PyPI - souleyez - Versions diffs - 2.43.29__py3-none-any.whl → 3.0.0__py3-none-any.whl - Mend

souleyez 2.43.29py3-none-any.whl → 3.0.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (358) hide show

souleyez/__init__.py +1 -2
souleyez/ai/__init__.py +21 -15
souleyez/ai/action_mapper.py +249 -150
souleyez/ai/chain_advisor.py +116 -100
souleyez/ai/claude_provider.py +29 -28
souleyez/ai/context_builder.py +80 -62
souleyez/ai/executor.py +158 -117
souleyez/ai/feedback_handler.py +136 -121
souleyez/ai/llm_factory.py +27 -20
souleyez/ai/llm_provider.py +4 -2
souleyez/ai/ollama_provider.py +6 -9
souleyez/ai/ollama_service.py +44 -37
souleyez/ai/path_scorer.py +91 -76
souleyez/ai/recommender.py +176 -144
souleyez/ai/report_context.py +74 -73
souleyez/ai/report_service.py +84 -66
souleyez/ai/result_parser.py +222 -229
souleyez/ai/safety.py +67 -44
souleyez/auth/__init__.py +23 -22
souleyez/auth/audit.py +36 -26
souleyez/auth/engagement_access.py +65 -48
souleyez/auth/permissions.py +14 -3
souleyez/auth/session_manager.py +54 -37
souleyez/auth/user_manager.py +109 -64
souleyez/commands/audit.py +40 -43
souleyez/commands/auth.py +35 -15
souleyez/commands/deliverables.py +55 -50
souleyez/commands/engagement.py +47 -28
souleyez/commands/license.py +32 -23
souleyez/commands/screenshots.py +36 -32
souleyez/commands/user.py +82 -36
souleyez/config.py +52 -44
souleyez/core/credential_tester.py +87 -81
souleyez/core/cve_mappings.py +179 -192
souleyez/core/cve_matcher.py +162 -148
souleyez/core/msf_auto_mapper.py +100 -83
souleyez/core/msf_chain_engine.py +294 -256
souleyez/core/msf_database.py +153 -70
souleyez/core/msf_integration.py +679 -673
souleyez/core/msf_rpc_client.py +40 -42
souleyez/core/msf_rpc_manager.py +77 -79
souleyez/core/msf_sync_manager.py +241 -181
souleyez/core/network_utils.py +22 -15
souleyez/core/parser_handler.py +34 -25
souleyez/core/pending_chains.py +114 -63
souleyez/core/templates.py +158 -107
souleyez/core/tool_chaining.py +9564 -2881
souleyez/core/version_utils.py +79 -94
souleyez/core/vuln_correlation.py +136 -89
souleyez/core/web_utils.py +33 -32
souleyez/data/wordlists/ad_users.txt +378 -0
souleyez/data/wordlists/api_endpoints_large.txt +769 -0
souleyez/data/wordlists/home_dir_sensitive.txt +39 -0
souleyez/data/wordlists/lfi_payloads.txt +82 -0
souleyez/data/wordlists/passwords_brute.txt +1548 -0
souleyez/data/wordlists/passwords_crack.txt +2479 -0
souleyez/data/wordlists/passwords_spray.txt +386 -0
souleyez/data/wordlists/subdomains_large.txt +5057 -0
souleyez/data/wordlists/usernames_common.txt +694 -0
souleyez/data/wordlists/web_dirs_large.txt +4769 -0
souleyez/detection/__init__.py +1 -1
souleyez/detection/attack_signatures.py +12 -17
souleyez/detection/mitre_mappings.py +61 -55
souleyez/detection/validator.py +97 -86
souleyez/devtools.py +23 -10
souleyez/docs/README.md +4 -4
souleyez/docs/api-reference/cli-commands.md +2 -2
souleyez/docs/developer-guide/adding-new-tools.md +562 -0
souleyez/docs/user-guide/auto-chaining.md +30 -8
souleyez/docs/user-guide/getting-started.md +1 -1
souleyez/docs/user-guide/installation.md +26 -3
souleyez/docs/user-guide/metasploit-integration.md +2 -2
souleyez/docs/user-guide/rbac.md +1 -1
souleyez/docs/user-guide/scope-management.md +1 -1
souleyez/docs/user-guide/siem-integration.md +1 -1
souleyez/docs/user-guide/tools-reference.md +1 -8
souleyez/docs/user-guide/worker-management.md +1 -1
souleyez/engine/background.py +1239 -535
souleyez/engine/base.py +4 -1
souleyez/engine/job_status.py +17 -49
souleyez/engine/log_sanitizer.py +103 -77
souleyez/engine/manager.py +38 -7
souleyez/engine/result_handler.py +2200 -1550
souleyez/engine/worker_manager.py +50 -41
souleyez/export/evidence_bundle.py +72 -62
souleyez/feature_flags/features.py +16 -20
souleyez/feature_flags.py +5 -9
souleyez/handlers/__init__.py +11 -0
souleyez/handlers/base.py +188 -0
souleyez/handlers/bash_handler.py +277 -0
souleyez/handlers/bloodhound_handler.py +243 -0
souleyez/handlers/certipy_handler.py +311 -0
souleyez/handlers/crackmapexec_handler.py +486 -0
souleyez/handlers/dnsrecon_handler.py +344 -0
souleyez/handlers/enum4linux_handler.py +400 -0
souleyez/handlers/evil_winrm_handler.py +493 -0
souleyez/handlers/ffuf_handler.py +815 -0
souleyez/handlers/gobuster_handler.py +1114 -0
souleyez/handlers/gpp_extract_handler.py +334 -0
souleyez/handlers/hashcat_handler.py +444 -0
souleyez/handlers/hydra_handler.py +564 -0
souleyez/handlers/impacket_getuserspns_handler.py +343 -0
souleyez/handlers/impacket_psexec_handler.py +222 -0
souleyez/handlers/impacket_secretsdump_handler.py +426 -0
souleyez/handlers/john_handler.py +286 -0
souleyez/handlers/katana_handler.py +425 -0
souleyez/handlers/kerbrute_handler.py +298 -0
souleyez/handlers/ldapsearch_handler.py +636 -0
souleyez/handlers/lfi_extract_handler.py +464 -0
souleyez/handlers/msf_auxiliary_handler.py +409 -0
souleyez/handlers/msf_exploit_handler.py +380 -0
souleyez/handlers/nikto_handler.py +413 -0
souleyez/handlers/nmap_handler.py +821 -0
souleyez/handlers/nuclei_handler.py +359 -0
souleyez/handlers/nxc_handler.py +417 -0
souleyez/handlers/rdp_sec_check_handler.py +353 -0
souleyez/handlers/registry.py +292 -0
souleyez/handlers/responder_handler.py +232 -0
souleyez/handlers/service_explorer_handler.py +434 -0
souleyez/handlers/smbclient_handler.py +344 -0
souleyez/handlers/smbmap_handler.py +510 -0
souleyez/handlers/smbpasswd_handler.py +296 -0
souleyez/handlers/sqlmap_handler.py +1116 -0
souleyez/handlers/theharvester_handler.py +601 -0
souleyez/handlers/web_login_test_handler.py +327 -0
souleyez/handlers/whois_handler.py +277 -0
souleyez/handlers/wpscan_handler.py +554 -0
souleyez/history.py +32 -16
souleyez/importers/msf_importer.py +106 -75
souleyez/importers/smart_importer.py +208 -147
souleyez/integrations/siem/__init__.py +10 -10
souleyez/integrations/siem/base.py +17 -18
souleyez/integrations/siem/elastic.py +108 -122
souleyez/integrations/siem/factory.py +207 -80
souleyez/integrations/siem/googlesecops.py +146 -154
souleyez/integrations/siem/rule_mappings/__init__.py +1 -1
souleyez/integrations/siem/rule_mappings/wazuh_rules.py +8 -5
souleyez/integrations/siem/sentinel.py +107 -109
souleyez/integrations/siem/splunk.py +246 -212
souleyez/integrations/siem/wazuh.py +65 -71
souleyez/integrations/wazuh/__init__.py +5 -5
souleyez/integrations/wazuh/client.py +70 -93
souleyez/integrations/wazuh/config.py +85 -57
souleyez/integrations/wazuh/host_mapper.py +28 -36
souleyez/integrations/wazuh/sync.py +78 -68
souleyez/intelligence/__init__.py +4 -5
souleyez/intelligence/correlation_analyzer.py +309 -295
souleyez/intelligence/exploit_knowledge.py +661 -623
souleyez/intelligence/exploit_suggestions.py +159 -139
souleyez/intelligence/gap_analyzer.py +132 -97
souleyez/intelligence/gap_detector.py +251 -214
souleyez/intelligence/sensitive_tables.py +266 -129
souleyez/intelligence/service_parser.py +137 -123
souleyez/intelligence/surface_analyzer.py +407 -268
souleyez/intelligence/target_parser.py +159 -162
souleyez/licensing/__init__.py +6 -6
souleyez/licensing/validator.py +17 -19
souleyez/log_config.py +79 -54
souleyez/main.py +1505 -687
souleyez/migrations/fix_job_counter.py +16 -14
souleyez/parsers/bloodhound_parser.py +41 -39
