├── GPLv3 ├── LICENSE ├── README.md ├── TA-thehive.tar.gz ├── TA-thehive ├── README.txt ├── README │ ├── addon_builder.conf.spec │ ├── alert_actions.conf.spec │ ├── inputs.conf.spec │ └── ta_thehive_create_alert_settings.conf.spec ├── app.manifest ├── appserver │ ├── static │ │ ├── alert_create_alert_entry_in_thehive.png │ │ ├── alerticon.png │ │ ├── css │ │ │ ├── bootstrap-enterprise.css │ │ │ ├── common.css │ │ │ ├── configuration.css │ │ │ └── inputs.css │ │ ├── img │ │ │ ├── loading-24.gif │ │ │ └── loading.gif │ │ └── js │ │ │ └── build │ │ │ ├── 1.1.js │ │ │ ├── common.js │ │ │ ├── configuration_page.js │ │ │ ├── globalConfig.json │ │ │ └── inputs_page.js │ └── templates │ │ └── base.html ├── bin │ ├── TA_thehive_create_alert_rh_connector_to_thehive_instance.py │ ├── TA_thehive_create_alert_rh_settings.py │ ├── connector_to_thehive_instance.py │ ├── create_alert_entry_in_thehive.py │ ├── input_module_connector_to_thehive_instance.py │ ├── ta_thehive_create_alert │ │ ├── alert_actions_base.py │ │ ├── cim_actions.py │ │ ├── cloudconnectlib │ │ │ ├── __init__.py │ │ │ ├── client.py │ │ │ ├── common │ │ │ │ ├── __init__.py │ │ │ │ ├── lib_util.py │ │ │ │ ├── log.py │ │ │ │ └── util.py │ │ │ ├── configuration │ │ │ │ ├── __init__.py │ │ │ │ ├── loader.py │ │ │ │ └── schema_1_0_0.json │ │ │ ├── core │ │ │ │ ├── __init__.py │ │ │ │ ├── cacerts │ │ │ │ │ └── ca_certs_locater.py │ │ │ │ ├── defaults.py │ │ │ │ ├── engine.py │ │ │ │ ├── exceptions.py │ │ │ │ ├── ext.py │ │ │ │ ├── http.py │ │ │ │ ├── models.py │ │ │ │ ├── pipemgr.py │ │ │ │ └── template.py │ │ │ ├── splunktacollectorlib │ │ │ │ ├── __init__.py │ │ │ │ ├── cloud_connect_mod_input.py │ │ │ │ ├── common │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── log.py │ │ │ │ │ ├── rwlock.py │ │ │ │ │ └── schema_meta.py │ │ │ │ ├── config.py │ │ │ │ ├── data_collection │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ta_checkpoint_manager.py │ │ │ │ │ ├── ta_config.py │ │ │ │ │ ├── ta_consts.py │ │ │ │ │ ├── ta_data_client.py │ │ │ │ │ ├── ta_data_collector.py │ │ │ │ │ ├── ta_data_loader.py │ │ │ │ │ ├── ta_helper.py │ │ │ │ │ └── ta_mod_input.py │ │ │ │ ├── splunk_ta_import_declare.py │ │ │ │ └── ta_cloud_connect_client.py │ │ │ └── splunktalib │ │ │ │ ├── __init__.py │ │ │ │ ├── common │ │ │ │ ├── __init__.py │ │ │ │ ├── consts.py │ │ │ │ ├── log.py │ │ │ │ ├── pattern.py │ │ │ │ ├── util.py │ │ │ │ └── xml_dom_parser.py │ │ │ │ ├── concurrent │ │ │ │ ├── __init__.py │ │ │ │ ├── concurrent_executor.py │ │ │ │ ├── process_pool.py │ │ │ │ └── thread_pool.py │ │ │ │ ├── conf_manager │ │ │ │ ├── __init__.py │ │ │ │ ├── conf_endpoints.py │ │ │ │ ├── conf_manager.py │ │ │ │ ├── data_input_endpoints.py │ │ │ │ ├── knowledge_objects.py │ │ │ │ ├── property_endpoints.py │ │ │ │ ├── request.py │ │ │ │ └── ta_conf_manager.py │ │ │ │ ├── credentials.py │ │ │ │ ├── event_writer.py │ │ │ │ ├── file_monitor.py │ │ │ │ ├── kv_client.py │ │ │ │ ├── modinput.py │ │ │ │ ├── orphan_process_monitor.py │ │ │ │ ├── rest.py │ │ │ │ ├── schedule │ │ │ │ ├── __init__.py │ │ │ │ ├── job.py │ │ │ │ └── scheduler.py │ │ │ │ ├── setting.conf │ │ │ │ ├── splunk_cluster.py │ │ │ │ ├── splunk_platform.py │ │ │ │ ├── state_store.py │ │ │ │ ├── timer.py │ │ │ │ └── timer_queue.py │ │ ├── decorator.py │ │ ├── functools32 │ │ │ ├── __init__.py │ │ │ ├── _dummy_thread32.py │ │ │ ├── functools32.py │ │ │ └── reprlib32.py │ │ ├── httplib2 │ │ │ ├── __init__.py │ │ │ ├── cacerts.txt │ │ │ ├── iri2uri.py │ │ │ └── socks.py │ │ ├── jinja2 │ │ │ ├── __init__.py │ │ │ ├── _compat.py │ │ │ ├── _stringdefs.py │ │ │ ├── bccache.py │ │ │ ├── compiler.py │ │ │ ├── constants.py │ │ │ ├── debug.py │ │ │ ├── defaults.py │ │ │ ├── environment.py │ │ │ ├── exceptions.py │ │ │ ├── ext.py │ │ │ ├── filters.py │ │ │ ├── lexer.py │ │ │ ├── loaders.py │ │ │ ├── meta.py │ │ │ ├── nodes.py │ │ │ ├── optimizer.py │ │ │ ├── parser.py │ │ │ ├── runtime.py │ │ │ ├── sandbox.py │ │ │ ├── tests.py │ │ │ ├── utils.py │ │ │ └── visitor.py │ │ ├── jsl │ │ │ ├── __init__.py │ │ │ ├── _compat │ │ │ │ ├── __init__.py │ │ │ │ ├── ordereddict.py │ │ │ │ └── prepareable.py │ │ │ ├── document.py │ │ │ ├── exceptions.py │ │ │ ├── fields │ │ │ │ ├── __init__.py │ │ │ │ ├── base.py │ │ │ │ ├── compound.py │ │ │ │ ├── primitive.py │ │ │ │ └── util.py │ │ │ ├── registry.py │ │ │ ├── resolutionscope.py │ │ │ └── roles.py │ │ ├── jsonpath_rw │ │ │ ├── __init__.py │ │ │ ├── bin │ │ │ │ ├── __init__.py │ │ │ │ └── jsonpath.py │ │ │ ├── jsonpath.py │ │ │ ├── lexer.py │ │ │ └── parser.py │ │ ├── jsonschema │ │ │ ├── __init__.py │ │ │ ├── __main__.py │ │ │ ├── _format.py │ │ │ ├── _reflect.py │ │ │ ├── _utils.py │ │ │ ├── _validators.py │ │ │ ├── _version.py │ │ │ ├── cli.py │ │ │ ├── compat.py │ │ │ ├── exceptions.py │ │ │ ├── schemas │ │ │ │ ├── draft3.json │ │ │ │ └── draft4.json │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── compat.py │ │ │ │ ├── test_cli.py │ │ │ │ ├── test_exceptions.py │ │ │ │ ├── test_format.py │ │ │ │ ├── test_jsonschema_test_suite.py │ │ │ │ └── test_validators.py │ │ │ └── validators.py │ │ ├── logging_helper.py │ │ ├── mako │ │ │ ├── __init__.py │ │ │ ├── _ast_util.py │ │ │ ├── ast.py │ │ │ ├── cache.py │ │ │ ├── cmd.py │ │ │ ├── codegen.py │ │ │ ├── compat.py │ │ │ ├── exceptions.py │ │ │ ├── ext │ │ │ │ ├── __init__.py │ │ │ │ ├── autohandler.py │ │ │ │ ├── babelplugin.py │ │ │ │ ├── beaker_cache.py │ │ │ │ ├── extract.py │ │ │ │ ├── linguaplugin.py │ │ │ │ ├── preprocessors.py │ │ │ │ ├── pygmentplugin.py │ │ │ │ └── turbogears.py │ │ │ ├── filters.py │ │ │ ├── lexer.py │ │ │ ├── lookup.py │ │ │ ├── parsetree.py │ │ │ ├── pygen.py │ │ │ ├── pyparser.py │ │ │ ├── runtime.py │ │ │ ├── template.py │ │ │ └── util.py │ │ ├── markupsafe │ │ │ ├── __init__.py │ │ │ ├── _compat.py │ │ │ ├── _constants.py │ │ │ ├── _native.py │ │ │ ├── _speedups.c │ │ │ └── _speedups.so │ │ ├── modalert_create_alert_entry_in_thehive_helper.py │ │ ├── modinput_wrapper │ │ │ ├── __init__.py │ │ │ └── base_modinput.py │ │ ├── munch │ │ │ ├── __init__.py │ │ │ └── python3_compat.py │ │ ├── ply │ │ │ ├── __init__.py │ │ │ ├── cpp.py │ │ │ ├── ctokens.py │ │ │ ├── lex.py │ │ │ ├── yacc.py │ │ │ └── ygen.py │ │ ├── requests │ │ │ ├── __init__.py │ │ │ ├── _internal_utils.py │ │ │ ├── adapters.py │ │ │ ├── api.py │ │ │ ├── auth.py │ │ │ ├── cacert.pem │ │ │ ├── certs.py │ │ │ ├── compat.py │ │ │ ├── cookies.py │ │ │ ├── exceptions.py │ │ │ ├── hooks.py │ │ │ ├── models.py │ │ │ ├── packages │ │ │ │ ├── __init__.py │ │ │ │ ├── chardet │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── big5freq.py │ │ │ │ │ ├── big5prober.py │ │ │ │ │ ├── chardetect.py │ │ │ │ │ ├── chardistribution.py │ │ │ │ │ ├── charsetgroupprober.py │ │ │ │ │ ├── charsetprober.py │ │ │ │ │ ├── codingstatemachine.py │ │ │ │ │ ├── compat.py │ │ │ │ │ ├── constants.py │ │ │ │ │ ├── cp949prober.py │ │ │ │ │ ├── escprober.py │ │ │ │ │ ├── escsm.py │ │ │ │ │ ├── eucjpprober.py │ │ │ │ │ ├── euckrfreq.py │ │ │ │ │ ├── euckrprober.py │ │ │ │ │ ├── euctwfreq.py │ │ │ │ │ ├── euctwprober.py │ │ │ │ │ ├── gb2312freq.py │ │ │ │ │ ├── gb2312prober.py │ │ │ │ │ ├── hebrewprober.py │ │ │ │ │ ├── jisfreq.py │ │ │ │ │ ├── jpcntx.py │ │ │ │ │ ├── langbulgarianmodel.py │ │ │ │ │ ├── langcyrillicmodel.py │ │ │ │ │ ├── langgreekmodel.py │ │ │ │ │ ├── langhebrewmodel.py │ │ │ │ │ ├── langhungarianmodel.py │ │ │ │ │ ├── langthaimodel.py │ │ │ │ │ ├── latin1prober.py │ │ │ │ │ ├── mbcharsetprober.py │ │ │ │ │ ├── mbcsgroupprober.py │ │ │ │ │ ├── mbcssm.py │ │ │ │ │ ├── sbcharsetprober.py │ │ │ │ │ ├── sbcsgroupprober.py │ │ │ │ │ ├── sjisprober.py │ │ │ │ │ ├── universaldetector.py │ │ │ │ │ └── utf8prober.py │ │ │ │ ├── idna │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── codec.py │ │ │ │ │ ├── compat.py │ │ │ │ │ ├── core.py │ │ │ │ │ ├── idnadata.py │ │ │ │ │ ├── intranges.py │ │ │ │ │ └── uts46data.py │ │ │ │ └── urllib3 │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── _collections.py │ │ │ │ │ ├── connection.py │ │ │ │ │ ├── connectionpool.py │ │ │ │ │ ├── contrib │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── appengine.py │ │ │ │ │ ├── ntlmpool.py │ │ │ │ │ ├── pyopenssl.py │ │ │ │ │ └── socks.py │ │ │ │ │ ├── exceptions.py │ │ │ │ │ ├── fields.py │ │ │ │ │ ├── filepost.py │ │ │ │ │ ├── packages │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── backports │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── makefile.py │ │ │ │ │ ├── ordered_dict.py │ │ │ │ │ ├── six.py │ │ │ │ │ └── ssl_match_hostname │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── _implementation.py │ │ │ │ │ ├── poolmanager.py │ │ │ │ │ ├── request.py │ │ │ │ │ ├── response.py │ │ │ │ │ └── util │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── connection.py │ │ │ │ │ ├── request.py │ │ │ │ │ ├── response.py │ │ │ │ │ ├── retry.py │ │ │ │ │ ├── ssl_.py │ │ │ │ │ ├── timeout.py │ │ │ │ │ └── url.py │ │ │ ├── sessions.py │ │ │ ├── status_codes.py │ │ │ ├── structures.py │ │ │ └── utils.py │ │ ├── six.py │ │ ├── socks.py │ │ ├── sockshandler.py │ │ ├── solnlib │ │ │ ├── __init__.py │ │ │ ├── acl.py │ │ │ ├── api_documenter.py │ │ │ ├── compression.py │ │ │ ├── conf_manager.py │ │ │ ├── credentials.py │ │ │ ├── file_monitor.py │ │ │ ├── hec_config.py │ │ │ ├── ip_math.py │ │ │ ├── log.py │ │ │ ├── metadata.py │ │ │ ├── modular_input │ │ │ │ ├── __init__.py │ │ │ │ ├── checkpointer.py │ │ │ │ ├── event.py │ │ │ │ ├── event_writer.py │ │ │ │ └── modular_input.py │ │ │ ├── net_utils.py │ │ │ ├── orphan_process_monitor.py │ │ │ ├── packages │ │ │ │ ├── __init__.py │ │ │ │ ├── requests │ │ │ │ │ ├── LICENSE │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── adapters.py │ │ │ │ │ ├── api.py │ │ │ │ │ ├── auth.py │ │ │ │ │ ├── certs.py │ │ │ │ │ ├── compat.py │ │ │ │ │ ├── cookies.py │ │ │ │ │ ├── exceptions.py │ │ │ │ │ ├── hooks.py │ │ │ │ │ ├── models.py │ │ │ │ │ ├── packages │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── chardet │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── big5freq.py │ │ │ │ │ │ │ ├── big5prober.py │ │ │ │ │ │ │ ├── chardetect.py │ │ │ │ │ │ │ ├── chardistribution.py │ │ │ │ │ │ │ ├── charsetgroupprober.py │ │ │ │ │ │ │ ├── charsetprober.py │ │ │ │ │ │ │ ├── codingstatemachine.py │ │ │ │ │ │ │ ├── compat.py │ │ │ │ │ │ │ ├── constants.py │ │ │ │ │ │ │ ├── cp949prober.py │ │ │ │ │ │ │ ├── escprober.py │ │ │ │ │ │ │ ├── escsm.py │ │ │ │ │ │ │ ├── eucjpprober.py │ │ │ │ │ │ │ ├── euckrfreq.py │ │ │ │ │ │ │ ├── euckrprober.py │ │ │ │ │ │ │ ├── euctwfreq.py │ │ │ │ │ │ │ ├── euctwprober.py │ │ │ │ │ │ │ ├── gb2312freq.py │ │ │ │ │ │ │ ├── gb2312prober.py │ │ │ │ │ │ │ ├── hebrewprober.py │ │ │ │ │ │ │ ├── jisfreq.py │ │ │ │ │ │ │ ├── jpcntx.py │ │ │ │ │ │ │ ├── langbulgarianmodel.py │ │ │ │ │ │ │ ├── langcyrillicmodel.py │ │ │ │ │ │ │ ├── langgreekmodel.py │ │ │ │ │ │ │ ├── langhebrewmodel.py │ │ │ │ │ │ │ ├── langhungarianmodel.py │ │ │ │ │ │ │ ├── langthaimodel.py │ │ │ │ │ │ │ ├── latin1prober.py │ │ │ │ │ │ │ ├── mbcharsetprober.py │ │ │ │ │ │ │ ├── mbcsgroupprober.py │ │ │ │ │ │ │ ├── mbcssm.py │ │ │ │ │ │ │ ├── sbcharsetprober.py │ │ │ │ │ │ │ ├── sbcsgroupprober.py │ │ │ │ │ │ │ ├── sjisprober.py │ │ │ │ │ │ │ ├── universaldetector.py │ │ │ │ │ │ │ └── utf8prober.py │ │ │ │ │ │ └── urllib3 │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── _collections.py │ │ │ │ │ │ │ ├── connection.py │ │ │ │ │ │ │ ├── connectionpool.py │ │ │ │ │ │ │ ├── contrib │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── appengine.py │ │ │ │ │ │ │ ├── ntlmpool.py │ │ │ │ │ │ │ └── pyopenssl.py │ │ │ │ │ │ │ ├── exceptions.py │ │ │ │ │ │ │ ├── fields.py │ │ │ │ │ │ │ ├── filepost.py │ │ │ │ │ │ │ ├── packages │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── ordered_dict.py │ │ │ │ │ │ │ ├── six.py │ │ │ │ │ │ │ └── ssl_match_hostname │ │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ │ └── _implementation.py │ │ │ │ │ │ │ ├── poolmanager.py │ │ │ │ │ │ │ ├── request.py │ │ │ │ │ │ │ ├── response.py │ │ │ │ │ │ │ └── util │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── connection.py │ │ │ │ │ │ │ ├── request.py │ │ │ │ │ │ │ ├── response.py │ │ │ │ │ │ │ ├── retry.py │ │ │ │ │ │ │ ├── ssl_.py │ │ │ │ │ │ │ ├── timeout.py │ │ │ │ │ │ │ └── url.py │ │ │ │ │ ├── sessions.py │ │ │ │ │ ├── status_codes.py │ │ │ │ │ ├── structures.py │ │ │ │ │ └── utils.py │ │ │ │ ├── schematics │ │ │ │ │ ├── LICENSE │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── common.py │ │ │ │ │ ├── compat.py │ │ │ │ │ ├── contrib │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── mongo.py │ │ │ │ │ ├── datastructures.py │ │ │ │ │ ├── exceptions.py │ │ │ │ │ ├── models.py │ │ │ │ │ ├── transforms.py │ │ │ │ │ ├── types │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── base.py │ │ │ │ │ │ ├── compound.py │ │ │ │ │ │ ├── net.py │ │ │ │ │ │ ├── serializable.py │ │ │ │ │ │ └── union.py │ │ │ │ │ ├── undefined.py │ │ │ │ │ ├── util.py │ │ │ │ │ └── validate.py │ │ │ │ ├── simpleyaml │ │ │ │ │ ├── LICENSE │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── composer.py │ │ │ │ │ ├── constructor.py │ │ │ │ │ ├── cyaml.py │ │ │ │ │ ├── dumper.py │ │ │ │ │ ├── emitter.py │ │ │ │ │ ├── error.py │ │ │ │ │ ├── events.py │ │ │ │ │ ├── loader.py │ │ │ │ │ ├── nodes.py │ │ │ │ │ ├── parser.py │ │ │ │ │ ├── reader.py │ │ │ │ │ ├── representer.py │ │ │ │ │ ├── resolver.py │ │ │ │ │ ├── scanner.py │ │ │ │ │ ├── serializer.py │ │ │ │ │ └── tokens.py │ │ │ │ ├── sortedcontainers │ │ │ │ │ ├── LICENSE │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── sorteddict.py │ │ │ │ │ ├── sortedlist.py │ │ │ │ │ └── sortedset.py │ │ │ │ └── splunklib │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── binding.py │ │ │ │ │ ├── client.py │ │ │ │ │ ├── data.py │ │ │ │ │ ├── modularinput │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── argument.py │ │ │ │ │ ├── event.py │ │ │ │ │ ├── event_writer.py │ │ │ │ │ ├── input_definition.py │ │ │ │ │ ├── scheme.py │ │ │ │ │ ├── script.py │ │ │ │ │ ├── utils.py │ │ │ │ │ └── validation_definition.py │ │ │ │ │ ├── ordereddict.py │ │ │ │ │ ├── results.py │ │ │ │ │ └── searchcommands │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── decorators.py │ │ │ │ │ ├── environment.py │ │ │ │ │ ├── eventing_command.py │ │ │ │ │ ├── external_search_command.py │ │ │ │ │ ├── generating_command.py │ │ │ │ │ ├── internals.py │ │ │ │ │ ├── reporting_command.py │ │ │ │ │ ├── search_command.py │ │ │ │ │ ├── streaming_command.py │ │ │ │ │ └── validators.py │ │ │ ├── pattern.py │ │ │ ├── server_info.py │ │ │ ├── splunk_rest_client.py │ │ │ ├── splunkenv.py │ │ │ ├── time_parser.py │ │ │ ├── timer_queue.py │ │ │ ├── user_access.py │ │ │ └── utils.py │ │ ├── sortedcontainers │ │ │ ├── __init__.py │ │ │ ├── sorteddict.py │ │ │ ├── sortedlist.py │ │ │ └── sortedset.py │ │ ├── splunk_aoblib │ │ │ ├── __init__.py │ │ │ ├── rest_helper.py │ │ │ ├── rest_migration.py │ │ │ ├── setup_util.py │ │ │ └── utility.py │ │ ├── splunklib │ │ │ ├── __init__.py │ │ │ ├── binding.py │ │ │ ├── client.py │ │ │ ├── data.py │ │ │ ├── modularinput │ │ │ │ ├── __init__.py │ │ │ │ ├── argument.py │ │ │ │ ├── event.py │ │ │ │ ├── event_writer.py │ │ │ │ ├── input_definition.py │ │ │ │ ├── scheme.py │ │ │ │ ├── script.py │ │ │ │ ├── utils.py │ │ │ │ └── validation_definition.py │ │ │ ├── ordereddict.py │ │ │ ├── results.py │ │ │ └── searchcommands │ │ │ │ ├── __init__.py │ │ │ │ ├── decorators.py │ │ │ │ ├── environment.py │ │ │ │ ├── eventing_command.py │ │ │ │ ├── external_search_command.py │ │ │ │ ├── generating_command.py │ │ │ │ ├── internals.py │ │ │ │ ├── reporting_command.py │ │ │ │ ├── search_command.py │ │ │ │ ├── streaming_command.py │ │ │ │ └── validators.py │ │ └── splunktaucclib │ │ │ ├── __init__.py │ │ │ ├── global_config │ │ │ ├── __init__.py │ │ │ ├── configuration.py │ │ │ └── schema.py │ │ │ └── rest_handler │ │ │ ├── __init__.py │ │ │ ├── admin_external.py │ │ │ ├── credentials.py │ │ │ ├── eai.py │ │ │ ├── endpoint │ │ │ ├── __init__.py │ │ │ ├── converter.py │ │ │ ├── field.py │ │ │ └── validator.py │ │ │ ├── entity.py │ │ │ ├── error.py │ │ │ ├── handler.py │ │ │ ├── schema.py │ │ │ └── util.py │ └── ta_thehive_create_alert_declare.py ├── default │ ├── addon_builder.conf │ ├── alert_actions.conf │ ├── app.conf │ ├── data │ │ └── ui │ │ │ ├── alerts │ │ │ └── create_alert_entry_in_thehive.html │ │ │ ├── nav │ │ │ └── default.xml │ │ │ └── views │ │ │ ├── configuration.xml │ │ │ └── inputs.xml │ ├── inputs.conf │ ├── props.conf │ ├── restmap.conf │ ├── ta_thehive_create_alert_settings.conf │ └── web.conf ├── metadata │ └── default.meta └── static │ ├── appIcon.png │ ├── appIconAlt.png │ ├── appIconAlt_2x.png │ └── appIcon_2x.png └── docs └── thehivealerts.md /README.md: -------------------------------------------------------------------------------- 1 | # TA-thehive 2 | This add-on was designed to add alert action on Splunk to create alerts in [The Hive](https://thehive-project.org/) 3 | Please use [TA-thehive-CE](https://splunkbase.splunk.com/app/4819/) or the [repo](https://github.com/remg427/TA-thehive-ce) 4 | 5 | This version is no longer supported and does not work with python3 6 | -------------------------------------------------------------------------------- /TA-thehive.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive.tar.gz -------------------------------------------------------------------------------- /TA-thehive/README.txt: -------------------------------------------------------------------------------- 1 | This is an add-on powered by the Splunk Add-on Builder. 2 | It is designed to add alert action on Splunk to create alerts in [The Hive](https://thehive-project.org/) 3 | 4 | # Installation 5 | This app is designed to run on Splunk Search Head(s) on Linux plateforms 6 | 1. Download TA-thehive.tar.gz 7 | 2. Install the app on your Splunk Search Head(s): "Manage Apps" -> "Install app from file" 8 | 3. Restart Splunk (for later updates, you may skip this step) 9 | 4. At next logon, launch the app (Manage Apps > TA-thehive > launch app) 10 | 5. create at least one input for example "default_th". Please note that mandatory fields "intervals" and "index" are not used. Just put a valid value in those ones. 11 | - provide a name 12 | - for intervals you may put 8640000 (100 days) or any other value 13 | - provide the url to your TH instance, ( /api/alert will be added to it to reach the endpoint) 14 | - provide the authkey, 15 | - check (or not) the certificate of the TheHive server, 16 | - use (or not) the proxy for this instance, 17 | - provide client certificate if required (and check the box to use it) 18 | 6. Parameters are saved under TA-thehive/local/inputs.conf 19 | 7. Important: Role(s)/user(s) using this app must have the capability to "list_storage_passwords" (as API KEYs and proxy password(s) are safely stored encrypted ) 20 | 8. In addition, a CSV file is saved under **lookups/thehive_datatypes_v2.csv**. It contains a mapping between field names and datatypes 21 | - standard datatypes are included at first configuration of the app 22 | - then you can defined additional field (from datamodel) mapping to datatype e.g. on Splunk field _src_ (from datamodel Web) can be mapped to datatype _ip_, _dest_ to _domain_ etc. (in versions 1.x, filed name had to match datatypes) 23 | 9. This lookup can be edited to add custom datatypes in the same way. -------------------------------------------------------------------------------- /TA-thehive/README/addon_builder.conf.spec: -------------------------------------------------------------------------------- 1 | [base] 2 | builder_version = 3 | builder_build = 4 | is_edited = 5 | -------------------------------------------------------------------------------- /TA-thehive/README/alert_actions.conf.spec: -------------------------------------------------------------------------------- 1 | 2 | [create_alert_entry_in_thehive] 3 | param.th_tags = Tags. 4 | param.th_severity = Severity. It's a required parameter. It's default value is 3. 5 | param.th_unique_id = unique_id. 6 | param._cam = Active response parameters. 7 | param.th_title = Title. It's default value is $name$. 8 | param.th_description = Description. 9 | param.th_case_template = Case Template. 10 | param.th_pap = PAP:. It's a required parameter. It's default value is 2. 11 | param.th_source = Source. It's default value is splunk. 12 | param.th_type = Type. It's default value is alert. 13 | param.th_tlp = TLP:. It's a required parameter. It's default value is 2. 14 | param.th_instance = TheHive instance. It's a required parameter. 15 | 16 | -------------------------------------------------------------------------------- /TA-thehive/README/inputs.conf.spec: -------------------------------------------------------------------------------- 1 | [connector_to_thehive_instance://] 2 | thehive_url = provide the base URL of your TheHive instance 3 | thehive_key = API auth key - You should create an account with only the role create alerts 4 | thehive_verifycert = Check SSL certificate of TheHive server 5 | thehive_use_proxy = If a proxy is used for this instance, please configure the proxy in configuration pane. 6 | client_use_cert = Use a client certificate to authenticate on default instance 7 | client_cert_full_path = Provide full path to a client certificate as a single file (containing the private key and the certificate) -------------------------------------------------------------------------------- /TA-thehive/README/ta_thehive_create_alert_settings.conf.spec: -------------------------------------------------------------------------------- 1 | [proxy] 2 | proxy_enabled = 3 | proxy_type = 4 | proxy_url = 5 | proxy_port = 6 | proxy_username = 7 | proxy_password = 8 | proxy_rdns = 9 | 10 | [logging] 11 | loglevel = -------------------------------------------------------------------------------- /TA-thehive/app.manifest: -------------------------------------------------------------------------------- 1 | { 2 | "schemaVersion": "1.0.0", 3 | "info": { 4 | "title": "thehive_create_alert", 5 | "id": { 6 | "group": null, 7 | "name": "TA-thehive", 8 | "version": "2.0.1" 9 | }, 10 | "author": [ 11 | { 12 | "name": "Remi SEGUY", 13 | "email": "remg427@gmail.com", 14 | "company": null 15 | } 16 | ], 17 | "releaseDate": "2019-09-28", 18 | "description": "This add-on is designed to add alert action on Splunk to create alerts in The Hive", 19 | "classification": { 20 | "intendedAudience": null, 21 | "categories": [], 22 | "developmentStatus": null 23 | }, 24 | "commonInformationModels": null, 25 | "license": { 26 | "name": null, 27 | "text": null, 28 | "uri": null 29 | }, 30 | "privacyPolicy": { 31 | "name": null, 32 | "text": null, 33 | "uri": null 34 | }, 35 | "releaseNotes": { 36 | "name": null, 37 | "text": null, 38 | "uri": null 39 | } 40 | }, 41 | "dependencies": { 42 | }, 43 | "tasks": [], 44 | "inputGroups": { 45 | }, 46 | "incompatibleApps": { 47 | }, 48 | "platformRequirements": { 49 | "splunk": { 50 | "Enterprise": "*" 51 | } 52 | } 53 | } -------------------------------------------------------------------------------- /TA-thehive/appserver/static/alert_create_alert_entry_in_thehive.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/appserver/static/alert_create_alert_entry_in_thehive.png -------------------------------------------------------------------------------- /TA-thehive/appserver/static/alerticon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/appserver/static/alerticon.png -------------------------------------------------------------------------------- /TA-thehive/appserver/static/css/configuration.css: -------------------------------------------------------------------------------- 1 | body { 2 | background-color: #fff; 3 | } 4 | 5 | .tab-content { 6 | overflow: visible !important; 7 | } 8 | 9 | /*Navigation tab shadow*/ 10 | .nav-tabs > li > a:focus { 11 | box-shadow: none; 12 | } 13 | 14 | .addonContainer .nav-tabs > .active { 15 | border-bottom: none; 16 | } 17 | 18 | a:focus { 19 | box-shadow: none; 20 | } 21 | 22 | /*Leave space for error message display*/ 23 | .nav-tabs { 24 | height: auto; 25 | margin-bottom: 0px; 26 | } 27 | 28 | .table-caption { 29 | margin-top: 16px; 30 | } 31 | 32 | /*Prevent scroll in form*/ 33 | .tab-content .modal-body { 34 | height: auto; 35 | max-height: none; 36 | } 37 | -------------------------------------------------------------------------------- /TA-thehive/appserver/static/css/inputs.css: -------------------------------------------------------------------------------- 1 | /*Horizon line*/ 2 | .addonContainer hr { 3 | margin: 0px; 4 | border-bottom: none; 5 | border-top: 1px solid #ccc; 6 | } 7 | 8 | /*Input type filter*/ 9 | .type-filter { 10 | float: left; 11 | margin-top: 10px; 12 | } 13 | 14 | .list-dotted dd { 15 | min-height: 20px; 16 | } 17 | -------------------------------------------------------------------------------- /TA-thehive/appserver/static/img/loading-24.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/appserver/static/img/loading-24.gif -------------------------------------------------------------------------------- /TA-thehive/appserver/static/img/loading.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/appserver/static/img/loading.gif -------------------------------------------------------------------------------- /TA-thehive/bin/create_alert_entry_in_thehive.py: -------------------------------------------------------------------------------- 1 | 2 | # encoding = utf-8 3 | # Always put this line at the beginning of this file 4 | import ta_thehive_create_alert_declare 5 | 6 | import os 7 | import sys 8 | 9 | from alert_actions_base import ModularAlertBase 10 | import modalert_create_alert_entry_in_thehive_helper 11 | 12 | class AlertActionWorkercreate_alert_entry_in_thehive(ModularAlertBase): 13 | 14 | def __init__(self, ta_name, alert_name): 15 | super(AlertActionWorkercreate_alert_entry_in_thehive, self).