PyPI - rosetta-ce - Versions diffs - 1.3.5__tar.gz → 1.3.6__tar.gz - Mend

rosetta-ce 1.3.5tar.gz → 1.3.6tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rosetta-ce might be problematic. Click here for more details.

Files changed (21) hide show

{rosetta-ce-1.3.5/rosetta_ce.egg-info → rosetta-ce-1.3.6}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: rosetta-ce
-Version: 1.3.5
+Version: 1.3.6
 Summary: Rosetta is a Python package that can be used to fake security logs and alerts for testing different detection and response use cases.
 Home-page: https://github.com/ayman-m/rosetta
 Author: Ayman Mahmoud

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/rosetta/rfaker.py RENAMED Viewed

@@ -478,39 +478,74 @@ class Events:
         """
         leef_messages = []
         faker = cls._create_faker()
+        vendor = vendor or faker.company()
         version = version or faker.numerify("1.0.#")
         if timestamp is None:
             timestamp = datetime.now() - timedelta(hours=1)
             timestamp += timedelta(seconds=faker.random_int(min=0, max=3599))
-        for i in range(count):
-            timestamp += timedelta(seconds=1)
-            vendor = vendor or faker.company()
-            product = product or "Application Server"
-            src_port = faker.random_int(min=1024, max=65535)
-            request_size = faker.random_int(min=100, max=10000)
-            response_size = faker.random_int(min=100, max=10000)
-            user_agent = faker.user_agent()
-            host = random.choice(observables.src_host) if observables and observables.src_host \
-                else faker.hostname()
-            src_ip = random.choice(observables.src_ip) if observables and observables.src_ip \
-                else faker.ipv4()
-            url = random.choice(observables.technique).get('indicator') if observables and observables.technique \
-                else random.choice(TECHNIQUES).get('indicator')
-            file_hash = random.choice(observables.file_hash) if observables and observables.file_hash \
-                else Observables.generator(observable_type=ObservableType.SHA256, known=ObservableKnown.BAD, count=1)
-            method = random.choice(observables.technique).get('mechanism') if observables and observables.technique \
-                else random.choice(TECHNIQUES).get('mechanism')
-            error_code = random.choice(observables.error_code) if observables and observables.error_code \
-                else random.choice(ERROR_CODE)
-            leef_log = f"LEEF:1.0|{vendor}|{product}|{version}|deviceEventDate={timestamp}|{faker.ipv4()}|{host}|" \
-                       f"{faker.mac_address()}|{faker.mac_address()}|"
-            leef_log += f"src={src_ip} dst={host} spt={src_port} dpt=443 request={url} "
-            leef_log += f"method={method} proto=HTTP/1.1 status={str(error_code)} hash={file_hash}"
-            leef_log += f"request_size={request_size} " \
-                        f"response_size={response_size} "
-            leef_log += f"user_agent={user_agent}"
-            leef_messages.append(leef_log)
+        if product == "WAF":
+            for i in range(count):
+                timestamp += timedelta(seconds=1)
+                severity = random.choice(observables.severity) if observables and observables.severity \
+                    else faker.random_int(min=1, max=5)
+                src_ip = random.choice(observables.src_ip) if observables and observables.src_ip \
+                    else faker.ipv4()
+                src_port = faker.random_int(min=1024, max=65535)
+                host = random.choice(observables.src_host) if observables and observables.src_host \
+                    else faker.hostname()
+                method = random.choice(observables.technique).get('mechanism') if observables and observables.technique \
+                    else random.choice(TECHNIQUES).get('mechanism')
+                url = random.choice(observables.technique).get('indicator') if observables and observables.technique \
+                    else random.choice(TECHNIQUES).get('indicator')
+                protocol = random.choice(observables.protocol) if observables and observables.protocol \
+                    else random.choice(PROTOCOLS)
+                user_agent = faker.user_agent()
+                referer = random.choice(observables.url) if observables and observables.url \
+                    else Observables.generator(observable_type=ObservableType.URL, known=ObservableKnown.BAD, count=1)
+                response_code = random.choice(observables.error_code) if observables and observables.error_code \
+                    else random.choice(ERROR_CODE)
+                response_size = faker.random_int(min=100, max=10000)
+                rule_id = random.choice(observables.event_id) if observables and observables.event_id \
+                    else faker.random_int(min=1, max=200)
+                action = random.choice(observables.action) if observables and observables.action \
+                    else random.choice(ACTIONS)
+                attack_type = random.choice(observables.technique).get('technique') if observables and \
+                    observables.technique else random.choice(TECHNIQUES).get('technique')
+                cookie_name = faker.word()
+                cookie_value = faker.uuid4()
+                cookies = f"{cookie_name}={cookie_value}"
+                leef_log = f"LEEF:1.0|{vendor}|{product}|{version}|deviceEventDate={timestamp}|{faker.ipv4()}|{host}|"
+                leef_log += f"src_ip={src_ip} src_port={src_port} request_url={url} method={method} referer={referer} "
+                leef_log += f"protocol={protocol} status={str(response_code)} action={action} attack_type={attack_type}"
+                leef_log += f" response_size={response_size} rule_id={rule_id} user_agent={user_agent} "
+                leef_log += f"severity={severity} cookie={cookies}"
+                leef_messages.append(leef_log)
+        else:
+            for i in range(count):
+                timestamp += timedelta(seconds=1)
+                severity = random.choice(observables.severity) if observables and observables.severity \
+                    else faker.random_int(min=1, max=5)
+                src_ip = random.choice(observables.src_ip) if observables and observables.src_ip \
+                    else faker.ipv4()
+                src_port = faker.random_int(min=1024, max=65535)
+                host = random.choice(observables.src_host) if observables and observables.src_host \
+                    else faker.hostname()
+                url = random.choice(observables.technique).get('indicator') if observables and observables.technique \
+                    else random.choice(TECHNIQUES).get('indicator')
+                protocol = random.choice(observables.protocol) if observables and observables.protocol \
+                    else random.choice(PROTOCOLS)
+                response_code = random.choice(observables.error_code) if observables and observables.error_code \
+                    else random.choice(ERROR_CODE)
+                action = random.choice(observables.action) if observables and observables.action \
+                    else random.choice(ACTIONS)
+                leef_log = f"LEEF:1.0|{vendor}|{product}|{version}|deviceEventDate={timestamp}|{faker.ipv4()}|{host}|"
+                leef_log += f"src_ip={src_ip} src_port={src_port} request_url={url} protocol={protocol} "
+                leef_log += f"status={str(response_code)} action={action} severity={severity}"
+                if observables:
+                    for observable, observable_value in vars(observables).items():
+                        if observable_value:
+                            leef_log += f" {observable}={random.choice(observable_value)}"
+                leef_messages.append(leef_log)
         return leef_messages
     @classmethod