souleyez/parsers/crackmapexec_parser.py +178 -111
souleyez/parsers/dalfox_parser.py +72 -77
souleyez/parsers/dnsrecon_parser.py +103 -91
souleyez/parsers/enum4linux_parser.py +183 -153
souleyez/parsers/ffuf_parser.py +29 -25
souleyez/parsers/gobuster_parser.py +301 -41
souleyez/parsers/hashcat_parser.py +324 -79
souleyez/parsers/http_fingerprint_parser.py +350 -103
souleyez/parsers/hydra_parser.py +131 -111
souleyez/parsers/impacket_parser.py +231 -178
souleyez/parsers/john_parser.py +98 -86
souleyez/parsers/katana_parser.py +316 -0
souleyez/parsers/msf_parser.py +943 -498
souleyez/parsers/nikto_parser.py +346 -65
souleyez/parsers/nmap_parser.py +262 -174
souleyez/parsers/nuclei_parser.py +40 -44
souleyez/parsers/responder_parser.py +26 -26
souleyez/parsers/searchsploit_parser.py +74 -74
souleyez/parsers/service_explorer_parser.py +279 -0
souleyez/parsers/smbmap_parser.py +180 -124
souleyez/parsers/sqlmap_parser.py +434 -308
souleyez/parsers/theharvester_parser.py +75 -57
souleyez/parsers/whois_parser.py +135 -94
souleyez/parsers/wpscan_parser.py +278 -190
souleyez/plugins/afp.py +44 -36
souleyez/plugins/afp_brute.py +114 -46
souleyez/plugins/ard.py +48 -37
souleyez/plugins/bloodhound.py +95 -61
souleyez/plugins/certipy.py +303 -0
souleyez/plugins/crackmapexec.py +186 -85
souleyez/plugins/dalfox.py +120 -59
souleyez/plugins/dns_hijack.py +146 -41
souleyez/plugins/dnsrecon.py +97 -61
souleyez/plugins/enum4linux.py +91 -66
souleyez/plugins/evil_winrm.py +291 -0
souleyez/plugins/ffuf.py +166 -90
souleyez/plugins/firmware_extract.py +133 -29
souleyez/plugins/gobuster.py +387 -190
souleyez/plugins/gpp_extract.py +393 -0
souleyez/plugins/hashcat.py +100 -73
souleyez/plugins/http_fingerprint.py +913 -267
souleyez/plugins/hydra.py +566 -200
souleyez/plugins/impacket_getnpusers.py +117 -69
souleyez/plugins/impacket_psexec.py +84 -64
souleyez/plugins/impacket_secretsdump.py +103 -69
souleyez/plugins/impacket_smbclient.py +89 -75
souleyez/plugins/john.py +86 -69
souleyez/plugins/katana.py +313 -0
souleyez/plugins/kerbrute.py +237 -0
souleyez/plugins/lfi_extract.py +541 -0
souleyez/plugins/macos_ssh.py +117 -48
souleyez/plugins/mdns.py +35 -30
souleyez/plugins/msf_auxiliary.py +253 -130
souleyez/plugins/msf_exploit.py +239 -161
souleyez/plugins/nikto.py +134 -78
souleyez/plugins/nmap.py +275 -91
souleyez/plugins/nuclei.py +180 -89
souleyez/plugins/nxc.py +285 -0
souleyez/plugins/plugin_base.py +35 -36
souleyez/plugins/plugin_template.py +13 -5
souleyez/plugins/rdp_sec_check.py +130 -0
souleyez/plugins/responder.py +112 -71
souleyez/plugins/router_http_brute.py +76 -65
souleyez/plugins/router_ssh_brute.py +118 -41
souleyez/plugins/router_telnet_brute.py +124 -42
souleyez/plugins/routersploit.py +91 -59
souleyez/plugins/routersploit_exploit.py +77 -55
souleyez/plugins/searchsploit.py +91 -77
souleyez/plugins/service_explorer.py +1160 -0
souleyez/plugins/smbmap.py +122 -72
souleyez/plugins/smbpasswd.py +215 -0
souleyez/plugins/sqlmap.py +301 -113
souleyez/plugins/theharvester.py +127 -75
souleyez/plugins/tr069.py +79 -57
souleyez/plugins/upnp.py +65 -47
souleyez/plugins/upnp_abuse.py +73 -55
souleyez/plugins/vnc_access.py +129 -42
souleyez/plugins/vnc_brute.py +109 -38
souleyez/plugins/web_login_test.py +417 -0
souleyez/plugins/whois.py +77 -58
souleyez/plugins/wpscan.py +219 -69
souleyez/reporting/__init__.py +2 -1
souleyez/reporting/attack_chain.py +411 -346
souleyez/reporting/charts.py +436 -501
souleyez/reporting/compliance_mappings.py +334 -201
souleyez/reporting/detection_report.py +126 -125
souleyez/reporting/formatters.py +828 -591
souleyez/reporting/generator.py +386 -302
souleyez/reporting/metrics.py +72 -75
souleyez/scanner.py +35 -29
souleyez/security/__init__.py +37 -11
souleyez/security/scope_validator.py +175 -106
souleyez/security/validation.py +237 -149
souleyez/security.py +22 -6
souleyez/storage/credentials.py +247 -186
souleyez/storage/crypto.py +296 -129
souleyez/storage/database.py +73 -50
souleyez/storage/db.py +58 -36
souleyez/storage/deliverable_evidence.py +177 -128
souleyez/storage/deliverable_exporter.py +282 -246
souleyez/storage/deliverable_templates.py +134 -116
souleyez/storage/deliverables.py +135 -130
souleyez/storage/engagements.py +109 -56
souleyez/storage/evidence.py +181 -152
souleyez/storage/execution_log.py +31 -17
souleyez/storage/exploit_attempts.py +93 -57
souleyez/storage/exploits.py +67 -36
souleyez/storage/findings.py +48 -61
souleyez/storage/hosts.py +176 -144
souleyez/storage/migrate_to_engagements.py +43 -19
souleyez/storage/migrations/_001_add_credential_enhancements.py +22 -12
souleyez/storage/migrations/_002_add_status_tracking.py +10 -7
souleyez/storage/migrations/_003_add_execution_log.py +14 -8
souleyez/storage/migrations/_005_screenshots.py +13 -5
souleyez/storage/migrations/_006_deliverables.py +13 -5
souleyez/storage/migrations/_007_deliverable_templates.py +12 -7
souleyez/storage/migrations/_008_add_nuclei_table.py +10 -4
souleyez/storage/migrations/_010_evidence_linking.py +17 -10
souleyez/storage/migrations/_011_timeline_tracking.py +20 -13
souleyez/storage/migrations/_012_team_collaboration.py +34 -21
souleyez/storage/migrations/_013_add_host_tags.py +12 -6
souleyez/storage/migrations/_014_exploit_attempts.py +22 -10
souleyez/storage/migrations/_015_add_mac_os_fields.py +15 -7
souleyez/storage/migrations/_016_add_domain_field.py +10 -4
souleyez/storage/migrations/_017_msf_sessions.py +16 -8
souleyez/storage/migrations/_018_add_osint_target.py +10 -6
souleyez/storage/migrations/_019_add_engagement_type.py +10 -6
souleyez/storage/migrations/_020_add_rbac.py +36 -15
souleyez/storage/migrations/_021_wazuh_integration.py +20 -8
souleyez/storage/migrations/_022_wazuh_indexer_columns.py +6 -4
souleyez/storage/migrations/_023_fix_detection_results_fk.py +16 -6
souleyez/storage/migrations/_024_wazuh_vulnerabilities.py +26 -10
souleyez/storage/migrations/_025_multi_siem_support.py +3 -5
souleyez/storage/migrations/_026_add_engagement_scope.py +31 -12
souleyez/storage/migrations/_027_multi_siem_persistence.py +32 -15
souleyez/storage/migrations/__init__.py +26 -26
souleyez/storage/migrations/migration_manager.py +19 -19
souleyez/storage/msf_sessions.py +100 -65
souleyez/storage/osint.py +17 -24
souleyez/storage/recommendation_engine.py +269 -235
souleyez/storage/screenshots.py +33 -32
souleyez/storage/smb_shares.py +136 -92
souleyez/storage/sqlmap_data.py +183 -128
souleyez/storage/team_collaboration.py +135 -141
souleyez/storage/timeline_tracker.py +122 -94
souleyez/storage/wazuh_vulns.py +64 -66
souleyez/storage/web_paths.py +33 -37
souleyez/testing/credential_tester.py +221 -205
souleyez/ui/__init__.py +1 -1
souleyez/ui/ai_quotes.py +12 -12
souleyez/ui/attack_surface.py +2439 -1516
souleyez/ui/chain_rules_view.py +914 -382
souleyez/ui/correlation_view.py +312 -230
souleyez/ui/dashboard.py +2382 -1130
souleyez/ui/deliverables_view.py +148 -62
souleyez/ui/design_system.py +13 -13
souleyez/ui/errors.py +49 -49
souleyez/ui/evidence_linking_view.py +284 -179
souleyez/ui/evidence_vault.py +393 -285
souleyez/ui/exploit_suggestions_view.py +555 -349
souleyez/ui/export_view.py +100 -66
souleyez/ui/gap_analysis_view.py +315 -171
souleyez/ui/help_system.py +105 -97