__init__(ta_name, alert_name) 16 | 17 | def validate_params(self): 18 | 19 | if not self.get_param("th_instance"): 20 | self.log_error('th_instance is a mandatory parameter, but its value is None.') 21 | return False 22 | 23 | if not self.get_param("th_severity"): 24 | self.log_error('th_severity is a mandatory parameter, but its value is None.') 25 | return False 26 | 27 | if not self.get_param("th_tlp"): 28 | self.log_error('th_tlp is a mandatory parameter, but its value is None.') 29 | return False 30 | 31 | if not self.get_param("th_pap"): 32 | self.log_error('th_pap is a mandatory parameter, but its value is None.') 33 | return False 34 | return True 35 | 36 | def process_event(self, *args, **kwargs): 37 | status = 0 38 | try: 39 | if not self.validate_params(): 40 | return 3 41 | status = modalert_create_alert_entry_in_thehive_helper.process_event(self, *args, **kwargs) 42 | except (AttributeError, TypeError) as ae: 43 | self.log_error("Error: {}. Please double check spelling and also verify that a compatible version of Splunk_SA_CIM is installed.".format(ae.message)) 44 | return 4 45 | except Exception as e: 46 | msg = "Unexpected error: {}." 47 | if e.message: 48 | self.log_error(msg.format(e.message)) 49 | else: 50 | import traceback 51 | self.log_error(msg.format(traceback.format_exc())) 52 | return 5 53 | return status 54 | 55 | if __name__ == "__main__": 56 | exitcode = AlertActionWorkercreate_alert_entry_in_thehive("TA-thehive", "create_alert_entry_in_thehive").run(sys.argv) 57 | sys.exit(exitcode) 58 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | APP Cloud Connect 3 | """ 4 | import os 5 | 6 | from .common.lib_util import register_cacert_locater 7 | 8 | register_cacert_locater(os.path.join(os.path.dirname(__file__), 'core', 'cacerts')) 9 | 10 | __version__ = '1.0.2.dev104' 11 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/common/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/common/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/common/lib_util.py: -------------------------------------------------------------------------------- 1 | import os 2 | import os.path as op 3 | import platform 4 | import sys 5 | 6 | import __main__ 7 | 8 | from ..splunktacollectorlib.common import log as stulog 9 | 10 | 11 | def get_main_file(): 12 | """Return the running mod input file""" 13 | return __main__.__file__ 14 | 15 | 16 | def get_app_root_dir(): 17 | """Return the root dir of app""" 18 | return op.dirname(op.dirname(op.abspath(get_main_file()))) 19 | 20 | 21 | def get_mod_input_script_name(): 22 | """Return the name of running mod input""" 23 | script_name = os.path.basename(get_main_file()) 24 | if script_name.lower().endswith('.py'): 25 | script_name = script_name[:-3] 26 | return script_name 27 | 28 | 29 | def register_module(new_path): 30 | """ register_module(new_path): adds a directory to sys.path. 31 | Do nothing if it does not exist or if it's already in sys.path. 32 | """ 33 | if not os.path.exists(new_path): 34 | return 35 | 36 | new_path = os.path.abspath(new_path) 37 | if platform.system() == 'Windows': 38 | new_path = new_path.lower() 39 | for x in sys.path: 40 | x = os.path.abspath(x) 41 | if platform.system() == 'Windows': 42 | x = x.lower() 43 | if new_path in (x, x + os.sep): 44 | return 45 | sys.path.insert(0, new_path) 46 | 47 | 48 | def register_cacert_locater(cacerts_locater_path): 49 | for x in sys.modules: 50 | if (x == "httplib2" or x.endswith(".httplib2")) and sys.modules[x] \ 51 | is not None: 52 | stulog.logger.warning("Httplib2 module '{}' is already installed. " 53 | "The ca_certs_locater may not work".format(x)) 54 | register_module(cacerts_locater_path) 55 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/common/log.py: -------------------------------------------------------------------------------- 1 | import logging 2 | 3 | from solnlib.pattern import Singleton 4 | from ..splunktacollectorlib.common import log as stulog 5 | 6 | 7 | class CloudClientLogAdapter(logging.LoggerAdapter): 8 | __metaclass__ = Singleton 9 | 10 | def __init__(self, logger=None, extra=None, prefix=""): 11 | super(CloudClientLogAdapter, self).__init__(logger, extra) 12 | self.cc_prefix = prefix if prefix else "" 13 | 14 | def process(self, msg, kwargs): 15 | msg = "{} {}".format(self.cc_prefix, msg) 16 | return super(CloudClientLogAdapter, self).process(msg, kwargs) 17 | 18 | def set_level(self, val): 19 | self.logger.setLevel(val) 20 | 21 | 22 | _adapter = CloudClientLogAdapter(stulog.logger) 23 | 24 | 25 | def set_cc_logger(logger, logger_prefix=''): 26 | global _adapter 27 | _adapter.logger = logger 28 | _adapter.cc_prefix = logger_prefix or '' 29 | 30 | 31 | def get_cc_logger(): 32 | return _adapter 33 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/common/util.py: -------------------------------------------------------------------------------- 1 | import json 2 | from ..splunktalib.common import util 3 | from solnlib.modular_input.event import XMLEvent 4 | 5 | 6 | def is_valid_bool(val): 7 | """Check whether a string can be convert to bool. 8 | :param val: value as string. 9 | :return: `True` if value can be convert to bool else `False`. 10 | """ 11 | return util.is_true(val) or util.is_false(val) 12 | 13 | 14 | def is_true(val): 15 | return util.is_true(val) 16 | 17 | 18 | def is_valid_port(port): 19 | """Check whether a port is valid. 20 | :param port: port to check. 21 | :return: `True` if port is valid else `False`. 22 | """ 23 | try: 24 | return 1 <= int(port) <= 65535 25 | except ValueError: 26 | return False 27 | 28 | 29 | def load_json_file(file_path): 30 | """ 31 | Load a dict from a JSON file. 32 | :param file_path: JSON file path. 33 | :return: A `dict` object. 34 | """ 35 | with open(file_path, 'r') as file_pointer: 36 | return json.load(file_pointer) 37 | 38 | 39 | def format_events(raw_events, time=None, 40 | index=None, host=None, source=None, sourcetype=None, 41 | stanza=None, unbroken=False, done=False): 42 | return XMLEvent.format_events(XMLEvent(data, time=time, 43 | index=index, host=host, 44 | source=source, 45 | sourcetype=sourcetype, 46 | stanza=stanza, unbroken=unbroken, 47 | done=done) for data in 48 | raw_events) 49 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/configuration/__init__.py: -------------------------------------------------------------------------------- 1 | from .loader import get_loader_by_version 2 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/core/__init__.py: -------------------------------------------------------------------------------- 1 | from .engine import CloudConnectEngine 2 | from .exceptions import ConfigException, HTTPError 3 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/core/defaults.py: -------------------------------------------------------------------------------- 1 | """Default config for cloud connect""" 2 | 3 | timeout = 120 # request timeout is two minutes 4 | 5 | disable_ssl_cert_validation = False # default enable SSL validation 6 | 7 | success_statuses = (200, 201) # statuses be treated as success. 8 | 9 | # response status which need to retry. 10 | retry_statuses = (429, 500, 501, 502, 503, 504, 505, 506, 507, 11 | 509, 510, 511) 12 | 13 | # response status which need print a warning log. 14 | warning_statuses = (203, 204, 205, 206, 207, 208, 226, 15 | 300, 301, 302, 303, 304, 305, 306, 307, 308) 16 | retries = 3 # Default maximum retry times. 17 | 18 | max_iteration_count = 100 # maximum iteration loop count 19 | 20 | charset = 'utf-8' # Default response charset if not found in response header 21 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/core/exceptions.py: -------------------------------------------------------------------------------- 1 | """APP Cloud Connect errors""" 2 | 3 | 4 | class ConfigException(Exception): 5 | """Config exception""" 6 | pass 7 | 8 | 9 | class FuncException(Exception): 10 | """Ext function call exception""" 11 | pass 12 | 13 | 14 | class HTTPError(Exception): 15 | """ HTTPError raised when HTTP request returned a error.""" 16 | 17 | def __init__(self, reason=None): 18 | """ 19 | Initialize HTTPError with `response` object and `status`. 20 | """ 21 | self.reason = reason 22 | super(HTTPError, self).__init__(reason) 23 | 24 | 25 | class StopCCEIteration(Exception): 26 | """Exception to exit from the engine iteration.""" 27 | pass 28 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/core/pipemgr.py: -------------------------------------------------------------------------------- 1 | from solnlib.pattern import Singleton 2 | 3 | 4 | class PipeManager(object): 5 | __metaclass__ = Singleton 6 | 7 | def __init__(self, event_writer=None): 8 | self._event_writer = event_writer 9 | 10 | def write_events(self, events): 11 | if not self._event_writer: 12 | print events 13 | return True 14 | return self._event_writer.write_events(events) 15 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/core/template.py: -------------------------------------------------------------------------------- 1 | from jinja2 import Template 2 | import re 3 | 4 | # This pattern matches the template with only one token inside like "{{ 5 | # token1}}", "{{ token2 }" 6 | PATTERN = re.compile(r"^\{\{\s*(\w+)\s*\}\}$") 7 | 8 | 9 | def compile_template(template): 10 | _origin_template = template 11 | _template = Template(template) 12 | 13 | def translate_internal(context): 14 | match = re.match(PATTERN, _origin_template) 15 | if match: 16 | context_var = context.get(match.groups()[0]) 17 | return context_var if context_var else '' 18 | return _template.render(context) 19 | 20 | return translate_internal 21 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktacollectorlib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktacollectorlib/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktacollectorlib/common/__init__.py: -------------------------------------------------------------------------------- 1 | import json 2 | import hashlib 3 | 4 | 5 | def load_schema_file(schema_file): 6 | """ 7 | Load schema file. 8 | """ 9 | 10 | with open(schema_file) as f: 11 | ret = json.load(f) 12 | 13 | common = ret.get("_common_", dict()) 14 | if common: 15 | for k, v in ret.items(): 16 | if k == "_common_" or not isinstance(v, dict): 17 | continue 18 | # merge common into other values 19 | for _k, _v in common.items(): 20 | if _k not in v: 21 | v[_k] = _v 22 | ret[k] = v 23 | 24 | return ret 25 | 26 | 27 | def md5_of_dict(data): 28 | """ 29 | MD5 of dict data. 30 | """ 31 | 32 | md5 = hashlib.sha256() 33 | if isinstance(data, dict): 34 | for key in sorted(data.keys()): 35 | md5.update(repr(key)) 36 | md5.update(md5_of_dict(data[key])) 37 | elif isinstance(data, list): 38 | for item in sorted(data): 39 | md5.update(md5_of_dict(item)) 40 | else: 41 | md5.update(repr(data)) 42 | 43 | return md5.hexdigest() 44 | 45 | 46 | class UCCException(Exception): 47 | """ 48 | Dispatch engine exception. 49 | """ 50 | 51 | pass 52 | 53 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktacollectorlib/common/log.py: -------------------------------------------------------------------------------- 1 | import logging 2 | from ...splunktalib.common import log as stclog 3 | 4 | 5 | def set_log_level(log_level): 6 | """ 7 | Set log level. 8 | """ 9 | 10 | if isinstance(log_level, basestring): 11 | if log_level.upper() == "DEBUG": 12 | stclog.Logs().set_level(logging.DEBUG) 13 | elif log_level.upper() == "INFO": 14 | stclog.Logs().set_level(logging.INFO) 15 | elif log_level.upper() == "WARN": 16 | stclog.Logs().set_level(logging.WARN) 17 | elif log_level.upper() == "ERROR": 18 | stclog.Logs().set_level(logging.ERROR) 19 | elif log_level.upper() == "WARNING": 20 | stclog.Logs().set_level(logging.WARNING) 21 | elif log_level.upper() == "CRITICAL": 22 | stclog.Logs().set_level(logging.CRITICAL) 23 | else: 24 | stclog.Logs().set_level(logging.INFO) 25 | elif isinstance(log_level, int): 26 | if log_level in [logging.DEBUG, logging.INFO, logging.ERROR, 27 | logging.WARN, logging.WARNING, logging.CRITICAL]: 28 | stclog.Logs().set_level(log_level) 29 | else: 30 | stclog.Logs().set_level(logging.INFO) 31 | else: 32 | stclog.Logs().set_level(logging.INFO) 33 | 34 | 35 | # Global logger 36 | logger = stclog.Logs().get_logger("cloud_connect_engine") 37 | 38 | 39 | def reset_logger(name): 40 | """ 41 | Reset logger. 42 | """ 43 | 44 | stclog.reset_logger(name) 45 | 46 | global logger 47 | logger = stclog.Logs().get_logger(name) 48 | 49 | 50 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktacollectorlib/common/rwlock.py: -------------------------------------------------------------------------------- 1 | """ 2 | This module provides Read-Write lock. 3 | """ 4 | 5 | import threading 6 | 7 | 8 | class _ReadLocker(object): 9 | def __init__(self, lock): 10 | self.lock = lock 11 | 12 | def __enter__(self): 13 | self.lock.acquire_read() 14 | 15 | def __exit__(self, exc_type, exc_val, exc_tb): 16 | self.lock.release_read() 17 | return False 18 | 19 | 20 | class _WriteLocker(object): 21 | def __init__(self, lock): 22 | self.lock = lock 23 | 24 | def __enter__(self): 25 | self.lock.acquire_write() 26 | 27 | def __exit__(self, exc_type, exc_val, exc_tb): 28 | self.lock.release_write() 29 | return False 30 | 31 | 32 | class RWLock(object): 33 | """ Simple Read-Write lock. 34 | 35 | Allow multiple read but only one writing concurrently. 36 | """ 37 | 38 | def __init__(self): 39 | self._condition = threading.Condition(threading.Lock()) 40 | self._readers = 0 41 | 42 | def acquire_read(self): 43 | self._condition.acquire() 44 | self._readers += 1 45 | self._condition.release() 46 | 47 | def release_read(self): 48 | self._condition.acquire() 49 | try: 50 | self._readers -= 1 51 | if not self._readers: 52 | self._condition.notifyAll() 53 | finally: 54 | self._condition.release() 55 | 56 | def acquire_write(self): 57 | self._condition.acquire() 58 | while self._readers > 0: 59 | self._condition.wait() 60 | 61 | def release_write(self): 62 | self._condition.release() 63 | 64 | @property 65 | def reader_lock(self): 66 | return _ReadLocker(self) 67 | 68 | @property 69 | def writer_lock(self): 70 | return _WriteLocker(self) 71 | 72 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktacollectorlib/common/schema_meta.py: -------------------------------------------------------------------------------- 1 | 2 | FIELD_PRODUCT = '_product' 3 | FIELD_REST_NAMESPACE = '_rest_namespace' 4 | FIELD_REST_PREFIX = '_rest_prefix' 5 | FIELD_PROTOCOL_VERSION = '_protocol_version' 6 | FIELD_VERSION = '_version' 7 | FIELD_ENCRYPTION_FORMATTER = '_encryption_formatter' 8 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktacollectorlib/data_collection/__init__.py: -------------------------------------------------------------------------------- 1 | __version__ = "1.0.2" -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktacollectorlib/data_collection/ta_consts.py: -------------------------------------------------------------------------------- 1 | server_uri = "server_uri" 2 | session_key = "session_key" 3 | version = "version" 4 | appname = "appname" 5 | event_writer = "event_writer" 6 | index = "index" 7 | default_index = "default" 8 | source = "source" 9 | sourcetype = "sourcetype" 10 | data_loader = "data_loader" 11 | 12 | meta_configs = "meta_configs" 13 | disabled = "disabled" 14 | resource = "resource" 15 | events = "events" 16 | scope = "scope" 17 | checkpoint_dir = "checkpoint_dir" 18 | 19 | ckpt_dict = "ckpt_dict" 20 | inputs = "inputs" 21 | input_name = "input_name" 22 | input_data = "input_data" 23 | interval = "interval" 24 | data = "data" 25 | batch_size = 'batch_size' 26 | time_fmt = "%Y-%m-%dT%H:%M:%S" 27 | utc_time_fmt = "%Y-%m-%dT%H:%M:%S.%fZ" 28 | 29 | # system setting keys 30 | checkpoint_storage_type = "builtin_system_checkpoint_storage_type" 31 | 32 | # Possible values for checkpoint storage type 33 | checkpoint_auto = 'auto' 34 | checkpoint_kv_storage = 'kv_store' 35 | checkpoint_file = 'file' 36 | 37 | # For cache file 38 | use_cache_file = "builtin_system_use_cache_file" 39 | max_cache_seconds = "builtin_system_max_cache_seconds" 40 | # For kv store 41 | collection_name = "builtin_system_kvstore_collection_name" 42 | 43 | settings = "__settings__" 44 | configs = "__configs__" 45 | 46 | name = "name" 47 | config = "config" 48 | division = "division" 49 | stanza_name = "stanza_name" 50 | divide_key = "_divide_key" 51 | divide_endpoint = "_divide_endpoint" 52 | mod_input_name = "mod_input_name" 53 | global_settings = "global_settings" 54 | all_configs = "all_configs" 55 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktacollectorlib/splunk_ta_import_declare.py: -------------------------------------------------------------------------------- 1 | """ 2 | This module is used to filter and reload PATH. 3 | """ 4 | 5 | import os 6 | import sys 7 | import re 8 | 9 | ta_name = os.path.basename(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) 10 | ta_lib_name = re.sub("[^\w]+", "_", ta_name.lower()) 11 | assert ta_name or ta_name == "package", "TA name is None or package" 12 | pattern = re.compile(r"[\\/]etc[\\/]apps[\\/][^\\/]+[\\/]bin[\\/]?$") 13 | new_paths = [path for path in sys.path if not pattern.search(path) or ta_name in path] 14 | new_paths.insert(0, os.path.sep.join([os.path.dirname(__file__), ta_lib_name])) 15 | sys.path = new_paths 16 | 17 | 18 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktacollectorlib/ta_cloud_connect_client.py: -------------------------------------------------------------------------------- 1 | from .data_collection.ta_data_client import TaDataClient 2 | from ..splunktacollectorlib.common import log as stulog 3 | from ..splunktacollectorlib.data_collection import ta_consts as c 4 | from ..common.log import set_cc_logger 5 | 6 | 7 | class TACloudConnectClient(TaDataClient): 8 | def __init__(self, 9 | meta_config, 10 | task_config, 11 | checkpoint_mgr=None, 12 | event_writer=None 13 | ): 14 | super(TACloudConnectClient, self).__init__(meta_config, 15 | task_config, 16 | checkpoint_mgr, 17 | event_writer) 18 | self._set_log() 19 | self._cc_config_file = self._meta_config["cc_json_file"] 20 | from ..core.pipemgr import PipeManager 21 | from ..client import CloudConnectClient as Client 22 | self._pipe_mgr = PipeManager(event_writer=event_writer) 23 | self._client = Client(self._task_config, self._cc_config_file, 24 | checkpoint_mgr) 25 | 26 | def _set_log(self): 27 | pairs = ['{}="{}"'.format(c.stanza_name, self._task_config[ 28 | c.stanza_name])] 29 | set_cc_logger(stulog.logger, 30 | logger_prefix="[{}]".format(" ".join(pairs))) 31 | 32 | def is_stopped(self): 33 | return self._stop 34 | 35 | def stop(self): 36 | self._stop = True 37 | self._client.stop() 38 | 39 | def get(self): 40 | self._client.start() 41 | raise StopIteration 42 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/__init__.py: -------------------------------------------------------------------------------- 1 | __version__ = "0.9" 2 | __license__ = "Splunk" 3 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/common/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/common/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/common/consts.py: -------------------------------------------------------------------------------- 1 | util_log = "util" 2 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/common/pattern.py: -------------------------------------------------------------------------------- 1 | """ 2 | Copyright (C) 2005-2015 Splunk Inc. All Rights Reserved. 3 | 4 | Commonly used design partten for python user, includes: 5 | - singleton (Decorator function used to build singleton) 6 | """ 7 | 8 | from functools import wraps 9 | 10 | 11 | def singleton(class_): 12 | """ 13 | Singleton decoorator function. 14 | """ 15 | instances = {} 16 | 17 | @wraps(class_) 18 | def getinstance(*args, **kwargs): 19 | if class_ not in instances: 20 | instances[class_] = class_(*args, **kwargs) 21 | return instances[class_] 22 | return getinstance 23 | 24 | 25 | class Singleton(type): 26 | """ 27 | Singleton meta class 28 | """ 29 | 30 | _instances = {} 31 | 32 | def __call__(cls, *args, **kwargs): 33 | if cls not in cls._instances: 34 | cls._instances[cls] = super(Singleton, cls).__call__( 35 | *args, **kwargs) 36 | print cls 37 | return cls._instances[cls] 38 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/common/xml_dom_parser.py: -------------------------------------------------------------------------------- 1 | import re 2 | from xml.etree import cElementTree as et 3 | 4 | 5 | def parse_conf_xml_dom(xml_content): 6 | """ 7 | @xml_content: XML DOM from splunkd 8 | """ 9 | 10 | m = re.search(r'xmlns="([^"]+)"', xml_content) 11 | ns = m.group(1) 12 | m = re.search(r'xmlns:s="([^"]+)"', xml_content) 13 | sub_ns = m.group(1) 14 | entry_path = "./{%s}entry" % ns 15 | stanza_path = "./{%s}title" % ns 16 | key_path = "./{%s}content/{%s}dict/{%s}key" % (ns, sub_ns, sub_ns) 17 | meta_path = "./{%s}dict/{%s}key" % (sub_ns, sub_ns) 18 | list_path = "./{%s}list/{%s}item" % (sub_ns, sub_ns) 19 | 20 | xml_conf = et.fromstring(xml_content) 21 | stanza_objs = [] 22 | for entry in xml_conf.iterfind(entry_path): 23 | for stanza in entry.iterfind(stanza_path): 24 | stanza_obj = {"name": stanza.text,"stanza": stanza.text} 25 | break 26 | else: 27 | continue 28 | 29 | for key in entry.iterfind(key_path): 30 | if key.get("name") == "eai:acl": 31 | meta = {} 32 | for k in key.iterfind(meta_path): 33 | meta[k.get("name")] = k.text 34 | stanza_obj[key.get("name")] = meta 35 | elif key.get("name") != "eai:attributes": 36 | name = key.get("name") 37 | if name.startswith("eai:"): 38 | name = name[4:] 39 | list_vals = [k.text for k in key.iterfind(list_path)] 40 | if list_vals: 41 | stanza_obj[name] = list_vals 42 | else: 43 | stanza_obj[name] = key.text 44 | if key.text == "None": 45 | stanza_obj[name] = None 46 | stanza_objs.append(stanza_obj) 47 | return stanza_objs 48 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/concurrent/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/concurrent/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/concurrent/process_pool.py: -------------------------------------------------------------------------------- 1 | """ 2 | A wrapper of multiprocessing.pool 3 | """ 4 | 5 | import multiprocessing 6 | from ..common import log 7 | 8 | 9 | class ProcessPool(object): 10 | """ 11 | A simple wrapper of multiprocessing.pool 12 | """ 13 | 14 | def __init__(self, size=0, maxtasksperchild=10000): 15 | if size <= 0: 16 | size = multiprocessing.cpu_count() 17 | self.size = size 18 | self._pool = multiprocessing.Pool(processes=size, 19 | maxtasksperchild=maxtasksperchild) 20 | self._stopped = False 21 | 22 | def tear_down(self): 23 | """ 24 | Tear down the pool 25 | """ 26 | 27 | if self._stopped: 28 | log.logger.info("ProcessPool has already stopped.") 29 | return 30 | self._stopped = True 31 | 32 | self._pool.close() 33 | self._pool.join() 34 | log.logger.info("ProcessPool stopped.") 35 | 36 | def apply(self, func, args=(), kwargs={}): 37 | """ 38 | :param func: callable 39 | :param args: free params 40 | :param kwargs: named params 41 | :return whatever the func returns 42 | """ 43 | 44 | if self._stopped: 45 | log.logger.info("ProcessPool has already stopped.") 46 | return None 47 | 48 | return self._pool.apply(func, args, kwargs) 49 | 50 | def apply_async(self, func, args=(), kwargs={}, callback=None): 51 | """ 52 | :param func: callable 53 | :param args: free params 54 | :param kwargs: named params 55 | :callback: when func is done without exception, call this callack 56 | :return whatever the func returns 57 | """ 58 | 59 | if self._stopped: 60 | log.logger.info("ProcessPool has already stopped.") 