Skip to content
Snippets Groups Projects
Commit d3e7b324 authored by Pavel Kácha's avatar Pavel Kácha
Browse files

Merge branch 'warden-3' of homeproj.cesnet.cz:warden into warden-3

parents b6f8d77b 3c8b15a0
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
hp-labrea/labrea-idea.py
+ 9
6
View file @ d3e7b324
...@@ -259,13 +259,15 @@ class IdeaGen(object): ...@@ -259,13 +259,15 @@ class IdeaGen(object):
"category": ["Recon.Scanning"], "category": ["Recon.Scanning"],
"description": "TCP connections/scan", "description": "TCP connections/scan",
"template": "labrea-001", "template": "labrea-001",
"note": "Connections from remote host to never assigned IP" "note": "Connections from remote host to never assigned IP",
"proto": ["tcp"]
}, },
"ping": { "ping": {
"category": ["Recon.Scanning"], "category": ["Recon.Scanning"],
"description": "Ping scan", "description": "Ping scan",
"template": "labrea-002", "template": "labrea-002",
"note": "Ping requests from remote host to never assigned IP" "note": "Ping requests from remote host to never assigned IP",
"proto": ["icmp"]
}, },
"synack": { "synack": {
"category": ["Availability.DoS"], "category": ["Availability.DoS"],
...@@ -273,7 +275,8 @@ class IdeaGen(object): ...@@ -273,7 +275,8 @@ class IdeaGen(object):
"template": "labrea-003", "template": "labrea-003",
"note": "Unsolicited SYN/ACK packet received from remote host to never assigned IP", "note": "Unsolicited SYN/ACK packet received from remote host to never assigned IP",
"source_type": ["Backscatter"], "source_type": ["Backscatter"],
"source_to_target": True "source_to_target": True,
"proto": ["tcp"]
} }
} }
...@@ -284,7 +287,7 @@ class IdeaGen(object): ...@@ -284,7 +287,7 @@ class IdeaGen(object):
tmpl = self.template[template] tmpl = self.template[template]
isource = { isource = {
"IP6" if ":" in src else "IP4": [src], "IP6" if ":" in src else "IP4": [src],
"Proto": ["tcp"] "Proto": tmpl["proto"]
} }
if "source_type" in tmpl: if "source_type" in tmpl:
isource["Type"] = tmpl["source_type"] isource["Type"] = tmpl["source_type"]
...@@ -296,7 +299,7 @@ class IdeaGen(object): ...@@ -296,7 +299,7 @@ class IdeaGen(object):
folded_tgt.setdefault(frozenset(ports), []).append(tgt) folded_tgt.setdefault(frozenset(ports), []).append(tgt)
itargets = [] itargets = []
for ports, tgt in folded_tgt.items(): for ports, tgt in folded_tgt.items():
itarget = {"Proto": ["tcp"]} itarget = {"Proto": tmpl["proto"]}
tgts4 = [ip for ip in tgt if ":" not in ip] tgts4 = [ip for ip in tgt if ":" not in ip]
tgts6 = [ip for ip in tgt if ":" in ip] tgts6 = [ip for ip in tgt if ":" in ip]
if tgts4: if tgts4:
...@@ -314,7 +317,7 @@ class IdeaGen(object): ...@@ -314,7 +317,7 @@ class IdeaGen(object):
idea = { idea = {
"Format": "IDEA0", "Format": "IDEA0",
"ID": str(uuid.uuid4()), "ID": str(uuid.uuid4()),
"Category": tmpl["category"] + ["Test"] if self.test else [], "Category": tmpl["category"] + (["Test"] if self.test else []),
"Description": tmpl["description"], "Description": tmpl["description"],
"DetectTime": self.format_timestamp(detect_time), "DetectTime": self.format_timestamp(detect_time),
"EventTime": self.format_timestamp(event_time), "EventTime": self.format_timestamp(event_time),
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment