PyPI - souleyez - Versions diffs - 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl - Mend

souleyez 2.43.28py3-none-any.whl → 2.43.32py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (356) hide show

souleyez/__init__.py +1 -2
souleyez/ai/__init__.py +21 -15
souleyez/ai/action_mapper.py +249 -150
souleyez/ai/chain_advisor.py +116 -100
souleyez/ai/claude_provider.py +29 -28
souleyez/ai/context_builder.py +80 -62
souleyez/ai/executor.py +158 -117
souleyez/ai/feedback_handler.py +136 -121
souleyez/ai/llm_factory.py +27 -20
souleyez/ai/llm_provider.py +4 -2
souleyez/ai/ollama_provider.py +6 -9
souleyez/ai/ollama_service.py +44 -37
souleyez/ai/path_scorer.py +91 -76
souleyez/ai/recommender.py +176 -144
souleyez/ai/report_context.py +74 -73
souleyez/ai/report_service.py +84 -66
souleyez/ai/result_parser.py +222 -229
souleyez/ai/safety.py +67 -44
souleyez/auth/__init__.py +23 -22
souleyez/auth/audit.py +36 -26
souleyez/auth/engagement_access.py +65 -48
souleyez/auth/permissions.py +14 -3
souleyez/auth/session_manager.py +54 -37
souleyez/auth/user_manager.py +109 -64
souleyez/commands/audit.py +40 -43
souleyez/commands/auth.py +35 -15
souleyez/commands/deliverables.py +55 -50
souleyez/commands/engagement.py +47 -28
souleyez/commands/license.py +32 -23
souleyez/commands/screenshots.py +36 -32
souleyez/commands/user.py +82 -36
souleyez/config.py +52 -44
souleyez/core/credential_tester.py +87 -81
souleyez/core/cve_mappings.py +179 -192
souleyez/core/cve_matcher.py +162 -148
souleyez/core/msf_auto_mapper.py +100 -83
souleyez/core/msf_chain_engine.py +294 -256
souleyez/core/msf_database.py +153 -70
souleyez/core/msf_integration.py +679 -673
souleyez/core/msf_rpc_client.py +40 -42
souleyez/core/msf_rpc_manager.py +77 -79
souleyez/core/msf_sync_manager.py +241 -181
souleyez/core/network_utils.py +22 -15
souleyez/core/parser_handler.py +34 -25
souleyez/core/pending_chains.py +114 -63
souleyez/core/templates.py +158 -107
souleyez/core/tool_chaining.py +9592 -2879
souleyez/core/version_utils.py +79 -94
souleyez/core/vuln_correlation.py +136 -89
souleyez/core/web_utils.py +33 -32
souleyez/data/wordlists/ad_users.txt +378 -0
souleyez/data/wordlists/api_endpoints_large.txt +769 -0
souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
souleyez/data/wordlists/lfi_payloads.txt +82 -0
souleyez/data/wordlists/passwords_brute.txt +1548 -0
souleyez/data/wordlists/passwords_crack.txt +2479 -0
souleyez/data/wordlists/passwords_spray.txt +386 -0
souleyez/data/wordlists/subdomains_large.txt +5057 -0
souleyez/data/wordlists/usernames_common.txt +694 -0
souleyez/data/wordlists/web_dirs_large.txt +4769 -0
souleyez/detection/__init__.py +1 -1
souleyez/detection/attack_signatures.py +12 -17
souleyez/detection/mitre_mappings.py +61 -55
souleyez/detection/validator.py +97 -86
souleyez/devtools.py +23 -10
souleyez/docs/README.md +4 -4
souleyez/docs/api-reference/cli-commands.md +2 -2
souleyez/docs/developer-guide/adding-new-tools.md +562 -0
souleyez/docs/user-guide/auto-chaining.md +30 -8
souleyez/docs/user-guide/getting-started.md +1 -1
souleyez/docs/user-guide/installation.md +26 -3
souleyez/docs/user-guide/metasploit-integration.md +2 -2
souleyez/docs/user-guide/rbac.md +1 -1
souleyez/docs/user-guide/scope-management.md +1 -1
souleyez/docs/user-guide/siem-integration.md +1 -1
souleyez/docs/user-guide/tools-reference.md +1 -8
souleyez/docs/user-guide/worker-management.md +1 -1
souleyez/engine/background.py +1238 -535
