Permalink
Browse files

Merge branch 'master' into squid_parsing

  • Loading branch information...
mpurzynski committed Jan 31, 2019
2 parents fc422b4 + 3f87b3e commit 01c1339d38e132137061f0de2342fe97377fd2d9
Showing with 747 additions and 470 deletions.
  1. +6 −0 Makefile
  2. +1 −1 alerts/nsm_scan_address.py
  3. +1 −1 alerts/nsm_scan_port.json
  4. +1 −1 alerts/nsm_scan_port.py
  5. +1 −1 alerts/nsm_scan_random.py
  6. +26 −8 bot/README.md
  7. 0 bot/{ → irc}/modules/__init__.py
  8. 0 bot/{ → irc}/modules/roulette.py
  9. 0 bot/{ → irc}/modules/zilla.py
  10. 0 bot/{ → irc}/mozdefbot.conf
  11. 0 bot/{ → irc}/mozdefbot.py
  12. 0 bot/{ → irc}/quotes.txt
  13. +2 −0 bot/irc/requirements.txt
  14. +4 −4 bot/mozdefbot.ini
  15. +0 −268 bot/mozdefbot_slack.py
  16. +45 −0 bot/slack/bot_plugin_set.py
  17. 0 bot/slack/commands/__init__.py
  18. +42 −0 bot/slack/commands/ip_info.py
  19. +25 −0 bot/slack/commands/ip_whois.py
  20. +25 −0 bot/slack/commands/roulette.py
  21. +1 −1 bot/{mozdefbot_slack.conf → slack/mozdefbot.conf}
  22. +177 −0 bot/slack/mozdefbot.py
  23. +164 −0 bot/slack/slack_bot.py
  24. +1 −1 cron/auth02mozdef.py
  25. +77 −53 cron/duo_logpull.py
  26. +0 −18 cron/duo_logpull_releng.conf
  27. +0 −10 cron/duo_logpull_releng.sh
  28. +0 −9 cron/healthAndStatus-mdc1.sh
  29. +0 −5 cron/healthAndStatus.mdc1.conf
  30. +0 −8 cron/sqs_prod_queue_status.conf
  31. +0 −4 cron/sqs_prod_queue_status.sh
  32. 0 cron/{sqs_dev_queue_status.conf → sqs_queue_status.conf}
  33. +1 −1 cron/{sqs_dev_queue_status.sh → sqs_queue_status.sh}
  34. +52 −0 docker/compose/docker-compose-user-env.yml
  35. +11 −1 docker/compose/docker-compose.yml
  36. +6 −4 docker/compose/mozdef_bot/Dockerfile
  37. +6 −19 docker/compose/mozdef_bot/files/mozdefbot.conf
  38. +18 −0 mozdef_util/HISTORY.rst
  39. +2 −0 mozdef_util/mozdef_util/event.py
  40. +9 −0 mozdef_util/mozdef_util/utilities/is_ip.py
  41. +1 −1 mozdef_util/setup.py
  42. +1 −13 mq/esworker_cloudtrail.py
  43. +1 −13 mq/esworker_sns_sqs.py
  44. +1 −13 mq/esworker_sqs.py
  45. +17 −0 mq/lib/aws.py
  46. +7 −1 mq/lib/plugins.py
  47. +3 −3 requirements.txt
  48. +2 −1 tests/alerts/test_nsm_scan_address.py
  49. +4 −4 tests/alerts/test_nsm_scan_port.py
  50. +2 −1 tests/alerts/test_nsm_scan_random.py
  51. +4 −2 tests/mq/test_esworker_sns_sqs.py
@@ -31,6 +31,12 @@ run-cloudy-mozdef: ## Run the MozDef containers necessary to run in AWS (`cloudy
docker-compose -f docker/compose/docker-compose-cloudy-mozdef.yml -p $(NAME) pull
docker-compose -f docker/compose/docker-compose-cloudy-mozdef.yml -p $(NAME) up -d

.PHONY: run-env-mozdef
run-env-mozdef: ## Run the MozDef containers with a user specified env file. Run with make 'run-env-mozdef -e ENV=my.env'
$(shell test -f $(ENV) || touch $(ENV))
ENV_FILE=$(abspath $(ENV))
docker-compose -f docker/compose/docker-compose.yml -f docker/compose/docker-compose-user-env.yml -p $(NAME) up -d

restart-cloudy-mozdef:
docker-compose -f docker/compose/docker-compose-cloudy-mozdef.yml -p $(NAME) restart