61 | return None 62 | 63 | return self._pool.apply_async(func, args, kwargs, callback) 64 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/conf_manager/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/conf_manager/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/conf_manager/knowledge_objects.py: -------------------------------------------------------------------------------- 1 | from . import request as req 2 | from ..common import xml_dom_parser as xdp 3 | 4 | 5 | class KnowledgeObjectManager(object): 6 | 7 | def __init__(self, splunkd_uri, session_key): 8 | self.splunkd_uri = splunkd_uri 9 | self.session_key = session_key 10 | 11 | def apps(self): 12 | """ 13 | @return: a list of dict containing apps if successfuly otherwise 14 | otherwise raise exceptions 15 | """ 16 | 17 | uri = "{}/services/apps/local?count=0&offset=0".format( 18 | self.splunkd_uri) 19 | apps = self._do_request(uri, "GET", None, "Failed to get apps") 20 | return apps 21 | 22 | def indexes(self): 23 | """ 24 | @return: a list of dict containing indexes if successfuly 25 | otherwise raise exceptions 26 | """ 27 | 28 | uri = "{}/services/data/indexes/?count=0&offset=0".format( 29 | self.splunkd_uri) 30 | indexes = self._do_request(uri, "GET", None, "Failed to get indexes") 31 | return indexes 32 | 33 | def _do_request(self, uri, method, payload, err_msg): 34 | _, content = req.content_request(uri, self.session_key, method, 35 | payload, err_msg) 36 | return xdp.parse_conf_xml_dom(content) 37 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/conf_manager/request.py: -------------------------------------------------------------------------------- 1 | from .. import rest 2 | from ..common import log 3 | 4 | 5 | class ConfRequestException(Exception): 6 | pass 7 | 8 | 9 | class ConfNotExistsException(ConfRequestException): 10 | pass 11 | 12 | 13 | class ConfExistsException(ConfRequestException): 14 | pass 15 | 16 | 17 | def content_request(uri, session_key, method, payload, err_msg): 18 | """ 19 | :return: response content if successful otherwise raise 20 | ConfRequestException 21 | """ 22 | 23 | resp, content = rest.splunkd_request(uri, session_key, method, 24 | data=payload, retry=3) 25 | if resp is None and content is None: 26 | return None 27 | 28 | if resp.status >= 200 and resp.status <= 204: 29 | return content 30 | else: 31 | msg = "%s, status=%s, reason=%s, detail=%s" % ( 32 | err_msg, resp.status, resp.reason, content.decode('utf-8')) 33 | 34 | if not (method == "GET" and resp.status == 404): 35 | log.logger.error(msg) 36 | 37 | if resp.status == 404: 38 | raise ConfNotExistsException(msg) 39 | if resp.status == 409: 40 | raise ConfExistsException(msg) 41 | else: 42 | if content and "already exists" in content: 43 | raise ConfExistsException(msg) 44 | raise ConfRequestException(msg) 45 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/file_monitor.py: -------------------------------------------------------------------------------- 1 | import os.path as op 2 | import traceback 3 | 4 | from .common import log 5 | 6 | 7 | class FileMonitor(object): 8 | 9 | def __init__(self, callback, files): 10 | """ 11 | :files: files to be monidtored with full path 12 | """ 13 | 14 | self._callback = callback 15 | self._files = files 16 | 17 | self.file_mtimes = { 18 | file_name: None for file_name in self._files 19 | } 20 | for k in self.file_mtimes: 21 | if not op.exists(k): 22 | continue 23 | 24 | try: 25 | if not op.exists(k): 26 | continue 27 | self.file_mtimes[k] = op.getmtime(k) 28 | except OSError: 29 | log.logger.error("Getmtime for %s, failed: %s", 30 | k, traceback.format_exc()) 31 | 32 | def __call__(self): 33 | return self.check_changes() 34 | 35 | def check_changes(self): 36 | log.logger.debug("Checking files=%s", self._files) 37 | file_mtimes = self.file_mtimes 38 | changed_files = [] 39 | for f, last_mtime in file_mtimes.iteritems(): 40 | try: 41 | if not op.exists(f): 42 | continue 43 | 44 | current_mtime = op.getmtime(f) 45 | if current_mtime != last_mtime: 46 | file_mtimes[f] = current_mtime 47 | changed_files.append(f) 48 | log.logger.info("Detect %s has changed", f) 49 | except OSError: 50 | pass 51 | 52 | if changed_files: 53 | if self._callback: 54 | self._callback(changed_files) 55 | return True 56 | return False 57 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/orphan_process_monitor.py: -------------------------------------------------------------------------------- 1 | import os 2 | import threading 3 | import time 4 | import traceback 5 | 6 | from ..splunktalib.common import log 7 | 8 | 9 | class OrphanProcessChecker(object): 10 | 11 | def __init__(self, callback=None): 12 | """ 13 | Only work for Linux platform. On Windows platform, is_orphan is always 14 | False 15 | """ 16 | 17 | if os.name == "nt": 18 | self._ppid = 0 19 | else: 20 | self._ppid = os.getppid() 21 | self._callback = callback 22 | 23 | def is_orphan(self): 24 | if os.name == "nt": 25 | return False 26 | res = self._ppid != os.getppid() 27 | if res: 28 | log.logger.warn("Process=%s has become orphan", os.getpid()) 29 | return res 30 | 31 | def check_orphan(self): 32 | res = self.is_orphan() 33 | if res and self._callback: 34 | self._callback() 35 | return res 36 | 37 | 38 | class OrphanProcessMonitor(object): 39 | 40 | def __init__(self, callback): 41 | self._checker = OrphanProcessChecker(callback) 42 | self._thr = threading.Thread(target=self._do_monitor) 43 | self._thr.daemon = True 44 | self._started = False 45 | 46 | def start(self): 47 | if self._started: 48 | return 49 | self._started = True 50 | 51 | self._thr.start() 52 | 53 | def stop(self): 54 | self._started = False 55 | 56 | def _do_monitor(self): 57 | while self._started: 58 | try: 59 | res = self._checker.check_orphan() 60 | if res: 61 | break 62 | time.sleep(1) 63 | except Exception: 64 | log.logger.error("Failed to monitor orphan process, reason=%s", 65 | traceback.format_exc()) 66 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/schedule/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/schedule/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/schedule/job.py: -------------------------------------------------------------------------------- 1 | import threading 2 | import time 3 | 4 | 5 | class Job(object): 6 | """ 7 | Timer wraps the callback and timestamp related stuff 8 | """ 9 | 10 | _ident = 0 11 | _lock = threading.Lock() 12 | 13 | def __init__(self, func, job_props, interval, when=None, job_id=None): 14 | """ 15 | @job_props: dict like object 16 | @func: execution function 17 | @interval: execution interval 18 | @when: seconds from epoch 19 | @job_id: a unique id for the job 20 | """ 21 | 22 | self._props = job_props 23 | self._func = func 24 | if when is None: 25 | self._when = time.time() 26 | else: 27 | self._when = when 28 | self._interval = interval 29 | 30 | if job_id is not None: 31 | self._id = job_id 32 | else: 33 | with Job._lock: 34 | self._id = Job._ident + 1 35 | Job._ident = Job._ident + 1 36 | self._stopped = False 37 | 38 | def ident(self): 39 | return self._id 40 | 41 | def get_interval(self): 42 | return self._interval 43 | 44 | def set_interval(self, interval): 45 | self._interval = interval 46 | 47 | def get_expiration(self): 48 | return self._when 49 | 50 | def set_initial_due_time(self, when): 51 | if self._when is None: 52 | self._when = when 53 | 54 | def update_expiration(self): 55 | self._when += self._interval 56 | 57 | def get(self, key, default): 58 | return self._props.get(key, default) 59 | 60 | def get_props(self): 61 | return self._props 62 | 63 | def set_props(self, props): 64 | self._props = props 65 | 66 | def __cmp__(self, other): 67 | if other is None: 68 | return 1 69 | 70 | self_k = (self.get_expiration(), self.ident()) 71 | other_k = (other.get_expiration(), other.ident()) 72 | 73 | if self_k == other_k: 74 | return 0 75 | elif self_k < other_k: 76 | return -1 77 | else: 78 | return 1 79 | 80 | def __eq__(self, other): 81 | return isinstance(other, Job) and (self.ident() == other.ident()) 82 | 83 | def __call__(self): 84 | self._func(self) 85 | 86 | def stop(self): 87 | self._stopped = True 88 | 89 | def stopped(self): 90 | return self._stopped 91 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/setting.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | process_size = 0 3 | thread_min_size = 4 4 | thread_max_size = 128 5 | task_queue_size = 1024 6 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/splunk_cluster.py: -------------------------------------------------------------------------------- 1 | from ..splunktalib import rest 2 | from ..splunktalib.common import xml_dom_parser as xdp 3 | 4 | 5 | def _do_rest(uri, session_key): 6 | resp, content = rest.splunkd_request(uri, session_key) 7 | if resp is None: 8 | return None 9 | 10 | if resp.status not in (200, 201): 11 | return None 12 | 13 | stanza_objs = xdp.parse_conf_xml_dom(content) 14 | if not stanza_objs: 15 | return None 16 | 17 | return stanza_objs[0] 18 | 19 | 20 | class ServerInfo(object): 21 | 22 | def __init__(self, splunkd_uri, session_key): 23 | uri = "{}/services/server/info".format(splunkd_uri) 24 | server_info = _do_rest(uri, session_key) 25 | if server_info is None: 26 | raise Exception("Failed to init ServerInfo") 27 | 28 | self._server_info = server_info 29 | 30 | def is_captain(self): 31 | """ 32 | :return: True if splunkd_uri is captain otherwise False 33 | """ 34 | 35 | return "shc_captain" in self._server_info["server_roles"] 36 | 37 | def is_search_head(self): 38 | for sh in ("search_head", "cluster_search_head"): 39 | if sh in self._server_info["server_roles"]: 40 | return True 41 | return False 42 | 43 | def is_shc_member(self): 44 | server_roles = self._server_info['server_roles'] 45 | return any( 46 | role in server_roles for role in ('shc_member', 'shc_captain') 47 | ) 48 | 49 | def version(self): 50 | return self._server_info["version"] 51 | 52 | def to_dict(self): 53 | return self._server_info 54 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/cloudconnectlib/splunktalib/timer.py: -------------------------------------------------------------------------------- 1 | import threading 2 | 3 | 4 | class Timer(object): 5 | """ 6 | Timer wraps the callback and timestamp related stuff 7 | """ 8 | 9 | _ident = 0 10 | _lock = threading.Lock() 11 | 12 | def __init__(self, callback, when, interval, ident=None): 13 | self._callback = callback 14 | self._when = when 15 | self._interval = interval 16 | 17 | if ident is not None: 18 | self._id = ident 19 | else: 20 | with Timer._lock: 21 | self._id = Timer._ident + 1 22 | Timer._ident = Timer._ident + 1 23 | 24 | def get_interval(self): 25 | return self._interval 26 | 27 | def set_interval(self, interval): 28 | self._interval = interval 29 | 30 | def get_expiration(self): 31 | return self._when 32 | 33 | def set_initial_due_time(self, when): 34 | self._when = when 35 | 36 | def update_expiration(self): 37 | self._when += self._interval 38 | 39 | def __cmp__(self, other): 40 | if other is None: 41 | return 1 42 | 43 | self_k = (self.get_expiration(), self.ident()) 44 | other_k = (other.get_expiration(), other.ident()) 45 | 46 | if self_k == other_k: 47 | return 0 48 | elif self_k < other_k: 49 | return -1 50 | else: 51 | return 1 52 | 53 | def __eq__(self, other): 54 | return isinstance(other, Timer) and (self.ident() == other.ident()) 55 | 56 | def __call__(self): 57 | self._callback() 58 | 59 | def ident(self): 60 | return self._id 61 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/functools32/__init__.py: -------------------------------------------------------------------------------- 1 | from .functools32 import * 2 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jinja2/constants.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | """ 3 | jinja.constants 4 | ~~~~~~~~~~~~~~~ 5 | 6 | Various constants. 7 | 8 | :copyright: (c) 2010 by the Jinja Team. 9 | :license: BSD, see LICENSE for more details. 10 | """ 11 | 12 | 13 | #: list of lorem ipsum words used by the lipsum() helper function 14 | LOREM_IPSUM_WORDS = u'''\ 15 | a ac accumsan ad adipiscing aenean aliquam aliquet amet ante aptent arcu at 16 | auctor augue bibendum blandit class commodo condimentum congue consectetuer 17 | consequat conubia convallis cras cubilia cum curabitur curae cursus dapibus 18 | diam dictum dictumst dignissim dis dolor donec dui duis egestas eget eleifend 19 | elementum elit enim erat eros est et etiam eu euismod facilisi facilisis fames 20 | faucibus felis fermentum feugiat fringilla fusce gravida habitant habitasse hac 21 | hendrerit hymenaeos iaculis id imperdiet in inceptos integer interdum ipsum 22 | justo lacinia lacus laoreet lectus leo libero ligula litora lobortis lorem 23 | luctus maecenas magna magnis malesuada massa mattis mauris metus mi molestie 24 | mollis montes morbi mus nam nascetur natoque nec neque netus nibh nisi nisl non 25 | nonummy nostra nulla nullam nunc odio orci ornare parturient pede pellentesque 26 | penatibus per pharetra phasellus placerat platea porta porttitor posuere 27 | potenti praesent pretium primis proin pulvinar purus quam quis quisque rhoncus 28 | ridiculus risus rutrum sagittis sapien scelerisque sed sem semper senectus sit 29 | sociis sociosqu sodales sollicitudin suscipit suspendisse taciti tellus tempor 30 | tempus tincidunt torquent tortor tristique turpis ullamcorper ultrices 31 | ultricies urna ut varius vehicula vel velit venenatis vestibulum vitae vivamus 32 | viverra volutpat vulputate''' 33 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jinja2/defaults.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | """ 3 | jinja2.defaults 4 | ~~~~~~~~~~~~~~~ 5 | 6 | Jinja default filters and tags. 7 | 8 | :copyright: (c) 2010 by the Jinja Team. 9 | :license: BSD, see LICENSE for more details. 10 | """ 11 | from jinja2._compat import range_type 12 | from jinja2.utils import generate_lorem_ipsum, Cycler, Joiner 13 | 14 | 15 | # defaults for the parser / lexer 16 | BLOCK_START_STRING = '{%' 17 | BLOCK_END_STRING = '%}' 18 | VARIABLE_START_STRING = '{{' 19 | VARIABLE_END_STRING = '}}' 20 | COMMENT_START_STRING = '{#' 21 | COMMENT_END_STRING = '#}' 22 | LINE_STATEMENT_PREFIX = None 23 | LINE_COMMENT_PREFIX = None 24 | TRIM_BLOCKS = False 25 | LSTRIP_BLOCKS = False 26 | NEWLINE_SEQUENCE = '\n' 27 | KEEP_TRAILING_NEWLINE = False 28 | 29 | 30 | # default filters, tests and namespace 31 | from jinja2.filters import FILTERS as DEFAULT_FILTERS 32 | from jinja2.tests import TESTS as DEFAULT_TESTS 33 | DEFAULT_NAMESPACE = { 34 | 'range': range_type, 35 | 'dict': dict, 36 | 'lipsum': generate_lorem_ipsum, 37 | 'cycler': Cycler, 38 | 'joiner': Joiner 39 | } 40 | 41 | 42 | # export all constants 43 | __all__ = tuple(x for x in locals().keys() if x.isupper()) 44 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsl/__init__.py: -------------------------------------------------------------------------------- 1 | # coding: utf-8 2 | """ 3 | JSL 4 | === 5 | A Python DSL for describing JSON schemas. 6 | See http://jsl.rtfd.org/ for documentation. 7 | :copyright: (c) 2016 Anton Romanovich 8 | :license: BSD 9 | """ 10 | 11 | __title__ = 'JSL' 12 | __author__ = 'Anton Romanovich' 13 | __license__ = 'BSD' 14 | __copyright__ = 'Copyright 2016 Anton Romanovich' 15 | __version__ = '0.2.4' 16 | __version_info__ = tuple(int(i) for i in __version__.split('.')) 17 | 18 | 19 | from .document import Document, ALL_OF, INLINE, ANY_OF, ONE_OF 20 | from .fields import * 21 | from .roles import * 22 | from .exceptions import SchemaGenerationException 23 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsl/_compat/__init__.py: -------------------------------------------------------------------------------- 1 | # coding: utf-8 2 | """ 3 | Compatibility utils for Python 2 & 3. 4 | """ 5 | import sys 6 | 7 | 8 | IS_PY3 = sys.version_info[0] == 3 9 | string_types = (str, ) if IS_PY3 else (basestring, ) 10 | text_type = str if IS_PY3 else unicode 11 | _identity = lambda x: x 12 | 13 | 14 | if IS_PY3: 15 | from urllib.parse import urljoin, urlunsplit, urlsplit 16 | 17 | implements_to_string = _identity 18 | else: 19 | from urlparse import urljoin, urlunsplit, urlsplit 20 | 21 | def implements_to_string(cls): 22 | cls.__unicode__ = cls.__str__ 23 | cls.__str__ = lambda x: x.__unicode__().encode('utf-8') 24 | return cls 25 | 26 | 27 | def iterkeys(obj, **kwargs): 28 | """Iterate over dict keys in Python 2 & 3.""" 29 | return (obj.iterkeys(**kwargs) 30 | if hasattr(obj, 'iterkeys') 31 | else iter(obj.keys(**kwargs))) 32 | 33 | 34 | def iteritems(obj, **kwargs): 35 | """Iterate over dict items in Python 2 & 3.""" 36 | return (obj.iteritems(**kwargs) 37 | if hasattr(obj, 'iteritems') 38 | else iter(obj.items(**kwargs))) 39 | 40 | 41 | def itervalues(obj, **kwargs): 42 | """Iterate over dict values in Python 2 & 3.""" 43 | return (obj.itervalues(**kwargs) 44 | if hasattr(obj, 'itervalues') 45 | else iter(obj.values(**kwargs))) 46 | 47 | 48 | def with_metaclass(meta, *bases): 49 | """Create a base class with a metaclass. 50 | 51 | Function copied from `six `_ package. 52 | """ 53 | # This requires a bit of explanation: the basic idea is to make a dummy 54 | # metaclass for one level of class instantiation that replaces itself with 55 | # the actual metaclass. 56 | class metaclass(meta): 57 | def __new__(cls, name, this_bases, d): 58 | return meta(name, bases, d) 59 | return type.__new__(metaclass, 'temporary_class', (), {}) 60 | 61 | 62 | # On python < 3.3 fragments are not handled properly with unknown schemes 63 | 64 | def urldefrag(url): 65 | if "#" in url: 66 | s, n, p, q, frag = urlsplit(url) 67 | defrag = urlunsplit((s, n, p, q, '')) 68 | else: 69 | defrag = url 70 | frag = '' 71 | return defrag, frag 72 | 73 | 74 | try: 75 | from collections import OrderedDict 76 | except ImportError: 77 | from .ordereddict import OrderedDict 78 | 79 | 80 | from .prepareable import Prepareable -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsl/_compat/prepareable.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import inspect 3 | from functools import wraps 4 | 5 | from . import IS_PY3 6 | 7 | 8 | class Prepareable(type): 9 | # this code is taken from https://gist.github.com/DasIch/5562625 with minor fixes 10 | if not IS_PY3: 11 | def __new__(cls, name, bases, attributes): 12 | try: 13 | constructor = attributes["__new__"] 14 | except KeyError: 15 | return type.__new__(cls, name, bases, attributes) 16 | 17 | def preparing_constructor(cls, name, bases, attributes): 18 | try: 19 | cls.__prepare__ 20 | except AttributeError: 21 | return constructor(cls, name, bases, attributes) 22 | namespace = cls.__prepare__(name, bases) 23 | defining_frame = sys._getframe(1) 24 | for constant in reversed(defining_frame.f_code.co_consts): 25 | if inspect.iscode(constant) and constant.co_name == name: 26 | def get_index(attribute_name, _names=constant.co_names): 27 | try: 28 | return _names.index(attribute_name) 29 | except ValueError: 30 | return 0 31 | break 32 | else: 33 | return constructor(cls, name, bases, attributes) 34 | 35 | by_appearance = sorted( 36 | attributes.items(), key=lambda item: get_index(item[0]) 37 | ) 38 | for key, value in by_appearance: 39 | namespace[key] = value 40 | return constructor(cls, name, bases, namespace) 41 | attributes["__new__"] = wraps(constructor)(preparing_constructor) 42 | return type.__new__(cls, name, bases, attributes) -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsl/fields/__init__.py: -------------------------------------------------------------------------------- 1 | # coding: utf-8 2 | from .base import * 3 | from .compound import * 4 | from .primitive import * 5 | 6 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsl/fields/util.py: -------------------------------------------------------------------------------- 1 | # coding: utf-8 2 | import re 3 | import sre_constants 4 | 5 | from ..roles import Resolvable 6 | 7 | 8 | def validate_regex(regex): 9 | """ 10 | :param str regex: A regular expression to validate. 11 | :raises: ValueError 12 | """ 13 | try: 14 | re.compile(regex) 15 | except sre_constants.error as e: 16 | raise ValueError('Invalid regular expression: {0}'.format(e)) 17 | 18 | 19 | def validate(value_or_var, validator): 20 | if isinstance(value_or_var, Resolvable): 21 | for value in value_or_var.iter_possible_values(): 22 | validator(value) 23 | else: 24 | validator(value_or_var) -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsl/registry.py: -------------------------------------------------------------------------------- 1 | # coding: utf-8 2 | from ._compat import itervalues 3 | 4 | 5 | _documents_registry = {} 6 | 7 | 8 | def get_document(name, module=None): 9 | if module: 10 | name = '{0}.{1}'.format(module, name) 11 | return _documents_registry[name] 12 | 13 | 14 | def put_document(name, document_cls, module=None): 15 | if module: 16 | name = '{0}.{1}'.format(module, name) 17 | _documents_registry[name] = document_cls 18 | 19 | 20 | def remove_document(name, module=None): 21 | if module: 22 | name = '{0}.{1}'.format(module, name) 23 | del _documents_registry[name] 24 | 25 | 26 | def iter_documents(): 27 | return itervalues(_documents_registry) 28 | 29 | 30 | def clear(): 31 | _documents_registry.clear() -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsonpath_rw/__init__.py: -------------------------------------------------------------------------------- 1 | from .jsonpath import * 2 | from .parser import parse 3 | 4 | __version__ = '1.3.0' 5 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsonpath_rw/bin/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/jsonpath_rw/bin/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsonpath_rw/bin/jsonpath.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # encoding: utf-8 3 | # Copyright © 2012 Felix Richter 4 | # This work is free. You can redistribute it and/or modify it under the 5 | # terms of the Do What The Fuck You Want To Public License, Version 2, 6 | # as published by Sam Hocevar. See the COPYING file for more details. 7 | 8 | # Use modern Python 9 | from __future__ import unicode_literals, print_function, absolute_import 10 | 11 | # Standard Library imports 12 | import json 13 | import sys 14 | import glob 15 | import argparse 16 | 17 | # JsonPath-RW imports 18 | from jsonpath_rw import parse 19 | 20 | def find_matches_for_file(expr, f): 21 | return expr.find(json.load(f)) 22 | 23 | def print_matches(matches): 24 | print('\n'.join(['{0}'.format(match.value) for match in matches])) 25 | 26 | 27 | def main(*argv): 28 | parser = argparse.ArgumentParser( 29 | description='Search JSON files (or stdin) according to a JSONPath expression.', 30 | formatter_class=argparse.RawTextHelpFormatter, 31 | epilog=""" 32 | Quick JSONPath reference (see more at https://github.com/kennknowles/python-jsonpath-rw) 33 | 34 | atomics: 35 | $ - root object 36 | `this` - current object 37 | 38 | operators: 39 | path1.path2 - same as xpath / 40 | path1|path2 - union 41 | path1..path2 - somewhere in between 42 | 43 | fields: 44 | fieldname - field with name 45 | * - any field 46 | [_start_?:_end_?] - array slice 47 | [*] - any array index 48 | """) 49 | 50 | 51 | 52 | parser.add_argument('expression', help='A JSONPath expression.') 53 | parser.add_argument('files', metavar='file', nargs='*', help='Files to search (if none, searches stdin)') 54 | 55 | args = parser.parse_args(argv[1:]) 56 | 57 | expr = parse(args.expression) 58 | glob_patterns = args.files 59 | 60 | if len(glob_patterns) == 0: 61 | # stdin mode 62 | print_matches(find_matches_for_file(expr, sys.stdin)) 63 | else: 64 | # file paths mode 65 | for pattern in glob_patterns: 66 | for filename in glob.glob(pattern): 67 | with open(filename) as f: 68 | print_matches(find_matches_for_file(expr, f)) 69 | 70 | def entry_point(): 71 | main(*sys.argv) 72 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsonschema/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | An implementation of JSON Schema for Python 3 | 4 | The main functionality is provided by the validator classes for each of the 5 | supported JSON Schema versions. 6 | 7 | Most commonly, :func:`validate` is the quickest way to simply validate a given 8 | instance under a schema, and will create a validator for you. 9 | 10 | """ 11 | 12 | from jsonschema.exceptions import ( 13 | ErrorTree, FormatError, RefResolutionError, SchemaError, ValidationError 14 | ) 15 | from jsonschema._format import ( 16 | FormatChecker, draft3_format_checker, draft4_format_checker, 17 | ) 18 | from jsonschema.validators import ( 19 | Draft3Validator, Draft4Validator, RefResolver, validate 20 | ) 21 | 22 | from jsonschema._version import __version__ 23 | 24 | # flake8: noqa 25 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsonschema/__main__.py: -------------------------------------------------------------------------------- 1 | from jsonschema.cli import main 2 | main() 3 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsonschema/_version.py: -------------------------------------------------------------------------------- 1 | 2 | # This file is automatically generated by setup.py. 3 | __version__ = '2.5.1' 4 | __sha__ = 'g3f459b7' 5 | __revision__ = 'g3f459b7' 6 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsonschema/cli.py: -------------------------------------------------------------------------------- 1 | from __future__ import absolute_import 2 | import argparse 3 | import json 4 | import sys 5 | 6 | from jsonschema._reflect import namedAny 7 | from jsonschema.validators import validator_for 8 | 9 | 10 | def _namedAnyWithDefault(name): 11 | if "." not in name: 12 | name = "jsonschema." + name 13 | return namedAny(name) 14 | 15 | 16 | def _json_file(path): 17 | with open(path) as file: 18 | return json.load(file) 19 | 20 | 21 | parser = argparse.ArgumentParser( 22 | description="JSON Schema Validation CLI", 23 | ) 24 | parser.add_argument( 25 | "-i", "--instance", 26 | action="append", 27 | dest="instances", 28 | type=_json_file, 29 | help="a path to a JSON instance to validate " 30 | "(may be specified multiple times)", 31 | ) 32 | parser.add_argument( 33 | "-F", "--error-format", 34 | default="{error.instance}: {error.message}\n", 35 | help="the format to use for each error output message, specified in " 36 | "a form suitable for passing to str.format, which will be called " 37 | "with 'error' for each error", 38 | ) 39 | parser.add_argument( 40 | "-V", "--validator", 41 | type=_namedAnyWithDefault, 42 | help="the fully qualified object name of a validator to use, or, for " 43 | "validators that are registered with jsonschema, simply the name " 44 | "of the class.", 45 | ) 46 | parser.add_argument( 47 | "schema", 48 | help="the JSON Schema to validate with", 49 | type=_json_file, 50 | ) 51 | 52 | 53 | def parse_args(args): 54 | arguments = vars(parser.parse_args(args=args or ["--help"])) 55 | if arguments["validator"] is None: 56 | arguments["validator"] = validator_for(arguments["schema"]) 57 | return arguments 58 | 59 | 60 | def main(args=sys.argv[1:]): 61 | sys.exit(run(arguments=parse_args(args=args))) 62 | 63 | 64 | def run(arguments, stdout=sys.stdout, stderr=sys.stderr): 65 | error_format = arguments["error_format"] 66 | validator = arguments["validator"](schema=arguments["schema"]) 67 | errored = False 68 | for instance in arguments["instances"] or (): 69 | for error in validator.iter_errors(instance): 70 | stderr.write(error_format.format(error=error)) 71 | errored = True 72 | return errored 73 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsonschema/compat.py: -------------------------------------------------------------------------------- 1 | import operator 2 | import sys 3 | 4 | 5 | try: 6 | from collections import MutableMapping, Sequence # noqa 7 | except ImportError: 8 | from collections.abc import MutableMapping, Sequence # noqa 9 | 10 | PY3 = sys.version_info[0] >= 3 11 | PY26 = sys.version_info[:2] == (2, 6) 12 | 13 | if PY3: 14 | zip = zip 15 | from functools import lru_cache 16 | from io import StringIO 17 | from urllib.parse import ( 18 | unquote, urljoin, urlunsplit, SplitResult, urlsplit as _urlsplit 19 | ) 20 | from urllib.request import urlopen 21 | str_types = str, 22 | int_types = int, 23 | iteritems = operator.methodcaller("items") 24 | else: 25 | from itertools import izip as zip # noqa 26 | from StringIO import StringIO 27 | from urlparse import ( 28 | urljoin, urlunsplit, SplitResult, urlsplit as _urlsplit # noqa 29 | ) 30 | from urllib import unquote # noqa 31 | from urllib2 import urlopen # noqa 32 | str_types = basestring 33 | int_types = int, long 34 | iteritems = operator.methodcaller("iteritems") 35 | 36 | if PY26: 37 | from repoze.lru import lru_cache 38 | else: 39 | from functools32 import lru_cache 40 | 41 | 42 | # On python < 3.3 fragments are not handled properly with unknown schemes 43 | def urlsplit(url): 44 | scheme, netloc, path, query, fragment = _urlsplit(url) 45 | if "#" in path: 46 | path, fragment = path.split("#", 1) 47 | return SplitResult(scheme, netloc, path, query, fragment) 48 | 49 | 50 | def urldefrag(url): 51 | if "#" in url: 52 | s, n, p, q, frag = urlsplit(url) 53 | defrag = urlunsplit((s, n, p, q, '')) 54 | else: 55 | defrag = url 56 | frag = '' 57 | return defrag, frag 58 | 59 | 60 | # flake8: noqa 61 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsonschema/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/jsonschema/tests/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsonschema/tests/compat.