rosetta-ce 1.3.5__py3-none-any.whl → 1.3.6__py3-none-any.whl

rosetta/rfaker.py

@@ -478,39 +478,74 @@ class Events:
         """
         leef_messages = []
         faker = cls._create_faker()
+        vendor = vendor or faker.company()
         version = version or faker.numerify("1.0.#")
         if timestamp is None:
             timestamp = datetime.now() - timedelta(hours=1)
             timestamp += timedelta(seconds=faker.random_int(min=0, max=3599))
-        for i in range(count):
-            timestamp += timedelta(seconds=1)
-            vendor = vendor or faker.company()
-            product = product or "Application Server"
-            src_port = faker.random_int(min=1024, max=65535)
-            request_size = faker.random_int(min=100, max=10000)
-            response_size = faker.random_int(min=100, max=10000)
-            user_agent = faker.user_agent()
-            host = random.choice(observables.src_host) if observables and observables.src_host \
-                else faker.hostname()
-            src_ip = random.choice(observables.src_ip) if observables and observables.src_ip \
-                else faker.ipv4()
-            url = random.choice(observables.technique).get('indicator') if observables and observables.technique \
-                else random.choice(TECHNIQUES).get('indicator')
-            file_hash = random.choice(observables.file_hash) if observables and observables.file_hash \
-                else Observables.generator(observable_type=ObservableType.SHA256, known=ObservableKnown.BAD, count=1)
-            method = random.choice(observables.technique).get('mechanism') if observables and observables.technique \
-                else random.choice(TECHNIQUES).get('mechanism')
-            error_code = random.choice(observables.error_code) if observables and observables.error_code \
-                else random.choice(ERROR_CODE)
-
-            leef_log = f"LEEF:1.0|{vendor}|{product}|{version}|deviceEventDate={timestamp}|{faker.ipv4()}|{host}|" \
-                       f"{faker.mac_address()}|{faker.mac_address()}|"
-            leef_log += f"src={src_ip} dst={host} spt={src_port} dpt=443 request={url} "
-            leef_log += f"method={method} proto=HTTP/1.1 status={str(error_code)} hash={file_hash}"
-            leef_log += f"request_size={request_size} " \
-                        f"response_size={response_size} "
-            leef_log += f"user_agent={user_agent}"
-            leef_messages.append(leef_log)
+        if product == "WAF":
+            for i in range(count):
+                timestamp += timedelta(seconds=1)
+                severity = random.choice(observables.severity) if observables and observables.severity \
+                    else faker.random_int(min=1, max=5)
+                src_ip = random.choice(observables.src_ip) if observables and observables.src_ip \
+                    else faker.ipv4()
+                src_port = faker.random_int(min=1024, max=65535)
+                host = random.choice(observables.src_host) if observables and observables.src_host \
+                    else faker.hostname()
+                method = random.choice(observables.technique).get('mechanism') if observables and observables.technique \
+                    else random.choice(TECHNIQUES).get('mechanism')
+                url = random.choice(observables.technique).get('indicator') if observables and observables.technique \
+                    else random.choice(TECHNIQUES).get('indicator')
+                protocol = random.choice(observables.protocol) if observables and observables.protocol \
+                    else random.choice(PROTOCOLS)
+                user_agent = faker.user_agent()
+                referer = random.choice(observables.url) if observables and observables.url \
+                    else Observables.generator(observable_type=ObservableType.URL, known=ObservableKnown.BAD, count=1)
+                response_code = random.choice(observables.error_code) if observables and observables.error_code \
+                    else random.choice(ERROR_CODE)
+                response_size = faker.random_int(min=100, max=10000)
+                rule_id = random.choice(observables.event_id) if observables and observables.event_id \
+                    else faker.random_int(min=1, max=200)
+                action = random.choice(observables.action) if observables and observables.action \
+                    else random.choice(ACTIONS)
+                attack_type = random.choice(observables.technique).get('technique') if observables and \
+                    observables.technique else random.choice(TECHNIQUES).get('technique')
+                cookie_name = faker.word()
+                cookie_value = faker.uuid4()
+                cookies = f"{cookie_name}={cookie_value}"
+                leef_log = f"LEEF:1.0|{vendor}|{product}|{version}|deviceEventDate={timestamp}|{faker.ipv4()}|{host}|"
+                leef_log += f"src_ip={src_ip} src_port={src_port} request_url={url} method={method} referer={referer} "
+                leef_log += f"protocol={protocol} status={str(response_code)} action={action} attack_type={attack_type}"
+                leef_log += f" response_size={response_size} rule_id={rule_id} user_agent={user_agent} "
+                leef_log += f"severity={severity} cookie={cookies}"
+                leef_messages.append(leef_log)
+        else:
+            for i in range(count):
+                timestamp += timedelta(seconds=1)
+                severity = random.choice(observables.severity) if observables and observables.severity \
+                    else faker.random_int(min=1, max=5)
+                src_ip = random.choice(observables.src_ip) if observables and observables.src_ip \
+                    else faker.ipv4()
+                src_port = faker.random_int(min=1024, max=65535)
+                host = random.choice(observables.src_host) if observables and observables.src_host \
+                    else faker.hostname()
+                url = random.choice(observables.technique).get('indicator') if observables and observables.technique \
+                    else random.choice(TECHNIQUES).get('indicator')
+                protocol = random.choice(observables.protocol) if observables and observables.protocol \
+                    else random.choice(PROTOCOLS)
+                response_code = random.choice(observables.error_code) if observables and observables.error_code \
+                    else random.choice(ERROR_CODE)
+                action = random.choice(observables.action) if observables and observables.action \
+                    else random.choice(ACTIONS)
+                leef_log = f"LEEF:1.0|{vendor}|{product}|{version}|deviceEventDate={timestamp}|{faker.ipv4()}|{host}|"
+                leef_log += f"src_ip={src_ip} src_port={src_port} request_url={url} protocol={protocol} "
+                leef_log += f"status={str(response_code)} action={action} severity={severity}"
+                if observables:
+                    for observable, observable_value in vars(observables).items():
+                        if observable_value:
+                            leef_log += f" {observable}={random.choice(observable_value)}"
+                leef_messages.append(leef_log)
         return leef_messages
 
     @classmethod

{rosetta_ce-1.3.5.dist-info → rosetta_ce-1.3.6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: rosetta-ce
-Version: 1.3.5
+Version: 1.3.6
 Summary: Rosetta is a Python package that can be used to fake security logs and alerts for testing different detection and response use cases.
 Home-page: https://github.com/ayman-m/rosetta
 Author: Ayman Mahmoud

{rosetta_ce-1.3.5.dist-info → rosetta_ce-1.3.6.dist-info}/RECORD

@@ -1,13 +1,13 @@
 rosetta/__init__.py,sha256=9rqZF7bpDMRN5H-rjNRUfzQAOIqyc21hTTZfYufTy04,92
 rosetta/rconverter.py,sha256=oPdWMtO6_aeQC8PqCl4nHKEpVb1kaBACSaNXsz-o00Q,3008
-rosetta/rfaker.py,sha256=xXocLYyue4CqW94J68fOBzK2TMGBB0kJ3Hr7gJBGjrs,39169
+rosetta/rfaker.py,sha256=rwRZ3v_DfiHcsAygZkCE6UkCJsghC3vISS8IZNbECFI,41965
 rosetta/rsender.py,sha256=j3hhINnTwqT15uCLb__bDGp7pGwgj-EDRn5ZeLWrMVU,8572
 rosetta/constants/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 rosetta/constants/sensors.py,sha256=ZxPWFrNqDFKRVn9ai-5vtvIiU4-3FAXQIRj7gFoBRPk,1936
 rosetta/constants/sources.py,sha256=b3ynlKGw1gw7VBA4yCYkJ7aq4vVPfypqA8W_kuAZaBA,1658
 rosetta/constants/systems.py,sha256=WHOD21CaBgVm3IiF1m-RY2pFRNRaGMZ18pIf0q6ekOI,6697
-rosetta_ce-1.3.5.dist-info/LICENSE,sha256=jF5fCbmI1A-yyvPAEeQ5VHM094tRLlWsMyun-UlX-pQ,1070
-rosetta_ce-1.3.5.dist-info/METADATA,sha256=NhwnkJkzkLA0iCMdY-wzICM3ZPMpZRW3lqUtv5VTEPM,11321
-rosetta_ce-1.3.5.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
-rosetta_ce-1.3.5.dist-info/top_level.txt,sha256=HLxDc6BJxHZDzVIlOwpCGH0DqIf65OhZcHniRDaUUZc,8
-rosetta_ce-1.3.5.dist-info/RECORD,,
+rosetta_ce-1.3.6.dist-info/LICENSE,sha256=jF5fCbmI1A-yyvPAEeQ5VHM094tRLlWsMyun-UlX-pQ,1070
+rosetta_ce-1.3.6.dist-info/METADATA,sha256=g1zG2KR0iyeekox5V1OdJ1qtJG04SbnoHLh5o4P-aJw,11321
+rosetta_ce-1.3.6.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
+rosetta_ce-1.3.6.dist-info/top_level.txt,sha256=HLxDc6BJxHZDzVIlOwpCGH0DqIf65OhZcHniRDaUUZc,8
+rosetta_ce-1.3.6.dist-info/RECORD,,