Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#!/usr/bin/perl -w
#
# Copyright (C) 2011 Cesnet z.s.p.o
# Author(s): Tomas PLESNIK <plesnik@ics.muni.cz>
# Jan SOUKAL <soukal@ics.muni.cz>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# 3. Neither the name of the Cesnet z.s.p.o nor the names of its
# contributors may be used to endorse or promote products derived from
# this software without specific prior written permission.
#
# This software is provided ``as is'', and any express or implied
# warranties, including, but not limited to, the implied warranties of
# merchantability and fitness for a particular purpose are disclaimed.
# In no event shall the Masaryk University or contributors be liable for
# any direct, indirect, incidental, special, exemplary, or consequential
# damages (including, but not limited to, procurement of substitute
# goods or services; loss of use, data, or profits; or business
# interruption) however caused and on any theory of liability, whether
# in contract, strict liability, or tort (including negligence or
# otherwise) arising in any way out of the use of this software, even
# if advised of the possibility of such damage.
#
use strict;
#------------------------------------------------------------------------------
# Warden 1.0.0. Client, Receiver, Example
#
# Simple use of warden-client receiver functionality to download new events
# from # Warden server. This code illustrates how to integrate warden-client
# receive functionality into local applications.
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# This code should developer add into his/her application.
# Path to warden-client directory
my $warden_path = '/opt/warden-client';
# Inclusion of warden-client receiving functionality
require $warden_path . '/lib/WardenClientReceive.pm';
# Definition of requested event type. This attributes is also set on server
# and must not change.
my $requested_type = "botnet_c_c";
# Download of new evetns from Warden server
my @new_events = WardenClientReceive::getNewEvents($warden_path, $requested_type);
#------------------------------------------------------------------------------
# Simple code that prints out new events obtained from Warden server.
print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
print "| id | hostname | service | detected | type | source_type | source | target_proto | target_port | attack_scale | note | priority | timeout |\n";
print "+------------------------------------------------------------------------------------------------------------------------------------------+\n";
foreach (@new_events) {
print "| " . join(' | ', @$_) . " |" . "\n";
}
print "+------------------------------------------------------------------------------------------------------------------------------------------+";
print "\n";
print "Last events in: " . scalar(localtime(time)) . "\n";
exit 0;