souleyez/engine/base.py +4 -1
souleyez/engine/job_status.py +17 -49
souleyez/engine/log_sanitizer.py +103 -77
souleyez/engine/manager.py +38 -7
souleyez/engine/result_handler.py +2198 -1550
souleyez/engine/worker_manager.py +50 -41
souleyez/export/evidence_bundle.py +72 -62
souleyez/feature_flags/features.py +16 -20
souleyez/feature_flags.py +5 -9
souleyez/handlers/__init__.py +11 -0
souleyez/handlers/base.py +188 -0
souleyez/handlers/bash_handler.py +277 -0
souleyez/handlers/bloodhound_handler.py +243 -0
souleyez/handlers/certipy_handler.py +311 -0
souleyez/handlers/crackmapexec_handler.py +486 -0
souleyez/handlers/dnsrecon_handler.py +344 -0
souleyez/handlers/enum4linux_handler.py +400 -0
souleyez/handlers/evil_winrm_handler.py +493 -0
souleyez/handlers/ffuf_handler.py +815 -0
souleyez/handlers/gobuster_handler.py +1114 -0
souleyez/handlers/gpp_extract_handler.py +334 -0
souleyez/handlers/hashcat_handler.py +444 -0
souleyez/handlers/hydra_handler.py +563 -0
souleyez/handlers/impacket_getuserspns_handler.py +343 -0
souleyez/handlers/impacket_psexec_handler.py +222 -0
souleyez/handlers/impacket_secretsdump_handler.py +426 -0
souleyez/handlers/john_handler.py +286 -0
souleyez/handlers/katana_handler.py +425 -0
souleyez/handlers/kerbrute_handler.py +298 -0
souleyez/handlers/ldapsearch_handler.py +636 -0
souleyez/handlers/lfi_extract_handler.py +464 -0
souleyez/handlers/msf_auxiliary_handler.py +408 -0
souleyez/handlers/msf_exploit_handler.py +380 -0
souleyez/handlers/nikto_handler.py +413 -0
souleyez/handlers/nmap_handler.py +821 -0
souleyez/handlers/nuclei_handler.py +359 -0
souleyez/handlers/nxc_handler.py +371 -0
souleyez/handlers/rdp_sec_check_handler.py +353 -0
souleyez/handlers/registry.py +288 -0
souleyez/handlers/responder_handler.py +232 -0
souleyez/handlers/service_explorer_handler.py +434 -0
souleyez/handlers/smbclient_handler.py +344 -0
souleyez/handlers/smbmap_handler.py +510 -0
souleyez/handlers/smbpasswd_handler.py +296 -0
souleyez/handlers/sqlmap_handler.py +1116 -0
souleyez/handlers/theharvester_handler.py +601 -0
souleyez/handlers/whois_handler.py +277 -0
souleyez/handlers/wpscan_handler.py +554 -0
souleyez/history.py +32 -16
souleyez/importers/msf_importer.py +106 -75
souleyez/importers/smart_importer.py +208 -147
souleyez/integrations/siem/__init__.py +10 -10
souleyez/integrations/siem/base.py +17 -18
souleyez/integrations/siem/elastic.py +108 -122
souleyez/integrations/siem/factory.py +207 -80
souleyez/integrations/siem/googlesecops.py +146 -154
souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
souleyez/integrations/siem/sentinel.py +107 -109
souleyez/integrations/siem/splunk.py +246 -212
souleyez/integrations/siem/wazuh.py +65 -71
souleyez/integrations/wazuh/__init__.py +5 -5
souleyez/integrations/wazuh/client.py +70 -93
souleyez/integrations/wazuh/config.py +85 -57
souleyez/integrations/wazuh/host_mapper.py +28 -36
souleyez/integrations/wazuh/sync.py +78 -68
souleyez/intelligence/__init__.py +4 -5
souleyez/intelligence/correlation_analyzer.py +309 -295
souleyez/intelligence/exploit_knowledge.py +661 -623
souleyez/intelligence/exploit_suggestions.py +159 -139
souleyez/intelligence/gap_analyzer.py +132 -97
souleyez/intelligence/gap_detector.py +251 -214
souleyez/intelligence/sensitive_tables.py +266 -129
souleyez/intelligence/service_parser.py +137 -123
souleyez/intelligence/surface_analyzer.py +407 -268
souleyez/intelligence/target_parser.py +159 -162
souleyez/licensing/__init__.py +6 -6
souleyez/licensing/validator.py +17 -19
souleyez/log_config.py +79 -54
souleyez/main.py +1505 -687
souleyez/migrations/fix_job_counter.py +16 -14
souleyez/parsers/bloodhound_parser.py +41 -39
souleyez/parsers/crackmapexec_parser.py +178 -111
souleyez/parsers/dalfox_parser.py +72 -77
souleyez/parsers/dnsrecon_parser.py +103 -91
souleyez/parsers/enum4linux_parser.py +183 -153
souleyez/parsers/ffuf_parser.py +29 -25
souleyez/parsers/gobuster_parser.py +301 -41
souleyez/parsers/hashcat_parser.py +324 -79
souleyez/parsers/http_fingerprint_parser.py +350 -103
souleyez/parsers/hydra_parser.py +131 -111
souleyez/parsers/impacket_parser.py +231 -178
souleyez/parsers/john_parser.py +98 -86
souleyez/parsers/katana_parser.py +316 -0
souleyez/parsers/msf_parser.py +943 -498
souleyez/parsers/nikto_parser.py +346 -65
souleyez/parsers/nmap_parser.py +262 -174
souleyez/parsers/nuclei_parser.py +40 -44
souleyez/parsers/responder_parser.py +26 -26
souleyez/parsers/searchsploit_parser.py +74 -74
souleyez/parsers/service_explorer_parser.py +279 -0
souleyez/parsers/smbmap_parser.py +180 -124
souleyez/parsers/sqlmap_parser.py +434 -308
souleyez/parsers/theharvester_parser.py +75 -57
souleyez/parsers/whois_parser.py +135 -94
souleyez/parsers/wpscan_parser.py +278 -190
souleyez/plugins/afp.py +44 -36
souleyez/plugins/afp_brute.py +114 -46
souleyez/plugins/ard.py +48 -37
souleyez/plugins/bloodhound.py +95 -61
souleyez/plugins/certipy.py +303 -0
souleyez/plugins/crackmapexec.py +186 -85
souleyez/plugins/dalfox.py +120 -59
souleyez/plugins/dns_hijack.py +146 -41
souleyez/plugins/dnsrecon.py +97 -61
souleyez/plugins/enum4linux.py +91 -66
souleyez/plugins/evil_winrm.py +291 -0
souleyez/plugins/ffuf.py +166 -90
souleyez/plugins/firmware_extract.py +133 -29
souleyez/plugins/gobuster.py +387 -190
souleyez/plugins/gpp_extract.py +393 -0
souleyez/plugins/hashcat.py +100 -73
souleyez/plugins/http_fingerprint.py +854 -267
souleyez/plugins/hydra.py +566 -200
souleyez/plugins/impacket_getnpusers.py +117 -69
souleyez/plugins/impacket_psexec.py +84 -64
souleyez/plugins/impacket_secretsdump.py +103 -69
souleyez/plugins/impacket_smbclient.py +89 -75
souleyez/plugins/john.py +86 -69
souleyez/plugins/katana.py +313 -0
souleyez/plugins/kerbrute.py +237 -0
souleyez/plugins/lfi_extract.py +541 -0
souleyez/plugins/macos_ssh.py +117 -48
souleyez/plugins/mdns.py +35 -30
souleyez/plugins/msf_auxiliary.py +253 -130
souleyez/plugins/msf_exploit.py +239 -161
souleyez/plugins/nikto.py +134 -78
souleyez/plugins/nmap.py +275 -91
souleyez/plugins/nuclei.py +180 -89
souleyez/plugins/nxc.py +285 -0
souleyez/plugins/plugin_base.py +35 -36
souleyez/plugins/plugin_template.py +13 -5
souleyez/plugins/rdp_sec_check.py +130 -0
souleyez/plugins/responder.py +112 -71
souleyez/plugins/router_http_brute.py +76 -65
souleyez/plugins/router_ssh_brute.py +118 -41
souleyez/plugins/router_telnet_brute.py +124 -42
souleyez/plugins/routersploit.py +91 -59
souleyez/plugins/routersploit_exploit.py +77 -55
souleyez/plugins/searchsploit.py +91 -77
souleyez/plugins/service_explorer.py +1160 -0
souleyez/plugins/smbmap.py +122 -72
souleyez/plugins/smbpasswd.py +215 -0
souleyez/plugins/sqlmap.py +301 -113
souleyez/plugins/theharvester.py +127 -75
souleyez/plugins/tr069.py +79 -57
souleyez/plugins/upnp.py +65 -47
souleyez/plugins/upnp_abuse.py +73 -55
souleyez/plugins/vnc_access.py +129 -42
souleyez/plugins/vnc_brute.py +109 -38
souleyez/plugins/whois.py +77 -58
souleyez/plugins/wpscan.py +173 -69
souleyez/reporting/__init__.py +2 -1
souleyez/reporting/attack_chain.py +411 -346
souleyez/reporting/charts.py +436 -501
souleyez/reporting/compliance_mappings.py +334 -201
souleyez/reporting/detection_report.py +126 -125
souleyez/reporting/formatters.py +828 -591
souleyez/reporting/generator.py +386 -302
souleyez/reporting/metrics.py +72 -75
souleyez/scanner.py +35 -29
souleyez/security/__init__.py +37 -11
souleyez/security/scope_validator.py +175 -106
souleyez/security/validation.py +223 -149
souleyez/security.py +22 -6
souleyez/storage/credentials.py +247 -186
souleyez/storage/crypto.py +296 -129
souleyez/storage/database.py +73 -50
souleyez/storage/db.py +58 -36
souleyez/storage/deliverable_evidence.py +177 -128
souleyez/storage/deliverable_exporter.py +282 -246
souleyez/storage/deliverable_templates.py +134 -116
souleyez/storage/deliverables.py +135 -130
souleyez/storage/engagements.py +109 -56
souleyez/storage/evidence.py +181 -152
souleyez/storage/execution_log.py +31 -17
souleyez/storage/exploit_attempts.py +93 -57
souleyez/storage/exploits.py +67 -36
souleyez/storage/findings.py +48 -61
souleyez/storage/hosts.py +176 -144
souleyez/storage/migrate_to_engagements.py +43 -19
souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
souleyez/storage/migrations/_003_add_execution_log.py +14 -8
souleyez/storage/migrations/_005_screenshots.py +13 -5
souleyez/storage/migrations/_006_deliverables.py +13 -5
souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
souleyez/storage/migrations/_010_evidence_linking.py +17 -10
souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
souleyez/storage/migrations/_012_team_collaboration.py +34 -21
souleyez/storage/migrations/_013_add_host_tags.py +12 -6
souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
souleyez/storage/migrations/_016_add_domain_field.py +10 -4
souleyez/storage/migrations/_017_msf_sessions.py +16 -8
souleyez/storage/migrations/_018_add_osint_target.py +10 -6
souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
souleyez/storage/migrations/_020_add_rbac.py +36 -15
souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
souleyez/storage/migrations/__init__.py +26 -26
souleyez/storage/migrations/migration_manager.py +19 -19
souleyez/storage/msf_sessions.py +100 -65
souleyez/storage/osint.py +17 -24
souleyez/storage/recommendation_engine.py +269 -235
souleyez/storage/screenshots.py +33 -32
souleyez/storage/smb_shares.py +136 -92
souleyez/storage/sqlmap_data.py +183 -128
souleyez/storage/team_collaboration.py +135 -141
souleyez/storage/timeline_tracker.py +122 -94
souleyez/storage/wazuh_vulns.py +64 -66
souleyez/storage/web_paths.py +33 -37
souleyez/testing/credential_tester.py +221 -205
souleyez/ui/__init__.py +1 -1
souleyez/ui/ai_quotes.py +12 -12
souleyez/ui/attack_surface.py +2439 -1516
souleyez/ui/chain_rules_view.py +914 -382
souleyez/ui/correlation_view.py +312 -230
souleyez/ui/dashboard.py +2382 -1130
souleyez/ui/deliverables_view.py +148 -62
souleyez/ui/design_system.py +13 -13
souleyez/ui/errors.py +49 -49
souleyez/ui/evidence_linking_view.py +284 -179
souleyez/ui/evidence_vault.py +393 -285
souleyez/ui/exploit_suggestions_view.py +555 -349
souleyez/ui/export_view.py +100 -66
souleyez/ui/gap_analysis_view.py +315 -171
souleyez/ui/help_system.py +105 -97
souleyez/ui/intelligence_view.py +436 -293
souleyez/ui/interactive.py +23142 -10430
