valitydev/Cortex-Analyzers
14
0
Fork 0
mirror of https://github.com/valitydev/Cortex-Analyzers.git synced 2024-11-06 00:55:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

changed prefix

Browse Source
This commit is contained in:
Konakin Maksim 2021-05-17 09:42:40 +03:00
parent d07a6ebc9c
commit 309c24a458
12 changed files with 54 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
responders/PaloAltoNGFW/block_external_domain.py
View File

@ -59,21 +59,21 @@ class Block_domain(Responder):
rulebase = panos.policies.Rulebase()
fw.add(rulebase)
current_security_rules =panos.policies.SecurityRule.refreshall(rulebase)
if f"the_hive-{ioc}" not in str(fw.find(f"the_hive-{ioc}", panos.objects.AddressObject)):
new_ioc_object = panos.objects.AddressObject(f"the_hive-{ioc}", ioc, description="TheHive Blocked domain",type="fqdn")
if f"thehive-{ioc}" not in str(fw.find(f"thehive-{ioc}", panos.objects.AddressObject)):
new_ioc_object = panos.objects.AddressObject(f"thehive-{ioc}", ioc, description="TheHive Blocked domain",type="fqdn")
fw.add(new_ioc_object)
new_ioc_object.create()
panos.objects.AddressGroup.refreshall(fw)
block_list = fw.find("TheHive Block list external domain", panos.objects.AddressGroup)
if block_list != None:
ioc_list = block_list.about().get('static_value')
if f"the_hive-{ioc}" not in ioc_list:
ioc_list.append(f"the_hive-{ioc}")
if f"thehive-{ioc}" not in ioc_list:
ioc_list.append(f"thehive-{ioc}")
temp1 = panos.objects.AddressGroup("TheHive Block list external domain", static_value=ioc_list)
fw.add(temp1)
temp1.apply()
elif block_list == None:
temp1 = panos.objects.AddressGroup("TheHive Block list external domain", static_value=f"the_hive-{ioc}")
temp1 = panos.objects.AddressGroup("TheHive Block list external domain", static_value=f"thehive-{ioc}")
fw.add(temp1)
temp1.apply()
desired_rule_params = None

10
responders/PaloAltoNGFW/block_external_ip.py
View File

@ -59,21 +59,21 @@ class Block_ip(Responder):
rulebase = panos.policies.Rulebase()
fw.add(rulebase)
current_security_rules =panos.policies.SecurityRule.refreshall(rulebase)
if f"the_hive-{ioc}" not in str(fw.find(f"the_hive-{ioc}", panos.objects.AddressObject)):
new_ioc_object = panos.objects.AddressObject(f"the_hive-{ioc}", ioc, description="TheHive Blocked ip address")
if f"thehive-{ioc}" not in str(fw.find(f"thehive-{ioc}", panos.objects.AddressObject)):
new_ioc_object = panos.objects.AddressObject(f"thehive-{ioc}", ioc, description="TheHive Blocked ip address")
fw.add(new_ioc_object)
new_ioc_object.create()
panos.objects.AddressGroup.refreshall(fw)
block_list = fw.find("TheHive Block list external IP address", panos.objects.AddressGroup)
if block_list != None:
ioc_list = block_list.about().get('static_value')
if f"the_hive-{ioc}" not in ioc_list:
ioc_list.append(f"the_hive-{ioc}")
if f"thehive-{ioc}" not in ioc_list:
ioc_list.append(f"thehive-{ioc}")
temp1 = panos.objects.AddressGroup("TheHive Block list external IP address", static_value=ioc_list)
fw.add(temp1)
temp1.apply()
elif block_list == None:
temp1 = panos.objects.AddressGroup("TheHive Block list external IP address", static_value=f"the_hive-{ioc}")
temp1 = panos.objects.AddressGroup("TheHive Block list external IP address", static_value=f"thehive-{ioc}")
fw.add(temp1)
temp1.apply()
desired_rule_params = None

10
responders/PaloAltoNGFW/block_internal_domain.py
View File

@ -59,21 +59,21 @@ class Block_domain(Responder):
rulebase = panos.policies.Rulebase()
fw.add(rulebase)
current_security_rules =panos.policies.SecurityRule.refreshall(rulebase)
if f"the_hive-{ioc}" not in str(fw.find(f"the_hive-{ioc}", panos.objects.AddressObject)):
new_ioc_object = panos.objects.AddressObject(f"the_hive-{ioc}", ioc, description="TheHive Blocked domain",type="fqdn")
if f"thehive-{ioc}" not in str(fw.find(f"thehive-{ioc}", panos.objects.AddressObject)):
new_ioc_object = panos.objects.AddressObject(f"thehive-{ioc}", ioc, description="TheHive Blocked domain",type="fqdn")
fw.add(new_ioc_object)
new_ioc_object.create()
panos.objects.AddressGroup.refreshall(fw)
block_list = fw.find("TheHive Block list internal domain", panos.objects.AddressGroup)
if block_list != None:
ioc_list = block_list.about().get('static_value')
if f"the_hive-{ioc}" not in ioc_list:
ioc_list.append(f"the_hive-{ioc}")
if f"thehive-{ioc}" not in ioc_list:
ioc_list.append(f"thehive-{ioc}")
temp1 = panos.objects.AddressGroup("TheHive Block list internal domain", static_value=ioc_list)
fw.add(temp1)
temp1.apply()
elif block_list == None:
temp1 = panos.objects.AddressGroup("TheHive Block list internal domain", static_value=f"the_hive-{ioc}")
temp1 = panos.objects.AddressGroup("TheHive Block list internal domain", static_value=f"thehive-{ioc}")
fw.add(temp1)
temp1.apply()
desired_rule_params = None

10
responders/PaloAltoNGFW/block_internal_ip.py
View File

@ -59,21 +59,21 @@ class Block_ip(Responder):
rulebase = panos.policies.Rulebase()
fw.add(rulebase)
current_security_rules =panos.policies.SecurityRule.refreshall(rulebase)
if f"the_hive-{ioc}" not in str(fw.find(f"the_hive-{ioc}", panos.objects.AddressObject)):
new_ioc_object = panos.objects.AddressObject(f"the_hive-{ioc}", ioc, description="TheHive Blocked ip address")
if f"thehive-{ioc}" not in str(fw.find(f"thehive-{ioc}", panos.objects.AddressObject)):
new_ioc_object = panos.objects.AddressObject(f"thehive-{ioc}", ioc, description="TheHive Blocked ip address")
fw.add(new_ioc_object)
new_ioc_object.create()
panos.objects.AddressGroup.refreshall(fw)
block_list = fw.find("TheHive Block list internal IP address", panos.objects.AddressGroup)
if block_list != None:
ioc_list = block_list.about().get('static_value')
if f"the_hive-{ioc}" not in ioc_list:
ioc_list.append(f"the_hive-{ioc}")
if f"thehive-{ioc}" not in ioc_list:
ioc_list.append(f"thehive-{ioc}")
temp1 = panos.objects.AddressGroup("TheHive Block list internal IP address", static_value=ioc_list)
fw.add(temp1)
temp1.apply()
elif block_list == None:
temp1 = panos.objects.AddressGroup("TheHive Block list internal IP address", static_value=f"the_hive-{ioc}")
temp1 = panos.objects.AddressGroup("TheHive Block list internal IP address", static_value=f"thehive-{ioc}")
fw.add(temp1)
temp1.apply()
desired_rule_params = None

