Skip to content

Commit

Permalink
Merge branch 'release/2.0'
Browse files Browse the repository at this point in the history
  • Loading branch information
jeromeleonard committed Aug 29, 2017
2 parents 39c8295 + 5b28d98 commit 3d2009d
Show file tree
Hide file tree
Showing 7 changed files with 433 additions and 123 deletions.
79 changes: 72 additions & 7 deletions DigitalShadows/api.py
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
#!/usr/bin/env python
#!/usr/bin/env python3
# -*- coding: utf-8 -*-

from __future__ import (absolute_import, division,
print_function, unicode_literals)
import requests

import requests
import json

class DigitalShadowsApi():
"""
Expand All @@ -21,8 +20,8 @@ def __init__(self, config):
self.proxies = config['proxies']
self.verify = config['verify']
self.headers = {
'Content-Type': 'application/vnd.polaris-v22+json',
'Accept': 'application/vnd.polaris-v22+json'
'Content-Type': 'application/vnd.polaris-v28+json',
'Accept': 'application/vnd.polaris-v28+json'
}
self.session = requests.Session()
self.auth = requests.auth.HTTPBasicAuth(username=self.key,
Expand All @@ -33,7 +32,7 @@ def getIncidents(self, id, fulltext='false'):
headers = self.headers
try:
return self.session.get(req, headers=headers, auth=self.auth,
proxies=self.proxies, verify=False)
proxies=self.proxies, verify=self.verify)
except requests.exceptions.RequestException as e:
sys.exit("Error: {}".format(e))

Expand All @@ -45,3 +44,69 @@ def getIntelIncidents(self, id, fulltext='false'):
proxies=self.proxies, verify=self.verify)
except requests.exceptions.RequestException as e:
sys.exit("Error: {}".format(e))

def find_incident(self, since, property='occurred', direction='DESCENDING', detailed='true', fulltext='false'):
req = self.url + '/api/incidents/find'
headers = self.headers
payload = {'since': since , 'sort.property': property, 'sort.direction':direction, 'detailed': detailed, 'fulltext':fulltext}
try:
return self.session.get(req, headers=headers, auth=self.auth, proxies=self.proxies, params=payload, verify=self.verify)
except requests.exceptions.RequestException as e:
sys.exit("Error: {}".format(e))

def find_intel_incident(self, since, property='verified', direction='ASCENDING'):
req = self.url + '/api/intel-incidents/find'
headers = self.headers

payload = json.dumps({
"filter": {
"severities": [],
"tags": [],
"tagOperator": "AND",
"dateRange": since,
"dateRangeField": "occurred",
"types": [],
"withFeedback": True,
"withoutFeedback": True
},
"sort": {
"property": property,
"direction": direction
},
"pagination": {
"size": 50,
"offset": 0
}
})


try:
return self.session.post(req, headers=headers, auth=self.auth, proxies=self.proxies, data=payload, verify=self.verify)
except requests.exceptions.RequestException as e:
sys.exit("Error: {}".format(e))

def get_intel_incident_iocs(self, id):
req = "{}/api/intel-incidents/{}/iocs".format(self.url, id)
headers = self.headers
payload = {
"filter": {},
"sort": {
"property": "value",
"direction": "ASCENDING"
}
}
try:
return self.session.post(req, headers=headers, auth=self.auth, proxies=self.proxies,
data=json.dumps(payload), verify=self.verify)
except requests.exceptions.RequestException as e:
sys.exit("Error: {}".format(e))


def get_intel_incident_thumbnail(self, id):
req = "{}/api/thumbnails/{}".format(self.url, id)
headers = self.headers
try:
return self.session.get(req, headers=headers, auth=self.auth, proxies=self.proxies,
verify=self.verify)
except requests.exceptions.RequestException as e:
sys.exit("Error: {}".format(e))
3 changes: 1 addition & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,7 @@ Copy `config.py.template` into `config.py` and fill all connection information n

## Usage

Identify an interesting incident on DigitalShadows website you want to import un TheHive. Note the incident number and run the following command on the system it sits :

```
$ ds2th.py -i <incidentNumber>
$ ds2th.py -t <time> --log=<FACILITY>
```
3 changes: 2 additions & 1 deletion config.py.template
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ TheHive = {
},
'url':'',
'username':'',
'password':''
'password':'',
'template':''

}
44 changes: 24 additions & 20 deletions ds2markdown.py
Original file line number Diff line number Diff line change
@@ -1,16 +1,15 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-

from __future__ import print_function
from __future__ import unicode_literals

import json

class ds2markdown():

def __init__(self, content):
def __init__(self, content, thumbnail):

self.source =""
self.taskLog = "{0} {1} {2} {3} {4}".format(
self.source = ""
self.thdescription = "{0} {1} {2} {3} {4} {5} {6}".format(
"**Scope:**: {0}\n\n**Type:** {1}\n\n**Occurred:** {2}\n\n**Verified:** {3}\n\n**Modified:** {4}\n\n**Publiched:** {5}\n\n**Identifier:** {6}\n\n**Tags:** {7}\n\n".format(
content.get('scope',"None"),
content.get('type',"None"),
Expand All @@ -20,29 +19,31 @@ def __init__(self, content):
content.get('published',"None"),
str(content.get('id',"None")),
self.tags(content)
),"----\n\n#### Description #### \n\n{}\n\n".format(content.get('description')),
),"----\n\n#### Summary #### \n\n{}\n\n".format(content.get('summary')),
"----\n\n#### Description #### \n\n{}\n\n".format(content.get('description')),
"{}\n\n".format(self.impactDescription(content)),
"{}\n\n".format(self.mitigation(content)),
"{}\n\n".format(self.entitySummary(content))
"{}\n\n".format(self.entitySummary(content, thumbnail)),
"{}\n\n".format(self.lci(content))

)



def entitySummary(self, content):
def entitySummary(self, content, thumbnail):
source = ""
if 'entitySummary' in content:
c = content.get('entitySummary',"None")
source += self.Summary(c)
source += self.information(c, thumbnail)

if 'summaryText' in c:
summaryText = c.get('summaryText',"None")
source += "#### Source data #### \n\n" + \
source += "\n\n----\n\n#### Source data #### \n\n" + \
"```\n{}\n```\n\n".format(summaryText)

if 'IpAddressEntitySummary' in content:
c = content.get('IpAddressEntity',"None")
source = self.Summary(c)
source = self.information(c, thumbnail)

if 'IpAddressDetails' in c:
details = c.get('IpAddressDetails',"None")
Expand Down Expand Up @@ -81,7 +82,7 @@ def entitySummary(self, content):

if 'MessageEntitySummary' in content:
c = content['MessageEntitySummary']
source += self.Summary(c)
source += self.information(c, thumbnail)

if 'conversationFragment' in c:
conv = c.get('conversationFragment')
Expand All @@ -103,19 +104,22 @@ def entitySummary(self, content):
return source


def Summary(self, content):
def information(self, content, thumbnail):
source = ""
source += "----\n\n" + \
"#### Source Information #### \n\n" + \
"**Source:** {0}\n\n**Domain:** {1}\n\n**Date:** {2}\n\n**Type:** {3}\n\n".format(
"**Source:** {0}\n\n**Domain:** {1}\n\n**Date:** {2}\n\n**Type:** {3}\n\n**Thumbnail**: ![thumbnail][thumb]\n\n[thumb]: {4}\n\n".format(
content.get('source',"None"),
content.get('domain',"None"),
content.get('sourceDate',"None"),
content.get('type',"None")
content.get('type',"None"),
thumbnail.get('thumbnail', "None")

)

if 'dataBreach' in content:
dataBreach = content.get('dataBreach')

source += "\n\n#### Databreach target #### \n\n" + \
"**Title:** {0}\n\n**Target domain:** {1}\n\n**Published:** {2}\n\n**Occured:** {3}\n\n**Modified:** {4}\n\n**Id:** {5}\n\n".format(
dataBreach.get('title',"None"),
Expand All @@ -136,7 +140,7 @@ def Summary(self, content):
def impactDescription(self, content):
impact = ""
if "impactDescription" in content:
impact = "\n\n#### Impact Description #### \n\n{}" .format(
impact = "----\n\n#### Impact Description #### \n\n{}" .format(
content.get('impactDescription', "None")
)

Expand All @@ -145,17 +149,17 @@ def impactDescription(self, content):
def mitigation(self, content):
mitigation = ""
if "mitigation" in content:
mitigation = "\n\n#### Mitigation #### \n\n{}".format(content.get('mitigation', "None"))
mitigation = "----\n\n#### Mitigation #### \n\n{}".format(content.get('mitigation', "None"))
return mitigation


def lci(self, content):
if content["linkedContentIncidents"] not in []:
linkedContentIncidents = ""
linkedContentIncidents = "----\n\n#### Linked incidents #### \n\n"
if content.get("linkedContentIncidents"):
for lci in content["linkedContentIncidents"]:
linkedContentIncidents += "- {} \n\n".format(lci)
else:
linkedContentIncidents = "None"
linkedContentIncidents += "None"
return linkedContentIncidents


Expand Down
Loading

0 comments on commit 3d2009d

Please sign in to comment.