From c5b424daeb28a06d3636e5ebbdf704983ab2ebd2 Mon Sep 17 00:00:00 2001
From: Michal Kostenec <kostenec@cesnet.cz>
Date: Tue, 12 May 2015 12:17:08 +0200
Subject: [PATCH] Added configurable option for anonymising

---
 .../hp-kippo/warden3-kippo-sender.py          | 19 ++++++++++++++++---
 .../hp-kippo/warden_client-kippo.cfg          |  4 +++-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py b/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
index 8bac43d..76775f4 100644
--- a/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
+++ b/warden3/contrib/connectors/hp-kippo/warden3-kippo-sender.py
@@ -19,9 +19,11 @@ DEFAULT_ACONFIG = 'warden_client-kippo.cfg'
 DEFAULT_WCONFIG = 'warden_client.cfg'
 DEFAULT_NAME = 'org.example.warden.test'
 DEFAULT_AWIN = 5
+DEFAULT_ANONYMISED = False
+DEFAULT_TARGET_NET = '0.0.0.0/0'
 
 
-def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_count, src_ip, dst_ip, aggr_win):
+def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_count, src_ip, dst_ip, aggr_win, anonymised, target_net):
 
   event = {
      "Format": "IDEA0",
@@ -51,7 +53,12 @@ def gen_event_idea(client_name, detect_time, win_start_time, win_end_time, conn_
 
   af = "IP4" if not ':' in src_ip else "IP6"
   event['Source'][0][af] = [src_ip]
-  event['Target'][0][af] = [dst_ip]
+
+  if not anonymised:
+    event['Target'][0][af] = [dst_ip]
+  else:
+    event['Target'][0]['Anonymised'] = True
+    event['Target'][0][af] = [target_net]
 
   return event
 
@@ -63,6 +70,12 @@ def main():
   awin = aconfig.get('awin', DEFAULT_AWIN) * 60
   wconfig['name'] = aname
 
+
+  aanonymised = aconfig.get('anonymised', DEFAULT_ANONYMISED)
+  atargetnet  = aconfig.get('target_net', DEFAULT_TARGET_NET)
+
+  aanonymised = aanonymised if atargetnet != DEFAULT_TARGET_NET else False
+
   wclient = Client(**wconfig)   
 
   con = my.connect( host=aconfig['dbhost'], user=aconfig['dbuser'], passwd=aconfig['dbpass'],
@@ -83,7 +96,7 @@ def main():
     dtime = format_timestamp(row['starttime'])
     etime = format_timestamp(time())
     stime = format_timestamp(time() - awin)
-    events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip = row['ip'], dst_ip = row['sensor'], aggr_win = awin))
+    events.append(gen_event_idea(client_name = aname, detect_time = dtime, win_start_time = stime, win_end_time = etime, conn_count = row['attack_scale'], src_ip = row['ip'], dst_ip = row['sensor'], aggr_win = awin, anonymised = aanonymised, target_net = atargetnet))
       
   print "=== Sending ==="
   start = time()
diff --git a/warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg b/warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg
index 116efa8..1eb4cbd 100644
--- a/warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg
+++ b/warden3/contrib/connectors/hp-kippo/warden_client-kippo.cfg
@@ -1,7 +1,9 @@
 {
     "warden": "warden_client.cfg",
     "name": "cz.cesnet.server.kippo",
-    "sensor_ip4": "195.113.x.x",
+
+    "anonymised": false,
+    "target_net": "195.113.0.0/16",
 
     "dbhost": "localhost",
     "dbuser": "kippo",
-- 
GitLab