How to use the rules.models.Transformation function in rules

To help you get started, we’ve selected a few rules examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github StamusNetworks / scirius / rules / models.py View on Github external
def get_transformation(self, ruleset, key=Transformation.ACTION, override=False):
        NONE = None
        TYPE = None

        if key == Transformation.ACTION:
            NONE = Transformation.A_NONE
            TYPE = Transformation.ActionTransfoType
        elif key == Transformation.LATERAL:
            NONE = Transformation.L_NO
            TYPE = Transformation.LateralTransfoType
        elif key == Transformation.TARGET:
            NONE = Transformation.T_NONE
            TYPE = Transformation.TargetTransfoType
        else:
            raise Exception("Key '%s' is unknown" % key)

        if Rule.TRANSFORMATIONS is None:
            rt = RuleTransformation.objects.filter(
                                key=key.value,
                                ruleset=ruleset,
                                rule_transformation=self).all()
            if len(rt) > 0:
                return TYPE(rt[0].value)

            if override:
github StamusNetworks / scirius / rules / models.py View on Github external
def apply_transformation(self, content, key=Transformation.ACTION, value=None):

        if key == Transformation.ACTION:
            if value == Transformation.A_REJECT:
                content = re.sub("^ *\S+", "reject", content)
            elif value == Transformation.A_DROP:
                content = re.sub("^ *\S+", "drop", content)
            elif value == Transformation.A_FILESTORE:
                content = re.sub("; *\)", "; filestore;)", content)
            elif value == Transformation.A_BYPASS:
                if 'noalert' in content:
                    content = re.sub("; noalert;", "; noalert; bypass;", content)
                else:
                    content = re.sub("; *\)", "; noalert; bypass;)", content)
                content = re.sub("^ *\S+", "pass", content)

        elif key == Transformation.LATERAL or key == Transformation.TARGET:
            content = self.apply_lateral_target_transfo(content, key, value)
github StamusNetworks / scirius / suricata / views.py View on Github external
def index(request, error = None):
    # try to get suricata from db
    suri = get_suri()
    if settings.SURICATA_NAME_IS_HOSTNAME:
        suri.name = socket.gethostname()

    if suri:
        context = {'suricata': suri}
        if error:
            context['error'] = error
        if suri.ruleset:
            supp_rules = list(Rule.objects.filter(ruletransformation__ruleset=suri.ruleset, ruletransformation__key=Transformation.SUPPRESSED.value, ruletransformation__value=Transformation.S_SUPPRESSED.value))

            if len(supp_rules):
                suppressed = ",".join([ unicode(x.sid) for x in supp_rules])
                context['suppressed'] = suppressed

        if settings.USE_ELASTICSEARCH:
            context['rules'] = True

        return scirius_render(request, 'suricata/index.html', context)
    else:
        form = SuricataForm()
        context = { 'creation': True , 'form': form}
        missing = dependencies_check(Suricata)
        if missing:
            context['missing'] = missing
        return scirius_render(request, 'suricata/edit.html', context)
github StamusNetworks / scirius / rules / views.py View on Github external
thresholds = RulesetThresholdTable(thresholds)
            tables.RequestConfig(request).configure(thresholds)
            context['thresholds'] = thresholds
        suppress = Threshold.objects.filter(ruleset = ruleset, threshold_type = 'suppress')
        if suppress:
            suppress = RulesetSuppressTable(suppress)
            tables.RequestConfig(request).configure(suppress)
            context['suppress'] = suppress

        # Error
        if error:
            context['error'] = error

        S_SUPPRESSED = Transformation.S_SUPPRESSED
        A_REJECT = Transformation.A_REJECT
        A_DROP = Transformation.A_DROP
        A_FILESTORE = Transformation.A_FILESTORE

        for trans in (S_SUPPRESSED, A_REJECT, A_DROP, A_FILESTORE):
            # Rules transformation
            trans_rules = ruleset.rules_transformation.filter(ruletransformation__value=trans.value).all()
            if len(trans_rules):
                trans_rules_t = RuleTable(trans_rules.order_by('sid'))
                tables.RequestConfig(request).configure(trans_rules_t)

                ctx_lb = '%s_rules' % trans.value if trans != S_SUPPRESSED else 'disabled_rules'
                context[ctx_lb] = trans_rules_t

            # Categories Transformation
            if trans != S_SUPPRESSED:  # SUPPRESSED cannot be applied on categories
                trans_categories = ruleset.categories_transformation.filter(categorytransformation__value=trans.value).all()
                if len(trans_categories):
github StamusNetworks / scirius / rules / views.py View on Github external
if thresholds:
            thresholds = RulesetThresholdTable(thresholds)
            tables.RequestConfig(request).configure(thresholds)
            context['thresholds'] = thresholds
        suppress = Threshold.objects.filter(ruleset = ruleset, threshold_type = 'suppress')
        if suppress:
            suppress = RulesetSuppressTable(suppress)
            tables.RequestConfig(request).configure(suppress)
            context['suppress'] = suppress

        # Error
        if error:
            context['error'] = error

        S_SUPPRESSED = Transformation.S_SUPPRESSED
        A_REJECT = Transformation.A_REJECT
        A_DROP = Transformation.A_DROP
        A_FILESTORE = Transformation.A_FILESTORE

        for trans in (S_SUPPRESSED, A_REJECT, A_DROP, A_FILESTORE):
            # Rules transformation
            trans_rules = ruleset.rules_transformation.filter(ruletransformation__value=trans.value).all()
            if len(trans_rules):
                trans_rules_t = RuleTable(trans_rules.order_by('sid'))
                tables.RequestConfig(request).configure(trans_rules_t)

                ctx_lb = '%s_rules' % trans.value if trans != S_SUPPRESSED else 'disabled_rules'
                context[ctx_lb] = trans_rules_t

            # Categories Transformation
            if trans != S_SUPPRESSED:  # SUPPRESSED cannot be applied on categories
                trans_categories = ruleset.categories_transformation.filter(categorytransformation__value=trans.value).all()
github StamusNetworks / scirius / rules / views.py View on Github external
def switch_rule(request, rule_id, operation = 'disable'):
    rule_object = get_object_or_404(Rule, sid=rule_id)

    if not request.user.is_staff:
        context = { 'rule': rule_object, 'operation': operation, 'error': 'Unsufficient permissions' }
        return scirius_render(request, 'rules/disable_rule.html', context)
        
    if request.method == 'POST': # If the form has been submitted...
        form = RulesetSuppressForm(request.POST)
        if form.is_valid(): # All validation rules pass
            rulesets = form.cleaned_data['rulesets']
            for ruleset in rulesets:
                suppressed_rules = ruleset.get_transformed_rules(key=Transformation.SUPPRESSED,
                                                                value=Transformation.S_SUPPRESSED).values_list('pk', flat=True)
                if rule_object.pk not in suppressed_rules and operation == 'disable' :
                    rule_object.disable(ruleset, user = request.user, comment=form.cleaned_data['comment'])
                elif rule_object.pk in suppressed_rules and operation == 'enable':
                    rule_object.enable(ruleset, user = request.user, comment=form.cleaned_data['comment'])
                ruleset.save()
            return redirect(rule_object)
    else:
        form = RulesetSuppressForm()

    context = { 'rule': rule_object, 'form': form }
    rulesets = Ruleset.objects.all()
    for ruleset in rulesets:
        ruleset.deps_rules = rule_object.get_dependant_rules(ruleset)
    context['rulesets'] = rulesets
    context['operation'] = operation
    return scirius_render(request, 'rules/disable_rule.html', context)
github StamusNetworks / scirius / rules / models.py View on Github external
# TODO: move me in settings.RULESET_TRANSFORMATIONS
            allowed_choices.append((A_BYPASS.value, A_BYPASS.name.title()))
            allowed_choices.append((A_NONE.value, A_NONE.name.title()))

        if key == TARGET:
            CAT_DEFAULT = Transformation.T_CAT_DEFAULT
            RULESET_DEFAULT = Transformation.T_RULESET_DEFAULT

            allowed_choices = list(Transformation.TargetTransfoType.get_choices())
            allowed_choices.remove((CAT_DEFAULT.value, CAT_DEFAULT.name.replace('_', ' ').title()))
            allowed_choices.remove((RULESET_DEFAULT.value, RULESET_DEFAULT.name.replace('_', ' ').title()))

        if key == LATERAL:
            CAT_DEFAULT = Transformation.L_CAT_DEFAULT
            RULESET_DEFAULT = Transformation.L_RULESET_DEFAULT

            allowed_choices = list(Transformation.LateralTransfoType.get_choices())
            allowed_choices.remove((CAT_DEFAULT.value, CAT_DEFAULT.name.replace('_', ' ').title()))
            allowed_choices.remove((RULESET_DEFAULT.value, RULESET_DEFAULT.name.replace('_', ' ').title()))

