Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import MySQLdb
- import ConfigParser
- import smtplib
- import os
- #get database settings
- # hack to comply with Alienvault config file format:
- from io import StringIO
- filename = '/etc/ossim/ossim_setup.conf'
- vfile = StringIO(u'[misc]\n%s' % open(filename).read())
- db_config = ConfigParser.ConfigParser()
- db_config.readfp(vfile)
- db_ip=db_config.get("database", "db_ip")
- db_user=db_config.get("database", "user")
- db_password=db_config.get("database", "pass")
- #read settings from config file
- ## sample config file
- # [settings]
- # default_interval_mins=5
- # default_threshold=1000
- # smtp_server=127.0.0.1
- # recipient=someone@example.com
- # sender=alienvault@example.com
- #
- # [thresholds]
- # sensorname=1000
- eps_config = ConfigParser.ConfigParser()
- eps_config.read("/etc/ossim/eps_monitor.conf")
- default_interval_mins=eps_config.get("settings", "default_interval_mins")
- default_threshold=eps_config.get("settings", "default_threshold")
- thresholds=eps_config.options("thresholds")
- db = MySQLdb.connect( db_ip, db_user, db_password, "alienvault" )
- cursor = db.cursor()
- # execute SQL query using execute() method.
- cursor.execute("select hex(id),name from sensor")
- results = cursor.fetchall()
- db.close()
- for row in results:
- print os.linesep
- db = MySQLdb.connect( db_ip, db_user, db_password, "alienvault_siem" )
- cursor = db.cursor()
- sql ='select COUNT(*) from acid_event WHERE device_id in (select id from device where hex(sensor_id)="'+row[0]+'") AND timestamp > now() - INTERVAL '+default_interval_mins+' MINUTE;'
- cursor.execute(sql)
- result = cursor.fetchone()
- print "%s: %s" % (row[1],result[0])
- if row[1].lower() in thresholds:
- sensor_threshold = int(eps_config.get('thresholds', row[1]))
- else:
- sensor_threshold = int(default_threshold)
- if result[0] < sensor_threshold:
- sender = eps_config.get('settings', 'sender')
- recipient = eps_config.get('settings', 'recipient')
- smtp_server = eps_config.get('settings', 'smtp_server')
- message = """From: AlienVault EPS Monitor <%s>
- To: <%s>
- Subject: AlienVault EPS monitor alert
- This alert has been triggered since the generated EPS of sensor %s is currently %s
- """ % (sender, recipient, row[1], result[0])
- try:
- smtpObj = smtplib.SMTP(smtp_server)
- smtpObj.sendmail(sender, recipient, message)
- print "Successfully sent email"
- except SMTPException:
- print "Error: unable to send email"
- else:
- print "looking good..."
- db.close()
- print os.linesep
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement