Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: Add support for running Censys queries via analytics #988

Merged
merged 10 commits into from
Jan 25, 2024
Merged

Feat: Add support for running Censys queries via analytics #988

merged 10 commits into from
Jan 25, 2024

Conversation

itsmvd
Copy link
Contributor

@itsmvd itsmvd commented Jan 23, 2024

This allows Yeti users to add Censys queries as indicators, which will then be ran through the Censys API every 24 hours, tagging the identified IP addresses in Yeti. This will allow for infrastructure tracking/hunting directly from within Yeti.

@itsmvd
Copy link
Contributor Author

itsmvd commented Jan 23, 2024

Related PR for the frontend: yeti-platform/yeti-feeds-frontend#142

@tomchop tomchop mentioned this pull request Jan 24, 2024
Closed
tomchop
tomchop requested changes Jan 24, 2024
View reviewed changes
plugins/analytics/public/censys.py Outdated
ip_object.tag(query.relevant_tags)
query.link_to(ip_object, 'censys', f'IP found with Censys query: {query.pattern}')

def query_censys(self, api, query: str) -> set[str]:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
def query_censys(self, api, query: str) -> set[str]:
def query_censys(self, api: CensysHosts, query: str) -> set[str]:

plugins/analytics/public/censys.py Outdated
Comment on lines 19 to 22
hosts_api = CensysHosts(
api_id=yeti_config.get("censys", "api_key"),
api_secret=yeti_config.get("censys", "secret")
)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check that these two config settings are set and bail with a warning (logging.warning) if they're not?

plugins/analytics/public/censys.py
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please give it a ruff formatter pass (We'll add a github action check soon)

tests/analytics_test.py Outdated
class AnalyticsTest(unittest.TestCase):
@classmethod
def setUpClass(cls) -> None:
database_arango.db.connect(database="yeti-test")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
database_arango.db.connect(database="yeti-test")
database_arango.db.connect(database="yeti_test")

tests/analytics_test.py
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment as the other file, please give this a ruff formatter pass

tomchop
tomchop approved these changes Jan 25, 2024
View reviewed changes
Copy link
Collaborator

@tomchop tomchop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!!

@tomchop tomchop merged commit 16b7052 into yeti-platform:main Jan 25, 2024
2 checks passed
@tomchop tomchop changed the title Add support for running Censys queries via analytics Feat: Add support for running Censys queries via analytics Jan 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomchop tomchop tomchop approved these changes

Assignees

@itsmvd itsmvd

Labels
tasks:feed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@itsmvd @tomchop