10
responders/PaloAltoNGFW/block_port_for_external_communication.py
View File

@ -67,8 +67,8 @@ class Block_port(Responder):
rulebase = panos.policies.Rulebase()
fw.add(rulebase)
current_security_rules =panos.policies.SecurityRule.refreshall(rulebase)
if f"the_hive-{port}-{protocol}" not in str(fw.find(f"the_hive-{port}-{protocol}", panos.objects.ServiceObject)):
new_port_object = panos.objects.ServiceObject(f"the_hive-{port}-{protocol}", protocol, description="TheHive Blocked port",destination_port=port)
if f"thehive-{port}-{protocol}" not in str(fw.find(f"thehive-{port}-{protocol}", panos.objects.ServiceObject)):
new_port_object = panos.objects.ServiceObject(f"thehive-{port}-{protocol}", protocol, description="TheHive Blocked port",destination_port=port)
fw.add(new_port_object)
new_port_object.create()
@ -77,13 +77,13 @@ class Block_port(Responder):
block_list = fw.find("TheHive Block list for external port communication", panos.objects.ServiceGroup)
if block_list != None:
port_list = block_list.about().get('value')
if f"the_hive-{port}-{protocol}" not in port_list:
port_list.append(f"the_hive-{port}-{protocol}")
if f"thehive-{port}-{protocol}" not in port_list:
port_list.append(f"thehive-{port}-{protocol}")
temp1 = panos.objects.ServiceGroup("TheHive Block list for external port communication", value=port_list)
fw.add(temp1)
temp1.apply()
elif block_list == None:
temp1 = panos.objects.ServiceGroup("TheHive Block list for external port communication", value=f"the_hive-{port}-{protocol}")
temp1 = panos.objects.ServiceGroup("TheHive Block list for external port communication", value=f"thehive-{port}-{protocol}")
fw.add(temp1)
temp1.apply()
desired_rule_params = None

10
responders/PaloAltoNGFW/block_port_for_internal_communication.py
View File

@ -67,8 +67,8 @@ class Block_port(Responder):
rulebase = panos.policies.Rulebase()
fw.add(rulebase)
current_security_rules =panos.policies.SecurityRule.refreshall(rulebase)
if f"the_hive-{port}-{protocol}" not in str(fw.find(f"the_hive-{port}-{protocol}", panos.objects.ServiceObject)):
new_port_object = panos.objects.ServiceObject(f"the_hive-{port}-{protocol}", protocol, description="TheHive Blocked port",destination_port=port)
if f"thehive-{port}-{protocol}" not in str(fw.find(f"thehive-{port}-{protocol}", panos.objects.ServiceObject)):
new_port_object = panos.objects.ServiceObject(f"thehive-{port}-{protocol}", protocol, description="TheHive Blocked port",destination_port=port)
fw.add(new_port_object)
new_port_object.create()
@ -77,13 +77,13 @@ class Block_port(Responder):
block_list = fw.find("TheHive Block list for internal port communication", panos.objects.ServiceGroup)
if block_list != None:
port_list = block_list.about().get('value')
if f"the_hive-{port}-{protocol}" not in port_list:
port_list.append(f"the_hive-{port}-{protocol}")
if f"thehive-{port}-{protocol}" not in port_list:
port_list.append(f"thehive-{port}-{protocol}")
temp1 = panos.objects.ServiceGroup("TheHive Block list for internal port communication", value=port_list)
fw.add(temp1)
temp1.apply()
elif block_list == None:
temp1 = panos.objects.ServiceGroup("TheHive Block list for internal port communication", value=f"the_hive-{port}-{protocol}")
temp1 = panos.objects.ServiceGroup("TheHive Block list for internal port communication", value=f"thehive-{port}-{protocol}")
fw.add(temp1)
temp1.apply()
desired_rule_params = None

10
responders/PaloAltoNGFW/unblock_external_domain.py
View File

@ -59,21 +59,21 @@ class Unblock_domain(Responder):
block_list = fw.find(self.name_external_Address_Group_for_domain, panos.objects.AddressGroup)
ioc_list = block_list.about().get('static_value')
if f"the_hive-{ioc}" in ioc_list:
ioc_list.remove(f"the_hive-{ioc}")
if f"thehive-{ioc}" in ioc_list:
ioc_list.remove(f"thehive-{ioc}")
temp1 = panos.objects.AddressGroup(self.name_external_Address_Group_for_domain, static_value=ioc_list)
fw.add(temp1)
temp1.apply()
panos.objects.AddressObject.refreshall(fw)
if f"the_hive-{ioc}" in str(fw.find(f"the_hive-{ioc}", panos.objects.AddressObject)):
if f"thehive-{ioc}" in str(fw.find(f"thehive-{ioc}", panos.objects.AddressObject)):
try:
deleted_ioc = fw.find(f"the_hive-{ioc}", panos.objects.AddressObject)
deleted_ioc = fw.find(f"thehive-{ioc}", panos.objects.AddressObject)
deleted_ioc.delete()
except:
self.report({'message': 'Responder did not comlite. Warning in AddressObject'})
self.report({'message': 'Responder successfully deleted %s from %s' % (f"the_hive-{ioc}",self.name_external_Address_Group_for_domain)})
self.report({'message': 'Responder successfully deleted %s from %s' % (f"thehive-{ioc}",self.name_external_Address_Group_for_domain)})
fw.commit()
if __name__ == '__main__':

10
responders/PaloAltoNGFW/unblock_external_ip.py
View File

@ -57,21 +57,21 @@ class Unblock_ip(Responder):
panos.objects.AddressGroup.refreshall(fw)
block_list = fw.find(self.name_external_Address_Group, panos.objects.AddressGroup)
ioc_list = block_list.about().get('static_value')
if f"the_hive-{ioc}" in ioc_list:
ioc_list.remove(f"the_hive-{ioc}")
if f"thehive-{ioc}" in ioc_list:
ioc_list.remove(f"thehive-{ioc}")
temp1 = panos.objects.AddressGroup(self.name_external_Address_Group, static_value=ioc_list)
fw.add(temp1)
temp1.apply()
panos.objects.AddressObject.refreshall(fw)
if f"the_hive-{ioc}" in str(fw.find(f"the_hive-{ioc}", panos.objects.AddressObject)):
if f"thehive-{ioc}" in str(fw.find(f"thehive-{ioc}", panos.objects.AddressObject)):
try:
deleted_ioc = fw.find(f"the_hive-{ioc}", panos.objects.AddressObject)
deleted_ioc = fw.find(f"thehive-{ioc}", panos.objects.AddressObject)
deleted_ioc.delete()
except:
self.report({'message': 'Responder did not comlite. Warning in AddressObject'})
self.report({'message': 'Responder successfully deleted %s from %s' % (f"the_hive-{ioc}",self.name_external_Address_Group)})
self.report({'message': 'Responder successfully deleted %s from %s' % (f"thehive-{ioc}",self.name_external_Address_Group)})
fw.commit()
if __name__ == '__main__':
Unblock_ip().run()

8
responders/PaloAltoNGFW/unblock_internal_domain.py
View File

@ -59,16 +59,16 @@ class Unblock_domain(Responder):
block_list = fw.find(self.name_internal_Address_Group_for_domain, panos.objects.AddressGroup)
ioc_list = block_list.about().get('static_value')
if f"the_hive-{ioc}" in ioc_list:
ioc_list.remove(f"the_hive-{ioc}")
if f"thehive-{ioc}" in ioc_list:
ioc_list.remove(f"thehive-{ioc}")
temp1 = panos.objects.AddressGroup(self.name_internal_Address_Group_for_domain, static_value=ioc_list)
fw.add(temp1)
temp1.apply()
panos.objects.AddressObject.refreshall(fw)
if f"the_hive-{ioc}" in str(fw.find(f"the_hive-{ioc}", panos.objects.AddressObject)):
if f"thehive-{ioc}" in str(fw.find(f"thehive-{ioc}", panos.objects.AddressObject)):
try:
deleted_ioc = fw.find(f"the_hive-{ioc}", panos.objects.AddressObject)
deleted_ioc = fw.find(f"thehive-{ioc}", panos.objects.AddressObject)
deleted_ioc.delete()
except:
self.report({'message': 'Responder did not comlite. Warning in AddressObject'})

10
responders/PaloAltoNGFW/unblock_internal_ip.py
View File

@ -57,21 +57,21 @@ class Unblock_ip(Responder):
panos.objects.AddressGroup.refreshall(fw)
block_list = fw.find(self.name_internal_Address_Group, panos.objects.AddressGroup)
ioc_list = block_list.about().get('static_value')
if f"the_hive-{ioc}" in ioc_list:
ioc_list.remove(f"the_hive-{ioc}")
if f"thehive-{ioc}" in ioc_list:
ioc_list.remove(f"thehive-{ioc}")
temp1 = panos.objects.AddressGroup(self.name_internal_Address_Group, static_value=ioc_list)
fw.add(temp1)
temp1.apply()
panos.objects.AddressObject.refreshall(fw)
if f"the_hive-{ioc}" in str(fw.find(f"the_hive-{ioc}", panos.objects.AddressObject)):
if f"thehive-{ioc}" in str(fw.find(f"thehive-{ioc}", panos.objects.AddressObject)):
try:
deleted_ioc = fw.find(f"the_hive-{ioc}", panos.objects.AddressObject)
deleted_ioc = fw.find(f"thehive-{ioc}", panos.objects.AddressObject)
deleted_ioc.delete()
except:
self.report({'message': 'Responder did not comlite. Warning in AddressObject'})
self.report({'message': 'Responder successfully deleted %s from %s' % (f"the_hive-{ioc}",self.name_internal_Address_Group)})
self.report({'message': 'Responder successfully deleted %s from %s' % (f"thehive-{ioc}",self.name_internal_Address_Group)})
fw.commit()
if __name__ == '__main__':

6
responders/PaloAltoNGFW/unblock_port_for_external_communication.py
View File

@ -65,15 +65,15 @@ class Unblock_port(Responder):
panos.objects.ServiceGroup.refreshall(fw)
block_list = fw.find(self.name_external_Service_Group, panos.objects.ServiceGroup)
port_list = block_list.about().get('value')
if f"the_hive-{port}-{protocol}" in port_list:
port_list.remove(f"the_hive-{port}-{protocol}")
if f"thehive-{port}-{protocol}" in port_list:
port_list.remove(f"thehive-{port}-{protocol}")
temp1 = panos.objects.ServiceGroup(self.name_external_Service_Group, value=port_list)
fw.add(temp1)
temp1.apply()
panos.objects.ServiceObject.refreshall(fw)
self.report({'message': 'Responder successfully deleted %s from %s' % (f"the_hive-{port}-{protocol}",self.name_external_Service_Group)})
self.report({'message': 'Responder successfully deleted %s from %s' % (f"thehive-{port}-{protocol}",self.name_external_Service_Group)})
fw.commit()
if __name__ == '__main__':

4
responders/PaloAltoNGFW/unblock_port_for_internal_communication.py
View File

@ -65,8 +65,8 @@ class Unblock_port(Responder):
panos.objects.ServiceGroup.refreshall(fw)
block_list = fw.find(self.name_internal_Service_Group, panos.objects.ServiceGroup)
port_list = block_list.about().get('value')
if f"the_hive-{port}-{protocol}" in port_list:
port_list.remove(f"the_hive-{port}-{protocol}")
if f"thehive-{port}-{protocol}" in port_list:
port_list.remove(f"thehive-{port}-{protocol}")
temp1 = panos.objects.ServiceGroup(self.name_internal_Service_Group, value=port_list)
fw.add(temp1)
temp1.apply()