Skip to content
Snippets Groups Projects
Commit 3b7eaf04 authored by Pavel Kácha's avatar Pavel Kácha
Browse files

Now adding correct protocols

parent 0ff7a3a2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
warden3/contrib/connectors/hp-labrea/labrea-idea.py
+ 8
5
View file @ 3b7eaf04
......@@ -259,13 +259,15 @@ class IdeaGen(object):
"category": ["Recon.Scanning"],
"description": "TCP connections/scan",
"template": "labrea-001",
"note": "Connections from remote host to never assigned IP"
"note": "Connections from remote host to never assigned IP",
"proto": ["tcp"]
},
"ping": {
"category": ["Recon.Scanning"],
"description": "Ping scan",
"template": "labrea-002",
"note": "Ping requests from remote host to never assigned IP"
"note": "Ping requests from remote host to never assigned IP",
"proto": ["icmp"]
},
"synack": {
"category": ["Availability.DoS"],
......@@ -273,7 +275,8 @@ class IdeaGen(object):
"template": "labrea-003",
"note": "Unsolicited SYN/ACK packet received from remote host to never assigned IP",
"source_type": ["Backscatter"],
"source_to_target": True
"source_to_target": True,
"proto": ["tcp"]
}
}
......@@ -284,7 +287,7 @@ class IdeaGen(object):
tmpl = self.template[template]
isource = {
"IP6" if ":" in src else "IP4": [src],
"Proto": ["tcp"]
"Proto": tmpl["proto"]
}
if "source_type" in tmpl:
isource["Type"] = tmpl["source_type"]
......@@ -296,7 +299,7 @@ class IdeaGen(object):
folded_tgt.setdefault(frozenset(ports), []).append(tgt)
itargets = []
for ports, tgt in folded_tgt.items():
itarget = {"Proto": ["tcp"]}
itarget = {"Proto": tmpl["proto"]}
tgts4 = [ip for ip in tgt if ":" not in ip]
tgts6 = [ip for ip in tgt if ":" in ip]
if tgts4:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment