Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/alya/fix-device-changing-ips-tes…
Browse files Browse the repository at this point in the history 
…t' into alya/fix-device-changing-ips-test

# Conflicts:
#	modules/flowalerts/set_evidence.py
  • Loading branch information
@AlyaGomaa
AlyaGomaa committed Dec 4, 2023
2 parents 07dbd2d + 2a3aab5 commit ef9abf1
Showing 1 changed file with 42 additions and 15 deletions.
57 changes: 42 additions & 15 deletions modules/flowalerts/set_evidence.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -320,9 +320,12 @@ def set_evidence_DGA(
attacker,
threat_level,
confidence, description,
stime, category, source_target_tag=source_target_tag,
stime, category,
source_target_tag=source_target_tag,
conn_count=conn_count,
profileid=profileid, twid=twid, uid=uid
profileid=profileid,
twid=twid,
uid=uid
)

def set_evidence_DNS_without_conn(
Expand Down Expand Up @@ -379,7 +382,8 @@ def set_evidence_pastebin_download(
category,
source_target_tag=source_target_tag,
profileid=profileid,
twid=twid, uid=uid
twid=twid,
uid=uid
)
return True

Expand Down Expand Up @@ -424,7 +428,8 @@ def set_evidence_conn_without_dns(
category,
source_target_tag=source_target_tag,
profileid=profileid,
twid=twid, uid=uid
twid=twid,
uid=uid
)

def set_evidence_dns_arpa_scan(
Expand All @@ -449,9 +454,13 @@ def set_evidence_dns_arpa_scan(
attacker_direction,
attacker,
threat_level,
confidence, description,
stime, category, conn_count=arpa_scan_threshold,
profileid=profileid, twid=twid,
confidence,
description,
stime,
category,
conn_count=arpa_scan_threshold,
profileid=profileid,
twid=twid,
uid=uid
)

Expand Down Expand Up @@ -524,7 +533,9 @@ def set_evidence_pw_guessing(
category,
source_target_tag=source_target_tag,
conn_count=conn_count,
profileid=profileid, twid=twid, uid=uid
profileid=profileid,
twid=twid,
uid=uid
)

def set_evidence_horizontal_portscan(
Expand Down Expand Up @@ -556,7 +567,9 @@ def set_evidence_horizontal_portscan(
category,
source_target_tag=source_target_tag,
conn_count=conn_count,
profileid=profileid, twid=twid, uid=uid
profileid=profileid,
twid=twid,
uid=uid
)

def set_evidence_conn_to_private_ip(
Expand Down Expand Up @@ -591,8 +604,11 @@ def set_evidence_conn_to_private_ip(
attacker,
threat_level,
confidence, description,
timestamp, category, profileid=profileid,
twid=twid, uid=uid, victim=daddr
timestamp, category,
profileid=profileid,
twid=twid,
uid=uid,
victim=daddr
)

def set_evidence_GRE_tunnel(
Expand Down Expand Up @@ -710,7 +726,11 @@ def set_evidence_ssh_successful(
attacker,
threat_level,
confidence, description,
timestamp, category, profileid=profileid, twid=twid, uid=uid,
timestamp,
category,
profileid=profileid,
twid=twid,
uid=uid,
victim=daddr
)

Expand Down Expand Up @@ -747,8 +767,13 @@ def set_evidence_long_connection(
attacker_direction,
attacker,
threat_level,
confidence, description,
timestamp, category, profileid=profileid, twid=twid, uid=uid,
confidence,
description,
timestamp,
category,
profileid=profileid,
twid=twid,
uid=uid,
victim=srcip
)

Expand Down Expand Up @@ -830,7 +855,9 @@ def set_evidence_for_connection_to_multiple_ports(
attacker,
threat_level,
confidence, description,
timestamp, category, profileid=profileid, twid=twid, uid=uid
timestamp,
category,
profileid=profileid, twid=twid, uid=uid
)

def set_evidence_suspicious_dns_answer(
Expand Down

0 comments on commit ef9abf1

Please sign in to comment.