CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-06 03:17:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update live flow option

Browse Source
This commit is contained in:
Wes
2023-12-05 19:55:23 +00:00
parent d871b61150
commit b3e78c9cc3
4 changed files with 37 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/sensoroni/files/analyzers/sublime/sublime.py
+8 -4
View File
@@ -14,18 +14,22 @@ def checkConfigRequirements(conf):
def buildReq(conf, artifact_value):
headers = {"Authorization": "Bearer " + conf['api_key']}
base_url = conf['base_url']
if conf['live_flow'] is True:
if str(conf['live_flow']).lower() == "true":
uri = "/v1/live-flow/raw-messages/analyze"
data = {"create_mailbox": True, "mailbox_email_address": str(conf['mailbox_email_address']), "message_source_id": str(conf['message_source_id']), "raw_message": artifact_value}
else:
uri = "/v0/messages/analyze"
data = {"raw_message": artifact_value, "run_active_detection_rules": True}
data = {"raw_message": artifact_value,
"run_active_detection_rules": True}
url = base_url + uri
return url, headers, data
def sendReq(url, headers, data):
response = requests.request('POST', url=url, headers=headers, data=json.dumps(data)).json()
response = requests.request('POST',
url=url,
headers=headers,
data=json.dumps(data)).json()
return response
@@ -66,7 +70,7 @@ def analyze(conf, input):
def main():
dir = os.path.dirname(os.path.realpath(__file__))
parser = argparse.ArgumentParser(description="Submit an email to Sublime Platform's EML Analyzer for analysis")
parser = argparse.ArgumentParser(description="Submit an email to Sublime Platform's EML Analyzer")
parser.add_argument('artifact', help='the artifact represented in JSON format')
parser.add_argument('-c', '--config', metavar="CONFIG_FILE", default=dir + "/sublime.yaml", help='optional config file to use instead of the default config file')
args = parser.parse_args()
salt/sensoroni/files/analyzers/sublime/sublime.yaml
+1 -1
View File
@@ -1,5 +1,5 @@
base_url: "{{ salt['pillar.get']('sensoroni:analyzers:sublime_platform:base_url', 'https://api.platform.sublimesecurity.com') }}"
api_key: "{{ salt['pillar.get']('sensoroni:analyzers:sublime_platform:api_key', '') }}"
live_flow: {{ salt['pillar.get']('sensoroni:analyzers:sublime_platform:live_flow', 'False') }}
live_flow: "{{ salt['pillar.get']('sensoroni:analyzers:sublime_platform:live_flow', 'False') }}"
mailbox_email_address: "{{ salt['pillar.get']('sensoroni:analyzers:sublime_platform:mailbox_email_address', '') }}"
message_source_id: "{{ salt['pillar.get']('sensoroni:analyzers:sublime_platform:message_source_id', '') }}"
salt/sensoroni/files/analyzers/sublime/sublime_test.py
+1 -1
View File
@@ -13,7 +13,7 @@ class TestSublimePlatformMethods(unittest.TestCase):
with patch('sys.stderr', new=StringIO()) as mock_stderr:
sys.argv = ["cmd"]
sublime.main()
self.assertEqual(mock_stderr.getvalue(), "usage: cmd [-h] [-c CONFIG_FILE] artifact\ncmd: error: the following arguments are required: artifact\n")
self.assertEqual(mock_stderr.getvalue(), '''usage: cmd [-h] [-c CONFIG_FILE] artifact\ncmd: error: the following arguments are required: artifact\n''')
sysmock.assert_called_once_with(2)
def test_main_success(self):