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | 4 | if sys.version_info[:2] < (2, 7): # pragma: no cover 5 | import unittest2 as unittest 6 | else: 7 | import unittest 8 | 9 | try: 10 | from unittest import mock 11 | except ImportError: 12 | import mock 13 | 14 | 15 | # flake8: noqa 16 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/jsonschema/tests/test_format.py: -------------------------------------------------------------------------------- 1 | """ 2 | Tests for the parts of jsonschema related to the :validator:`format` property. 3 | 4 | """ 5 | 6 | from jsonschema.tests.compat import mock, unittest 7 | 8 | from jsonschema import FormatError, ValidationError, FormatChecker 9 | from jsonschema.validators import Draft4Validator 10 | 11 | 12 | class TestFormatChecker(unittest.TestCase): 13 | def setUp(self): 14 | self.fn = mock.Mock() 15 | 16 | def test_it_can_validate_no_formats(self): 17 | checker = FormatChecker(formats=()) 18 | self.assertFalse(checker.checkers) 19 | 20 | def test_it_raises_a_key_error_for_unknown_formats(self): 21 | with self.assertRaises(KeyError): 22 | FormatChecker(formats=["o noes"]) 23 | 24 | def test_it_can_register_cls_checkers(self): 25 | with mock.patch.dict(FormatChecker.checkers, clear=True): 26 | FormatChecker.cls_checks("new")(self.fn) 27 | self.assertEqual(FormatChecker.checkers, {"new" : (self.fn, ())}) 28 | 29 | def test_it_can_register_checkers(self): 30 | checker = FormatChecker() 31 | checker.checks("new")(self.fn) 32 | self.assertEqual( 33 | checker.checkers, 34 | dict(FormatChecker.checkers, new=(self.fn, ())) 35 | ) 36 | 37 | def test_it_catches_registered_errors(self): 38 | checker = FormatChecker() 39 | cause = self.fn.side_effect = ValueError() 40 | 41 | checker.checks("foo", raises=ValueError)(self.fn) 42 | 43 | with self.assertRaises(FormatError) as cm: 44 | checker.check("bar", "foo") 45 | 46 | self.assertIs(cm.exception.cause, cause) 47 | self.assertIs(cm.exception.__cause__, cause) 48 | 49 | # Unregistered errors should not be caught 50 | self.fn.side_effect = AttributeError 51 | with self.assertRaises(AttributeError): 52 | checker.check("bar", "foo") 53 | 54 | def test_format_error_causes_become_validation_error_causes(self): 55 | checker = FormatChecker() 56 | checker.checks("foo", raises=ValueError)(self.fn) 57 | cause = self.fn.side_effect = ValueError() 58 | validator = Draft4Validator({"format" : "foo"}, format_checker=checker) 59 | 60 | with self.assertRaises(ValidationError) as cm: 61 | validator.validate("bar") 62 | 63 | self.assertIs(cm.exception.__cause__, cause) 64 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/logging_helper.py: -------------------------------------------------------------------------------- 1 | from solnlib.log import Logs 2 | 3 | 4 | def get_logger(name): 5 | return Logs().get_logger(name) 6 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/mako/__init__.py: -------------------------------------------------------------------------------- 1 | # mako/__init__.py 2 | # Copyright (C) 2006-2016 the Mako authors and contributors 3 | # 4 | # This module is part of Mako and is released under 5 | # the MIT License: http://www.opensource.org/licenses/mit-license.php 6 | 7 | 8 | __version__ = '1.0.4' 9 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/mako/cmd.py: -------------------------------------------------------------------------------- 1 | # mako/cmd.py 2 | # Copyright (C) 2006-2016 the Mako authors and contributors 3 | # 4 | # This module is part of Mako and is released under 5 | # the MIT License: http://www.opensource.org/licenses/mit-license.php 6 | from argparse import ArgumentParser 7 | from os.path import isfile, dirname 8 | import sys 9 | from mako.template import Template 10 | from mako.lookup import TemplateLookup 11 | from mako import exceptions 12 | 13 | 14 | def varsplit(var): 15 | if "=" not in var: 16 | return (var, "") 17 | return var.split("=", 1) 18 | 19 | 20 | def _exit(): 21 | sys.stderr.write(exceptions.text_error_template().render()) 22 | sys.exit(1) 23 | 24 | 25 | def cmdline(argv=None): 26 | 27 | parser = ArgumentParser("usage: %prog [FILENAME]") 28 | parser.add_argument( 29 | "--var", default=[], action="append", 30 | help="variable (can be used multiple times, use name=value)") 31 | parser.add_argument( 32 | "--template-dir", default=[], action="append", 33 | help="Directory to use for template lookup (multiple " 34 | "directories may be provided). If not given then if the " 35 | "template is read from stdin, the value defaults to be " 36 | "the current directory, otherwise it defaults to be the " 37 | "parent directory of the file provided.") 38 | parser.add_argument('input', nargs='?', default='-') 39 | 40 | options = parser.parse_args(argv) 41 | if options.input == '-': 42 | lookup_dirs = options.template_dir or ["."] 43 | lookup = TemplateLookup(lookup_dirs) 44 | try: 45 | template = Template(sys.stdin.read(), lookup=lookup) 46 | except: 47 | _exit() 48 | else: 49 | filename = options.input 50 | if not isfile(filename): 51 | raise SystemExit("error: can't find %s" % filename) 52 | lookup_dirs = options.template_dir or [dirname(filename)] 53 | lookup = TemplateLookup(lookup_dirs) 54 | try: 55 | template = Template(filename=filename, lookup=lookup) 56 | except: 57 | _exit() 58 | 59 | kw = dict([varsplit(var) for var in options.var]) 60 | try: 61 | print(template.render(**kw)) 62 | except: 63 | _exit() 64 | 65 | 66 | if __name__ == "__main__": 67 | cmdline() 68 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/mako/ext/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/mako/ext/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/mako/ext/autohandler.py: -------------------------------------------------------------------------------- 1 | # ext/autohandler.py 2 | # Copyright (C) 2006-2016 the Mako authors and contributors 3 | # 4 | # This module is part of Mako and is released under 5 | # the MIT License: http://www.opensource.org/licenses/mit-license.php 6 | 7 | """adds autohandler functionality to Mako templates. 8 | 9 | requires that the TemplateLookup class is used with templates. 10 | 11 | usage: 12 | 13 | <%! 14 | from mako.ext.autohandler import autohandler 15 | %> 16 | <%inherit file="${autohandler(template, context)}"/> 17 | 18 | 19 | or with custom autohandler filename: 20 | 21 | <%! 22 | from mako.ext.autohandler import autohandler 23 | %> 24 | <%inherit file="${autohandler(template, context, name='somefilename')}"/> 25 | 26 | """ 27 | 28 | import posixpath 29 | import os 30 | import re 31 | 32 | 33 | def autohandler(template, context, name='autohandler'): 34 | lookup = context.lookup 35 | _template_uri = template.module._template_uri 36 | if not lookup.filesystem_checks: 37 | try: 38 | return lookup._uri_cache[(autohandler, _template_uri, name)] 39 | except KeyError: 40 | pass 41 | 42 | tokens = re.findall(r'([^/]+)', posixpath.dirname(_template_uri)) + [name] 43 | while len(tokens): 44 | path = '/' + '/'.join(tokens) 45 | if path != _template_uri and _file_exists(lookup, path): 46 | if not lookup.filesystem_checks: 47 | return lookup._uri_cache.setdefault( 48 | (autohandler, _template_uri, name), path) 49 | else: 50 | return path 51 | if len(tokens) == 1: 52 | break 53 | tokens[-2:] = [name] 54 | 55 | if not lookup.filesystem_checks: 56 | return lookup._uri_cache.setdefault( 57 | (autohandler, _template_uri, name), None) 58 | else: 59 | return None 60 | 61 | 62 | def _file_exists(lookup, path): 63 | psub = re.sub(r'^/', '', path) 64 | for d in lookup.directories: 65 | if os.path.exists(d + '/' + psub): 66 | return True 67 | else: 68 | return False 69 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/mako/ext/babelplugin.py: -------------------------------------------------------------------------------- 1 | # ext/babelplugin.py 2 | # Copyright (C) 2006-2016 the Mako authors and contributors 3 | # 4 | # This module is part of Mako and is released under 5 | # the MIT License: http://www.opensource.org/licenses/mit-license.php 6 | 7 | """gettext message extraction via Babel: http://babel.edgewall.org/""" 8 | from babel.messages.extract import extract_python 9 | from mako.ext.extract import MessageExtractor 10 | 11 | 12 | class BabelMakoExtractor(MessageExtractor): 13 | 14 | def __init__(self, keywords, comment_tags, options): 15 | self.keywords = keywords 16 | self.options = options 17 | self.config = { 18 | 'comment-tags': u' '.join(comment_tags), 19 | 'encoding': options.get('input_encoding', 20 | options.get('encoding', None)), 21 | } 22 | super(BabelMakoExtractor, self).__init__() 23 | 24 | def __call__(self, fileobj): 25 | return self.process_file(fileobj) 26 | 27 | def process_python(self, code, code_lineno, translator_strings): 28 | comment_tags = self.config['comment-tags'] 29 | for lineno, funcname, messages, python_translator_comments \ 30 | in extract_python(code, 31 | self.keywords, comment_tags, self.options): 32 | yield (code_lineno + (lineno - 1), funcname, messages, 33 | translator_strings + python_translator_comments) 34 | 35 | 36 | def extract(fileobj, keywords, comment_tags, options): 37 | """Extract messages from Mako templates. 38 | 39 | :param fileobj: the file-like object the messages should be extracted from 40 | :param keywords: a list of keywords (i.e. function names) that should be 41 | recognized as translation functions 42 | :param comment_tags: a list of translator tags to search for and include 43 | in the results 44 | :param options: a dictionary of additional options (optional) 45 | :return: an iterator over ``(lineno, funcname, message, comments)`` tuples 46 | :rtype: ``iterator`` 47 | """ 48 | extractor = BabelMakoExtractor(keywords, comment_tags, options) 49 | for message in extractor(fileobj): 50 | yield message 51 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/mako/ext/linguaplugin.py: -------------------------------------------------------------------------------- 1 | import io 2 | from lingua.extractors import Extractor 3 | from lingua.extractors import Message 4 | from lingua.extractors import get_extractor 5 | from mako.ext.extract import MessageExtractor 6 | from mako import compat 7 | 8 | 9 | class LinguaMakoExtractor(Extractor, MessageExtractor): 10 | 11 | '''Mako templates''' 12 | extensions = ['.mako'] 13 | default_config = { 14 | 'encoding': 'utf-8', 15 | 'comment-tags': '', 16 | } 17 | 18 | def __call__(self, filename, options, fileobj=None): 19 | self.options = options 20 | self.filename = filename 21 | self.python_extractor = get_extractor('x.py') 22 | if fileobj is None: 23 | fileobj = open(filename, 'rb') 24 | return self.process_file(fileobj) 25 | 26 | def process_python(self, code, code_lineno, translator_strings): 27 | source = code.getvalue().strip() 28 | if source.endswith(compat.b(':')): 29 | if source in (compat.b('try:'), compat.b('else:')) or source.startswith(compat.b('except')): 30 | source = compat.b('') # Ignore try/except and else 31 | elif source.startswith(compat.b('elif')): 32 | source = source[2:] # Replace "elif" with "if" 33 | source += compat.b('pass') 34 | code = io.BytesIO(source) 35 | for msg in self.python_extractor( 36 | self.filename, self.options, code, code_lineno -1): 37 | if translator_strings: 38 | msg = Message(msg.msgctxt, msg.msgid, msg.msgid_plural, 39 | msg.flags, 40 | compat.u(' ').join( 41 | translator_strings + [msg.comment]), 42 | msg.tcomment, msg.location) 43 | yield msg 44 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/mako/ext/preprocessors.py: -------------------------------------------------------------------------------- 1 | # ext/preprocessors.py 2 | # Copyright (C) 2006-2016 the Mako authors and contributors 3 | # 4 | # This module is part of Mako and is released under 5 | # the MIT License: http://www.opensource.org/licenses/mit-license.php 6 | 7 | """preprocessing functions, used with the 'preprocessor' 8 | argument on Template, TemplateLookup""" 9 | 10 | import re 11 | 12 | 13 | def convert_comments(text): 14 | """preprocess old style comments. 15 | 16 | example: 17 | 18 | from mako.ext.preprocessors import convert_comments 19 | t = Template(..., preprocessor=convert_comments)""" 20 | return re.sub(r'(?<=\n)\s*#[^#]', "##", text) 21 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/mako/ext/turbogears.py: -------------------------------------------------------------------------------- 1 | # ext/turbogears.py 2 | # Copyright (C) 2006-2016 the Mako authors and contributors 3 | # 4 | # This module is part of Mako and is released under 5 | # the MIT License: http://www.opensource.org/licenses/mit-license.php 6 | 7 | from mako import compat 8 | from mako.lookup import TemplateLookup 9 | from mako.template import Template 10 | 11 | 12 | class TGPlugin(object): 13 | 14 | """TurboGears compatible Template Plugin.""" 15 | 16 | def __init__(self, extra_vars_func=None, options=None, extension='mak'): 17 | self.extra_vars_func = extra_vars_func 18 | self.extension = extension 19 | if not options: 20 | options = {} 21 | 22 | # Pull the options out and initialize the lookup 23 | lookup_options = {} 24 | for k, v in options.items(): 25 | if k.startswith('mako.'): 26 | lookup_options[k[5:]] = v 27 | elif k in ['directories', 'filesystem_checks', 'module_directory']: 28 | lookup_options[k] = v 29 | self.lookup = TemplateLookup(**lookup_options) 30 | 31 | self.tmpl_options = {} 32 | # transfer lookup args to template args, based on those available 33 | # in getargspec 34 | for kw in compat.inspect_getargspec(Template.__init__)[0]: 35 | if kw in lookup_options: 36 | self.tmpl_options[kw] = lookup_options[kw] 37 | 38 | def load_template(self, templatename, template_string=None): 39 | """Loads a template from a file or a string""" 40 | if template_string is not None: 41 | return Template(template_string, **self.tmpl_options) 42 | # Translate TG dot notation to normal / template path 43 | if '/' not in templatename: 44 | templatename = '/' + templatename.replace('.', '/') + '.' +\ 45 | self.extension 46 | 47 | # Lookup template 48 | return self.lookup.get_template(templatename) 49 | 50 | def render(self, info, format="html", fragment=False, template=None): 51 | if isinstance(template, compat.string_types): 52 | template = self.load_template(template) 53 | 54 | # Load extra vars func if provided 55 | if self.extra_vars_func: 56 | info.update(self.extra_vars_func()) 57 | 58 | return template.render(**info) 59 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/markupsafe/_compat.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | """ 3 | markupsafe._compat 4 | ~~~~~~~~~~~~~~~~~~ 5 | 6 | Compatibility module for different Python versions. 7 | 8 | :copyright: (c) 2013 by Armin Ronacher. 9 | :license: BSD, see LICENSE for more details. 10 | """ 11 | import sys 12 | 13 | PY2 = sys.version_info[0] == 2 14 | 15 | if not PY2: 16 | text_type = str 17 | string_types = (str,) 18 | unichr = chr 19 | int_types = (int,) 20 | iteritems = lambda x: iter(x.items()) 21 | else: 22 | text_type = unicode 23 | string_types = (str, unicode) 24 | unichr = unichr 25 | int_types = (int, long) 26 | iteritems = lambda x: x.iteritems() 27 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/markupsafe/_native.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | """ 3 | markupsafe._native 4 | ~~~~~~~~~~~~~~~~~~ 5 | 6 | Native Python implementation the C module is not compiled. 7 | 8 | :copyright: (c) 2010 by Armin Ronacher. 9 | :license: BSD, see LICENSE for more details. 10 | """ 11 | from markupsafe import Markup 12 | from markupsafe._compat import text_type 13 | 14 | 15 | def escape(s): 16 | """Convert the characters &, <, >, ' and " in string s to HTML-safe 17 | sequences. Use this if you need to display text that might contain 18 | such characters in HTML. Marks return value as markup string. 19 | """ 20 | if hasattr(s, '__html__'): 21 | return s.__html__() 22 | return Markup(text_type(s) 23 | .replace('&', '&') 24 | .replace('>', '>') 25 | .replace('<', '<') 26 | .replace("'", ''') 27 | .replace('"', '"') 28 | ) 29 | 30 | 31 | def escape_silent(s): 32 | """Like :func:`escape` but converts `None` into an empty 33 | markup string. 34 | """ 35 | if s is None: 36 | return Markup() 37 | return escape(s) 38 | 39 | 40 | def soft_unicode(s): 41 | """Make a string unicode if it isn't already. That way a markup 42 | string is not converted back to unicode. 43 | """ 44 | if not isinstance(s, text_type): 45 | s = text_type(s) 46 | return s 47 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/markupsafe/_speedups.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/markupsafe/_speedups.so -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/modinput_wrapper/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/modinput_wrapper/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/munch/python3_compat.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | _PY2 = (sys.version_info < (3,0)) 4 | 5 | identity = lambda x : x 6 | 7 | # u('string') replaces the forwards-incompatible u'string' 8 | if _PY2: 9 | import codecs 10 | def u(string): 11 | return codecs.unicode_escape_decode(string)[0] 12 | else: 13 | u = identity 14 | 15 | # dict.iteritems(), dict.iterkeys() is also incompatible 16 | if _PY2: 17 | iteritems = dict.iteritems 18 | iterkeys = dict.iterkeys 19 | else: 20 | iteritems = dict.items 21 | iterkeys = dict.keys 22 | 23 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/ply/__init__.py: -------------------------------------------------------------------------------- 1 | # PLY package 2 | # Author: David Beazley (dave@dabeaz.com) 3 | 4 | __version__ = '3.9' 5 | __all__ = ['lex','yacc'] 6 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/ply/ygen.py: -------------------------------------------------------------------------------- 1 | # ply: ygen.py 2 | # 3 | # This is a support program that auto-generates different versions of the YACC parsing 4 | # function with different features removed for the purposes of performance. 5 | # 6 | # Users should edit the method LParser.parsedebug() in yacc.py. The source code 7 | # for that method is then used to create the other methods. See the comments in 8 | # yacc.py for further details. 9 | 10 | import os.path 11 | import shutil 12 | 13 | def get_source_range(lines, tag): 14 | srclines = enumerate(lines) 15 | start_tag = '#--! %s-start' % tag 16 | end_tag = '#--! %s-end' % tag 17 | 18 | for start_index, line in srclines: 19 | if line.strip().startswith(start_tag): 20 | break 21 | 22 | for end_index, line in srclines: 23 | if line.strip().endswith(end_tag): 24 | break 25 | 26 | return (start_index + 1, end_index) 27 | 28 | def filter_section(lines, tag): 29 | filtered_lines = [] 30 | include = True 31 | tag_text = '#--! %s' % tag 32 | for line in lines: 33 | if line.strip().startswith(tag_text): 34 | include = not include 35 | elif include: 36 | filtered_lines.append(line) 37 | return filtered_lines 38 | 39 | def main(): 40 | dirname = os.path.dirname(__file__) 41 | shutil.copy2(os.path.join(dirname, 'yacc.py'), os.path.join(dirname, 'yacc.py.bak')) 42 | with open(os.path.join(dirname, 'yacc.py'), 'r') as f: 43 | lines = f.readlines() 44 | 45 | parse_start, parse_end = get_source_range(lines, 'parsedebug') 46 | parseopt_start, parseopt_end = get_source_range(lines, 'parseopt') 47 | parseopt_notrack_start, parseopt_notrack_end = get_source_range(lines, 'parseopt-notrack') 48 | 49 | # Get the original source 50 | orig_lines = lines[parse_start:parse_end] 51 | 52 | # Filter the DEBUG sections out 53 | parseopt_lines = filter_section(orig_lines, 'DEBUG') 54 | 55 | # Filter the TRACKING sections out 56 | parseopt_notrack_lines = filter_section(parseopt_lines, 'TRACKING') 57 | 58 | # Replace the parser source sections with updated versions 59 | lines[parseopt_notrack_start:parseopt_notrack_end] = parseopt_notrack_lines 60 | lines[parseopt_start:parseopt_end] = parseopt_lines 61 | 62 | lines = [line.rstrip()+'\n' for line in lines] 63 | with open(os.path.join(dirname, 'yacc.py'), 'w') as f: 64 | f.writelines(lines) 65 | 66 | print('Updated yacc.py') 67 | 68 | if __name__ == '__main__': 69 | main() 70 | 71 | 72 | 73 | 74 | 75 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/_internal_utils.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | """ 4 | requests._internal_utils 5 | ~~~~~~~~~~~~~~ 6 | 7 | Provides utility functions that are consumed internally by Requests 8 | which depend on extremely few external helpers (such as compat) 9 | """ 10 | 11 | from .compat import is_py2, builtin_str, str 12 | 13 | 14 | def to_native_string(string, encoding='ascii'): 15 | """Given a string object, regardless of type, returns a representation of 16 | that string in the native string type, encoding and decoding where 17 | necessary. This assumes ASCII unless told otherwise. 18 | """ 19 | if isinstance(string, builtin_str): 20 | out = string 21 | else: 22 | if is_py2: 23 | out = string.encode(encoding) 24 | else: 25 | out = string.decode(encoding) 26 | 27 | return out 28 | 29 | 30 | def unicode_is_ascii(u_string): 31 | """Determine if unicode string only contains ASCII characters. 32 | 33 | :param str u_string: unicode string to check. Must be unicode 34 | and not Python 2 `str`. 35 | :rtype: bool 36 | """ 37 | assert isinstance(u_string, str) 38 | try: 39 | u_string.encode('ascii') 40 | return True 41 | except UnicodeEncodeError: 42 | return False 43 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/certs.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | """ 5 | requests.certs 6 | ~~~~~~~~~~~~~~ 7 | 8 | This module returns the preferred default CA certificate bundle. 9 | 10 | If you are packaging Requests, e.g., for a Linux distribution or a managed 11 | environment, you can change the definition of where() to return a separately 12 | packaged CA bundle. 13 | """ 14 | import os.path 15 | 16 | try: 17 | from certifi import where 18 | except ImportError: 19 | def where(): 20 | """Return the preferred certificate bundle.""" 21 | # vendored bundle inside Requests 22 | return os.path.join(os.path.dirname(__file__), 'cacert.pem') 23 | 24 | if __name__ == '__main__': 25 | print(where()) 26 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/compat.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | """ 4 | requests.compat 5 | ~~~~~~~~~~~~~~~ 6 | 7 | This module handles import compatibility issues between Python 2 and 8 | Python 3. 9 | """ 10 | 11 | from .packages import chardet 12 | 13 | import sys 14 | 15 | # ------- 16 | # Pythons 17 | # ------- 18 | 19 | # Syntax sugar. 20 | _ver = sys.version_info 21 | 22 | #: Python 2.x? 23 | is_py2 = (_ver[0] == 2) 24 | 25 | #: Python 3.x? 26 | is_py3 = (_ver[0] == 3) 27 | 28 | try: 29 | import simplejson as json 30 | except (ImportError, SyntaxError): 31 | # simplejson does not support Python 3.2, it throws a SyntaxError 32 | # because of u'...' Unicode literals. 33 | import json 34 | 35 | # --------- 36 | # Specifics 37 | # --------- 38 | 39 | if is_py2: 40 | from urllib import quote, unquote, quote_plus, unquote_plus, urlencode, getproxies, proxy_bypass 41 | from urlparse import urlparse, urlunparse, urljoin, urlsplit, urldefrag 42 | from urllib2 import parse_http_list 43 | import cookielib 44 | from Cookie import Morsel 45 | from StringIO import StringIO 46 | from .packages.urllib3.packages.ordered_dict import OrderedDict 47 | 48 | builtin_str = str 49 | bytes = str 50 | str = unicode 51 | basestring = basestring 52 | numeric_types = (int, long, float) 53 | integer_types = (int, long) 54 | 55 | elif is_py3: 56 | from urllib.parse import urlparse, urlunparse, urljoin, urlsplit, urlencode, quote, unquote, quote_plus, unquote_plus, urldefrag 57 | from urllib.request import parse_http_list, getproxies, proxy_bypass 58 | from http import cookiejar as cookielib 59 | from http.cookies import Morsel 60 | from io import StringIO 61 | from collections import OrderedDict 62 | 63 | builtin_str = str 64 | str = str 65 | bytes = bytes 66 | basestring = (str, bytes) 67 | numeric_types = (int, float) 68 | integer_types = (int,) 69 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/hooks.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | """ 4 | requests.hooks 5 | ~~~~~~~~~~~~~~ 6 | 7 | This module provides the capabilities for the Requests hooks system. 8 | 9 | Available hooks: 10 | 11 | ``response``: 12 | The response generated from a Request. 13 | """ 14 | HOOKS = ['response'] 15 | 16 | 17 | def default_hooks(): 18 | return dict((event, []) for event in HOOKS) 19 | 20 | # TODO: response is the only one 21 | 22 | 23 | def dispatch_hook(key, hooks, hook_data, **kwargs): 24 | """Dispatches a hook dictionary on a given piece of data.""" 25 | hooks = hooks or dict() 26 | hooks = hooks.get(key) 27 | if hooks: 28 | if hasattr(hooks, '__call__'): 29 | hooks = [hooks] 30 | for hook in hooks: 31 | _hook_data = hook(hook_data, **kwargs) 32 | if _hook_data is not None: 33 | hook_data = _hook_data 34 | return hook_data 35 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/__init__.py: -------------------------------------------------------------------------------- 1 | ''' 2 | Debian and other distributions "unbundle" requests' vendored dependencies, and 3 | rewrite all imports to use the global versions of ``urllib3`` and ``chardet``. 4 | The problem with this is that not only requests itself imports those 5 | dependencies, but third-party code outside of the distros' control too. 6 | 7 | In reaction to these problems, the distro maintainers replaced 8 | ``requests.packages`` with a magical "stub module" that imports the correct 9 | modules. The implementations were varying in quality and all had severe 10 | problems. For example, a symlink (or hardlink) that links the correct modules 11 | into place introduces problems regarding object identity, since you now have 12 | two modules in `sys.modules` with the same API, but different identities:: 13 | 14 | requests.packages.urllib3 is not urllib3 15 | 16 | With version ``2.5.2``, requests started to maintain its own stub, so that 17 | distro-specific breakage would be reduced to a minimum, even though the whole 18 | issue is not requests' fault in the first place. See 19 | https://github.com/kennethreitz/requests/pull/2375 for the corresponding pull 20 | request. 21 | ''' 22 | 23 | from __future__ import absolute_import 24 | import sys 25 | 26 | try: 27 | from . import urllib3 28 | except ImportError: 29 | import urllib3 30 | sys.modules['%s.urllib3' % __name__] = urllib3 31 | 32 | try: 33 | from . import chardet 34 | except ImportError: 35 | import chardet 36 | sys.modules['%s.chardet' % __name__] = chardet 37 | 38 | try: 39 | from . import idna 40 | except ImportError: 41 | import idna 42 | sys.modules['%s.idna' % __name__] = idna 43 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/chardet/__init__.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # This library is free software; you can redistribute it and/or 3 | # modify it under the terms of the GNU Lesser General Public 4 | # License as published by the Free Software Foundation; either 5 | # version 2.1 of the License, or (at your option) any later version. 6 | # 7 | # This library is distributed in the hope that it will be useful, 8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 10 | # Lesser General Public License for more details. 11 | # 12 | # You should have received a copy of the GNU Lesser General Public 13 | # License along with this library; if not, write to the Free Software 14 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 15 | # 02110-1301 USA 16 | ######################### END LICENSE BLOCK ######################### 17 | 18 | __version__ = "2.3.0" 19 | from sys import version_info 20 | 21 | 22 | def detect(aBuf): 23 | if ((version_info < (3, 0) and isinstance(aBuf, unicode)) or 24 | (version_info >= (3, 0) and not isinstance(aBuf, bytes))): 25 | raise ValueError('Expected a bytes object, not a unicode object') 26 | 27 | from . import universaldetector 28 | u = universaldetector.UniversalDetector() 29 | u.reset() 30 | u.feed(aBuf) 31 | u.close() 32 | return u.result 33 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/chardet/big5prober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is Mozilla Communicator client code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 1998 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # 12 | # This library is free software; you can redistribute it and/or 13 | # modify it under the terms of the GNU Lesser General Public 14 | # License as published by the Free Software Foundation; either 15 | # version 2.1 of the License, or (at your option) any later version. 16 | # 17 | # This library is distributed in the hope that it will be useful, 18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | # Lesser General Public License for more details. 21 | # 22 | # You should have received a copy of the GNU Lesser General Public 23 | # License along with this library; if not, write to the Free Software 24 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 25 | # 02110-1301 USA 26 | ######################### END LICENSE BLOCK ######################### 27 | 28 | from .mbcharsetprober import MultiByteCharSetProber 29 | from .codingstatemachine import CodingStateMachine 30 | from .chardistribution import Big5DistributionAnalysis 31 | from .mbcssm import Big5SMModel 32 | 33 | 34 | class Big5Prober(MultiByteCharSetProber): 35 | def __init__(self): 36 | MultiByteCharSetProber.__init__(self) 37 | self._mCodingSM = CodingStateMachine(Big5SMModel) 38 | self._mDistributionAnalyzer = Big5DistributionAnalysis() 39 | self.reset() 40 | 41 | def get_charset_name(self): 42 | return "Big5" 43 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/chardet/charsetprober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is Mozilla Universal charset detector code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 2001 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # Shy Shalom - original C code 12 | # 13 | # This library is free software; you can redistribute it and/or 14 | # modify it under the terms of the GNU Lesser General Public 15 | # License as published by the Free Software Foundation; either 16 | # version 2.1 of the License, or (at your option) any later version. 17 | # 18 | # This library is distributed in the hope that it will be useful, 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 | # Lesser General Public License for more details. 22 | # 23 | # You should have received a copy of the GNU Lesser General Public 24 | # License along with this library; if not, write to the Free Software 25 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 26 | # 02110-1301 USA 27 | ######################### END LICENSE BLOCK ######################### 28 | 29 | from . import constants 30 | import re 31 | 32 | 33 | class CharSetProber: 34 | def __init__(self): 35 | pass 36 | 37 | def reset(self): 38 | self._mState = constants.eDetecting 39 | 40 | def get_charset_name(self): 41 | return None 42 | 43 | def feed(self, aBuf): 44 | pass 45 | 46 | def get_state(self): 47 | return self._mState 48 | 49 | def get_confidence(self): 50 | return 0.0 51 | 52 | def filter_high_bit_only(self, aBuf): 53 | aBuf = re.sub(b'([\x00-\x7F])+', b' ', aBuf) 54 | return aBuf 55 | 56 | def filter_without_english_letters(self, aBuf): 57 | aBuf = re.sub(b'([A-Za-z])+', b' ', aBuf) 58 | return aBuf 59 | 60 | def filter_with_english_letters(self, aBuf): 61 | # TODO 62 | return aBuf 63 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/chardet/compat.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # Contributor(s): 3 | # Ian Cordasco - port to Python 4 | # 5 | # This library is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU Lesser General Public 7 | # License as published by the Free Software Foundation; either 8 | # version 2.1 of the License, or (at your option) any later version. 9 | # 10 | # This library is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | # Lesser General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU Lesser General Public 16 | # License along with this library; if not, write to the Free Software 17 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 18 | # 02110-1301 USA 19 | ######################### END LICENSE BLOCK ######################### 20 | 21 | import sys 22 | 23 | 24 | if sys.version_info < (3, 0): 25 | base_str = (str, unicode) 26 | else: 27 | base_str = (bytes, str) 28 | 29 | 30 | def wrap_ord(a): 31 | if sys.version_info < (3, 0) and isinstance(a, base_str): 32 | return ord(a) 33 | else: 34 | return a 35 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/chardet/constants.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is Mozilla Universal charset detector code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 2001 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # Shy Shalom - original C code 12 | # 13 | # This library is free software; you can redistribute it and/or 14 | # modify it under the terms of the GNU Lesser General Public 15 | # License as published by the Free Software Foundation; either 16 | # version 2.1 of the License, or (at your option) any later version. 17 | # 18 | # This library is distributed in the hope that it will be useful, 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 | # Lesser General Public License for more details. 22 | # 23 | # You should have received a copy of the GNU Lesser General Public 24 | # License along with this library; if not, write to the Free Software 25 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 26 | # 02110-1301 USA 27 | ######################### END LICENSE BLOCK ######################### 28 | 29 | _debug = 0 30 | 31 | eDetecting = 0 32 | eFoundIt = 1 33 | eNotMe = 2 34 | 35 | eStart = 0 36 | eError = 1 37 | eItsMe = 2 38 | 39 | SHORTCUT_THRESHOLD = 0.95 40 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/chardet/cp949prober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is mozilla.org code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 1998 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # 12 | # This library is free software; you can redistribute it and/or 13 | # modify it under the terms of the GNU Lesser General Public 14 | # License as published by the Free Software Foundation; either 15 | # version 2.1 of the License, or (at your option) any later version. 16 | # 17 | # This library is distributed in the hope that it will be useful, 18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | # Lesser General Public License for more details. 21 | # 22 | # You should have received a copy of the GNU Lesser General Public 23 | # License along with this library; if not, write to the Free Software 24 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 25 | # 02110-1301 USA 26 | ######################### END LICENSE BLOCK ######################### 27 | 28 | from .mbcharsetprober import MultiByteCharSetProber 29 | from .codingstatemachine import CodingStateMachine 30 | from .chardistribution import EUCKRDistributionAnalysis 31 | from .mbcssm import CP949SMModel 32 | 33 | 34 | class CP949Prober(MultiByteCharSetProber): 35 | def __init__(self): 36 | MultiByteCharSetProber.__init__(self) 37 | self._mCodingSM = CodingStateMachine(CP949SMModel) 38 | # NOTE: CP949 is a superset of EUC-KR, so the distribution should be 39 | # not different. 40 | self._mDistributionAnalyzer = EUCKRDistributionAnalysis() 41 | self.reset() 42 | 43 | def get_charset_name(self): 44 | return "CP949" 45 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/chardet/euckrprober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is mozilla.org code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 1998 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # 12 | # This library is free software; you can redistribute it and/or 13 | # modify it under the terms of the GNU Lesser General Public 14 | # License as published by the Free Software Foundation; either 15 | # version 2.1 of the License, or (at your option) any later version. 16 | # 17 | # This library is distributed in the hope that it will be useful, 18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | # Lesser General Public License for more details. 21 | # 22 | # You should have received a copy of the GNU Lesser General Public 23 | # License along with this library; if not, write to the Free Software 24 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 25 | # 02110-1301 USA 26 | ######################### END LICENSE BLOCK ######################### 27 | 28 | from .mbcharsetprober import MultiByteCharSetProber 29 | from .codingstatemachine import CodingStateMachine 30 | from .chardistribution import EUCKRDistributionAnalysis 31 | from .mbcssm import EUCKRSMModel 32 | 33 | 34 | class EUCKRProber(MultiByteCharSetProber): 35 | def __init__(self): 36 | MultiByteCharSetProber.__init__(self) 37 | self._mCodingSM = CodingStateMachine(EUCKRSMModel) 38 | self._mDistributionAnalyzer = EUCKRDistributionAnalysis() 39 | self.reset() 40 | 41 | def get_charset_name(self): 42 | return "EUC-KR" 43 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/chardet/euctwprober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is mozilla.org code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 1998 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # 12 | # This library is free software; you can redistribute it and/or 13 | # modify it under the terms of the GNU Lesser General Public 14 | # License as published by the Free Software Foundation; either 15 | # version 2.1 of the License, or (at your option) any later version. 16 | # 17 | # This library is distributed in the hope that it will be useful, 18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | # Lesser General Public License for more details. 21 | # 22 | # You should have received a copy of the GNU Lesser General Public 23 | # License along with this library; if not, write to the Free Software 24 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 25 | # 02110-1301 USA 26 | ######################### END LICENSE BLOCK ######################### 27 | 28 | from .mbcharsetprober import MultiByteCharSetProber 29 | from .codingstatemachine import CodingStateMachine 30 | from .chardistribution import EUCTWDistributionAnalysis 31 | from .mbcssm import EUCTWSMModel 32 | 33 | class EUCTWProber(MultiByteCharSetProber): 34 | def __init__(self): 35 | MultiByteCharSetProber.__init__(self) 36 | self._mCodingSM = CodingStateMachine(EUCTWSMModel) 37 | self._mDistributionAnalyzer = EUCTWDistributionAnalysis() 38 | self.reset() 39 | 40 | def get_charset_name(self): 41 | return "EUC-TW" 42 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/chardet/gb2312prober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is mozilla.org code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 1998 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # 12 | # This library is free software; you can redistribute it and/or 13 | # modify it under the terms of the GNU Lesser General Public 14 | # License as published by the Free Software Foundation; either 15 | # version 2.1 of the License, or (at your option) any later version. 16 | # 17 | # This library is distributed in the hope that it will be useful, 18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | # Lesser General Public License for more details. 21 | # 22 | # You should have received a copy of the GNU Lesser General Public 23 | # License along with this library; if not, write to the Free Software 24 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 25 | # 02110-1301 USA 26 | ######################### END LICENSE BLOCK ######################### 27 | 28 | from .mbcharsetprober import MultiByteCharSetProber 29 | from .codingstatemachine import CodingStateMachine 30 | from .chardistribution import GB2312DistributionAnalysis 31 | from .mbcssm import GB2312SMModel 32 | 33 | class GB2312Prober(MultiByteCharSetProber): 34 | def __init__(self): 35 | MultiByteCharSetProber.__init__(self) 36 | self._mCodingSM = CodingStateMachine(GB2312SMModel) 37 | self._mDistributionAnalyzer = GB2312DistributionAnalysis() 38 | self.reset() 39 | 40 | def get_charset_name(self): 41 | return "GB2312" 42 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/chardet/mbcsgroupprober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is Mozilla Universal charset detector code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 2001 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # Shy Shalom - original C code 12 | # Proofpoint, Inc. 13 | # 14 | # This library is free software; you can redistribute it and/or 15 | # modify it under the terms of the GNU Lesser General Public 16 | # License as published by the Free Software Foundation; either 17 | # version 2.1 of the License, or (at your option) any later version. 18 | # 19 | # This library is distributed in the hope that it will be useful, 20 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 22 | # Lesser General Public License for more details. 23 | # 24 | # You should have received a copy of the GNU Lesser General Public 25 | # License along with this library; if not, write to the Free Software 26 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 27 | # 02110-1301 USA 28 | ######################### END LICENSE BLOCK ######################### 29 | 30 | from .charsetgroupprober import CharSetGroupProber 31 | from .utf8prober import UTF8Prober 32 | from .sjisprober import SJISProber 33 | from .eucjpprober import EUCJPProber 34 | from .gb2312prober import GB2312Prober 35 | from .euckrprober import EUCKRProber 36 | from .cp949prober import CP949Prober 37 | from .big5prober import Big5Prober 38 | from .euctwprober import EUCTWProber 39 | 40 | 41 | class MBCSGroupProber(CharSetGroupProber): 42 | def __init__(self): 43 | CharSetGroupProber.__init__(self) 44 | self._mProbers = [ 45 | UTF8Prober(), 46 | SJISProber(), 47 | EUCJPProber(), 48 | GB2312Prober(), 49 | EUCKRProber(), 50 | CP949Prober(), 51 | Big5Prober(), 52 | EUCTWProber() 53 | ] 54 | self.reset() 55 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/idna/__init__.py: -------------------------------------------------------------------------------- 1 | from .core import * 2 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/idna/compat.py: -------------------------------------------------------------------------------- 1 | from .core import * 2 | from .codec import * 3 | 4 | def ToASCII(label): 5 | return encode(label) 6 | 7 | def ToUnicode(label): 8 | return decode(label) 9 | 10 | def nameprep(s): 11 | raise NotImplementedError("IDNA 2008 does not utilise nameprep protocol") 12 | 13 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/idna/intranges.py: -------------------------------------------------------------------------------- 1 | """ 2 | Given a list of integers, made up of (hopefully) a small number of long runs 3 | of consecutive integers, compute a representation of the form 4 | ((start1, end1), (start2, end2) ...). Then answer the question "was x present 5 | in the original list?" in time O(log(# runs)). 6 | """ 7 | 8 | import bisect 9 | 10 | def intranges_from_list(list_): 11 | """Represent a list of integers as a sequence of ranges: 12 | ((start_0, end_0), (start_1, end_1), ...), such that the original 13 | integers are exactly those x such that start_i <= x < end_i for some i. 14 | """ 15 | 16 | sorted_list = sorted(list_) 17 | ranges = [] 18 | last_write = -1 19 | for i in range(len(sorted_list)): 20 | if i+1 < len(sorted_list): 21 | if sorted_list[i] == sorted_list[i+1]-1: 22 | continue 23 | current_range = sorted_list[last_write+1:i+1] 24 | range_tuple = (current_range[0], current_range[-1] + 1) 25 | ranges.append(range_tuple) 26 | last_write = i 27 | 28 | return tuple(ranges) 29 | 30 | 31 | def intranges_contain(int_, ranges): 32 | """Determine if `int_` falls into one of the ranges in `ranges`.""" 33 | tuple_ = (int_, int_) 34 | pos = bisect.bisect_left(ranges, tuple_) 35 | # we could be immediately ahead of a tuple (start, end) 36 | # with start < int_ <= end 37 | if pos > 0: 38 | left, right = ranges[pos-1] 39 | if left <= int_ < right: 40 | return True 41 | # or we could be immediately behind a tuple (int_, end) 42 | if pos < len(ranges): 43 | left, _ = ranges[pos] 44 | if left == int_: 45 | return True 46 | return False 47 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/urllib3/contrib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/requests/packages/urllib3/contrib/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/urllib3/packages/__init__.py: -------------------------------------------------------------------------------- 1 | from __future__ import absolute_import 2 | 3 | from . import ssl_match_hostname 4 | 5 | __all__ = ('ssl_match_hostname', ) 6 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/urllib3/packages/backports/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/requests/packages/urllib3/packages/backports/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/urllib3/packages/backports/makefile.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | """ 3 | backports.makefile 4 | ~~~~~~~~~~~~~~~~~~ 5 | 6 | Backports the Python 3 ``socket.makefile`` method for use with anything that 7 | wants to create a "fake" socket object. 8 | """ 9 | import io 10 | 11 | from socket import SocketIO 12 | 13 | 14 | def backport_makefile(self, mode="r", buffering=None, encoding=None, 15 | errors=None, newline=None): 16 | """ 17 | Backport of ``socket.makefile`` from Python 3.5. 18 | """ 19 | if not set(mode) <= set(["r", "w", "b"]): 20 | raise ValueError( 21 | "invalid mode %r (only r, w, b allowed)" % (mode,) 22 | ) 23 | writing = "w" in mode 24 | reading = "r" in mode or not writing 25 | assert reading or writing 26 | binary = "b" in mode 27 | rawmode = "" 28 | if reading: 29 | rawmode += "r" 30 | if writing: 31 | rawmode += "w" 32 | raw = SocketIO(self, rawmode) 33 | self._makefile_refs += 1 34 | if buffering is None: 35 | buffering = -1 36 | if buffering < 0: 37 | buffering = io.DEFAULT_BUFFER_SIZE 38 | if buffering == 0: 39 | if not binary: 40 | raise ValueError("unbuffered streams must be binary") 41 | return raw 42 | if reading and writing: 43 | buffer = io.BufferedRWPair(raw, raw, buffering) 44 | elif reading: 45 | buffer = io.BufferedReader(raw, buffering) 46 | else: 47 | assert writing 48 | buffer = io.BufferedWriter(raw, buffering) 49 | if binary: 50 | return buffer 51 | text = io.TextIOWrapper(buffer, encoding, errors, newline) 52 | text.mode = mode 53 | return text 54 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/urllib3/packages/ssl_match_hostname/__init__.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | try: 4 | # Our match_hostname function is the same as 3.5's, so we only want to 5 | # import the match_hostname function if it's at least that good. 6 | if sys.version_info < (3, 5): 7 | raise ImportError("Fallback to vendored code") 8 | 9 | from ssl import CertificateError, match_hostname 10 | except ImportError: 11 | try: 12 | # Backport of the function from a pypi module 13 | from backports.ssl_match_hostname import CertificateError, match_hostname 14 | except ImportError: 15 | # Our vendored copy 16 | from ._implementation import CertificateError, match_hostname 17 | 18 | # Not needed, but documenting what we provide. 19 | __all__ = ('CertificateError', 'match_hostname') 20 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/urllib3/util/__init__.py: -------------------------------------------------------------------------------- 1 | from __future__ import absolute_import 2 | # For backwards compatibility, provide imports that used to be here. 3 | from .connection import is_connection_dropped 4 | from .request import make_headers 5 | from .response import is_fp_closed 6 | from .ssl_ import ( 7 | SSLContext, 8 | HAS_SNI, 9 | IS_PYOPENSSL, 10 | assert_fingerprint, 11 | resolve_cert_reqs, 12 | resolve_ssl_version, 13 | ssl_wrap_socket, 14 | ) 15 | from .timeout import ( 16 | current_time, 17 | Timeout, 18 | ) 19 | 20 | from .retry import Retry 21 | from .url import ( 22 | get_host, 23 | parse_url, 24 | split_first, 25 | Url, 26 | ) 27 | 28 | __all__ = ( 29 | 'HAS_SNI', 30 | 'IS_PYOPENSSL', 31 | 'SSLContext', 32 | 'Retry', 33 | 'Timeout', 34 | 'Url', 35 | 'assert_fingerprint', 36 | 'current_time', 37 | 'is_connection_dropped', 38 | 'is_fp_closed', 39 | 'get_host', 40 | 'parse_url', 41 | 'make_headers', 42 | 'resolve_cert_reqs', 43 | 'resolve_ssl_version', 44 | 'split_first', 45 | 'ssl_wrap_socket', 46 | ) 47 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/requests/packages/urllib3/util/request.py: -------------------------------------------------------------------------------- 1 | from __future__ import absolute_import 2 | from base64 import b64encode 3 | 4 | from ..packages.six import b 5 | 6 | ACCEPT_ENCODING = 'gzip,deflate' 7 | 8 | 9 | def make_headers(keep_alive=None, accept_encoding=None, user_agent=None, 10 | basic_auth=None, proxy_basic_auth=None, disable_cache=None): 11 | """ 12 | Shortcuts for generating request headers. 13 | 14 | :param keep_alive: 15 | If ``True``, adds 'connection: keep-alive' header. 16 | 17 | :param accept_encoding: 18 | Can be a boolean, list, or string. 19 | ``True`` translates to 'gzip,deflate'. 20 | List will get joined by comma. 21 | String will be used as provided. 22 | 23 | :param user_agent: 24 | String representing the user-agent you want, such as 25 | "python-urllib3/0.6" 26 | 27 | :param basic_auth: 28 | Colon-separated username:password string for 'authorization: basic ...' 29 | auth header. 30 | 31 | :param proxy_basic_auth: 32 | Colon-separated username:password string for 'proxy-authorization: basic ...' 33 | auth header. 34 | 35 | :param disable_cache: 36 | If ``True``, adds 'cache-control: no-cache' header. 37 | 38 | Example:: 39 | 40 | >>> make_headers(keep_alive=True, user_agent="Batman/1.0") 41 | {'connection': 'keep-alive', 'user-agent': 'Batman/1.0'} 42 | >>> make_headers(accept_encoding=True) 43 | {'accept-encoding': 'gzip,deflate'} 44 | """ 45 | headers = {} 46 | if accept_encoding: 47 | if isinstance(accept_encoding, str): 48 | pass 49 | elif isinstance(accept_encoding, list): 50 | accept_encoding = ','.join(accept_encoding) 51 | else: 52 | accept_encoding = ACCEPT_ENCODING 53 | headers['accept-encoding'] = accept_encoding 54 | 55 | if user_agent: 56 | headers['user-agent'] = user_agent 57 | 58 | if keep_alive: 59 | headers['connection'] = 'keep-alive' 60 | 61 | if basic_auth: 62 | headers['authorization'] = 'Basic ' + \ 63 | b64encode(b(basic_auth)).decode('utf-8') 64 | 65 | if proxy_basic_auth: 66 | headers['proxy-authorization'] = 'Basic ' + \ 67 | b64encode(b(proxy_basic_auth)).decode('utf-8') 68 | 69 | if disable_cache: 70 | headers['cache-control'] = 'no-cache' 71 | 72 | return headers 73 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2016 Splunk, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the 'License'): you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an 'AS IS' BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | ''' 16 | The Splunk Software Development Kit for Solutions. 17 | ''' 18 | 19 | from . import ( 20 | acl, 21 | api_documenter, 22 | compression, 23 | conf_manager, 24 | credentials, 25 | file_monitor, 26 | hec_config, 27 | ip_math, 28 | log, 29 | metadata, 30 | net_utils, 31 | orphan_process_monitor, 32 | pattern, 33 | server_info, 34 | splunk_rest_client, 35 | splunkenv, 36 | time_parser, 37 | timer_queue, 38 | user_access, 39 | utils, 40 | ) 41 | 42 | __all__ = ['acl', 43 | 'api_documenter', 44 | 'compression', 45 | 'conf_manager', 46 | 'credentials', 47 | 'file_monitor', 48 | 'hec_config', 49 | 'ip_math', 50 | 'log', 51 | 'metadata', 52 | 'net_utils', 53 | 'orphan_process_monitor', 54 | 'pattern', 55 | 'server_info', 56 | 'splunk_rest_client', 57 | 'splunkenv', 58 | 'time_parser', 59 | 'timer_queue', 60 | 'user_access', 61 | 'utils'] 62 | 63 | __version__ = '1.0.17-dev.312' 64 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/modular_input/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2016 Splunk, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the 'License'): you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an 'AS IS' BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | ''' 16 | Splunk modular input. 17 | ''' 18 | 19 | from .checkpointer import CheckpointerException 20 | from .checkpointer import FileCheckpointer 21 | from .checkpointer import KVStoreCheckpointer 22 | from .event import EventException 23 | from .event import HECEvent 24 | from .event import XMLEvent 25 | from .event_writer import ClassicEventWriter 26 | from .event_writer import HECEventWriter 27 | from .modular_input import ModularInput 28 | from .modular_input import ModularInputException 29 | from ..packages.splunklib.modularinput.argument import Argument 30 | 31 | __all__ = ['EventException', 32 | 'XMLEvent', 33 | 'HECEvent', 34 | 'ClassicEventWriter', 35 | 'HECEventWriter', 36 | 'CheckpointerException', 37 | 'KVStoreCheckpointer', 38 | 'FileCheckpointer', 39 | 'Argument', 40 | 'ModularInputException', 41 | 'ModularInput'] 42 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2016 Splunk, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the 'License'): you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an 'AS IS' BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | 16 | from __future__ import absolute_import 17 | 18 | import sys 19 | 20 | try: 21 | from . import requests 22 | except ImportError: 23 | import requests 24 | 25 | sys.modules['%s.requests' % __name__] = requests 26 | 27 | try: 28 | from . import splunklib 29 | except ImportError: 30 | import splunklib 31 | 32 | sys.modules['%s.splunklib' % __name__] = splunklib 33 | 34 | try: 35 | from . import sortedcontainers 36 | except ImportError: 37 | import sortedcontainers 38 | 39 | sys.modules['%s.sortedcontainers' % __name__] = sortedcontainers 40 | 41 | try: 42 | from . import schematics 43 | except ImportError: 44 | import schematics 45 | 46 | sys.modules['%s.schematics' % __name__] = schematics 47 | 48 | try: 49 | from . import simpleyaml 50 | except ImportError: 51 | import simpleyaml 52 | 53 | sys.modules['%s.simpleyaml' % __name__] = simpleyaml 54 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2016 Kenneth Reitz 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | # __ 4 | # /__) _ _ _ _ _/ _ 5 | # / ( (- (/ (/ (- _) / _) 6 | # / 7 | 8 | """ 9 | Requests HTTP library 10 | ~~~~~~~~~~~~~~~~~~~~~ 11 | 12 | Requests is an HTTP library, written in Python, for human beings. Basic GET 13 | usage: 14 | 15 | >>> import requests 16 | >>> r = requests.get('https://www.python.org') 17 | >>> r.status_code 18 | 200 19 | >>> 'Python is a programming language' in r.content 20 | True 21 | 22 | ... or POST: 23 | 24 | >>> payload = dict(key1='value1', key2='value2') 25 | >>> r = requests.post('http://httpbin.org/post', data=payload) 26 | >>> print(r.text) 27 | { 28 | ... 29 | "form": { 30 | "key2": "value2", 31 | "key1": "value1" 32 | }, 33 | ... 34 | } 35 | 36 | The other HTTP methods are supported - see `requests.api`. Full documentation 37 | is at . 38 | 39 | :copyright: (c) 2015 by Kenneth Reitz. 40 | :license: Apache 2.0, see LICENSE for more details. 41 | 42 | """ 43 | 44 | __title__ = 'requests' 45 | __version__ = '2.9.1' 46 | __build__ = 0x020901 47 | __author__ = 'Kenneth Reitz' 48 | __license__ = 'Apache 2.0' 49 | __copyright__ = 'Copyright 2015 Kenneth Reitz' 50 | 51 | # Attempt to enable urllib3's SNI support, if possible 52 | try: 53 | from .packages.urllib3.contrib import pyopenssl 54 | pyopenssl.inject_into_urllib3() 55 | except ImportError: 56 | pass 57 | 58 | from . import utils 59 | from .models import Request, Response, PreparedRequest 60 | from .api import request, get, head, post, patch, put, delete, options 61 | from .sessions import session, Session 62 | from .status_codes import codes 63 | from .exceptions import ( 64 | RequestException, Timeout, URLRequired, 65 | TooManyRedirects, HTTPError, ConnectionError, 66 | FileModeWarning, 67 | ) 68 | 69 | # Set default logging handler to avoid "No handler found" warnings. 70 | import logging 71 | try: # Python 2.7+ 72 | from logging import NullHandler 73 | except ImportError: 74 | class NullHandler(logging.Handler): 75 | def emit(self, record): 76 | pass 77 | 78 | logging.getLogger(__name__).addHandler(NullHandler()) 79 | 80 | import warnings 81 | 82 | # FileModeWarnings go off per the default. 83 | warnings.simplefilter('default', FileModeWarning, append=True) 84 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/certs.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | """ 5 | certs.py 6 | ~~~~~~~~ 7 | 8 | This module returns the preferred default CA certificate bundle. 9 | 10 | If you are packaging Requests, e.g., for a Linux distribution or a managed 11 | environment, you can change the definition of where() to return a separately 12 | packaged CA bundle. 13 | """ 14 | import os.path 15 | 16 | try: 17 | from certifi import where 18 | except ImportError: 19 | def where(): 20 | """Return the preferred certificate bundle.""" 21 | # vendored bundle inside Requests 22 | return os.path.join(os.path.dirname(__file__), 'cacert.pem') 23 | 24 | if __name__ == '__main__': 25 | print(where()) 26 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/compat.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | """ 4 | pythoncompat 5 | """ 6 | 7 | from .packages import chardet 8 | 9 | import sys 10 | 11 | # ------- 12 | # Pythons 13 | # ------- 14 | 15 | # Syntax sugar. 16 | _ver = sys.version_info 17 | 18 | #: Python 2.x? 19 | is_py2 = (_ver[0] == 2) 20 | 21 | #: Python 3.x? 22 | is_py3 = (_ver[0] == 3) 23 | 24 | try: 25 | import simplejson as json 26 | except (ImportError, SyntaxError): 27 | # simplejson does not support Python 3.2, it throws a SyntaxError 28 | # because of u'...' Unicode literals. 29 | import json 30 | 31 | # --------- 32 | # Specifics 33 | # --------- 34 | 35 | if is_py2: 36 | from urllib import quote, unquote, quote_plus, unquote_plus, urlencode, getproxies, proxy_bypass 37 | from urlparse import urlparse, urlunparse, urljoin, urlsplit, urldefrag 38 | from urllib2 import parse_http_list 39 | import cookielib 40 | from Cookie import Morsel 41 | from StringIO import StringIO 42 | from .packages.urllib3.packages.ordered_dict import OrderedDict 43 | 44 | builtin_str = str 45 | bytes = str 46 | str = unicode 47 | basestring = basestring 48 | numeric_types = (int, long, float) 49 | 50 | elif is_py3: 51 | from urllib.parse import urlparse, urlunparse, urljoin, urlsplit, urlencode, quote, unquote, quote_plus, unquote_plus, urldefrag 52 | from urllib.request import parse_http_list, getproxies, proxy_bypass 53 | from http import cookiejar as cookielib 54 | from http.cookies import Morsel 55 | from io import StringIO 56 | from collections import OrderedDict 57 | 58 | builtin_str = str 59 | str = str 60 | bytes = bytes 61 | basestring = (str, bytes) 62 | numeric_types = (int, float) 63 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/hooks.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | """ 4 | requests.hooks 5 | ~~~~~~~~~~~~~~ 6 | 7 | This module provides the capabilities for the Requests hooks system. 8 | 9 | Available hooks: 10 | 11 | ``response``: 12 | The response generated from a Request. 13 | 14 | """ 15 | HOOKS = ['response'] 16 | 17 | def default_hooks(): 18 | return dict((event, []) for event in HOOKS) 19 | 20 | # TODO: response is the only one 21 | 22 | 23 | def dispatch_hook(key, hooks, hook_data, **kwargs): 24 | """Dispatches a hook dictionary on a given piece of data.""" 25 | hooks = hooks or dict() 26 | hooks = hooks.get(key) 27 | if hooks: 28 | if hasattr(hooks, '__call__'): 29 | hooks = [hooks] 30 | for hook in hooks: 31 | _hook_data = hook(hook_data, **kwargs) 32 | if _hook_data is not None: 33 | hook_data = _hook_data 34 | return hook_data 35 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/__init__.py: -------------------------------------------------------------------------------- 1 | ''' 2 | Debian and other distributions "unbundle" requests' vendored dependencies, and 3 | rewrite all imports to use the global versions of ``urllib3`` and ``chardet``. 4 | The problem with this is that not only requests itself imports those 5 | dependencies, but third-party code outside of the distros' control too. 6 | 7 | In reaction to these problems, the distro maintainers replaced 8 | ``requests.packages`` with a magical "stub module" that imports the correct 9 | modules. The implementations were varying in quality and all had severe 10 | problems. For example, a symlink (or hardlink) that links the correct modules 11 | into place introduces problems regarding object identity, since you now have 12 | two modules in `sys.modules` with the same API, but different identities:: 13 | 14 | requests.packages.urllib3 is not urllib3 15 | 16 | With version ``2.5.2``, requests started to maintain its own stub, so that 17 | distro-specific breakage would be reduced to a minimum, even though the whole 18 | issue is not requests' fault in the first place. See 19 | https://github.com/kennethreitz/requests/pull/2375 for the corresponding pull 20 | request. 21 | ''' 22 | 23 | from __future__ import absolute_import 24 | import sys 25 | 26 | try: 27 | from . import urllib3 28 | except ImportError: 29 | import urllib3 30 | sys.modules['%s.urllib3' % __name__] = urllib3 31 | 32 | try: 33 | from . import chardet 34 | except ImportError: 35 | import chardet 36 | sys.modules['%s.chardet' % __name__] = chardet 37 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/chardet/__init__.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # This library is free software; you can redistribute it and/or 3 | # modify it under the terms of the GNU Lesser General Public 4 | # License as published by the Free Software Foundation; either 5 | # version 2.1 of the License, or (at your option) any later version. 6 | # 7 | # This library is distributed in the hope that it will be useful, 8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 10 | # Lesser General Public License for more details. 11 | # 12 | # You should have received a copy of the GNU Lesser General Public 13 | # License along with this library; if not, write to the Free Software 14 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 15 | # 02110-1301 USA 16 | ######################### END LICENSE BLOCK ######################### 17 | 18 | __version__ = "2.3.0" 19 | from sys import version_info 20 | 21 | 22 | def detect(aBuf): 23 | if ((version_info < (3, 0) and isinstance(aBuf, unicode)) or 24 | (version_info >= (3, 0) and not isinstance(aBuf, bytes))): 25 | raise ValueError('Expected a bytes object, not a unicode object') 26 | 27 | from . import universaldetector 28 | u = universaldetector.UniversalDetector() 29 | u.reset() 30 | u.feed(aBuf) 31 | u.close() 32 | return u.result 33 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/chardet/big5prober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is Mozilla Communicator client code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 1998 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # 12 | # This library is free software; you can redistribute it and/or 13 | # modify it under the terms of the GNU Lesser General Public 14 | # License as published by the Free Software Foundation; either 15 | # version 2.1 of the License, or (at your option) any later version. 16 | # 17 | # This library is distributed in the hope that it will be useful, 18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | # Lesser General Public License for more details. 21 | # 22 | # You should have received a copy of the GNU Lesser General Public 23 | # License along with this library; if not, write to the Free Software 24 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 25 | # 02110-1301 USA 26 | ######################### END LICENSE BLOCK ######################### 27 | 28 | from .mbcharsetprober import MultiByteCharSetProber 29 | from .codingstatemachine import CodingStateMachine 30 | from .chardistribution import Big5DistributionAnalysis 31 | from .mbcssm import Big5SMModel 32 | 33 | 34 | class Big5Prober(MultiByteCharSetProber): 35 | def __init__(self): 36 | MultiByteCharSetProber.__init__(self) 37 | self._mCodingSM = CodingStateMachine(Big5SMModel) 38 | self._mDistributionAnalyzer = Big5DistributionAnalysis() 39 | self.reset() 40 | 41 | def get_charset_name(self): 42 | return "Big5" 43 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/chardet/charsetprober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is Mozilla Universal charset detector code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 2001 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # Shy Shalom - original C code 12 | # 13 | # This library is free software; you can redistribute it and/or 14 | # modify it under the terms of the GNU Lesser General Public 15 | # License as published by the Free Software Foundation; either 16 | # version 2.1 of the License, or (at your option) any later version. 17 | # 18 | # This library is distributed in the hope that it will be useful, 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 | # Lesser General Public License for more details. 22 | # 23 | # You should have received a copy of the GNU Lesser General Public 24 | # License along with this library; if not, write to the Free Software 25 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 26 | # 02110-1301 USA 27 | ######################### END LICENSE BLOCK ######################### 28 | 29 | from . import constants 30 | import re 31 | 32 | 33 | class CharSetProber: 34 | def __init__(self): 35 | pass 36 | 37 | def reset(self): 38 | self._mState = constants.eDetecting 39 | 40 | def get_charset_name(self): 41 | return None 42 | 43 | def feed(self, aBuf): 44 | pass 45 | 46 | def get_state(self): 47 | return self._mState 48 | 49 | def get_confidence(self): 50 | return 0.0 51 | 52 | def filter_high_bit_only(self, aBuf): 53 | aBuf = re.sub(b'([\x00-\x7F])+', b' ', aBuf) 54 | return aBuf 55 | 56 | def filter_without_english_letters(self, aBuf): 57 | aBuf = re.sub(b'([A-Za-z])+', b' ', aBuf) 58 | return aBuf 59 | 60 | def filter_with_english_letters(self, aBuf): 61 | # TODO 62 | return aBuf 63 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/chardet/compat.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # Contributor(s): 3 | # Ian Cordasco - port to Python 4 | # 5 | # This library is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU Lesser General Public 7 | # License as published by the Free Software Foundation; either 8 | # version 2.1 of the License, or (at your option) any later version. 9 | # 10 | # This library is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | # Lesser General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU Lesser General Public 16 | # License along with this library; if not, write to the Free Software 17 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 18 | # 02110-1301 USA 19 | ######################### END LICENSE BLOCK ######################### 20 | 21 | import sys 22 | 23 | 24 | if sys.version_info < (3, 0): 25 | base_str = (str, unicode) 26 | else: 27 | base_str = (bytes, str) 28 | 29 | 30 | def wrap_ord(a): 31 | if sys.version_info < (3, 0) and isinstance(a, base_str): 32 | return ord(a) 33 | else: 34 | return a 35 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/chardet/constants.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is Mozilla Universal charset detector code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 2001 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # Shy Shalom - original C code 12 | # 13 | # This library is free software; you can redistribute it and/or 14 | # modify it under the terms of the GNU Lesser General Public 15 | # License as published by the Free Software Foundation; either 16 | # version 2.1 of the License, or (at your option) any later version. 17 | # 18 | # This library is distributed in the hope that it will be useful, 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 | # Lesser General Public License for more details. 22 | # 23 | # You should have received a copy of the GNU Lesser General Public 24 | # License along with this library; if not, write to the Free Software 25 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 26 | # 02110-1301 USA 27 | ######################### END LICENSE BLOCK ######################### 28 | 29 | _debug = 0 30 | 31 | eDetecting = 0 32 | eFoundIt = 1 33 | eNotMe = 2 34 | 35 | eStart = 0 36 | eError = 1 37 | eItsMe = 2 38 | 39 | SHORTCUT_THRESHOLD = 0.95 40 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/chardet/cp949prober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is mozilla.org code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 1998 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # 12 | # This library is free software; you can redistribute it and/or 13 | # modify it under the terms of the GNU Lesser General Public 14 | # License as published by the Free Software Foundation; either 15 | # version 2.1 of the License, or (at your option) any later version. 16 | # 17 | # This library is distributed in the hope that it will be useful, 18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | # Lesser General Public License for more details. 21 | # 22 | # You should have received a copy of the GNU Lesser General Public 23 | # License along with this library; if not, write to the Free Software 24 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 25 | # 02110-1301 USA 26 | ######################### END LICENSE BLOCK ######################### 27 | 28 | from .mbcharsetprober import MultiByteCharSetProber 29 | from .codingstatemachine import CodingStateMachine 30 | from .chardistribution import EUCKRDistributionAnalysis 31 | from .mbcssm import CP949SMModel 32 | 33 | 34 | class CP949Prober(MultiByteCharSetProber): 35 | def __init__(self): 36 | MultiByteCharSetProber.__init__(self) 37 | self._mCodingSM = CodingStateMachine(CP949SMModel) 38 | # NOTE: CP949 is a superset of EUC-KR, so the distribution should be 39 | # not different. 40 | self._mDistributionAnalyzer = EUCKRDistributionAnalysis() 41 | self.reset() 42 | 43 | def get_charset_name(self): 44 | return "CP949" 45 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/chardet/euckrprober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is mozilla.org code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 1998 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # 12 | # This library is free software; you can redistribute it and/or 13 | # modify it under the terms of the GNU Lesser General Public 14 | # License as published by the Free Software Foundation; either 15 | # version 2.1 of the License, or (at your option) any later version. 16 | # 17 | # This library is distributed in the hope that it will be useful, 18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | # Lesser General Public License for more details. 21 | # 22 | # You should have received a copy of the GNU Lesser General Public 23 | # License along with this library; if not, write to the Free Software 24 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 25 | # 02110-1301 USA 26 | ######################### END LICENSE BLOCK ######################### 27 | 28 | from .mbcharsetprober import MultiByteCharSetProber 29 | from .codingstatemachine import CodingStateMachine 30 | from .chardistribution import EUCKRDistributionAnalysis 31 | from .mbcssm import EUCKRSMModel 32 | 33 | 34 | class EUCKRProber(MultiByteCharSetProber): 35 | def __init__(self): 36 | MultiByteCharSetProber.__init__(self) 37 | self._mCodingSM = CodingStateMachine(EUCKRSMModel) 38 | self._mDistributionAnalyzer = EUCKRDistributionAnalysis() 39 | self.reset() 40 | 41 | def get_charset_name(self): 42 | return "EUC-KR" 43 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/chardet/euctwprober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is mozilla.org code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 1998 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # 12 | # This library is free software; you can redistribute it and/or 13 | # modify it under the terms of the GNU Lesser General Public 14 | # License as published by the Free Software Foundation; either 15 | # version 2.1 of the License, or (at your option) any later version. 16 | # 17 | # This library is distributed in the hope that it will be useful, 18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | # Lesser General Public License for more details. 21 | # 22 | # You should have received a copy of the GNU Lesser General Public 23 | # License along with this library; if not, write to the Free Software 24 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 25 | # 02110-1301 USA 26 | ######################### END LICENSE BLOCK ######################### 27 | 28 | from .mbcharsetprober import MultiByteCharSetProber 29 | from .codingstatemachine import CodingStateMachine 30 | from .chardistribution import EUCTWDistributionAnalysis 31 | from .mbcssm import EUCTWSMModel 32 | 33 | class EUCTWProber(MultiByteCharSetProber): 34 | def __init__(self): 35 | MultiByteCharSetProber.__init__(self) 36 | self._mCodingSM = CodingStateMachine(EUCTWSMModel) 37 | self._mDistributionAnalyzer = EUCTWDistributionAnalysis() 38 | self.reset() 39 | 40 | def get_charset_name(self): 41 | return "EUC-TW" 42 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/chardet/gb2312prober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is mozilla.org code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 1998 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # 12 | # This library is free software; you can redistribute it and/or 13 | # modify it under the terms of the GNU Lesser General Public 14 | # License as published by the Free Software Foundation; either 15 | # version 2.1 of the License, or (at your option) any later version. 16 | # 17 | # This library is distributed in the hope that it will be useful, 18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | # Lesser General Public License for more details. 21 | # 22 | # You should have received a copy of the GNU Lesser General Public 23 | # License along with this library; if not, write to the Free Software 24 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 25 | # 02110-1301 USA 26 | ######################### END LICENSE BLOCK ######################### 27 | 28 | from .mbcharsetprober import MultiByteCharSetProber 29 | from .codingstatemachine import CodingStateMachine 30 | from .chardistribution import GB2312DistributionAnalysis 31 | from .mbcssm import GB2312SMModel 32 | 33 | class GB2312Prober(MultiByteCharSetProber): 34 | def __init__(self): 35 | MultiByteCharSetProber.__init__(self) 36 | self._mCodingSM = CodingStateMachine(GB2312SMModel) 37 | self._mDistributionAnalyzer = GB2312DistributionAnalysis() 38 | self.reset() 39 | 40 | def get_charset_name(self): 41 | return "GB2312" 42 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/chardet/mbcsgroupprober.py: -------------------------------------------------------------------------------- 1 | ######################## BEGIN LICENSE BLOCK ######################## 2 | # The Original Code is Mozilla Universal charset detector code. 3 | # 4 | # The Initial Developer of the Original Code is 5 | # Netscape Communications Corporation. 6 | # Portions created by the Initial Developer are Copyright (C) 2001 7 | # the Initial Developer. All Rights Reserved. 8 | # 9 | # Contributor(s): 10 | # Mark Pilgrim - port to Python 11 | # Shy Shalom - original C code 12 | # Proofpoint, Inc. 13 | # 14 | # This library is free software; you can redistribute it and/or 15 | # modify it under the terms of the GNU Lesser General Public 16 | # License as published by the Free Software Foundation; either 17 | # version 2.1 of the License, or (at your option) any later version. 18 | # 19 | # This library is distributed in the hope that it will be useful, 20 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 21 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 22 | # Lesser General Public License for more details. 23 | # 24 | # You should have received a copy of the GNU Lesser General Public 25 | # License along with this library; if not, write to the Free Software 26 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 27 | # 02110-1301 USA 28 | ######################### END LICENSE BLOCK ######################### 29 | 30 | from .charsetgroupprober import CharSetGroupProber 31 | from .utf8prober import UTF8Prober 32 | from .sjisprober import SJISProber 33 | from .eucjpprober import EUCJPProber 34 | from .gb2312prober import GB2312Prober 35 | from .euckrprober import EUCKRProber 36 | from .cp949prober import CP949Prober 37 | from .big5prober import Big5Prober 38 | from .euctwprober import EUCTWProber 39 | 40 | 41 | class MBCSGroupProber(CharSetGroupProber): 42 | def __init__(self): 43 | CharSetGroupProber.__init__(self) 44 | self._mProbers = [ 45 | UTF8Prober(), 46 | SJISProber(), 47 | EUCJPProber(), 48 | GB2312Prober(), 49 | EUCKRProber(), 50 | CP949Prober(), 51 | Big5Prober(), 52 | EUCTWProber() 53 | ] 54 | self.reset() 55 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/urllib3/contrib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/urllib3/contrib/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/urllib3/packages/__init__.py: -------------------------------------------------------------------------------- 1 | from __future__ import absolute_import 2 | 3 | from . import ssl_match_hostname 4 | 5 | __all__ = ('ssl_match_hostname', ) 6 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/urllib3/packages/ssl_match_hostname/__init__.py: -------------------------------------------------------------------------------- 1 | try: 2 | # Python 3.2+ 3 | from ssl import CertificateError, match_hostname 4 | except ImportError: 5 | try: 6 | # Backport of the function from a pypi module 7 | from backports.ssl_match_hostname import CertificateError, match_hostname 8 | except ImportError: 9 | # Our vendored copy 10 | from ._implementation import CertificateError, match_hostname 11 | 12 | # Not needed, but documenting what we provide. 13 | __all__ = ('CertificateError', 'match_hostname') 14 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/urllib3/util/__init__.py: -------------------------------------------------------------------------------- 1 | from __future__ import absolute_import 2 | # For backwards compatibility, provide imports that used to be here. 3 | from .connection import is_connection_dropped 4 | from .request import make_headers 5 | from .response import is_fp_closed 6 | from .ssl_ import ( 7 | SSLContext, 8 | HAS_SNI, 9 | assert_fingerprint, 10 | resolve_cert_reqs, 11 | resolve_ssl_version, 12 | ssl_wrap_socket, 13 | ) 14 | from .timeout import ( 15 | current_time, 16 | Timeout, 17 | ) 18 | 19 | from .retry import Retry 20 | from .url import ( 21 | get_host, 22 | parse_url, 23 | split_first, 24 | Url, 25 | ) 26 | 27 | __all__ = ( 28 | 'HAS_SNI', 29 | 'SSLContext', 30 | 'Retry', 31 | 'Timeout', 32 | 'Url', 33 | 'assert_fingerprint', 34 | 'current_time', 35 | 'is_connection_dropped', 36 | 'is_fp_closed', 37 | 'get_host', 38 | 'parse_url', 39 | 'make_headers', 40 | 'resolve_cert_reqs', 41 | 'resolve_ssl_version', 42 | 'split_first', 43 | 'ssl_wrap_socket', 44 | ) 45 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/urllib3/util/request.py: -------------------------------------------------------------------------------- 1 | from __future__ import absolute_import 2 | from base64 import b64encode 3 | 4 | from ..packages.six import b 5 | 6 | ACCEPT_ENCODING = 'gzip,deflate' 7 | 8 | 9 | def make_headers(keep_alive=None, accept_encoding=None, user_agent=None, 10 | basic_auth=None, proxy_basic_auth=None, disable_cache=None): 11 | """ 12 | Shortcuts for generating request headers. 13 | 14 | :param keep_alive: 15 | If ``True``, adds 'connection: keep-alive' header. 16 | 17 | :param accept_encoding: 18 | Can be a boolean, list, or string. 19 | ``True`` translates to 'gzip,deflate'. 20 | List will get joined by comma. 21 | String will be used as provided. 22 | 23 | :param user_agent: 24 | String representing the user-agent you want, such as 25 | "python-urllib3/0.6" 26 | 27 | :param basic_auth: 28 | Colon-separated username:password string for 'authorization: basic ...' 29 | auth header. 30 | 31 | :param proxy_basic_auth: 32 | Colon-separated username:password string for 'proxy-authorization: basic ...' 33 | auth header. 34 | 35 | :param disable_cache: 36 | If ``True``, adds 'cache-control: no-cache' header. 37 | 38 | Example:: 39 | 40 | >>> make_headers(keep_alive=True, user_agent="Batman/1.0") 41 | {'connection': 'keep-alive', 'user-agent': 'Batman/1.0'} 42 | >>> make_headers(accept_encoding=True) 43 | {'accept-encoding': 'gzip,deflate'} 44 | """ 45 | headers = {} 46 | if accept_encoding: 47 | if isinstance(accept_encoding, str): 48 | pass 49 | elif isinstance(accept_encoding, list): 50 | accept_encoding = ','.join(accept_encoding) 51 | else: 52 | accept_encoding = ACCEPT_ENCODING 53 | headers['accept-encoding'] = accept_encoding 54 | 55 | if user_agent: 56 | headers['user-agent'] = user_agent 57 | 58 | if keep_alive: 59 | headers['connection'] = 'keep-alive' 60 | 61 | if basic_auth: 62 | headers['authorization'] = 'Basic ' + \ 63 | b64encode(b(basic_auth)).decode('utf-8') 64 | 65 | if proxy_basic_auth: 66 | headers['proxy-authorization'] = 'Basic ' + \ 67 | b64encode(b(proxy_basic_auth)).decode('utf-8') 68 | 69 | if disable_cache: 70 | headers['cache-control'] = 'no-cache' 71 | 72 | return headers 73 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/requests/packages/urllib3/util/response.py: -------------------------------------------------------------------------------- 1 | from __future__ import absolute_import 2 | from ..packages.six.moves import http_client as httplib 3 | 4 | from ..exceptions import HeaderParsingError 5 | 6 | 7 | def is_fp_closed(obj): 8 | """ 9 | Checks whether a given file-like object is closed. 10 | 11 | :param obj: 12 | The file-like object to check. 13 | """ 14 | 15 | try: 16 | # Check via the official file-like-object way. 17 | return obj.closed 18 | except AttributeError: 19 | pass 20 | 21 | try: 22 | # Check if the object is a container for another file-like object that 23 | # gets released on exhaustion (e.g. HTTPResponse). 24 | return obj.fp is None 25 | except AttributeError: 26 | pass 27 | 28 | raise ValueError("Unable to determine whether fp is closed.") 29 | 30 | 31 | def assert_header_parsing(headers): 32 | """ 33 | Asserts whether all headers have been successfully parsed. 34 | Extracts encountered errors from the result of parsing headers. 35 | 36 | Only works on Python 3. 37 | 38 | :param headers: Headers to verify. 39 | :type headers: `httplib.HTTPMessage`. 40 | 41 | :raises urllib3.exceptions.HeaderParsingError: 42 | If parsing errors are found. 43 | """ 44 | 45 | # This will fail silently if we pass in the wrong kind of parameter. 46 | # To make debugging easier add an explicit check. 47 | if not isinstance(headers, httplib.HTTPMessage): 48 | raise TypeError('expected httplib.Message, got {0}.'.format( 49 | type(headers))) 50 | 51 | defects = getattr(headers, 'defects', None) 52 | get_payload = getattr(headers, 'get_payload', None) 53 | 54 | unparsed_data = None 55 | if get_payload: # Platform-specific: Python 3. 56 | unparsed_data = get_payload() 57 | 58 | if defects or unparsed_data: 59 | raise HeaderParsingError(defects=defects, unparsed_data=unparsed_data) 60 | 61 | 62 | def is_response_to_head(response): 63 | """ 64 | Checks, wether a the request of a response has been a HEAD-request. 65 | Handles the quirks of AppEngine. 66 | 67 | :param conn: 68 | :type conn: :class:`httplib.HTTPResponse` 69 | """ 70 | # FIXME: Can we do this somehow without accessing private httplib _method? 71 | method = response._method 72 | if isinstance(method, int): # Platform-specific: Appengine 73 | return method == 3 74 | return method.upper() == 'HEAD' 75 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/schematics/LICENSE: -------------------------------------------------------------------------------- 1 | (The BSD License) 2 | 3 | Copyright (c) 2013–2016 Schematics Authors; see AUTHORS for details 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without modification, 7 | are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, 10 | this list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright 13 | notice, this list of conditions and the following disclaimer in the 14 | documentation and/or other materials provided with the distribution. 15 | 16 | 3. Neither the name of Schematics nor the names of its contributors may be 17 | used to endorse or promote products derived from this software without 18 | specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 21 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 22 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 24 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 26 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 27 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 29 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/schematics/__init__.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | from __future__ import absolute_import 3 | 4 | __version__ = '2.0.0.a1' 5 | 6 | from .models import Model, ModelMeta 7 | from . import types 8 | 9 | types.compound.Model = Model 10 | types.compound.ModelMeta = ModelMeta 11 | 12 | __all__ = ['Model'] 13 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/schematics/common.py: -------------------------------------------------------------------------------- 1 | # pylint: skip-file 2 | 3 | from __future__ import unicode_literals, absolute_import 4 | 5 | import encodings.ascii 6 | import encodings.utf_8 7 | import encodings.unicode_escape 8 | 9 | from .compat import * 10 | from .compat import __all__ as compat_exports 11 | from .util import module_exports, package_exports, Constant 12 | 13 | 14 | NATIVE = Constant('NATIVE', 0) 15 | PRIMITIVE = Constant('PRIMITIVE', 1) 16 | 17 | DROP = Constant('DROP', 0) 18 | NONEMPTY = Constant('NONEMPTY', 1) 19 | NOT_NONE = Constant('NOT_NONE', 2) 20 | DEFAULT = Constant('DEFAULT', 10) 21 | ALL = Constant('ALL', 99) 22 | 23 | 24 | __all__ = module_exports(__name__) + compat_exports + ['module_exports', 'package_exports'] 25 | 26 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/schematics/compat.py: -------------------------------------------------------------------------------- 1 | # pylint: skip-file 2 | 3 | from __future__ import absolute_import 4 | 5 | import functools 6 | import operator 7 | import sys 8 | 9 | 10 | __all__ = ['PY2', 'PY3', 'string_type', 'iteritems', 'metaclass', 'py_native_string', 'str_compat'] 11 | 12 | 13 | PY2 = sys.version_info[0] == 2 14 | PY3 = sys.version_info[0] == 3 15 | 16 | 17 | if PY2: 18 | __all__ += ['bytes', 'str', 'map', 'zip', 'range'] 19 | bytes = str 20 | str = unicode 21 | string_type = basestring 22 | range = xrange 23 | from itertools import imap as map 24 | from itertools import izip as zip 25 | iteritems = operator.methodcaller('iteritems') 26 | else: 27 | string_type = str 28 | iteritems = operator.methodcaller('items') 29 | 30 | 31 | def metaclass(metaclass): 32 | def make_class(cls): 33 | attrs = cls.__dict__.copy() 34 | del attrs['__dict__'] 35 | del attrs['__weakref__'] 36 | return metaclass(cls.__name__, cls.__bases__, attrs) 37 | return make_class 38 | 39 | 40 | def py_native_string(source): 41 | """ 42 | Converts Unicode strings to bytestrings on Python 2. The intended usage is to 43 | wrap a function or a string in cases where Python 2 expects a native string. 44 | """ 45 | if PY2: 46 | if isinstance(source, str): 47 | return source.encode('ascii') 48 | elif callable(source): 49 | @functools.wraps(source) 50 | def new_func(*args, **kwargs): 51 | rv = source(*args, **kwargs) 52 | if isinstance(rv, str): 53 | rv = rv.encode('unicode-escape') 54 | return rv 55 | return new_func 56 | return source 57 | 58 | 59 | def str_compat(class_): 60 | """ 61 | On Python 2, patches the ``__str__`` and ``__repr__`` methods on the given class 62 | so that the class can be written for Python 3 and Unicode. 63 | """ 64 | if PY2: 65 | if '__str__' in class_.__dict__ and '__unicode__' not in class_.__dict__: 66 | class_.__unicode__ = class_.__str__ 67 | class_.__str__ = py_native_string(class_.__unicode__) 68 | if '__repr__' in class_.__dict__: 69 | class_.__repr__ = py_native_string(class_.__repr__) 70 | return class_ 71 | 72 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/schematics/contrib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/schematics/contrib/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/schematics/contrib/mongo.py: -------------------------------------------------------------------------------- 1 | """This module contains fields that depend on importing `bson`. `bson` is 2 | a part of the pymongo distribution. 3 | """ 4 | 5 | from __future__ import unicode_literals, absolute_import 6 | 7 | import bson 8 | 9 | from ..common import * # pylint: disable=redefined-builtin 10 | from ..types import BaseType 11 | from ..exceptions import ConversionError 12 | 13 | 14 | class ObjectIdType(BaseType): 15 | 16 | """An field wrapper around MongoDB ObjectIds. It is correct to say they're 17 | bson fields, but I am unaware of bson being used outside MongoDB. 18 | 19 | `auto_fill` is disabled by default for ObjectIdType's as they are 20 | typically obtained after a successful save to Mongo. 21 | """ 22 | 23 | MESSAGES = { 24 | 'convert': "Couldn't interpret value as an ObjectId.", 25 | } 26 | 27 | def __init__(self, auto_fill=False, **kwargs): 28 | self.auto_fill = auto_fill 29 | super(ObjectIdType, self).__init__(**kwargs) 30 | 31 | def to_native(self, value, context=None): 32 | if not isinstance(value, bson.objectid.ObjectId): 33 | try: 34 | value = bson.objectid.ObjectId(str(value)) 35 | except bson.objectid.InvalidId: 36 | raise ConversionError(self.messages['convert']) 37 | return value 38 | 39 | def to_primitive(self, value, context=None): 40 | return str(value) 41 | 42 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/schematics/types/__init__.py: -------------------------------------------------------------------------------- 1 | from ..common import * 2 | 3 | from .base import * 4 | from .compound import * 5 | from .net import * 6 | from .serializable import * 7 | from .union import * 8 | 9 | __all__ = package_exports(__name__) 10 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/schematics/undefined.py: -------------------------------------------------------------------------------- 1 | class UndefinedType(object): 2 | 3 | _instance = None 4 | 5 | def __str__(self): 6 | return 'Undefined' 7 | 8 | def __repr__(self): 9 | return 'Undefined' 10 | 11 | def __eq__(self, other): 12 | return self is other 13 | 14 | def __ne__(self, other): 15 | return self is not other 16 | 17 | def __bool__(self): 18 | return False 19 | 20 | __nonzero__ = __bool__ 21 | 22 | def __lt__(self, other): 23 | self._cmp_err(other, '<') 24 | 25 | def __gt__(self, other): 26 | self._cmp_err(other, '>') 27 | 28 | def __le__(self, other): 29 | self._cmp_err(other, '<=') 30 | 31 | def __ge__(self, other): 32 | self._cmp_err(other, '>=') 33 | 34 | def _cmp_err(self, other, op): 35 | raise TypeError("unorderable types: {0}() {1} {2}()".format( 36 | self.__class__.__name__, op, other.__class__.__name__)) 37 | 38 | def __new__(cls, *args, **kwargs): 39 | if cls._instance is None: 40 | cls._instance = object.__new__(cls) 41 | elif cls is not UndefinedType: 42 | raise TypeError("type 'UndefinedType' is not an acceptable base type") 43 | return cls._instance 44 | 45 | def __init__(self): 46 | pass 47 | 48 | def __setattr__(self, name, value): 49 | raise TypeError("'UndefinedType' object does not support attribute assignment") 50 | 51 | 52 | Undefined = UndefinedType() 53 | 54 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/schematics/util.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | from __future__ import unicode_literals, absolute_import 4 | 5 | import collections 6 | import sys 7 | 8 | from .compat import * 9 | 10 | if PY2: 11 | try: 12 | from thread import get_ident 13 | except ImportError: 14 | from dummy_thread import get_ident 15 | else: 16 | try: 17 | from _thread import get_ident 18 | except ImportError: 19 | from _dummy_thread import get_ident 20 | 21 | 22 | def setdefault(obj, attr, value, search_mro=False, overwrite_none=False): 23 | if search_mro: 24 | exists = hasattr(obj, attr) 25 | else: 26 | exists = attr in obj.__dict__ 27 | if exists and overwrite_none: 28 | if getattr(obj, attr) is None: 29 | exists = False 30 | if exists: 31 | value = getattr(obj, attr) 32 | else: 33 | setattr(obj, attr, value) 34 | return value 35 | 36 | 37 | class Constant(int): 38 | 39 | def __new__(cls, name, value): 40 | return int.__new__(cls, value) 41 | 42 | def __init__(self, name, value): 43 | self.name = name 44 | int.__init__(self) 45 | 46 | def __repr__(self): 47 | return self.name 48 | 49 | __str__ = __repr__ 50 | 51 | 52 | def listify(value): 53 | if isinstance(value, list): 54 | return value 55 | elif value is None: 56 | return [] 57 | elif isinstance(value, string_type): 58 | return [value] 59 | elif isinstance(value, collections.Sequence): 60 | return list(value) 61 | else: 62 | return [value] 63 | 64 | 65 | def module_exports(module_name): 66 | module_globals = sys.modules[module_name].__dict__ 67 | return [ 68 | name for name, obj in module_globals.items() 69 | if name[0] != '_' 70 | and (getattr(obj, '__module__', None) == module_name 71 | or isinstance(obj, Constant)) 72 | ] 73 | 74 | 75 | def package_exports(package_name): 76 | package_globals = sys.modules[package_name].__dict__ 77 | return [ 78 | name for name, obj in package_globals.items() 79 | if name[0] != '_' 80 | and (getattr(obj, '__module__', '').startswith(package_name + '.') 81 | or isinstance(obj, Constant)) 82 | ] 83 | 84 | 85 | __all__ = module_exports(__name__) 86 | 87 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/simpleyaml/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2012 Kirill Simonov and Reuven V. Gonzales 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of 4 | this software and associated documentation files (the "Software"), to deal in 5 | the Software without restriction, including without limitation the rights to 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies 7 | of the Software, and to permit persons to whom the Software is furnished to do 8 | so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | 21 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/simpleyaml/loader.py: -------------------------------------------------------------------------------- 1 | 2 | __all__ = ['BaseLoader', 'SafeLoader', 'Loader'] 3 | 4 | from .reader import * 5 | from .scanner import * 6 | from .parser import * 7 | from .composer import * 8 | from .constructor import * 9 | from .resolver import * 10 | 11 | class BaseLoader(Reader, Scanner, Parser, Composer, BaseConstructor, BaseResolver): 12 | 13 | def __init__(self, stream): 14 | Reader.__init__(self, stream) 15 | Scanner.__init__(self) 16 | Parser.__init__(self) 17 | Composer.__init__(self) 18 | BaseConstructor.__init__(self) 19 | BaseResolver.__init__(self) 20 | 21 | class SafeLoader(Reader, Scanner, Parser, Composer, SafeConstructor, Resolver): 22 | 23 | def __init__(self, stream): 24 | Reader.__init__(self, stream) 25 | Scanner.__init__(self) 26 | Parser.__init__(self) 27 | Composer.__init__(self) 28 | SafeConstructor.__init__(self) 29 | Resolver.__init__(self) 30 | 31 | class Loader(Reader, Scanner, Parser, Composer, Constructor, Resolver): 32 | 33 | def __init__(self, stream): 34 | Reader.__init__(self, stream) 35 | Scanner.__init__(self) 36 | Parser.__init__(self) 37 | Composer.__init__(self) 38 | Constructor.__init__(self) 39 | Resolver.__init__(self) 40 | 41 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/simpleyaml/nodes.py: -------------------------------------------------------------------------------- 1 | 2 | class Node(object): 3 | def __init__(self, tag, value, start_mark, end_mark): 4 | self.tag = tag 5 | self.value = value 6 | self.start_mark = start_mark 7 | self.end_mark = end_mark 8 | def __repr__(self): 9 | value = self.value 10 | #if isinstance(value, list): 11 | # if len(value) == 0: 12 | # value = '' 13 | # elif len(value) == 1: 14 | # value = '<1 item>' 15 | # else: 16 | # value = '<%d items>' % len(value) 17 | #else: 18 | # if len(value) > 75: 19 | # value = repr(value[:70]+u' ... ') 20 | # else: 21 | # value = repr(value) 22 | value = repr(value) 23 | return '%s(tag=%r, value=%s)' % (self.__class__.__name__, self.tag, value) 24 | 25 | class ScalarNode(Node): 26 | id = 'scalar' 27 | def __init__(self, tag, value, 28 | start_mark=None, end_mark=None, style=None): 29 | self.tag = tag 30 | self.value = value 31 | self.start_mark = start_mark 32 | self.end_mark = end_mark 33 | self.style = style 34 | 35 | class CollectionNode(Node): 36 | def __init__(self, tag, value, 37 | start_mark=None, end_mark=None, flow_style=None): 38 | self.tag = tag 39 | self.value = value 40 | self.start_mark = start_mark 41 | self.end_mark = end_mark 42 | self.flow_style = flow_style 43 | 44 | class SequenceNode(CollectionNode): 45 | id = 'sequence' 46 | 47 | class MappingNode(CollectionNode): 48 | id = 'mapping' 49 | 50 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/sortedcontainers/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2014-2016 Grant Jenks 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/sortedcontainers/__init__.py: -------------------------------------------------------------------------------- 1 | """Sorted Container Types: SortedList, SortedDict, SortedSet 2 | 3 | SortedContainers is an Apache2 licensed containers library, written in 4 | pure-Python, and fast as C-extensions. 5 | 6 | 7 | Python's standard library is great until you need a sorted collections 8 | type. Many will attest that you can get really far without one, but the moment 9 | you **really need** a sorted list, dict, or set, you're faced with a dozen 10 | different implementations, most using C-extensions without great documentation 11 | and benchmarking. 12 | 13 | In Python, we can do better. And we can do it in pure-Python! 14 | 15 | :: 16 | 17 | >>> from sortedcontainers import SortedList, SortedDict, SortedSet 18 | >>> sl = SortedList(xrange(10000000)) 19 | >>> 1234567 in sl 20 | True 21 | >>> sl[7654321] 22 | 7654321 23 | >>> sl.add(1234567) 24 | >>> sl.count(1234567) 25 | 2 26 | >>> sl *= 3 27 | >>> len(sl) 28 | 30000003 29 | 30 | SortedContainers takes all of the work out of Python sorted types - making your 31 | deployment and use of Python easy. There's no need to install a C compiler or 32 | pre-build and distribute custom extensions. Performance is a feature and 33 | testing has 100% coverage with unit tests and hours of stress. 34 | 35 | :copyright: (c) 2016 by Grant Jenks. 36 | :license: Apache 2.0, see LICENSE for more details. 37 | 38 | """ 39 | 40 | 41 | from .sortedlist import SortedList, SortedListWithKey 42 | from .sortedset import SortedSet 43 | from .sorteddict import SortedDict 44 | 45 | __all__ = ['SortedList', 'SortedSet', 'SortedDict', 'SortedListWithKey'] 46 | 47 | __title__ = 'sortedcontainers' 48 | __version__ = '1.5.2' 49 | __build__ = 0x010502 50 | __author__ = 'Grant Jenks' 51 | __license__ = 'Apache 2.0' 52 | __copyright__ = 'Copyright 2016 Grant Jenks' 53 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/splunklib/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2011-2015 Splunk, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"): you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | """Python library for Splunk.""" 16 | 17 | __version_info__ = (1, 6, 0) 18 | __version__ = ".".join(map(str, __version_info__)) 19 | 20 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/splunklib/modularinput/__init__.py: -------------------------------------------------------------------------------- 1 | """The following imports allow these classes to be imported via 2 | the splunklib.modularinput package like so: 3 | 4 | from splunklib.modularinput import * 5 | """ 6 | from .argument import Argument 7 | from .event import Event 8 | from .event_writer import EventWriter 9 | from .input_definition import InputDefinition 10 | from .scheme import Scheme 11 | from .script import Script 12 | from .validation_definition import ValidationDefinition -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/packages/splunklib/modularinput/input_definition.py: -------------------------------------------------------------------------------- 1 | # Copyright 2011-2015 Splunk, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"): you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | try: 16 | import xml.etree.cElementTree as ET 17 | except ImportError as ie: 18 | import xml.etree.ElementTree as ET 19 | 20 | from .utils import parse_xml_data 21 | 22 | class InputDefinition: 23 | """``InputDefinition`` encodes the XML defining inputs that Splunk passes to 24 | a modular input script. 25 | 26 | **Example**:: 27 | 28 | i = InputDefinition() 29 | 30 | """ 31 | def __init__ (self): 32 | self.metadata = {} 33 | self.inputs = {} 34 | 35 | def __eq__(self, other): 36 | if not isinstance(other, InputDefinition): 37 | return False 38 | return self.metadata == other.metadata and self.inputs == other.inputs 39 | 40 | @staticmethod 41 | def parse(stream): 42 | """Parse a stream containing XML into an ``InputDefinition``. 43 | 44 | :param stream: stream containing XML to parse. 45 | :return: definition: an ``InputDefinition`` object. 46 | """ 47 | definition = InputDefinition() 48 | 49 | # parse XML from the stream, then get the root node 50 | root = ET.parse(stream).getroot() 51 | 52 | for node in root: 53 | if node.tag == "configuration": 54 | # get config for each stanza 55 | definition.inputs = parse_xml_data(node, "stanza") 56 | else: 57 | definition.metadata[node.tag] = node.text 58 | 59 | return definition -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/solnlib/pattern.py: -------------------------------------------------------------------------------- 1 | # Copyright 2016 Splunk, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the 'License'): you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an 'AS IS' BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | ''' 16 | This module provides some common used patterns. 17 | ''' 18 | 19 | __all__ = ['Singleton'] 20 | 21 | 22 | class Singleton(type): 23 | ''' 24 | Singleton meta class 25 | 26 | Usage: 27 | 28 | >>> class Test(object): 29 | >>> __metaclass__ = Singleton 30 | >>> 31 | >>> def __init__(self): 32 | >>> pass 33 | ''' 34 | 35 | def __init__(cls, name, bases, attrs): 36 | super(Singleton, cls).__init__(name, bases, attrs) 37 | cls._instance = None 38 | 39 | def __call__(cls, *args, **kwargs): 40 | if cls._instance is None: 41 | cls._instance = super(Singleton, cls).