@@ -18,7 +18,7 @@ def main(self):
search_query = SearchQuery(minutes=1)
search_query.add_must([
TermMatch('category', 'bro'),
TermMatch('details.source', 'notice'),
TermMatch('source', 'notice'),
PhraseMatch('details.note', 'Scan::Address_Scan'),
QueryStringMatch('details.sourceipaddress: {}'.format(self._config['sourcemustmatch']))
])
@@ -1,5 +1,5 @@
{
"sourcemustmatch":"[10.0.0.0 TO 10.255.255.255]",
"sourcemustnotmatch":"10.33.44.54 OR 10.88.77.54 OR 10.76.54.54 OR 10.251.30.138 OR 10.54.65.234",
"sourcemustnotmatch":"10.54.65.234",
"destinationmustnotmatch": "*192.168*"
}
@@ -18,7 +18,7 @@ def main(self):
search_query = SearchQuery(minutes=2)
search_query.add_must([
TermMatch('category', 'bro'),
TermMatch('details.source', 'notice'),
TermMatch('source', 'notice'),
PhraseMatch('details.note', 'Scan::Port_Scan'),
QueryStringMatch('details.sourceipaddress: {}'.format(self._config['sourcemustmatch']))
])
@@ -18,7 +18,7 @@ def main(self):
search_query = SearchQuery(minutes=1)
search_query.add_must([
TermMatch('category', 'bro'),
TermMatch('details.source', 'notice'),
TermMatch('source', 'notice'),
PhraseMatch('details.note', 'Scan::Random_Scan'),
QueryStringMatch('details.sourceipaddress: {}'.format(self._config['sourcemustmatch']))
])
@@ -1,24 +1,42 @@
KitnIRC - A Python IRC Bot Framework
====================================
# MozDef Bot

## Available Options

We currently support the following options. Our default is to use slack, but if you would like to use some other protocol besides slack, there is a requirements file in each of the sub directories that you will need to install.

### Slack

#### SlackClient
We currently use https://github.com/slackapi/python-slackclient as our library to interact with Slack.

##### Installation

By default, our requirements.txt file includes the slackbot dependency, so no additional steps are needed for installation


### IRC

#### KitnIRC - A Python IRC Bot Framework

KitnIRC is an IRC framework that attempts to handle most of the
monotony of writing IRC bots without sacrificing flexibility.

Usage
-----
##### Installation

pip install -r bot/irc/requirements.txt

##### Usage

See the `skeleton` directory in the root level for a starting code skeleton
you can copy into a new project's directory and build off of, and
[Getting Started](https://github.com/ayust/kitnirc/wiki/Getting-Started)
for introductory documentation.

License
-------
##### License

KitnIRC is licensed under the MIT License (see `LICENSE` for details).

Other Resources
---------------
##### Other Resources

Useful reference documents for those working with the IRC protocol as a client:

File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
@@ -0,0 +1,2 @@
bugzilla==1.0.0
KitnIRC==0.2.6
@@ -1,15 +1,15 @@
[uwsgi]
chdir = /opt/mozdef/envs/mozdef/bot/
chdir = /opt/mozdef/envs/mozdef/bot/slack/
uid = mozdef
mule = mozdefbot.py
pyargv = -c /opt/mozdef/envs/mozdef/bot/mozdefbot.conf
pyargv = -c /opt/mozdef/envs/mozdef/bot/slack/mozdefbot.conf
log-syslog = mozdefbot-worker
log-drain = generated 0 bytes
socket = /opt/mozdef/envs/mozdef/bot/mozdefbot.socket
socket = /opt/mozdef/envs/mozdef/bot/slack/mozdefbot.socket
virtualenv = /opt/mozdef/envs/python/
procname-master = [m]
procname-prefix = [mozdefbot]
master-fifo = /opt/mozdef/envs/mozdef/bot/mozdefbot.fifo
master-fifo = /opt/mozdef/envs/mozdef/bot/slack/mozdefbot.fifo
never-swap
pidfile = /var/run/mozdefbot/mozdefbot.pid
vacuum = true

This file was deleted.

Oops, something went wrong.
Oops, something went wrong.

0 comments on commit 01c1339

Please sign in to comment.