souleyez/ui/interactive_selector.py +75 -68
souleyez/ui/log_formatter.py +47 -39
souleyez/ui/menu_components.py +22 -13
souleyez/ui/msf_auxiliary_menu.py +184 -133
souleyez/ui/pending_chains_view.py +336 -172
souleyez/ui/progress_indicators.py +5 -3
souleyez/ui/recommendations_view.py +195 -137
souleyez/ui/rule_builder.py +343 -225
souleyez/ui/setup_wizard.py +678 -284
souleyez/ui/shortcuts.py +217 -165
souleyez/ui/splunk_gap_analysis_view.py +452 -270
souleyez/ui/splunk_vulns_view.py +139 -86
souleyez/ui/team_dashboard.py +498 -335
souleyez/ui/template_selector.py +196 -105
souleyez/ui/terminal.py +6 -6
souleyez/ui/timeline_view.py +198 -127
souleyez/ui/tool_setup.py +264 -164
souleyez/ui/tutorial.py +202 -72
souleyez/ui/tutorial_state.py +40 -40
souleyez/ui/wazuh_vulns_view.py +235 -141
souleyez/ui/wordlist_browser.py +260 -107
souleyez/ui.py +464 -312
souleyez/utils/tool_checker.py +427 -367
souleyez/utils.py +33 -29
souleyez/wordlists.py +134 -167
{souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/METADATA +1 -1
souleyez-2.43.32.dist-info/RECORD +441 -0
{souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/WHEEL +1 -1
souleyez-2.43.28.dist-info/RECORD +0 -379
{souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/entry_points.txt +0 -0
{souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/licenses/LICENSE +0 -0
{souleyez-2.43.28.dist-info → souleyez-2.43.32.dist-info}/top_level.txt +0 -0

souleyez/integrations/siem/wazuh.py CHANGED Viewed

@@ -35,7 +35,7 @@ class WazuhSIEMClient(SIEMClient):
         verify_ssl: bool = False,
         indexer_url: Optional[str] = None,
         indexer_user: Optional[str] = None,
-        indexer_password: Optional[str] = None
+        indexer_password: Optional[str] = None,
     ):
         """Initialize Wazuh SIEM client.
@@ -57,11 +57,11 @@ class WazuhSIEMClient(SIEMClient):
             verify_ssl=verify_ssl,
             indexer_url=indexer_url,
             indexer_user=indexer_user,
-            indexer_password=indexer_password
+            indexer_password=indexer_password,
         )
     @classmethod
-    def from_config(cls, config: Dict[str, Any]) -> 'WazuhSIEMClient':
+    def from_config(cls, config: Dict[str, Any]) -> "WazuhSIEMClient":
         """Create client from configuration dictionary.
         Args:
@@ -71,19 +71,19 @@ class WazuhSIEMClient(SIEMClient):
             WazuhSIEMClient instance
         """
         return cls(
-            api_url=config.get('api_url', ''),
-            username=config.get('username', ''),
-            password=config.get('password', ''),
-            verify_ssl=config.get('verify_ssl', False),
-            indexer_url=config.get('indexer_url'),
-            indexer_user=config.get('indexer_user'),
-            indexer_password=config.get('indexer_password'),
+            api_url=config.get("api_url", ""),
+            username=config.get("username", ""),
+            password=config.get("password", ""),
+            verify_ssl=config.get("verify_ssl", False),
+            indexer_url=config.get("indexer_url"),
+            indexer_user=config.get("indexer_user"),
+            indexer_password=config.get("indexer_password"),
         )
     @property
     def siem_type(self) -> str:
         """Return the SIEM type identifier."""
-        return 'wazuh'
+        return "wazuh"
     def test_connection(self) -> SIEMConnectionStatus:
         """Test connection to Wazuh Manager.
@@ -94,14 +94,14 @@ class WazuhSIEMClient(SIEMClient):
         result = self._client.test_connection()
         return SIEMConnectionStatus(
-            connected=result.get('connected', False),
-            version=result.get('version', ''),
-            error=result.get('error', ''),
-            siem_type='wazuh',
+            connected=result.get("connected", False),
+            version=result.get("version", ""),
+            error=result.get("error", ""),
+            siem_type="wazuh",
             details={
-                'hostname': result.get('hostname', ''),
-                'cluster': result.get('cluster', False),
-            }
+                "hostname": result.get("hostname", ""),
+                "cluster": result.get("cluster", False),
+            },
         )
     def get_alerts(
@@ -112,7 +112,7 @@ class WazuhSIEMClient(SIEMClient):
         dest_ip: Optional[str] = None,
         rule_ids: Optional[List[str]] = None,
         search_text: Optional[str] = None,
-        limit: int = 100
+        limit: int = 100,
     ) -> List[SIEMAlert]:
         """Query alerts from Wazuh Indexer.
@@ -143,7 +143,7 @@ class WazuhSIEMClient(SIEMClient):
             agent_ip=filter_ip,
             rule_ids=int_rule_ids,
             search_text=search_text,
-            limit=limit
+            limit=limit,
         )
         return [self._normalize_alert(alert) for alert in raw_alerts]
@@ -158,37 +158,31 @@ class WazuhSIEMClient(SIEMClient):
             Normalized SIEMAlert
         """
         # Extract timestamp
-        timestamp_str = raw_alert.get('timestamp', '')
+        timestamp_str = raw_alert.get("timestamp", "")
         try:
-            timestamp = datetime.fromisoformat(
-                timestamp_str.replace('Z', '+00:00')
-            )
+            timestamp = datetime.fromisoformat(timestamp_str.replace("Z", "+00:00"))
         except (ValueError, AttributeError):
             timestamp = datetime.now()
         # Extract rule info
-        rule = raw_alert.get('rule', {})
-        rule_id = str(rule.get('id', ''))
-        rule_name = rule.get('description', '')
-        severity = self._map_level_to_severity(rule.get('level', 0))
+        rule = raw_alert.get("rule", {})
+        rule_id = str(rule.get("id", ""))
+        rule_name = rule.get("description", "")
+        severity = self._map_level_to_severity(rule.get("level", 0))
         # Extract IPs from various fields
-        data = raw_alert.get('data', {})
+        data = raw_alert.get("data", {})
         source_ip = (
-            data.get('srcip') or
-            data.get('src_ip') or
-            raw_alert.get('agent', {}).get('ip')
-        )
-        dest_ip = (
-            data.get('dstip') or
-            data.get('dst_ip') or
-            data.get('dstIp')
+            data.get("srcip")
+            or data.get("src_ip")
+            or raw_alert.get("agent", {}).get("ip")
         )
+        dest_ip = data.get("dstip") or data.get("dst_ip") or data.get("dstIp")
         # Extract MITRE info
-        mitre = rule.get('mitre', {})
-        mitre_tactics = mitre.get('tactic', [])
-        mitre_techniques = mitre.get('id', [])
+        mitre = rule.get("mitre", {})
+        mitre_tactics = mitre.get("tactic", [])
+        mitre_techniques = mitre.get("id", [])
         # Ensure lists
         if isinstance(mitre_tactics, str):
@@ -197,14 +191,14 @@ class WazuhSIEMClient(SIEMClient):
             mitre_techniques = [mitre_techniques]
         return SIEMAlert(
-            id=raw_alert.get('_id', raw_alert.get('id', '')),
+            id=raw_alert.get("_id", raw_alert.get("id", "")),
             timestamp=timestamp,
             rule_id=rule_id,
             rule_name=rule_name,
             severity=severity,
             source_ip=source_ip,
             dest_ip=dest_ip,
-            description=rule.get('description', ''),
+            description=rule.get("description", ""),
             raw_data=raw_alert,
             mitre_tactics=mitre_tactics,
             mitre_techniques=mitre_techniques,
@@ -220,18 +214,16 @@ class WazuhSIEMClient(SIEMClient):
         - 12-15: Critical
         """
         if level >= 12:
-            return 'critical'
+            return "critical"
         elif level >= 8:
-            return 'high'
+            return "high"
         elif level >= 4:
-            return 'medium'
+            return "medium"
         else:
-            return 'low'
+            return "low"
     def get_rules(
-        self,
-        rule_ids: Optional[List[str]] = None,
-        enabled_only: bool = True
+        self, rule_ids: Optional[List[str]] = None, enabled_only: bool = True
     ) -> List[SIEMRule]:
         """Get detection rules from Wazuh Manager.
