Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

simplify run_uuid #22

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

simplify run_uuid #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
80a6033
simplify run_uuid
doomnuggets Jan 21, 2019
f26e79b
actually do what the previous commit intended to do
doomnuggets Jan 21, 2019
2917b69
remove log.html contents
doomnuggets Jan 21, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions log.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@

129 changes: 35 additions & 94 deletions run_simulation_yaml.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,10 @@
osx = " "
linux = " "
kali = " "
vagrant_hosts = {"windows": None, "osx": None, "linux": None, "kali": None}

# banners for metta
banner = '''
banner = r'''
_____ __ __
/ \ _____/ |__/ |______
/ \ / \_/ __ \ __\ __\__ \
Expand All @@ -45,7 +46,7 @@
\/ \/ \/
'''

banner2 = '''
banner2 = r'''

__ __ _______ _______ _______ _______
| |_| || || || || _ |
Expand Down Expand Up @@ -114,96 +115,32 @@ def run_uuid(ioc_filename):
for x in range(1, len(purple)+1):
purple_actions.append(raw_ioc.get('meta').get('purple_actions').get(x))

if rule_os == "windows":
print("OS matched Windows...sending to the windows vagrant")
for action in purple_actions:
print("Running: {}".format(action))
timenow = datetime.datetime.utcnow()
date = timenow.strftime('%Y-%m-%d')
hourminsec = timenow.strftime('%H:%M:%S')
time_to_log = date+" "+hourminsec
try:
vagrant = runcmd_nodb_win.delay(action, rule_name, rule_uuid, windows)
data = json.dumps({'time': time_to_log, 'rule_name': rule_name, 'action': action, 'mitre_attack_phase': mitre_phase, 'mitre_attack_technique': mitre_tech, 'host': windows})
logging.info(data)
write_row(time_to_log, rule_name, action, mitre_phase, mitre_tech, windows)

'''
# if you want to post to slack uncomment this and set the slack hook above
json = {'text': "Automated Purple Team --> Simulation: {} | Action: {} | Host: {} | Execution Time: {} UTC".format(rule_name,action,windows,datetime.datetime.utcnow())}
post_to_slack(hook,json)
'''
time.sleep(randint(2, 30))
except Exception as e:
print(e)

elif rule_os == "osx":
print("OS matched OSX...sending to the OSX vagrant")
for action in purple_actions:
print("Running: {}".format(action))
timenow = datetime.datetime.utcnow()
date = timenow.strftime('%Y-%m-%d')
hourminsec = timenow.strftime('%H:%M:%S')
time_to_log = date+" "+hourminsec
try:
vagrant = runcmd_nodb_osx.delay(action, rule_name, rule_uuid, osx)
data = json.dumps({'time': time_to_log, 'rule_name': rule_name, 'action': action, 'mitre_attack_phase': mitre_phase, 'mitre_attack_technique': mitre_tech, 'host': osx})
logging.info(data)
write_row(time_to_log, rule_name, action, mitre_phase, mitre_tech, osx)
'''
# if you want to post to slack uncomment this and set the slack hook above
json = {'text': "Automated Purple Team --> Simulation: {} | Action: {} | Host: {} | Execution Time: {} UTC".format(rule_name,action,osx,datetime.datetime.utcnow())}
post_to_slack(hook,json)
'''
time.sleep(randint(2, 30))
except Exception as e:
print(e)

elif rule_os == "linux":
print("OS matched Linux...sending to the Linux vagrant")
for action in purple_actions:
print("Running: {}".format(action))
timenow = datetime.datetime.utcnow()
date = timenow.strftime('%Y-%m-%d')
hourminsec = timenow.strftime('%H:%M:%S')
time_to_log = date+" "+hourminsec
try:
vagrant = runcmd_nodb_linux.delay(action, rule_name, rule_uuid, linux)
data = json.dumps({'time': time_to_log, 'rule_name': rule_name, 'action': action, 'mitre_attack_phase': mitre_phase, 'mitre_attack_technique': mitre_tech, 'host': linux})
logging.info(data)
write_row(time_to_log, rule_name, action, mitre_phase, mitre_tech, linux)
'''
# if you want to post to slack uncomment this and set the slack hook above
json = {'text': "Automated Purple Team --> Simulation: {} | Action: {} | Host: {} | Execution Time: {} UTC".format(rule_name,action,osx,datetime.datetime.utcnow())}
post_to_slack(hook,json)
'''
time.sleep(randint(2, 30))
except Exception as e:
print(e)

elif rule_os == "kali":
print("OS matched Kali...sending to the Kali Linux vagrant")
for action in purple_actions:
print("Running: {}".format(action))
timenow = datetime.datetime.utcnow()
date = timenow.strftime('%Y-%m-%d')
hourminsec = timenow.strftime('%H:%M:%S')
time_to_log = date+" "+hourminsec
try:
vagrant = runcmd_nodb_kali.delay(action, rule_name, rule_uuid, kali)
data = json.dumps({'time': time_to_log, 'rule_name': rule_name, 'action': action, 'mitre_attack_phase': mitre_phase, 'mitre_attack_technique': mitre_tech, 'host': kali})
logging.info(data)
write_row(time_to_log, rule_name, action, mitre_phase, mitre_tech, kali)
'''
#if you want to post to slack uncomment this and set the slack hook above
#json = {'text': "Automated Purple Team --> Simulation: {} | Action: {} | Host: {} | Execution Time: {} UTC".format(rule_name,action,osx,datetime.datetime.utcnow())}
#post_to_slack(hook,json)
'''
time.sleep(randint(2, 30))
except Exception as e:
print(e)
else:
print("I received an unknown OS")
for action in purple_actions:
print("Running: {}".format(action))
timenow = datetime.datetime.utcnow()
date = timenow.strftime('%Y-%m-%d')
hourminsec = timenow.strftime('%H:%M:%S')
time_to_log = date + " " + hourminsec
host_os = vagrant_hosts.get(rule_os)
print(host_os)
if not host_os:
print('Received unknown OS')
return
try:
vagrant = runcmd_nodb_win.delay(action, rule_name, rule_uuid, host_os)
data = json.dumps({'time': time_to_log, 'rule_name': rule_name, 'action': action, 'mitre_attack_phase': mitre_phase, 'mitre_attack_technique': mitre_tech, 'host': host_os})
logging.info(data)
write_row(time_to_log, rule_name, action, mitre_phase, mitre_tech, host_os)

'''
# if you want to post to slack uncomment this and set the slack hook above
json = {'text': "Automated Purple Team --> Simulation: {} | Action: {} | Host: {} | Execution Time: {} UTC".format(rule_name,action,windows,datetime.datetime.utcnow())}
post_to_slack(hook,json)
'''
time.sleep(randint(2, 30))
except Exception as e:
print(e)

except KeyboardInterrupt:
print("CTRL-C received, exiting...")
except Exception as e:
Expand Down Expand Up @@ -260,6 +197,12 @@ def main():
global kali
kali = config.get('vms', 'kali')

global vagrant_hosts
vagrant_hosts['windows'] = windows
vagrant_hosts['osx'] = osx
vagrant_hosts['linux'] = linux
vagrant_hosts['kali'] = kali

global console_output
console_log_output = config.get('console_log_output', 'enabled')

Expand All @@ -276,8 +219,6 @@ def main():
console.setFormatter(formatter)
# add the handler to the root logger
logging.getLogger('').addHandler(console)
else:
''

parse_yaml(args.simfile)

Expand Down