From 912956c73cb6e62ae73dbbb2515db95e2a114fdd Mon Sep 17 00:00:00 2001 From: TonyJabbour Date: Thu, 30 Sep 2021 14:20:08 +0200 Subject: [PATCH] Fixed Webhook integration with Trackers --- bin/trackers/Tracker_Regex.py | 26 ++++++++++++++++++++------ bin/trackers/Tracker_Term.py | 20 +++++++++++++++----- bin/trackers/Tracker_Yara.py | 32 +++++++++++++++++++++----------- 3 files changed, 56 insertions(+), 22 deletions(-) diff --git a/bin/trackers/Tracker_Regex.py b/bin/trackers/Tracker_Regex.py index 3cced9f0..00642445 100755 --- a/bin/trackers/Tracker_Regex.py +++ b/bin/trackers/Tracker_Regex.py @@ -5,7 +5,7 @@ The Tracker_Regex trackers module =================== This Module is used for regex tracking. -It processes every item coming from the global module and test the regexs +It processes every item coming from the global module and test the regex """ import os @@ -76,6 +76,8 @@ class Tracker_Regex(AbstractModule): for tracker_uuid in uuid_list: # Source Filtering item_source = item.get_source() + item_date = item.get_date() + tracker_sources = Tracker.get_tracker_uuid_sources(tracker_uuid) if tracker_sources and item_source not in tracker_sources: continue @@ -93,13 +95,25 @@ class Tracker_Regex(AbstractModule): mail_body = Tracker_Regex.mail_body_template.format(tracker, item_id, self.full_item_url, item_id) for mail in mail_to_notify: NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body) + + # Webhook webhook_to_post = Term.get_term_webhook(tracker_uuid) if webhook_to_post: - request_body = {"itemId": item_id, "url": self.full_item_url, "type": "REGEX"} - r = requests.post(webhook_to_post, data=request_body) - if (r.status_code >= 400): - raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {r.reason}") -if __name__ == "__main__": + json_request = {"trackerId": tracker_uuid, + "itemId": item_id, + "itemURL": self.full_item_url + item_id, + "tracker": tracker, + "itemSource": item_source, + "itemDate": item_date, + "tags": tags_to_add, + "emailNotification": f'{mail_to_notify}', + "trackerType": tracker_type + } + response = requests.post(webhook_to_post, json=json_request) + if response.status_code >= 400: + raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}") + +if __name__ == "__main__": module = Tracker_Regex() module.run() diff --git a/bin/trackers/Tracker_Term.py b/bin/trackers/Tracker_Term.py index 487174bf..703dfb4f 100755 --- a/bin/trackers/Tracker_Term.py +++ b/bin/trackers/Tracker_Term.py @@ -119,7 +119,7 @@ class Tracker_Term(AbstractModule): uuid_list = Term.get_term_uuid_list(term, term_type) self.redis_logger.info(f'new tracked term found: {term} in {item_id}') print(f'new tracked term found: {term} in {item_id}') - + item_date = Item.get_date() for term_uuid in uuid_list: tracker_sources = Tracker.get_tracker_uuid_sources(term_uuid) if not tracker_sources or item_source in tracker_sources: @@ -139,12 +139,22 @@ class Tracker_Term(AbstractModule): print(f'S print(item_content)end Mail {mail_subject}') NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body) + # Webhook webhook_to_post = Term.get_term_webhook(term_uuid) if webhook_to_post: - request_body = {"itemId": item_id, "url": self.full_item_url, "type": "Term", "term": term} - r = requests.post(webhook_to_post, data=request_body) - if (r.status_code >= 400): - raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {r.reason}") + json_request = {"trackerId": term_uuid, + "itemId": item_id, + "itemURL": self.full_item_url + item_id, + "term": term, + "itemSource": item_source, + "itemDate": item_date, + "tags": tags_to_add, + "emailNotification": f'{mail_to_notify}', + "trackerType": term_type + } + response = requests.post(webhook_to_post, json=json_request) + if response.status_code >= 400: + raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}") if __name__ == '__main__': diff --git a/bin/trackers/Tracker_Yara.py b/bin/trackers/Tracker_Yara.py index 9cf36ae8..43cd179b 100755 --- a/bin/trackers/Tracker_Yara.py +++ b/bin/trackers/Tracker_Yara.py @@ -1,10 +1,8 @@ #!/usr/bin/env python3 # -*-coding:UTF-8 -* -""" -The Tracker_Yara trackers module -=================== - -""" +################################## +# The Tracker_Yara trackers module +################################## ################################## # Import External packages @@ -25,7 +23,7 @@ from packages import Term from packages.Item import Item from lib import Tracker -import NotificationHelper # # TODO: refractor +import NotificationHelper # # TODO: refactor class Tracker_Yara(AbstractModule): @@ -72,6 +70,7 @@ class Tracker_Yara(AbstractModule): tracker_uuid = data['namespace'] item_id = self.item.get_id() item_source = self.item.get_source() + item_date = self.item.get_date() # Source Filtering tracker_sources = Tracker.get_tracker_uuid_sources(tracker_uuid) @@ -96,16 +95,27 @@ class Tracker_Yara(AbstractModule): self.redis_logger.debug(f'Send Mail {mail_subject}') print(f'Send Mail {mail_subject}') NotificationHelper.sendEmailNotification(mail, mail_subject, mail_body) + + # Webhook webhook_to_post = Term.get_term_webhook(tracker_uuid) if webhook_to_post: - request_body = {"itemId": item_id, "url": self.full_item_url, "type": "YARA"} - r = requests.post(webhook_to_post, data=request_body) - if (r.status_code >= 400): - raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {r.reason}") + json_request = {"trackerId": tracker_uuid, + "itemId": item_id, + "itemURL": self.full_item_url + item_id, + "dataRule": data["rule"], + "itemSource": item_source, + "itemDate": item_date, + "tags": tags_to_add, + "emailNotification": f'{mail_to_notify}', + "trackerType": "yara" + } + response = requests.post(webhook_to_post, json=json_request) + if response.status_code >= 400: + raise Exception(f"Webhook request failed for {webhook_to_post}\nReason: {response.reason}") + return yara.CALLBACK_CONTINUE if __name__ == '__main__': - module = Tracker_Yara() module.run()