            L_YES = Transformation.L_YES
            L_AUTO = Transformation.L_AUTO

        return tuple(allowed_choices)
github StamusNetworks / scirius / rules / rest_api.py View on Github external
def create(self, request, *args, **kwargs):
        kwargs['fields'] = dict(self._fields)
        kwargs['action_type'] = self._action_type

        comment = request.data.get('comment', None)
        key = request.data.get('transfo_type')
        value = request.data.get('transfo_value')
        trans_ok = key in Transformation.AVAILABLE_MODEL_TRANSFO and value in Transformation.AVAILABLE_MODEL_TRANSFO[key]
        msg = ''

        if trans_ok is False:
            msg = '"%s" is not a valid choice.'
            title = 'transfo_value'
            type_ = value
            values = Transformation.AVAILABLE_MODEL_TRANSFO.get(key, None)

            if values is None:
                title = 'transfo_type'
                type_ = key

            raise serializers.ValidationError({title: [msg % type_]})

        serializer = self.get_serializer(data=request.data)
        serializer.is_valid(raise_exception=True)

        # Check that transformation is allowed
        if isinstance(self, RuleTransformationViewSet):
            rule = serializer.validated_data['rule_transformation']
            transfo_type = Transformation.Type(key)
            choices_ = rule.get_transformation_choices(transfo_type)
            choices = [choice[0] for choice in choices_]
github StamusNetworks / scirius / rules / models.py View on Github external
if key == Transformation.ACTION:
            if value == Transformation.A_REJECT:
                content = re.sub("^ *\S+", "reject", content)
            elif value == Transformation.A_DROP:
                content = re.sub("^ *\S+", "drop", content)
            elif value == Transformation.A_FILESTORE:
                content = re.sub("; *\)", "; filestore;)", content)
            elif value == Transformation.A_BYPASS:
                if 'noalert' in content:
                    content = re.sub("; noalert;", "; noalert; bypass;", content)
                else:
                    content = re.sub("; *\)", "; noalert; bypass;)", content)
                content = re.sub("^ *\S+", "pass", content)

        elif key == Transformation.LATERAL or key == Transformation.TARGET:
            content = self.apply_lateral_target_transfo(content, key, value)

        return content
github StamusNetworks / scirius / rules / models.py View on Github external
allowed_choices = []

        if key == ACTION:
            all_choices_set = set(Transformation.ActionTransfoType.get_choices())
            allowed_choices = list(all_choices_set.intersection(set(settings.RULESET_TRANSFORMATIONS)))

            A_BYPASS = Transformation.A_BYPASS
            A_NONE = Transformation.A_NONE

            # TODO: move me in settings.RULESET_TRANSFORMATIONS
            allowed_choices.append((A_BYPASS.value, A_BYPASS.name.title()))
            allowed_choices.append((A_NONE.value, A_NONE.name.title()))

        if key == TARGET:
            CAT_DEFAULT = Transformation.T_CAT_DEFAULT
            RULESET_DEFAULT = Transformation.T_RULESET_DEFAULT

            allowed_choices = list(Transformation.TargetTransfoType.get_choices())
            allowed_choices.remove((CAT_DEFAULT.value, CAT_DEFAULT.name.replace('_', ' ').title()))
            allowed_choices.remove((RULESET_DEFAULT.value, RULESET_DEFAULT.name.replace('_', ' ').title()))

        if key == LATERAL:
            CAT_DEFAULT = Transformation.L_CAT_DEFAULT
            RULESET_DEFAULT = Transformation.L_RULESET_DEFAULT

            allowed_choices = list(Transformation.LateralTransfoType.get_choices())
            allowed_choices.remove((CAT_DEFAULT.value, CAT_DEFAULT.name.replace('_', ' ').title()))
            allowed_choices.remove((RULESET_DEFAULT.value, RULESET_DEFAULT.name.replace('_', ' ').title()))

            L_YES = Transformation.L_YES
            L_AUTO = Transformation.L_AUTO