
484
- for i in range(count):
485
- timestamp += timedelta(seconds=1)
486
- vendor = vendor or faker.company()
487
- product = product or "Application Server"
488
- src_port = faker.random_int(min=1024, max=65535)
489
- request_size = faker.random_int(min=100, max=10000)
490
- response_size = faker.random_int(min=100, max=10000)
491
- user_agent = faker.user_agent()
492
- host = random.choice(observables.src_host) if observables and observables.src_host \
493
- else faker.hostname()
494
- src_ip = random.choice(observables.src_ip) if observables and observables.src_ip \
495
- else faker.ipv4()
496
- url = random.choice(observables.technique).get('indicator') if observables and observables.technique \
497
- else random.choice(TECHNIQUES).get('indicator')
498
- file_hash = random.choice(observables.file_hash) if observables and observables.file_hash \
499
- else Observables.generator(observable_type=ObservableType.SHA256, known=ObservableKnown.BAD, count=1)
500
- method = random.choice(observables.technique).get('mechanism') if observables and observables.technique \
501
- else random.choice(TECHNIQUES).get('mechanism')
502
- error_code = random.choice(observables.error_code) if observables and observables.error_code \
503
- else random.choice(ERROR_CODE)
504
-
505
- leef_log = f"LEEF:1.0|{vendor}|{product}|{version}|deviceEventDate={timestamp}|{faker.ipv4()}|{host}|" \
506
- f"{faker.mac_address()}|{faker.mac_address()}|"
507
- leef_log += f"src={src_ip} dst={host} spt={src_port} dpt=443 request={url} "
508
- leef_log += f"method={method} proto=HTTP/1.1 status={str(error_code)} hash={file_hash}"
509
- leef_log += f"request_size={request_size} " \
510
- f"response_size={response_size} "
511
- leef_log += f"user_agent={user_agent}"
512
- leef_messages.append(leef_log)
486
+ if product == "WAF":
487
+ for i in range(count):
488
+ timestamp += timedelta(seconds=1)
489
+ severity = random.choice(observables.severity) if observables and observables.severity \
490
+ else faker.random_int(min=1, max=5)
491
+ src_ip = random.choice(observables.src_ip) if observables and observables.src_ip \
492
+ else faker.ipv4()
493
+ src_port = faker.random_int(min=1024, max=65535)
494
+ host = random.choice(observables.src_host) if observables and observables.src_host \
495
+ else faker.hostname()
496
+ method = random.choice(observables.technique).get('mechanism') if observables and observables.technique \
497
+ else random.choice(TECHNIQUES).get('mechanism')
498
+ url = random.choice(observables.technique).get('indicator') if observables and observables.technique \
499
+ else random.choice(TECHNIQUES).get('indicator')
500
+ protocol = random.choice(observables.protocol) if observables and observables.protocol \
501
+ else random.choice(PROTOCOLS)
502
+ user_agent = faker.user_agent()
503
+ referer = random.choice(observables.url) if observables and observables.url \
504
+ else Observables.generator(observable_type=ObservableType.URL, known=ObservableKnown.BAD, count=1)
505
+ response_code = random.choice(observables.error_code) if observables and observables.error_code \
506
+ else random.choice(ERROR_CODE)
507
+ response_size = faker.random_int(min=100, max=10000)
508
+ rule_id = random.choice(observables.event_id) if observables and observables.event_id \
509
+ else faker.random_int(min=1, max=200)
510
+ action = random.choice(observables.action) if observables and observables.action \
511
+ else random.choice(ACTIONS)
512
+ attack_type = random.choice(observables.technique).get('technique') if observables and \
513
+ observables.technique else random.choice(TECHNIQUES).get('technique')
514
+ cookie_name = faker.word()
515
+ cookie_value = faker.uuid4()
516
+ cookies = f"{cookie_name}={cookie_value}"
517
+ leef_log = f"LEEF:1.0|{vendor}|{product}|{version}|deviceEventDate={timestamp}|{faker.ipv4()}|{host}|"
518
+ leef_log += f"src_ip={src_ip} src_port={src_port} request_url={url} method={method} referer={referer} "
519
+ leef_log += f"protocol={protocol} status={str(response_code)} action={action} attack_type={attack_type}"
520
+ leef_log += f" response_size={response_size} rule_id={rule_id} user_agent={user_agent} "
521
+ leef_log += f"severity={severity} cookie={cookies}"
522
+ leef_messages.append(leef_log)
523
+ else:
524
+ for i in range(count):
525
+ timestamp += timedelta(seconds=1)
526
+ severity = random.choice(observables.severity) if observables and observables.severity \
527
+ else faker.random_int(min=1, max=5)
528
+ src_ip = random.choice(observables.src_ip) if observables and observables.src_ip \
529
+ else faker.ipv4()
530
+ src_port = faker.random_int(min=1024, max=65535)
531
+ host = random.choice(observables.src_host) if observables and observables.src_host \
532
+ else faker.hostname()
533
+ url = random.choice(observables.technique).get('indicator') if observables and observables.technique \
534
+ else random.choice(TECHNIQUES).get('indicator')
535
+ protocol = random.choice(observables.protocol) if observables and observables.protocol \
536
+ else random.choice(PROTOCOLS)
537
+ response_code = random.choice(observables.error_code) if observables and observables.error_code \
538
+ else random.choice(ERROR_CODE)
539
+ action = random.choice(observables.action) if observables and observables.action \
540
+ else random.choice(ACTIONS)
541
+ leef_log = f"LEEF:1.0|{vendor}|{product}|{version}|deviceEventDate={timestamp}|{faker.ipv4()}|{host}|"
542
+ leef_log += f"src_ip={src_ip} src_port={src_port} request_url={url} protocol={protocol} "
543
+ leef_log += f"status={str(response_code)} action={action} severity={severity}"
544
+ if observables:
545
+ for observable, observable_value in vars(observables).items():
546
+ if observable_value:
547
+ leef_log += f" {observable}={random.choice(observable_value)}"
548
+ leef_messages.append(leef_log)
513
549
  return leef_messages
514
550
 
515
551
  @classmethod