rosetta-ce 1.4.9__tar.gz → 1.5.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rosetta-ce might be problematic. Click here for more details.

Files changed (21) hide show
  1. {rosetta-ce-1.4.9/rosetta_ce.egg-info → rosetta-ce-1.5.0}/PKG-INFO +1 -1
  2. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta/rsender.py +52 -24
  3. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0/rosetta_ce.egg-info}/PKG-INFO +1 -1
  4. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/setup.py +1 -1
  5. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/LICENSE +0 -0
  6. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/README.md +0 -0
  7. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta/__init__.py +0 -0
  8. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta/constants/__init__.py +0 -0
  9. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta/constants/sensors.py +0 -0
  10. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta/constants/sources.py +0 -0
  11. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta/constants/systems.py +0 -0
  12. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta/rconverter.py +0 -0
  13. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta/rfaker.py +0 -0
  14. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta_ce.egg-info/SOURCES.txt +0 -0
  15. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta_ce.egg-info/dependency_links.txt +0 -0
  16. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta_ce.egg-info/requires.txt +0 -0
  17. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta_ce.egg-info/top_level.txt +0 -0
  18. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/setup.cfg +0 -0
  19. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/tests/test_rconverter.py +0 -0
  20. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/tests/test_rfaker.py +0 -0
  21. {rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/tests/test_rsender.py +0 -0
{rosetta-ce-1.4.9/rosetta_ce.egg-info → rosetta-ce-1.5.0}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: rosetta-ce
3
- Version: 1.4.9
3
+ Version: 1.5.0
4
4
  Summary: Rosetta is a Python package that can be used to fake security logs and alerts for testing different detection and response use cases.
5
5
  Home-page: https://github.com/ayman-m/rosetta
6
6
  Author: Ayman Mahmoud
{rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta/rsender.py RENAMED
@@ -55,11 +55,13 @@ class Sender:
55
55
  None.
56
56
  """
57
57
 
58
- def __init__(self, data_type: str, destination: str,
58
+ def __init__(self, data_type: str, destination: str, headers: Optional[dict] = None,
59
59
  worker_name: Optional[str] = 'worker_'+str(datetime.now()), count: Optional[int] = 1,
60
60
  interval: Optional[int] = 1, vendor: Optional[str] = None, product: Optional[str] = None,
61
- version: Optional[str] = None, observables: Optional[Observables] = None, fields: Optional[str] = None,
62
- verify_ssl: Optional[bool] = None, datetime_obj: Optional[datetime] = None):
61
+ version: Optional[str] = None, required_fields: Optional[str] = None,
62
+ observables: Optional[Observables] = None, fields: Optional[str] = None,
63
+ verify_ssl: Optional[bool] = None, datetime_obj: Optional[datetime] = None,
64
+ data_json: Optional[dict] = None, data_text: Optional[str] = None):
63
65
  """
64
66
  Constructor for DataSenderWorker class.
65
67
 
@@ -77,12 +79,21 @@ class Sender:
77
79
  :param vendor: Optional. The vendor.
78
80
  :param product: Optional. The product.
79
81
  :param version: Optional. The version.
80
- :param observables: Observables, list of observables.
81
- :param fields: str, comma-separated list of fields to include in incident data.
82
- :param verify_ssl: bool, handling ssl verification errors.
82
+ :param required_fields: Optional. A list of fields that are required to present in the generated data, whether
83
+ from observables or randomely.
84
+ :param observables: Optional. Observables, list of observables.
85
+ :param fields: Optional. comma-separated list of fields to include in incident data.
86
+ :param verify_ssl: Optional. handling ssl verification errors.
87
+ :param datetime_obj: Optional. time to start from.
88
+ :param data_json: Optional. JSON data to send.
89
+ :param data_text: Optional. Text data to send.
83
90
 
84
91
  :return: None
85
92
  """
93
+ if headers is None:
94
+ self.headers = {}
95
+ else:
96
+ self.headers = headers
86
97
  self.thread = None
87
98
  self.worker_name = worker_name
88
99
  self.data_type = data_type
@@ -91,6 +102,7 @@ class Sender:
91
102
  self.vendor = vendor
92
103
  self.product = product
93
104
  self.version = version
105
+ self.required_fields = required_fields
94
106
  self.destination = destination
95
107
  self.created_at = datetime.now()
96
108
  self.status = "Stopped"
@@ -98,6 +110,8 @@ class Sender:
98
110
  self.fields = fields
99
111
  self.verify_ssl = verify_ssl
100
112
  self.datetime_obj = datetime_obj
113
+ self.data_json = data_json
114
+ self.data_text = data_text
101
115
 
102
116
  def start(self) -> str:
103
117
  """
@@ -137,16 +151,21 @@ class Sender:
137
151
  try:
138
152
  self.count -= 1
139
153
  if self.data_type in ["SYSLOG", "CEF", "LEEF"]:
140
- if self.data_type == "SYSLOG":
141
- fake_message = Events.syslog(count=1, timestamp=self.datetime_obj, observables=self.observables)
142
- if self.data_type == "CEF":
143
- fake_message = Events.cef(count=1, timestamp=self.datetime_obj, vendor=self.vendor,
144
- product=self.product, version=self.version,
145
- observables=self.observables)
146
- if self.data_type == "LEEF":
147
- fake_message = Events.leef(count=1, timestamp=self.datetime_obj, vendor=self.vendor,
148
- product=self.product, version=self.version,
149
- observables=self.observables)
154
+ if self.data_text:
155
+ fake_message = [self.data_text]
156
+ else:
157
+ if self.data_type == "SYSLOG":
158
+ fake_message = Events.syslog(count=1, datetime_iso=self.datetime_obj,
159
+ observables=self.observables, required_fields=self.required_fields)
160
+ if self.data_type == "CEF":
161
+ fake_message = Events.cef(count=1, datetime_iso=self.datetime_obj, vendor=self.vendor,
162
+ product=self.product, version=self.version,
163
+ required_fields=self.required_fields, observables=self.observables)
164
+ if self.data_type == "LEEF":
165
+ fake_message = Events.leef(count=1, datetime_iso=self.datetime_obj, vendor=self.vendor,
166
+ product=self.product, version=self.version,
167
+ required_fields=self.required_fields,
168
+ observables=self.observables)
150
169
  ip_address = self.destination.split(':')[1]
151
170
  port = self.destination.split(':')[2]
152
171
  if 'tcp' in self.destination:
@@ -162,20 +181,29 @@ class Sender:
162
181
  print(f"Worker: {self.worker_name} sending log message to {ip_address} ")
163
182
  sock.sendto(fake_message[0].encode(), (ip_address, int(port)))
164
183
  elif self.data_type in ["JSON", "INCIDENT"]:
165
- if self.data_type == "JSON":
166
- fake_message = Events.json(count=1, timestamp=self.datetime_obj, observables=self.observables)
167
- if self.data_type == "INCIDENT":
168
- fake_message = [{
169
- "alert": Events.incidents(count=1, observables=self.observables, vendor=self.vendor,
170
- version=self.version, product=self.product, fields=self.fields)
171
- }]
184
+ if self.data_json:
185
+ fake_message = [self.data_json]
186
+ else:
187
+ if self.data_type == "JSON":
188
+ fake_message = Events.json(count=1, datetime_iso=self.datetime_obj,
189
+ observables=self.observables, vendor=self.vendor,
190
+ product=self.product, version=self.version,
191
+ required_fields=self.required_fields,)
192
+ if self.data_type == "INCIDENT":
193
+ fake_message = [{
194
+ "alert": Events.incidents(count=1, observables=self.observables, vendor=self.vendor,
195
+ version=self.version, product=self.product,
196
+ datetime_iso=self.datetime_obj,
197
+ required_fields=self.required_fields, fields=self.fields)
198
+ }]
172
199
  if '://' not in self.destination:
173
200
  url = 'http://' + self.destination
174
201
  else:
175
202
  url = self.destination
176
203
  warnings.filterwarnings("ignore", category=InsecureRequestWarning)
177
204
  print(f"Worker: {self.worker_name} sending log message to {url} ")
178
- response = requests.post(url, json=fake_message[0], timeout=(2, 5), verify=self.verify_ssl)
205
+ response = requests.post(url, json=fake_message[0], timeout=(2, 5), headers=self.headers,
206
+ verify=self.verify_ssl)
179
207
  response.raise_for_status()
180
208
  except (ConnectionRefusedError, socket.timeout, requests.exceptions.RequestException) as e:
181
209
  print(f"Connection error: {e}")
{rosetta-ce-1.4.9 → rosetta-ce-1.5.0/rosetta_ce.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: rosetta-ce
3
- Version: 1.4.9
3
+ Version: 1.5.0
4
4
  Summary: Rosetta is a Python package that can be used to fake security logs and alerts for testing different detection and response use cases.
5
5
  Home-page: https://github.com/ayman-m/rosetta
6
6
  Author: Ayman Mahmoud
{rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/setup.py RENAMED
@@ -5,7 +5,7 @@ with open("README.md", "r") as fh:
5
5
 
6
6
  setuptools.setup(
7
7
  name="rosetta-ce",
8
- version="1.4.9",
8
+ version="1.5.0",
9
9
  author="Ayman Mahmoud",
10
10
  author_email="content@ayman.online",
11
11
  description="Rosetta is a Python package that can be used to fake security logs and alerts for testing different "
{rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/LICENSE RENAMED
File without changes
{rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/README.md RENAMED
File without changes
{rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/rosetta/rfaker.py RENAMED
File without changes
{rosetta-ce-1.4.9 → rosetta-ce-1.5.0}/setup.cfg RENAMED
File without changes