@@ -252,14 +244,14 @@ class WazuhSIEMClient(SIEMClient):
         rules = []
         for raw_rule in raw_rules:
             # Skip disabled rules if requested
-            status = raw_rule.get('status', 'enabled')
-            if enabled_only and status != 'enabled':
+            status = raw_rule.get("status", "enabled")
+            if enabled_only and status != "enabled":
                 continue
             # Extract MITRE info
-            mitre = raw_rule.get('mitre', {})
-            mitre_tactics = mitre.get('tactic', [])
-            mitre_techniques = mitre.get('id', [])
+            mitre = raw_rule.get("mitre", {})
+            mitre_tactics = mitre.get("tactic", [])
+            mitre_techniques = mitre.get("id", [])
             if isinstance(mitre_tactics, str):
                 mitre_tactics = [mitre_tactics]
@@ -267,11 +259,11 @@ class WazuhSIEMClient(SIEMClient):
                 mitre_techniques = [mitre_techniques]
             rule = SIEMRule(
-                id=str(raw_rule.get('id', '')),
-                name=raw_rule.get('description', ''),
-                description=raw_rule.get('description', ''),
-                severity=self._map_level_to_severity(raw_rule.get('level', 0)),
-                enabled=(status == 'enabled'),
+                id=str(raw_rule.get("id", "")),
+                name=raw_rule.get("description", ""),
+                description=raw_rule.get("description", ""),
+                severity=self._map_level_to_severity(raw_rule.get("level", 0)),
+                enabled=(status == "enabled"),
                 mitre_tactics=mitre_tactics,
                 mitre_techniques=mitre_techniques,
                 raw_data=raw_rule,
@@ -292,18 +284,20 @@ class WazuhSIEMClient(SIEMClient):
         rules_info = get_wazuh_rules_for_attack(attack_type)
         recommendations = []
-        rule_ids = rules_info.get('rule_ids', [])
-        rule_names = rules_info.get('rule_names', {})
+        rule_ids = rules_info.get("rule_ids", [])
+        rule_names = rules_info.get("rule_names", {})
         for rule_id in rule_ids:
-            recommendations.append({
-                'rule_id': str(rule_id),
-                'rule_name': rule_names.get(rule_id, f'Rule {rule_id}'),
-                'description': f'Wazuh rule for detecting {attack_type} attacks',
-                'severity': 'high',
-                'enabled': True,  # Assume enabled by default
-                'siem_type': 'wazuh',
-            })
+            recommendations.append(
+                {
+                    "rule_id": str(rule_id),
+                    "rule_name": rule_names.get(rule_id, f"Rule {rule_id}"),
+                    "description": f"Wazuh rule for detecting {attack_type} attacks",
+                    "severity": "high",
+                    "enabled": True,  # Assume enabled by default
+                    "siem_type": "wazuh",
+                }
+            )
         return recommendations
@@ -318,6 +312,6 @@ class WazuhSIEMClient(SIEMClient):
         """
         rules_info = get_wazuh_rules_for_attack(attack_type)
         return rules_info.get(
-            'detection_guidance',
-            'Review SIEM rule configuration for this attack category.'
+            "detection_guidance",
+            "Review SIEM rule configuration for this attack category.",
         )

souleyez/integrations/wazuh/__init__.py CHANGED Viewed

@@ -5,9 +5,9 @@ from .host_mapper import WazuhHostMapper
 from .sync import WazuhVulnSync, SyncResult
 __all__ = [
-    'WazuhClient',
-    'WazuhConfig',
-    'WazuhHostMapper',
-    'WazuhVulnSync',
-    'SyncResult'
+    "WazuhClient",
+    "WazuhConfig",
+    "WazuhHostMapper",
+    "WazuhVulnSync",
+    "SyncResult",
 ]

souleyez 2.43.28__py3-none-any.whl → 2.43.32__py3-none-any.whl

souleyez 2.43.28py3-none-any.whl → 2.43.32py3-none-any.whl