souleyez/ui/intelligence_view.py +436 -293
souleyez/ui/interactive.py +23034 -10679
souleyez/ui/interactive_selector.py +75 -68
souleyez/ui/log_formatter.py +47 -39
souleyez/ui/menu_components.py +22 -13
souleyez/ui/msf_auxiliary_menu.py +184 -133
souleyez/ui/pending_chains_view.py +336 -172
souleyez/ui/progress_indicators.py +5 -3
souleyez/ui/recommendations_view.py +195 -137
souleyez/ui/rule_builder.py +343 -225
souleyez/ui/setup_wizard.py +678 -284
souleyez/ui/shortcuts.py +217 -165
souleyez/ui/splunk_gap_analysis_view.py +452 -270
souleyez/ui/splunk_vulns_view.py +139 -86
souleyez/ui/team_dashboard.py +498 -335
souleyez/ui/template_selector.py +196 -105
souleyez/ui/terminal.py +6 -6
souleyez/ui/timeline_view.py +198 -127
souleyez/ui/tool_setup.py +264 -164
souleyez/ui/tutorial.py +202 -72
souleyez/ui/tutorial_state.py +40 -40
souleyez/ui/wazuh_vulns_view.py +235 -141
souleyez/ui/wordlist_browser.py +260 -107
souleyez/ui.py +464 -312
souleyez/utils/tool_checker.py +427 -367
souleyez/utils.py +33 -29
souleyez/wordlists.py +134 -167
{souleyez-2.43.29.dist-info → souleyez-3.0.0.dist-info}/METADATA +2 -2
souleyez-3.0.0.dist-info/RECORD +443 -0
{souleyez-2.43.29.dist-info → souleyez-3.0.0.dist-info}/WHEEL +1 -1
souleyez-2.43.29.dist-info/RECORD +0 -379
{souleyez-2.43.29.dist-info → souleyez-3.0.0.dist-info}/entry_points.txt +0 -0
{souleyez-2.43.29.dist-info → souleyez-3.0.0.dist-info}/licenses/LICENSE +0 -0
{souleyez-2.43.29.dist-info → souleyez-3.0.0.dist-info}/top_level.txt +0 -0

souleyez/integrations/siem/sentinel.py CHANGED Viewed

@@ -60,8 +60,12 @@ class SentinelSIEMClient(SIEMClient):
         self._token_expiry: Optional[datetime] = None
         # Azure endpoints
-        self.login_url = f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
-        self.log_analytics_url = f"https://api.loganalytics.io/v1/workspaces/{workspace_id}"
+        self.login_url = (
+            f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"
+        )
+        self.log_analytics_url = (
+            f"https://api.loganalytics.io/v1/workspaces/{workspace_id}"
+        )
         self.management_base = "https://management.azure.com"
         self.sentinel_base = (
             f"{self.management_base}/subscriptions/{subscription_id}"
@@ -71,7 +75,7 @@ class SentinelSIEMClient(SIEMClient):
         )
     @classmethod
-    def from_config(cls, config: Dict[str, Any]) -> 'SentinelSIEMClient':
+    def from_config(cls, config: Dict[str, Any]) -> "SentinelSIEMClient":
         """Create client from configuration dictionary.
         Args:
@@ -81,21 +85,23 @@ class SentinelSIEMClient(SIEMClient):
             SentinelSIEMClient instance
         """
         return cls(
-            tenant_id=config.get('tenant_id', ''),
-            client_id=config.get('client_id', ''),
-            client_secret=config.get('client_secret', ''),
-            subscription_id=config.get('subscription_id', ''),
-            resource_group=config.get('resource_group', ''),
-            workspace_name=config.get('workspace_name', ''),
-            workspace_id=config.get('workspace_id', ''),
+            tenant_id=config.get("tenant_id", ""),
+            client_id=config.get("client_id", ""),
+            client_secret=config.get("client_secret", ""),
+            subscription_id=config.get("subscription_id", ""),
+            resource_group=config.get("resource_group", ""),
+            workspace_name=config.get("workspace_name", ""),
+            workspace_id=config.get("workspace_id", ""),
         )
     @property
     def siem_type(self) -> str:
         """Return the SIEM type identifier."""
-        return 'sentinel'
+        return "sentinel"
-    def _get_access_token(self, scope: str = "https://api.loganalytics.io/.default") -> str:
+    def _get_access_token(
+        self, scope: str = "https://api.loganalytics.io/.default"
+    ) -> str:
         """Get Azure AD access token.
         Args:
@@ -111,22 +117,18 @@ class SentinelSIEMClient(SIEMClient):
         # Request new token
         data = {
-            'grant_type': 'client_credentials',
-            'client_id': self.client_id,
-            'client_secret': self.client_secret,
-            'scope': scope,
+            "grant_type": "client_credentials",
+            "client_id": self.client_id,
+            "client_secret": self.client_secret,
+            "scope": scope,
         }
-        response = requests.post(
-            self.login_url,
-            data=data,
-            timeout=30
-        )
+        response = requests.post(self.login_url, data=data, timeout=30)
         response.raise_for_status()
         token_data = response.json()
-        self._access_token = token_data['access_token']
-        expires_in = token_data.get('expires_in', 3600)
+        self._access_token = token_data["access_token"]
+        expires_in = token_data.get("expires_in", 3600)
         self._token_expiry = datetime.now() + timedelta(seconds=expires_in - 60)
         return self._access_token
@@ -143,28 +145,28 @@ class SentinelSIEMClient(SIEMClient):
         token = self._get_access_token("https://api.loganalytics.io/.default")
         headers = {
-            'Authorization': f'Bearer {token}',
-            'Content-Type': 'application/json',
+            "Authorization": f"Bearer {token}",
+            "Content-Type": "application/json",
         }
         response = requests.post(
             f"{self.log_analytics_url}/query",
             headers=headers,
-            json={'query': kql},
-            timeout=60
+            json={"query": kql},
+            timeout=60,
         )
         response.raise_for_status()
         data = response.json()
-        tables = data.get('tables', [])
+        tables = data.get("tables", [])
         if not tables:
             return []
         # Convert first table to list of dicts
         table = tables[0]
-        columns = [col['name'] for col in table.get('columns', [])]
-        rows = table.get('rows', [])
+        columns = [col["name"] for col in table.get("columns", [])]
+        rows = table.get("rows", [])
         return [dict(zip(columns, row)) for row in rows]
@@ -187,18 +189,14 @@ class SentinelSIEMClient(SIEMClient):
         token = self._get_access_token("https://management.azure.com/.default")
         headers = {
-            'Authorization': f'Bearer {token}',
-            'Content-Type': 'application/json',
+            "Authorization": f"Bearer {token}",
+            "Content-Type": "application/json",
         }
         url = f"{self.sentinel_base}{endpoint}?api-version=2023-02-01"
         return requests.request(
-            method=method,
-            url=url,
-            headers=headers,
-            json=json_data,
-            timeout=60
+            method=method, url=url, headers=headers, json=json_data, timeout=60
         )
     def test_connection(self) -> SIEMConnectionStatus:
@@ -214,32 +212,30 @@ class SentinelSIEMClient(SIEMClient):
             if result:
                 return SIEMConnectionStatus(
                     connected=True,
-                    version='Azure Sentinel',
-                    siem_type='sentinel',
+                    version="Azure Sentinel",
+                    siem_type="sentinel",
                     details={
-                        'workspace_id': self.workspace_id,
-                        'workspace_name': self.workspace_name,
-                        'subscription': self.subscription_id,
-                    }
+                        "workspace_id": self.workspace_id,
+                        "workspace_name": self.workspace_name,
+                        "subscription": self.subscription_id,
+                    },
                 )
             else:
                 return SIEMConnectionStatus(
                     connected=False,
-                    error='Query returned no results',
-                    siem_type='sentinel'
+                    error="Query returned no results",
+                    siem_type="sentinel",
                 )
         except requests.exceptions.ConnectionError as e:
             return SIEMConnectionStatus(
                 connected=False,
                 error=f"Connection failed: {str(e)}",
-                siem_type='sentinel'
+                siem_type="sentinel",
             )
         except Exception as e:
             return SIEMConnectionStatus(
-                connected=False,
-                error=str(e),
-                siem_type='sentinel'
+                connected=False, error=str(e), siem_type="sentinel"
             )
     def get_alerts(
@@ -250,7 +246,7 @@ class SentinelSIEMClient(SIEMClient):
         dest_ip: Optional[str] = None,
         rule_ids: Optional[List[str]] = None,
         search_text: Optional[str] = None,
-        limit: int = 100
+        limit: int = 100,
     ) -> List[SIEMAlert]:
         """Query alerts from Microsoft Sentinel.
@@ -280,21 +276,23 @@ class SentinelSIEMClient(SIEMClient):
         # Rule ID filter
         if rule_ids:
-            rule_filter = ' or '.join(f'AlertName == "{r}"' for r in rule_ids)
-            kql_parts.append(f'| where {rule_filter}')
+            rule_filter = " or ".join(f'AlertName == "{r}"' for r in rule_ids)
+            kql_parts.append(f"| where {rule_filter}")
         # Search text
         if search_text:
             kql_parts.append(f'| where * contains "{search_text}"')
         # Limit and project
-        kql_parts.extend([
-            f"| take {limit}",
-            "| project TimeGenerated, AlertName, AlertSeverity, Description, "
-            "Tactics, Entities, ExtendedProperties, ProviderName, SystemAlertId"
-        ])
+        kql_parts.extend(
+            [
+                f"| take {limit}",
+                "| project TimeGenerated, AlertName, AlertSeverity, Description, "
+                "Tactics, Entities, ExtendedProperties, ProviderName, SystemAlertId",
+            ]
+        )
-        kql = '\n'.join(kql_parts)
+        kql = "\n".join(kql_parts)
         try:
             results = self._log_analytics_query(kql)
@@ -314,26 +312,24 @@ class SentinelSIEMClient(SIEMClient):
         import json
         # Parse timestamp
-        timestamp_str = raw_alert.get('TimeGenerated', '')
+        timestamp_str = raw_alert.get("TimeGenerated", "")
         try:
-            timestamp = datetime.fromisoformat(
-                timestamp_str.replace('Z', '+00:00')
-            )
+            timestamp = datetime.fromisoformat(timestamp_str.replace("Z", "+00:00"))
         except (ValueError, AttributeError):
             timestamp = datetime.now()
         # Map severity
-        severity = self._map_severity(raw_alert.get('AlertSeverity', ''))
+        severity = self._map_severity(raw_alert.get("AlertSeverity", ""))
         # Parse entities for IPs
         source_ip = None
         dest_ip = None
-        entities_str = raw_alert.get('Entities', '[]')
+        entities_str = raw_alert.get("Entities", "[]")
         try:
             entities = json.loads(entities_str) if entities_str else []
             for entity in entities:
-                if entity.get('Type') == 'ip':
-                    addr = entity.get('Address', '')
+                if entity.get("Type") == "ip":
+                    addr = entity.get("Address", "")
                     if not source_ip:
                         source_ip = addr
                     elif not dest_ip:
@@ -342,23 +338,27 @@ class SentinelSIEMClient(SIEMClient):
             pass
         # Parse tactics
-        tactics_str = raw_alert.get('Tactics', '')
+        tactics_str = raw_alert.get("Tactics", "")
         mitre_tactics = []
         if tactics_str:
             try:
-                mitre_tactics = json.loads(tactics_str) if tactics_str.startswith('[') else [tactics_str]
+                mitre_tactics = (
+                    json.loads(tactics_str)
+                    if tactics_str.startswith("[")
+                    else [tactics_str]
+                )
             except json.JSONDecodeError:
                 mitre_tactics = [tactics_str] if tactics_str else []
         return SIEMAlert(
-            id=raw_alert.get('SystemAlertId', ''),
+            id=raw_alert.get("SystemAlertId", ""),
             timestamp=timestamp,
-            rule_id=raw_alert.get('AlertName', ''),
-            rule_name=raw_alert.get('AlertName', ''),
+            rule_id=raw_alert.get("AlertName", ""),
+            rule_name=raw_alert.get("AlertName", ""),
             severity=severity,
             source_ip=source_ip,
             dest_ip=dest_ip,
-            description=raw_alert.get('Description', ''),
+            description=raw_alert.get("Description", ""),
             raw_data=raw_alert,
             mitre_tactics=mitre_tactics,
             mitre_techniques=[],
@@ -367,18 +367,16 @@ class SentinelSIEMClient(SIEMClient):
     def _map_severity(self, severity: str) -> str:
         """Map Sentinel severity to normalized severity."""
         severity_lower = str(severity).lower()
-        if severity_lower == 'high':
-            return 'critical'
-        elif severity_lower == 'medium':
-            return 'high'
-        elif severity_lower == 'low':
-            return 'medium'
-        return 'low'
+        if severity_lower == "high":
+            return "critical"
+        elif severity_lower == "medium":
+            return "high"
+        elif severity_lower == "low":
+            return "medium"
+        return "low"
     def get_rules(
-        self,
-        rule_ids: Optional[List[str]] = None,
-        enabled_only: bool = True
+        self, rule_ids: Optional[List[str]] = None, enabled_only: bool = True
     ) -> List[SIEMRule]:
         """Get analytics rules from Microsoft Sentinel.
@@ -396,30 +394,30 @@ class SentinelSIEMClient(SIEMClient):
                 return []
             data = response.json()
-            raw_rules = data.get('value', [])
+            raw_rules = data.get("value", [])
             rules = []
             for raw_rule in raw_rules:
-                properties = raw_rule.get('properties', {})
+                properties = raw_rule.get("properties", {})
                 # Filter by rule_ids if provided
-                rule_id = raw_rule.get('name', '')
+                rule_id = raw_rule.get("name", "")
                 if rule_ids and rule_id not in rule_ids:
                     continue
                 # Filter disabled if requested
-                enabled = properties.get('enabled', True)
+                enabled = properties.get("enabled", True)
                 if enabled_only and not enabled:
                     continue
                 # Extract MITRE tactics
-                mitre_tactics = properties.get('tactics', [])
+                mitre_tactics = properties.get("tactics", [])
                 rule = SIEMRule(
                     id=rule_id,
-                    name=properties.get('displayName', ''),
-                    description=properties.get('description', ''),
-                    severity=self._map_severity(properties.get('severity', '')),
+                    name=properties.get("displayName", ""),
+                    description=properties.get("description", ""),
+                    severity=self._map_severity(properties.get("severity", "")),
                     enabled=enabled,
                     mitre_tactics=mitre_tactics,
                     mitre_techniques=[],
@@ -443,25 +441,25 @@ class SentinelSIEMClient(SIEMClient):
         """
         # Sentinel content hub rule templates
         recommendations_map = {
-            'nmap': [
+            "nmap": [
                 {
-                    'rule_id': 'port-scan-detection',
-                    'rule_name': 'Potential Port Scan Detection',
-                    'kql': 'AzureFirewall | where Action == "Deny" | summarize count() by SourceIP | where count_ > 100',
+                    "rule_id": "port-scan-detection",
+                    "rule_name": "Potential Port Scan Detection",
+                    "kql": 'AzureFirewall | where Action == "Deny" | summarize count() by SourceIP | where count_ > 100',
                 },
             ],
-            'hydra': [
+            "hydra": [
                 {
-                    'rule_id': 'brute-force-detection',
-                    'rule_name': 'Brute Force Attack Detection',
-                    'kql': 'SigninLogs | where ResultType != 0 | summarize count() by IPAddress | where count_ > 10',
+                    "rule_id": "brute-force-detection",
+                    "rule_name": "Brute Force Attack Detection",
+                    "kql": "SigninLogs | where ResultType != 0 | summarize count() by IPAddress | where count_ > 10",
                 },
             ],
-            'sqlmap': [
+            "sqlmap": [
                 {
-                    'rule_id': 'sql-injection-detection',
-                    'rule_name': 'SQL Injection Attack Detection',
-                    'kql': 'AzureDiagnostics | where Category == "SQLSecurityAuditEvents" | where action_name_s == "BATCH COMPLETED"',
+                    "rule_id": "sql-injection-detection",
+                    "rule_name": "SQL Injection Attack Detection",
+                    "kql": 'AzureDiagnostics | where Category == "SQLSecurityAuditEvents" | where action_name_s == "BATCH COMPLETED"',
                 },
             ],
         }
@@ -471,13 +469,13 @@ class SentinelSIEMClient(SIEMClient):
         return [
             {
-                'rule_id': r['rule_id'],
-                'rule_name': r['rule_name'],
-                'description': f"Sentinel analytics rule for {attack_type}",
-                'severity': 'high',
-                'enabled': True,
-                'siem_type': 'sentinel',
-                'kql_query': r.get('kql', ''),
+                "rule_id": r["rule_id"],
+                "rule_name": r["rule_name"],
+                "description": f"Sentinel analytics rule for {attack_type}",
+                "severity": "high",
+                "enabled": True,
+                "siem_type": "sentinel",
+                "kql_query": r.get("kql", ""),
             }
             for r in recommendations
         ]

souleyez 2.43.29__py3-none-any.whl → 3.0.0__py3-none-any.whl

souleyez 2.43.29py3-none-any.whl → 3.0.0py3-none-any.whl