From 80a60339d9de914dfae5b594bbbb445de7f0193d Mon Sep 17 00:00:00 2001 From: doomnuggets Date: Mon, 21 Jan 2019 08:59:23 +0100 Subject: [PATCH 1/3] simplify run_uuid --- run_simulation_yaml.py | 120 ++++++++++------------------------------- 1 file changed, 28 insertions(+), 92 deletions(-) diff --git a/run_simulation_yaml.py b/run_simulation_yaml.py index a7ac2e4..5308cbf 100644 --- a/run_simulation_yaml.py +++ b/run_simulation_yaml.py @@ -34,9 +34,10 @@ osx = " " linux = " " kali = " " +vagrant_hosts = {"windows": windows, "osx": osx, "linux": linux, "kali": kali} # banners for metta -banner = ''' +banner = r''' _____ __ __ / \ _____/ |__/ |______ / \ / \_/ __ \ __\ __\__ \ @@ -45,7 +46,7 @@ \/ \/ \/ ''' -banner2 = ''' +banner2 = r''' __ __ _______ _______ _______ _______ | |_| || || || || _ | @@ -114,96 +115,31 @@ def run_uuid(ioc_filename): for x in range(1, len(purple)+1): purple_actions.append(raw_ioc.get('meta').get('purple_actions').get(x)) - if rule_os == "windows": - print("OS matched Windows...sending to the windows vagrant") - for action in purple_actions: - print("Running: {}".format(action)) - timenow = datetime.datetime.utcnow() - date = timenow.strftime('%Y-%m-%d') - hourminsec = timenow.strftime('%H:%M:%S') - time_to_log = date+" "+hourminsec - try: - vagrant = runcmd_nodb_win.delay(action, rule_name, rule_uuid, windows) - data = json.dumps({'time': time_to_log, 'rule_name': rule_name, 'action': action, 'mitre_attack_phase': mitre_phase, 'mitre_attack_technique': mitre_tech, 'host': windows}) - logging.info(data) - write_row(time_to_log, rule_name, action, mitre_phase, mitre_tech, windows) - - ''' - # if you want to post to slack uncomment this and set the slack hook above - json = {'text': "Automated Purple Team --> Simulation: {} | Action: {} | Host: {} | Execution Time: {} UTC".format(rule_name,action,windows,datetime.datetime.utcnow())} - post_to_slack(hook,json) - ''' - time.sleep(randint(2, 30)) - except Exception as e: - print(e) - - elif rule_os == "osx": - print("OS matched OSX...sending to the OSX vagrant") - for action in purple_actions: - print("Running: {}".format(action)) - timenow = datetime.datetime.utcnow() - date = timenow.strftime('%Y-%m-%d') - hourminsec = timenow.strftime('%H:%M:%S') - time_to_log = date+" "+hourminsec - try: - vagrant = runcmd_nodb_osx.delay(action, rule_name, rule_uuid, osx) - data = json.dumps({'time': time_to_log, 'rule_name': rule_name, 'action': action, 'mitre_attack_phase': mitre_phase, 'mitre_attack_technique': mitre_tech, 'host': osx}) - logging.info(data) - write_row(time_to_log, rule_name, action, mitre_phase, mitre_tech, osx) - ''' - # if you want to post to slack uncomment this and set the slack hook above - json = {'text': "Automated Purple Team --> Simulation: {} | Action: {} | Host: {} | Execution Time: {} UTC".format(rule_name,action,osx,datetime.datetime.utcnow())} - post_to_slack(hook,json) - ''' - time.sleep(randint(2, 30)) - except Exception as e: - print(e) - - elif rule_os == "linux": - print("OS matched Linux...sending to the Linux vagrant") - for action in purple_actions: - print("Running: {}".format(action)) - timenow = datetime.datetime.utcnow() - date = timenow.strftime('%Y-%m-%d') - hourminsec = timenow.strftime('%H:%M:%S') - time_to_log = date+" "+hourminsec - try: - vagrant = runcmd_nodb_linux.delay(action, rule_name, rule_uuid, linux) - data = json.dumps({'time': time_to_log, 'rule_name': rule_name, 'action': action, 'mitre_attack_phase': mitre_phase, 'mitre_attack_technique': mitre_tech, 'host': linux}) - logging.info(data) - write_row(time_to_log, rule_name, action, mitre_phase, mitre_tech, linux) - ''' - # if you want to post to slack uncomment this and set the slack hook above - json = {'text': "Automated Purple Team --> Simulation: {} | Action: {} | Host: {} | Execution Time: {} UTC".format(rule_name,action,osx,datetime.datetime.utcnow())} - post_to_slack(hook,json) - ''' - time.sleep(randint(2, 30)) - except Exception as e: - print(e) - - elif rule_os == "kali": - print("OS matched Kali...sending to the Kali Linux vagrant") - for action in purple_actions: - print("Running: {}".format(action)) - timenow = datetime.datetime.utcnow() - date = timenow.strftime('%Y-%m-%d') - hourminsec = timenow.strftime('%H:%M:%S') - time_to_log = date+" "+hourminsec - try: - vagrant = runcmd_nodb_kali.delay(action, rule_name, rule_uuid, kali) - data = json.dumps({'time': time_to_log, 'rule_name': rule_name, 'action': action, 'mitre_attack_phase': mitre_phase, 'mitre_attack_technique': mitre_tech, 'host': kali}) - logging.info(data) - write_row(time_to_log, rule_name, action, mitre_phase, mitre_tech, kali) - ''' - #if you want to post to slack uncomment this and set the slack hook above - #json = {'text': "Automated Purple Team --> Simulation: {} | Action: {} | Host: {} | Execution Time: {} UTC".format(rule_name,action,osx,datetime.datetime.utcnow())} - #post_to_slack(hook,json) - ''' - time.sleep(randint(2, 30)) - except Exception as e: - print(e) - else: - print("I received an unknown OS") + for action in purple_actions: + print("Running: {}".format(action)) + timenow = datetime.datetime.utcnow() + date = timenow.strftime('%Y-%m-%d') + hourminsec = timenow.strftime('%H:%M:%S') + time_to_log = date + " " + hourminsec + host_os = vagrant_hosts.get(rule_os) + if not host_os: + print('Received unknown OS') + return + try: + vagrant = runcmd_nodb_win.delay(action, rule_name, rule_uuid, host_os) + data = json.dumps({'time': time_to_log, 'rule_name': rule_name, 'action': action, 'mitre_attack_phase': mitre_phase, 'mitre_attack_technique': mitre_tech, 'host': host_os}) + logging.info(data) + write_row(time_to_log, rule_name, action, mitre_phase, mitre_tech, host_os) + + ''' + # if you want to post to slack uncomment this and set the slack hook above + json = {'text': "Automated Purple Team --> Simulation: {} | Action: {} | Host: {} | Execution Time: {} UTC".format(rule_name,action,windows,datetime.datetime.utcnow())} + post_to_slack(hook,json) + ''' + time.sleep(randint(2, 30)) + except Exception as e: + print(e) + except KeyboardInterrupt: print("CTRL-C received, exiting...") except Exception as e: From f26e79b6129cd4422f23fc312cf7239176bb2f4a Mon Sep 17 00:00:00 2001 From: doomnuggets Date: Mon, 21 Jan 2019 09:10:08 +0100 Subject: [PATCH 2/3] actually do what the previous commit intended to do --- log.html | 60 ++++++++++++++++++++++++++++++++++++++++++ run_simulation_yaml.py | 11 +++++--- 2 files changed, 68 insertions(+), 3 deletions(-) create mode 100644 log.html diff --git a/log.html b/log.html new file mode 100644 index 0000000..708db23 --- /dev/null +++ b/log.html @@ -0,0 +1,60 @@ + + + +Adversarial Simulation + + + +

Adversarial Simulation

+

1.0

+
+ + + + + + + + + +
TimeRule NameActionMitre PhaseMitre TechniqueHost
+
+ + diff --git a/run_simulation_yaml.py b/run_simulation_yaml.py index 5308cbf..ef0471c 100644 --- a/run_simulation_yaml.py +++ b/run_simulation_yaml.py @@ -34,7 +34,7 @@ osx = " " linux = " " kali = " " -vagrant_hosts = {"windows": windows, "osx": osx, "linux": linux, "kali": kali} +vagrant_hosts = {"windows": None, "osx": None, "linux": None, "kali": None} # banners for metta banner = r''' @@ -122,6 +122,7 @@ def run_uuid(ioc_filename): hourminsec = timenow.strftime('%H:%M:%S') time_to_log = date + " " + hourminsec host_os = vagrant_hosts.get(rule_os) + print(host_os) if not host_os: print('Received unknown OS') return @@ -196,6 +197,12 @@ def main(): global kali kali = config.get('vms', 'kali') + global vagrant_hosts + vagrant_hosts['windows'] = windows + vagrant_hosts['osx'] = osx + vagrant_hosts['linux'] = linux + vagrant_hosts['kali'] = kali + global console_output console_log_output = config.get('console_log_output', 'enabled') @@ -212,8 +219,6 @@ def main(): console.setFormatter(formatter) # add the handler to the root logger logging.getLogger('').addHandler(console) - else: - '' parse_yaml(args.simfile) From 2917b69b09366e7cf55b67f4d49a1b80e99f6b2c Mon Sep 17 00:00:00 2001 From: doomnuggets Date: Mon, 21 Jan 2019 09:11:36 +0100 Subject: [PATCH 3/3] remove log.html contents --- log.html | 61 +------------------------------------------------------- 1 file changed, 1 insertion(+), 60 deletions(-) diff --git a/log.html b/log.html index 708db23..8b13789 100644 --- a/log.html +++ b/log.html @@ -1,60 +1 @@ - - - -Adversarial Simulation - - - -

Adversarial Simulation

-

1.0

-
- - - - - - - - - -
TimeRule NameActionMitre PhaseMitre TechniqueHost
-
- - +