__call__(*args, **kwargs) 42 | return cls._instance 43 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/sortedcontainers/__init__.py: -------------------------------------------------------------------------------- 1 | """Sorted Container Types: SortedList, SortedDict, SortedSet 2 | 3 | SortedContainers is an Apache2 licensed containers library, written in 4 | pure-Python, and fast as C-extensions. 5 | 6 | 7 | Python's standard library is great until you need a sorted collections 8 | type. Many will attest that you can get really far without one, but the moment 9 | you **really need** a sorted list, dict, or set, you're faced with a dozen 10 | different implementations, most using C-extensions without great documentation 11 | and benchmarking. 12 | 13 | In Python, we can do better. And we can do it in pure-Python! 14 | 15 | :: 16 | 17 | >>> from sortedcontainers import SortedList, SortedDict, SortedSet 18 | >>> sl = SortedList(xrange(10000000)) 19 | >>> 1234567 in sl 20 | True 21 | >>> sl[7654321] 22 | 7654321 23 | >>> sl.add(1234567) 24 | >>> sl.count(1234567) 25 | 2 26 | >>> sl *= 3 27 | >>> len(sl) 28 | 30000003 29 | 30 | SortedContainers takes all of the work out of Python sorted types - making your 31 | deployment and use of Python easy. There's no need to install a C compiler or 32 | pre-build and distribute custom extensions. Performance is a feature and 33 | testing has 100% coverage with unit tests and hours of stress. 34 | 35 | :copyright: (c) 2016 by Grant Jenks. 36 | :license: Apache 2.0, see LICENSE for more details. 37 | 38 | """ 39 | 40 | 41 | from .sortedlist import SortedList, SortedListWithKey 42 | from .sortedset import SortedSet 43 | from .sorteddict import SortedDict 44 | 45 | __all__ = ['SortedList', 'SortedSet', 'SortedDict', 'SortedListWithKey'] 46 | 47 | __title__ = 'sortedcontainers' 48 | __version__ = '1.5.2' 49 | __build__ = 0x010502 50 | __author__ = 'Grant Jenks' 51 | __license__ = 'Apache 2.0' 52 | __copyright__ = 'Copyright 2016 Grant Jenks' 53 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunk_aoblib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/bin/ta_thehive_create_alert/splunk_aoblib/__init__.py -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunk_aoblib/rest_helper.py: -------------------------------------------------------------------------------- 1 | import requests 2 | 3 | 4 | class TARestHelper(object): 5 | def __init__(self, logger=None): 6 | self.logger = logger 7 | self.http_session = None 8 | self.requests_proxy = None 9 | 10 | def _init_request_session(self, proxy_uri=None): 11 | self.http_session = requests.Session() 12 | self.http_session.mount( 13 | 'http://', requests.adapters.HTTPAdapter(max_retries=3)) 14 | self.http_session.mount( 15 | 'https://', requests.adapters.HTTPAdapter(max_retries=3)) 16 | if proxy_uri: 17 | self.requests_proxy = {'http': proxy_uri, 'https': proxy_uri} 18 | if self.logger: 19 | self.logger.info('set the proxy as %s', self.requests_proxy) 20 | 21 | def send_http_request(self, url, method, parameters=None, payload=None, headers=None, cookies=None, verify=True, 22 | cert=None, timeout=None, proxy_uri=None): 23 | if self.http_session is None: 24 | self._init_request_session(proxy_uri) 25 | requests_args = {'timeout': (10.0, 5.0), 'verify': verify} 26 | if parameters: 27 | requests_args['params'] = parameters 28 | if payload: 29 | if isinstance(payload, (dict, list)): 30 | requests_args['json'] = payload 31 | else: 32 | requests_args['data'] = str(payload) 33 | if headers: 34 | requests_args['headers'] = headers 35 | if cookies: 36 | requests_args['cookies'] = cookies 37 | if cert: 38 | requests_args['cert'] = cert 39 | if timeout is not None: 40 | requests_args['timeout'] = timeout 41 | if self.requests_proxy: 42 | requests_args['proxies'] = self.requests_proxy 43 | return self.http_session.request(method, url, **requests_args) 44 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunk_aoblib/utility.py: -------------------------------------------------------------------------------- 1 | # encoding = utf-8 2 | 3 | import logging 4 | import sys 5 | 6 | def get_stderr_stream_logger(logger_name=None, log_level=logging.INFO): 7 | if logger_name is None: 8 | logger_name = 'aob_default_logger' 9 | logger = logging.getLogger(logger_name) 10 | formatter = logging.Formatter('%(asctime)s - %(name)s - [%(levelname)s] - %(message)s') 11 | stderr_handler = logging.StreamHandler(stream=sys.stderr) 12 | stderr_handler.setLevel(logging.DEBUG) 13 | stderr_handler.setFormatter(formatter) 14 | logger.addHandler(stderr_handler) 15 | logger.setLevel(log_level) 16 | return logger 17 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunklib/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2011-2015 Splunk, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"): you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | """Python library for Splunk.""" 16 | 17 | __version_info__ = (1, 6, 0) 18 | __version__ = ".".join(map(str, __version_info__)) 19 | 20 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunklib/modularinput/__init__.py: -------------------------------------------------------------------------------- 1 | """The following imports allow these classes to be imported via 2 | the splunklib.modularinput package like so: 3 | 4 | from splunklib.modularinput import * 5 | """ 6 | from .argument import Argument 7 | from .event import Event 8 | from .event_writer import EventWriter 9 | from .input_definition import InputDefinition 10 | from .scheme import Scheme 11 | from .script import Script 12 | from .validation_definition import ValidationDefinition 13 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunklib/modularinput/input_definition.py: -------------------------------------------------------------------------------- 1 | # Copyright 2011-2015 Splunk, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"): you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | try: 16 | import xml.etree.cElementTree as ET 17 | except ImportError as ie: 18 | import xml.etree.ElementTree as ET 19 | 20 | from .utils import parse_xml_data 21 | 22 | class InputDefinition: 23 | """``InputDefinition`` encodes the XML defining inputs that Splunk passes to 24 | a modular input script. 25 | 26 | **Example**:: 27 | 28 | i = InputDefinition() 29 | 30 | """ 31 | def __init__ (self): 32 | self.metadata = {} 33 | self.inputs = {} 34 | 35 | def __eq__(self, other): 36 | if not isinstance(other, InputDefinition): 37 | return False 38 | return self.metadata == other.metadata and self.inputs == other.inputs 39 | 40 | @staticmethod 41 | def parse(stream): 42 | """Parse a stream containing XML into an ``InputDefinition``. 43 | 44 | :param stream: stream containing XML to parse. 45 | :return: definition: an ``InputDefinition`` object. 46 | """ 47 | definition = InputDefinition() 48 | 49 | # parse XML from the stream, then get the root node 50 | root = ET.parse(stream).getroot() 51 | 52 | for node in root: 53 | if node.tag == "configuration": 54 | # get config for each stanza 55 | definition.inputs = parse_xml_data(node, "stanza") 56 | else: 57 | definition.metadata[node.tag] = node.text 58 | 59 | return definition -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunktaucclib/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | __version__ = '3.0.1' 3 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunktaucclib/global_config/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | Global Config Module 3 | """ 4 | 5 | from __future__ import absolute_import 6 | 7 | from urlparse import urlparse 8 | from solnlib.splunk_rest_client import SplunkRestClient 9 | 10 | from .configuration import ( 11 | Inputs, 12 | Configs, 13 | Settings, 14 | GlobalConfigError, 15 | Configuration 16 | ) 17 | from .schema import GlobalConfigSchema 18 | 19 | 20 | __all__ = [ 21 | 'GlobalConfigError', 22 | 'GlobalConfigSchema', 23 | 'GlobalConfig', 24 | 'Inputs', 25 | 'Configs', 26 | 'Settings', 27 | ] 28 | 29 | 30 | class GlobalConfig(object): 31 | 32 | def __init__(self, splunkd_uri, session_key, schema): 33 | """ 34 | Global Config. 35 | 36 | :param splunkd_uri: 37 | :param session_key: 38 | :param schema: 39 | :type schema: GlobalConfigSchema 40 | """ 41 | self._splunkd_uri = splunkd_uri 42 | self._session_key = session_key 43 | self._schema = schema 44 | 45 | splunkd_info = urlparse(self._splunkd_uri) 46 | self._client = SplunkRestClient( 47 | self._session_key, 48 | self._schema.product, 49 | scheme=splunkd_info.scheme, 50 | host=splunkd_info.hostname, 51 | port=splunkd_info.port, 52 | ) 53 | self._configuration = Configuration(self._client, self._schema) 54 | self._inputs = Inputs(self._client, self._schema) 55 | self._configs = Configs(self._client, self._schema) 56 | self._settings = Settings(self._client, self._schema) 57 | 58 | @property 59 | def inputs(self): 60 | return self._inputs 61 | 62 | @property 63 | def configs(self): 64 | return self._configs 65 | 66 | @property 67 | def settings(self): 68 | return self._settings 69 | 70 | # add support for batch save of configuration payload 71 | def save(self, payload): 72 | return self._configuration.save(payload) 73 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunktaucclib/global_config/schema.py: -------------------------------------------------------------------------------- 1 | 2 | from __future__ import absolute_import 3 | 4 | import traceback 5 | 6 | from ..rest_handler.schema import RestSchema, RestSchemaError 7 | 8 | 9 | class GlobalConfigSchema(RestSchema): 10 | 11 | def __init__(self, content, *args, **kwargs): 12 | """ 13 | 14 | :param content: Python object for Global Config Schema 15 | :param args: 16 | :param kwargs: 17 | """ 18 | super(GlobalConfigSchema, self).__init__(*args, **kwargs) 19 | self._content = content 20 | self._inputs = [] 21 | self._configs = [] 22 | self._settings = [] 23 | 24 | try: 25 | self._parse() 26 | except Exception: 27 | raise RestSchemaError( 28 | 'Invalid Global Config Schema: %s' % traceback.format_exc(), 29 | ) 30 | 31 | @property 32 | def product(self): 33 | return self._meta['name'] 34 | 35 | @property 36 | def namespace(self): 37 | return self._meta['restRoot'] 38 | 39 | @property 40 | def admin_match(self): 41 | return '' 42 | 43 | @property 44 | def version(self): 45 | return self._meta['apiVersion'] 46 | 47 | @property 48 | def inputs(self): 49 | return self._inputs 50 | 51 | @property 52 | def configs(self): 53 | return self._configs 54 | 55 | @property 56 | def settings(self): 57 | return self._settings 58 | 59 | def _parse(self): 60 | self._meta = self._content['meta'] 61 | pages = self._content['pages'] 62 | self._parse_configuration(pages.get('configuration')) 63 | self._parse_inputs(pages.get('inputs')) 64 | 65 | def _parse_configuration(self, configurations): 66 | if not configurations or 'tabs' not in configurations: 67 | return 68 | for configuration in configurations['tabs']: 69 | if 'table' in configuration: 70 | self._configs.append(configuration) 71 | else: 72 | self._settings.append(configuration) 73 | 74 | def _parse_inputs(self, inputs): 75 | if not inputs or 'services' not in inputs: 76 | return 77 | self._inputs = inputs['services'] 78 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunktaucclib/rest_handler/__init__.py: -------------------------------------------------------------------------------- 1 | """ 2 | Custom REST Handler in Splunk add-on. 3 | """ 4 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunktaucclib/rest_handler/eai.py: -------------------------------------------------------------------------------- 1 | 2 | from __future__ import absolute_import 3 | 4 | # EAI fields 5 | EAI_ACL = 'eai:acl' 6 | EAI_ATTRIBUTES = 'eai:attributes' 7 | EAI_USER = 'eai:userName' 8 | EAI_APP = 'eai:appName' 9 | 10 | EAI_FIELD_PREFIX = 'eai:' 11 | EAI_FIELDS = [EAI_ACL, EAI_ATTRIBUTES, EAI_USER, EAI_APP] 12 | 13 | # elements of eai:attributes 14 | EAI_ATTRIBUTES_OPTIONAL = 'optionalFields' 15 | EAI_ATTRIBUTES_REQUIRED = 'requiredFields' 16 | EAI_ATTRIBUTES_WILDCARD = 'wildcardFields' 17 | 18 | 19 | class RestEAI(object): 20 | 21 | def __init__(self, model, user, app, acl=None): 22 | self.model = model 23 | default_acl = { 24 | 'owner': user, 25 | 'app': app, 26 | 'global': 1, 27 | 'can_write': 1, 28 | 'modifiable': 1, 29 | 'removable': 1, 30 | 'sharing': 'global', 31 | 'perms': {'read': ['*'], 'write': ['admin']}, 32 | } 33 | self.acl = acl or default_acl 34 | self.user = user 35 | self.app = app 36 | self.attributes = self._build_attributes() 37 | 38 | @property 39 | def content(self): 40 | return { 41 | EAI_ACL: self.acl, 42 | EAI_USER: self.user, 43 | EAI_APP: self.app, 44 | EAI_ATTRIBUTES: self.attributes, 45 | } 46 | 47 | def _build_attributes(self): 48 | optional_fields = [] 49 | required_fields = [] 50 | for field in self.model.fields: 51 | if field.required: 52 | required_fields.append(field.name) 53 | else: 54 | optional_fields.append(field.name) 55 | return { 56 | EAI_ATTRIBUTES_OPTIONAL: optional_fields, 57 | EAI_ATTRIBUTES_REQUIRED: required_fields, 58 | EAI_ATTRIBUTES_WILDCARD: [], 59 | } 60 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunktaucclib/rest_handler/endpoint/field.py: -------------------------------------------------------------------------------- 1 | 2 | from __future__ import absolute_import 3 | 4 | from ..error import RestError 5 | 6 | 7 | __all__ = ['RestField'] 8 | 9 | 10 | class RestField(object): 11 | """ 12 | REST Field. 13 | """ 14 | 15 | def __init__( 16 | self, 17 | name, 18 | required=False, 19 | encrypted=False, 20 | default=None, 21 | validator=None, 22 | converter=None, 23 | ): 24 | self.name = name 25 | self.required = required 26 | self.encrypted = encrypted 27 | self.default = default 28 | self.validator = validator 29 | self.converter = converter 30 | 31 | def validate(self, data, existing=None): 32 | # update case: check required field in data 33 | if existing and self.name in data and not data.get(self.name) and self.required: 34 | raise RestError( 35 | 400, 36 | 'Required field is missing: %s' % self.name 37 | ) 38 | value = data.get(self.name) 39 | if not value and existing is None: 40 | if self.required: 41 | raise RestError( 42 | 400, 43 | 'Required field is missing: %s' % self.name 44 | ) 45 | return 46 | if self.validator is None or not value: 47 | return 48 | 49 | res = self.validator.validate(value, data) 50 | if not res: 51 | raise RestError(400, self.validator.msg) 52 | 53 | def encode(self, data): 54 | value = data.get(self.name) 55 | if not value or self.converter is None: 56 | return 57 | data[self.name] = self.converter.encode(value, data) 58 | 59 | def decode(self, data): 60 | value = data.get(self.name) 61 | if not value or self.converter is None: 62 | return 63 | data[self.name] = self.converter.decode(value, data) 64 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunktaucclib/rest_handler/entity.py: -------------------------------------------------------------------------------- 1 | 2 | from __future__ import absolute_import 3 | 4 | from .eai import RestEAI 5 | 6 | __all__ = ['RestEntity'] 7 | 8 | 9 | class RestEntity(object): 10 | 11 | def __init__(self, name, content, model, user, app, acl=None): 12 | self.name = name 13 | self.content = content 14 | self.model = model 15 | self._eai = RestEAI(self.model, user, app, acl) 16 | 17 | @property 18 | def eai(self): 19 | return self._eai 20 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunktaucclib/rest_handler/error.py: -------------------------------------------------------------------------------- 1 | """ 2 | Error Handling. 3 | """ 4 | 5 | from __future__ import absolute_import 6 | 7 | __all__ = ['STATUS_CODES', 'RestError'] 8 | 9 | 10 | # HTTP status codes 11 | STATUS_CODES = { 12 | 400: 'Bad Request', 13 | 401: 'Unauthorized', 14 | 402: 'Payment Required', 15 | 403: 'Forbidden', 16 | 404: 'Not Found', 17 | 405: 'Method Not Allowed', 18 | 406: 'Not Acceptable', 19 | 407: 'Proxy Authentication Required', 20 | 408: 'Request Timeout', 21 | 409: 'Conflict', 22 | 411: 'Length Required', 23 | 500: 'Internal Server Error', 24 | 503: 'Service Unavailable' 25 | } 26 | 27 | 28 | class RestError(Exception): 29 | """ 30 | REST Error. 31 | """ 32 | 33 | def __init__(self, status, message): 34 | self.status = status 35 | self.reason = STATUS_CODES.get( 36 | status, 37 | 'Unknown Error', 38 | ) 39 | self.message = message 40 | err_msg = 'REST Error [%(status)s]: %(reason)s -- %(message)s' % { 41 | 'status': self.status, 42 | 'reason': self.reason, 43 | 'message': self.message 44 | } 45 | super(RestError, self).__init__(err_msg) 46 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunktaucclib/rest_handler/schema.py: -------------------------------------------------------------------------------- 1 | """ 2 | REST Schema 3 | """ 4 | 5 | from __future__ import absolute_import 6 | 7 | from abc import abstractproperty 8 | 9 | __all__ = [ 10 | 'RestSchemaError', 11 | 'RestSchema', 12 | ] 13 | 14 | 15 | class RestSchemaError(Exception): 16 | pass 17 | 18 | 19 | class RestSchema(object): 20 | """ 21 | REST Scheme. 22 | """ 23 | 24 | def __init__(self, *args, **kwargs): 25 | pass 26 | 27 | @staticmethod 28 | def endpoint_name(name, namespace): 29 | return '{}_{}'.format(namespace, name) 30 | 31 | @abstractproperty 32 | def product(self): 33 | pass 34 | 35 | @abstractproperty 36 | def namespace(self): 37 | pass 38 | 39 | @abstractproperty 40 | def version(self): 41 | pass 42 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert/splunktaucclib/rest_handler/util.py: -------------------------------------------------------------------------------- 1 | from __future__ import absolute_import 2 | 3 | import os.path 4 | 5 | from .error import RestError 6 | 7 | 8 | __all__ = [ 9 | 'get_base_app_name', 10 | 'remove_http_proxy_env_vars', 11 | ] 12 | 13 | 14 | def get_base_app_name(): 15 | """ 16 | Base App name, which this script belongs to. 17 | """ 18 | import __main__ 19 | main_name = __main__.__file__ 20 | absolute_path = os.path.normpath(main_name) 21 | parts = absolute_path.split(os.path.sep) 22 | parts.reverse() 23 | for key in ("apps", "slave-apps", "master-apps"): 24 | try: 25 | idx = parts.index(key) 26 | if parts[idx + 1] == "etc": 27 | return parts[idx - 1] 28 | except (ValueError, IndexError): 29 | pass 30 | raise RestError( 31 | status=500, 32 | message='Cannot get app name from file: %s' % main_name 33 | ) 34 | 35 | 36 | def remove_http_proxy_env_vars(): 37 | for k in ("http_proxy", "https_proxy"): 38 | if k in os.environ: 39 | del os.environ[k] 40 | elif k.upper() in os.environ: 41 | del os.environ[k.upper()] 42 | -------------------------------------------------------------------------------- /TA-thehive/bin/ta_thehive_create_alert_declare.py: -------------------------------------------------------------------------------- 1 | # encode = utf-8 2 | 3 | """ 4 | This module is used to filter and reload PATH. 5 | This file is genrated by Splunk add-on builder 6 | """ 7 | 8 | import os 9 | import sys 10 | import re 11 | 12 | ta_name = 'TA-thehive' 13 | ta_lib_name = 'ta_thehive_create_alert' 14 | pattern = re.compile(r"[\\/]etc[\\/]apps[\\/][^\\/]+[\\/]bin[\\/]?$") 15 | new_paths = [path for path in sys.path if not pattern.search(path) or ta_name in path] 16 | new_paths.insert(0, os.path.sep.join([os.path.dirname(__file__), ta_lib_name])) 17 | sys.path = new_paths -------------------------------------------------------------------------------- /TA-thehive/default/addon_builder.conf: -------------------------------------------------------------------------------- 1 | # this file is generated by add-on builder automatically 2 | # please do not edit it 3 | [base] 4 | builder_version = 2.2.0 5 | builder_build = 12 6 | is_edited = 1 7 | 8 | -------------------------------------------------------------------------------- /TA-thehive/default/alert_actions.conf: -------------------------------------------------------------------------------- 1 | 2 | [create_alert_entry_in_thehive] 3 | is_custom = 1 4 | param.th_source = splunk 5 | param.th_type = alert 6 | param._cam = {"supports_adhoc": true, "technology": [{"vendor": "TheHive-project", "version": ["3.0.0"], "product": "TheHIve"}], "task": ["Investigate"], "subject": ["Alert"], "category": ["Analysis"]} 7 | param.th_title = $name$ 8 | description = Create an alert entry in TheHive with all fields attached as observable 9 | param.th_tlp = 2 10 | param.th_severity = 3 11 | param.th_pap = 2 12 | label = Create alert entry in TheHive 13 | payload_format = json 14 | icon_path = alert_create_alert_entry_in_thehive.png 15 | command = sendalert $action_name$ results_file="$results.file$" results_link="$results.url$" param.action_name=$action_name$ | stats count 16 | 17 | -------------------------------------------------------------------------------- /TA-thehive/default/app.conf: -------------------------------------------------------------------------------- 1 | # this add-on is powered by splunk Add-on builder 2 | [install] 3 | state_change_requires_restart = true 4 | is_configured = 0 5 | state = enabled 6 | build = 3 7 | 8 | [launcher] 9 | author = remg427@gmail.com 10 | version = 2.0.1 11 | description = This add-on is designed to add alert action on Splunk to create alerts in TheHive 12 | 13 | [ui] 14 | is_visible = 1 15 | label = thehive_create_alert 16 | docs_section_override = AddOns:released 17 | 18 | [package] 19 | id = TA-thehive 20 | 21 | [triggers] 22 | reload.addon_builder = simple 23 | reload.ta_thehive_create_alert_account = simple 24 | reload.ta_thehive_create_alert_settings = simple 25 | reload.passwords = simple 26 | 27 | -------------------------------------------------------------------------------- /TA-thehive/default/data/ui/nav/default.xml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /TA-thehive/default/data/ui/views/configuration.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /TA-thehive/default/data/ui/views/inputs.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /TA-thehive/default/inputs.conf: -------------------------------------------------------------------------------- 1 | [connector_to_thehive_instance] 2 | start_by_shell = false 3 | sourcetype = thehive 4 | interval = 30 5 | thehive_url = http://hive.example.com/ 6 | thehive_key = ***API*KEY*** 7 | thehive_verifycert = False 8 | thehive_use_proxy = False 9 | client_use_cert = False 10 | disabled = 0 11 | 12 | -------------------------------------------------------------------------------- /TA-thehive/default/props.conf: -------------------------------------------------------------------------------- 1 | [thehive] 2 | SHOULD_LINEMERGE = 0 3 | category = Splunk App Add-on Builder 4 | pulldown_type = 1 5 | 6 | [source::...ta-thehive*.log*] 7 | sourcetype = ta:thehive:log 8 | 9 | [source::...ta_thehive*.log*] 10 | sourcetype = ta:thehive:log 11 | 12 | [source::...create_alert_entry_in_thehive_modalert.log*] 13 | sourcetype = ta:thehive:log 14 | 15 | -------------------------------------------------------------------------------- /TA-thehive/default/restmap.conf: -------------------------------------------------------------------------------- 1 | 2 | [admin:TA_thehive_create_alert] 3 | match = / 4 | members = TA_thehive_create_alert_connector_to_thehive_instance, TA_thehive_create_alert_settings 5 | 6 | [admin_external:TA_thehive_create_alert_connector_to_thehive_instance] 7 | handlertype = python 8 | handlerfile = TA_thehive_create_alert_rh_connector_to_thehive_instance.py 9 | handleractions = edit, list, remove, create 10 | 11 | [admin_external:TA_thehive_create_alert_settings] 12 | handlertype = python 13 | handlerfile = TA_thehive_create_alert_rh_settings.py 14 | handleractions = edit, list 15 | -------------------------------------------------------------------------------- /TA-thehive/default/ta_thehive_create_alert_settings.conf: -------------------------------------------------------------------------------- 1 | [proxy] 2 | 3 | [logging] 4 | 5 | -------------------------------------------------------------------------------- /TA-thehive/default/web.conf: -------------------------------------------------------------------------------- 1 | 2 | [expose:TA_thehive_create_alert_connector_to_thehive_instance] 3 | pattern = TA_thehive_create_alert_connector_to_thehive_instance 4 | methods = POST, GET 5 | 6 | [expose:TA_thehive_create_alert_connector_to_thehive_instance_specified] 7 | pattern = TA_thehive_create_alert_connector_to_thehive_instance/* 8 | methods = POST, GET, DELETE 9 | 10 | [expose:TA_thehive_create_alert_settings] 11 | pattern = TA_thehive_create_alert_settings 12 | methods = POST, GET 13 | 14 | [expose:TA_thehive_create_alert_settings_specified] 15 | pattern = TA_thehive_create_alert_settings/* 16 | methods = POST, GET, DELETE 17 | 18 | [expose:_splunkd_data] 19 | pattern = data/* 20 | methods = GET 21 | -------------------------------------------------------------------------------- /TA-thehive/metadata/default.meta: -------------------------------------------------------------------------------- 1 | 2 | [] 3 | access = read : [ * ], write : [ admin ] 4 | export = system 5 | 6 | [views] 7 | access = read : [ * ], write : [ admin ] 8 | export = none 9 | -------------------------------------------------------------------------------- /TA-thehive/static/appIcon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/static/appIcon.png -------------------------------------------------------------------------------- /TA-thehive/static/appIconAlt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/static/appIconAlt.png -------------------------------------------------------------------------------- /TA-thehive/static/appIconAlt_2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/static/appIconAlt_2x.png -------------------------------------------------------------------------------- /TA-thehive/static/appIcon_2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/remg427/TA-thehive/901aea52fc7e6f901cdfe988382458e4e925474c/TA-thehive/static/appIcon_2x.png --------------------------------------------------------------------------------