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6/rosetta_ce.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: rosetta-ce
-Version: 1.3.5
+Version: 1.3.6
 Summary: Rosetta is a Python package that can be used to fake security logs and alerts for testing different detection and response use cases.
 Home-page: https://github.com/ayman-m/rosetta
 Author: Ayman Mahmoud

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/setup.py RENAMED Viewed

@@ -5,7 +5,7 @@ with open("README.md", "r") as fh:
 setuptools.setup(
     name="rosetta-ce",
-    version="1.3.5",
+    version="1.3.6",
     author="Ayman Mahmoud",
     author_email="content@ayman.online",
     description="Rosetta is a Python package that can be used to fake security logs and alerts for testing different "

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/LICENSE RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/README.md RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/rosetta/__init__.py RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/rosetta/constants/__init__.py RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/rosetta/constants/sensors.py RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/rosetta/constants/sources.py RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/rosetta/constants/systems.py RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/rosetta/rconverter.py RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/rosetta/rsender.py RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/rosetta_ce.egg-info/SOURCES.txt RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/rosetta_ce.egg-info/dependency_links.txt RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/rosetta_ce.egg-info/requires.txt RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/rosetta_ce.egg-info/top_level.txt RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/setup.cfg RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/tests/test_rconverter.py RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/tests/test_rfaker.py RENAMED Viewed

File without changes

{rosetta-ce-1.3.5 → rosetta-ce-1.3.6}/tests/test_rsender.py RENAMED Viewed

File without changes

rosetta-ce 1.3.5__tar.gz → 1.3.6__tar.gz

Potentially problematic release.

rosetta-ce 1.3.5tar.gz → 1.3.6tar.gz