Skip to content

Commit

Permalink
#1073
Browse files Browse the repository at this point in the history
  • Loading branch information
Davide Arcuri committed Oct 31, 2024
1 parent ddb8e46 commit 2217811
Show file tree
Hide file tree
Showing 8 changed files with 347 additions and 150 deletions.
208 changes: 208 additions & 0 deletions examples/custom_rule.ipynb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,208 @@
{
"cells": [
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"import json\n",
"import getpass\n",
"from requests import Session\n",
"from pprint import pprint\n",
"import urllib3\n",
"urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\n",
"\n",
"url = \"https://localhost\"\n",
"user = input()\n",
"password = getpass.getpass()"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# LOGIN"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"session = Session()\n",
"\n",
"first = session.get(f\"{url}\", verify=False)\n",
"csrftoken = first.cookies[\"csrftoken\"]\n",
"\n",
"data = json.dumps(\n",
" {\"username\": user, \"password\": password, \"csrfmiddlewaretoken\": csrftoken}\n",
")\n",
"\n",
"headers = {\n",
" \"X-CSRFToken\": first.headers[\"Set-Cookie\"].split(\"=\")[1].split(\";\")[0],\n",
" \"Referer\": url,\n",
" \"X-Requested-With\": \"XMLHttpRequest\",\n",
"}\n",
"\n",
"req = session.post(\n",
" f\"{url}/api/auth/\", data=data, cookies=first.cookies, headers=headers, verify=False\n",
")\n",
"if req.status_code != 200:\n",
" print(req.text)\n",
" exit(1)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# GET CUSTOM RULE LIST"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"rules = session.get(f\"{url}/api/customrules/?start=0&length=1&draw=0\", verify=False).json()\n",
"print(f\"{len(rules['data'])} rules returned of {rules['recordsTotal']}\")\n",
"if len(rules['data']) > 0: \n",
" pprint(rules['data'][0])\n",
" rule_pk = rules['data'][0]['id']"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# CREATE CUSTOM RULE"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"data = {\n",
" \"rule_ids\": [2, 4], # Rule Id to be merged in custom rule \n",
" \"rulename\": \"combined_rule\"\n",
"}\n",
"res = session.post(f\"{url}/api/rules/build\", json=data, cookies=first.cookies, headers=headers, verify=False)\n",
"if res.status_code == 200:\n",
" pprint(res.json())\n",
"else:\n",
" print(res.status_code, res.text)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# EDIT CUSTOM RULE (make default)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"\n",
"res = session.post(f\"{url}/api/customrules/{rule_pk}/default\", cookies=first.cookies, headers=headers, verify=False)\n",
"if res.status_code == 200:\n",
" pprint(res.json())\n",
"else:\n",
" print(res.status_code, res.text)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# PUBLISH CUSTOM RULE"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"data = {\n",
" \"rule_ids\": [rule_pk], \n",
" \"action\": \"Publish\"\n",
"}\n",
"res = session.post(f\"{url}/api/customrules/publish\", json=data, cookies=first.cookies, headers=headers, verify=False)\n",
"if res.status_code == 200:\n",
" pprint(res.json())\n",
"else:\n",
" print(res.status_code, res.text)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# DOWNLOAD RULE"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"res = session.get(f\"{url}/api/customrules/{rule_pk}/download\", cookies=first.cookies, headers=headers, verify=False)\n",
"if res.status_code == 200:\n",
" pprint(res.text)\n",
"else:\n",
" print(res.status_code, res.text)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# DELETE CUSTOM RULE"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"data = {\n",
" \"rule_ids\": [rule_pk]\n",
"}\n",
"res = session.delete(f\"{url}/api/customrules/\", json=data, cookies=first.cookies, headers=headers, verify=False)\n",
"print(res.status_code, res.text) "
]
}
],
"metadata": {
"kernelspec": {
"display_name": "base",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.10.8"
}
},
"nbformat": 4,
"nbformat_minor": 2
}
96 changes: 15 additions & 81 deletions examples/rule.ipynb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"cells": [
{
"cell_type": "code",
"execution_count": 33,
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
Expand All @@ -27,7 +27,7 @@
},
{
"cell_type": "code",
"execution_count": 36,
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
Expand Down Expand Up @@ -63,22 +63,9 @@
},
{
"cell_type": "code",
"execution_count": 37,
"execution_count": null,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"1 rules returned of 24004\n",
"{'headline': '',\n",
" 'id': 24313,\n",
" 'path_name': 'aaa6.yara',\n",
" 'ruleset_description': 'Your crafted ruleset',\n",
" 'ruleset_name': 'admin-Ruleset'}\n"
]
}
],
"outputs": [],
"source": [
"rules = session.get(f\"{url}/api/rules/?start=0&length=1&draw=0\", verify=False).json()\n",
"print(f\"{len(rules['data'])} rules returned of {rules['recordsTotal']}\")\n",
Expand All @@ -96,30 +83,9 @@
},
{
"cell_type": "code",
"execution_count": 38,
"execution_count": null,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"[{'compiled': False,\n",
" 'created': '2024-10-29T14:08:24.507Z',\n",
" 'enabled': True,\n",
" 'id': 24322,\n",
" 'path': '/yara/admin-Ruleset/example13.yar',\n",
" 'ruleset': 1,\n",
" 'updated': '2024-10-29T14:08:24.507Z'},\n",
" {'compiled': False,\n",
" 'created': '2024-10-29T14:08:24.514Z',\n",
" 'enabled': True,\n",
" 'id': 24323,\n",
" 'path': '/yara/admin-Ruleset/example24.yar',\n",
" 'ruleset': 1,\n",
" 'updated': '2024-10-29T14:08:24.514Z'}]\n"
]
}
],
"outputs": [],
"source": [
"\n",
"files = [\n",
Expand All @@ -144,17 +110,9 @@
},
{
"cell_type": "code",
"execution_count": 39,
"execution_count": null,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'message': 'Rule combined_rule created'}\n"
]
}
],
"outputs": [],
"source": [
"data = {\n",
" \"rule_ids\": rule_pks,\n",
Expand All @@ -176,17 +134,9 @@
},
{
"cell_type": "code",
"execution_count": 41,
"execution_count": null,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{'message': 'Rule example13.yar updated.'}\n"
]
}
],
"outputs": [],
"source": [
"data = {\n",
" \"text\": \"rule NewRule { condition: true }\"\n",
Expand All @@ -207,17 +157,9 @@
},
{
"cell_type": "code",
"execution_count": 44,
"execution_count": null,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"'rule NewRule { condition: true }'\n"
]
}
],
"outputs": [],
"source": [
"res = session.get(f\"{url}/api/rules/{rule_pks[0]}/download\", cookies=first.cookies, headers=headers, verify=False)\n",
"if res.status_code == 200:\n",
Expand All @@ -230,22 +172,14 @@
"cell_type": "markdown",
"metadata": {},
"source": [
"# DELETE DUMP"
"# DELETE RULES"
]
},
{
"cell_type": "code",
"execution_count": 45,
"execution_count": null,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"200 {\"message\": \"2 rules deleted.\"}\n"
]
}
],
"outputs": [],
"source": [
"data = {\n",
" \"rule_ids\": rule_pks\n",
Expand Down
Loading

0 comments on commit 2217811

Please sign in to comment.