Skip to content
Snippets Groups Projects
Commit c5b424da authored by Michal Kostěnec's avatar Michal Kostěnec Committed by root
Browse files

Added configurable option for anonymising

parent 43150efb
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
+ 16
3
View file @ c5b424da
...@@ -19,9 +19,11 @@ DEFAULT_ACONFIG = 'warden_client-kippo.cfg' ...@@ -19,9 +19,11 @@ DEFAULT_ACONFIG = 'warden_client-kippo.cfg'
DEFAULT_WCONFIG = 'warden_client.cfg' DEFAULT_WCONFIG = 'warden_client.cfg'
DEFAULT_NAME = 'org.example.warden.test' DEFAULT_NAME = 'org.example.warden.test'
DEFAULT_AWIN = 5 DEFAULT_AWIN = 5
DEFAULT_ANONYMISED = False
DEFAULT_TARGET_NET = '0.0.0.0/0'
def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_count, src_ip, dst_ip, aggr_win): def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_count, src_ip, dst_ip, aggr_win, anonymised, target_net):
event = { event = {
"Format": "IDEA0", "Format": "IDEA0",
...@@ -51,7 +53,12 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_ ...@@ -51,7 +53,12 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
af = "IP4" if not ':' in src_ip else "IP6" af = "IP4" if not ':' in src_ip else "IP6"
event['Source'][0][af] = [src_ip] event['Source'][0][af] = [src_ip]
event['Target'][0][af] = [dst_ip]
if not anonymised:
event['Target'][0][af] = [dst_ip]
else:
event['Target'][0]['Anonymised'] = True
event['Target'][0][af] = [target_net]
return event return event
...@@ -63,6 +70,12 @@ def main(): ...@@ -63,6 +70,12 @@ def main():
awin = aconfig.get('awin', DEFAULT_AWIN) * 60 awin = aconfig.get('awin', DEFAULT_AWIN) * 60
wconfig['name'] = aname wconfig['name'] = aname
aanonymised = aconfig.get('anonymised', DEFAULT_ANONYMISED)
atargetnet = aconfig.get('target_net', DEFAULT_TARGET_NET)
aanonymised = aanonymised if atargetnet != DEFAULT_TARGET_NET else False
wclient = Client(**wconfig) wclient = Client(**wconfig)
con = my.connect( host=aconfig['dbhost'], user=aconfig['dbuser'], passwd=aconfig['dbpass'], con = my.connect( host=aconfig['dbhost'], user=aconfig['dbuser'], passwd=aconfig['dbpass'],
...@@ -83,7 +96,7 @@ def main(): ...@@ -83,7 +96,7 @@ def main():
dtime = format_timestamp(row['starttime']) dtime = format_timestamp(row['starttime'])
etime = format_timestamp(time()) etime = format_timestamp(time())
stime = format_timestamp(time() - awin) stime = format_timestamp(time() - awin)
events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip = row['ip'], dst_ip = row['sensor'], aggr_win = awin)) events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip = row['ip'], dst_ip = row['sensor'], aggr_win = awin, anonymised = aanonymised, target_net = atargetnet))
print "=== Sending ===" print "=== Sending ==="
start = time() start = time()
......
warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg
+ 3
1
View file @ c5b424da
{ {
"warden": "warden_client.cfg", "warden": "warden_client.cfg",
"name": "cz.cesnet.server.kippo", "name": "cz.cesnet.server.kippo",
"sensor_ip4": "195.113.x.x",
"anonymised": false,
"target_net": "195.113.0.0/16",
"dbhost": "localhost", "dbhost": "localhost",
"dbuser": "kippo", "dbuser": "kippo",
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment