Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • devel
  • hruska-feature-clients-api
  • malostik-#5066-deduplicate-idea-ids
  • warden-postgresql-port
  • hruska-feature-#6799-filter-keys
  • hruska-feature-5066-duplicateIdeaID
  • warden-client-3.0-beta3
  • warden-server-3.0-beta3
  • warden-client-2.2-final
  • warden-server-2.2-final
  • warden-client-3.0-beta2
  • warden-server-3.0-beta2
  • warden-client-2.2
  • warden-server-2.2-patch3
  • warden-client-3.0-beta1
  • warden-server-3.0-beta1
  • warden-server-2.2-patch1
  • warden-client-3.0-beta0
  • warden-server-3.0-beta0
  • warden-server-2.2
  • warden-server-2.1-patch1
  • warden-client-2.1
  • warden-server-2.1
  • warden-server-2.1-beta6
  • warden-server-2.1-beta5
  • warden-server-2.1-beta4
27 results
Blame Permalink
example-sender.pl.txt 3.16 KiB 
#!/usr/bin/perl -w
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
# Author(s):    Tomas PLESNIK   <plesnik@ics.muni.cz>
#               Jan SOUKAL      <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in
#    the documentation and/or other materials provided with the
#    distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
#    contributors may be used to endorse or promote products derived from
#    this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Cesnet z.s.p.o or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
#

use strict;
use DateTime;

#-------------------------------------------------------------------------------
# Warden 1.2.0. Client, Sender, Example 
#
# Sample script using warden-client sending functionality. This example is not
# intended to be a standalone script. It only shows how to use warden-client
# functionality.
#-------------------------------------------------------------------------------

#-------------------------------------------------------------------------------
# Preparation of event attributes.
# This should be handled by detection application.


my $local_detected = DateTime->from_epoch(epoch => time());


my $service 		= "ScanDetector";
my $detected 		= "$local_detected";
my $type 		= "portscan";
my $source_type 	= "IP";
my $source 		= "123.123.123.123";
my $target_proto 	= "TCP";
my $target_port 	= "22";
my $attack_scale 	= "1234567890";
my $note 		= "important note or comment";
my $priority 		= "null";
my $timeout 		= "20";

my @event 		= ($service, $detected, $type, $source_type, $source,
			   $target_proto, $target_port, $attack_scale, $note,
			   $priority, $timeout );

#-------------------------------------------------------------------------------
# Use of warden-client sender.
# This code should developer add to his/her detection application
# (with corresponding paths appropriately changed).

# Path to warden-client folder
my $warden_path = '/opt/warden-client';

# Inclusion of warden-client sender module
require $warden_path . '/lib/WardenClientSend.pm';

# Sending event to Warden server
WardenClientSend::saveNewEvent($warden_path, \@event);

exit 0;