2018-03-15 12:40:59 -04:00
|
|
|
#!/usr/bin/env python
|
|
|
|
import sys
|
|
|
|
from lxml import etree
|
|
|
|
|
|
|
|
|
|
|
|
def main(xmlfile,outfile):
|
|
|
|
|
|
|
|
file = open(outfile,"w")
|
|
|
|
root = etree.parse(xmlfile)
|
|
|
|
|
|
|
|
for rule in root.getiterator('rule'):
|
2018-03-17 08:39:55 -04:00
|
|
|
# Get CDATA
|
2018-03-15 12:40:59 -04:00
|
|
|
text = rule.findtext('text')
|
|
|
|
cdata = etree.fromstring(text)
|
2018-03-17 08:39:55 -04:00
|
|
|
# Print rule name as header
|
2018-03-16 13:33:10 -04:00
|
|
|
message = "# " + rule.findtext('message')
|
2018-03-15 12:40:59 -04:00
|
|
|
file.write(message + "\n")
|
2018-03-17 08:39:55 -04:00
|
|
|
# Print rule description
|
2018-03-16 13:33:10 -04:00
|
|
|
description = rule.findtext('description')
|
2018-03-15 12:40:59 -04:00
|
|
|
file.write("## Description\n")
|
|
|
|
file.write(description +"\n")
|
2018-03-17 08:39:55 -04:00
|
|
|
# Print general rule information (ID, Normalization, Severity, all Tags, Group By)
|
2018-03-15 12:40:59 -04:00
|
|
|
file.write("## General Information\n")
|
2018-03-16 13:33:10 -04:00
|
|
|
ruleid = "* Rule ID: " + rule.findtext('id')
|
2018-03-15 12:40:59 -04:00
|
|
|
file.write(ruleid +"\n")
|
2018-03-16 13:33:10 -04:00
|
|
|
normalization = "* Normalization ID: " + rule.findtext('normid')
|
2018-03-15 12:40:59 -04:00
|
|
|
file.write(normalization + "\n")
|
2018-03-16 13:33:10 -04:00
|
|
|
severity = "* Severity: " + rule.findtext('severity')
|
2018-03-15 12:40:59 -04:00
|
|
|
file.write(severity + "\n")
|
2018-03-17 08:39:55 -04:00
|
|
|
for tags in rule.getiterator('tag'):
|
|
|
|
file.write("* Tag: " + tags.text + "\n")
|
2018-03-16 13:33:10 -04:00
|
|
|
for x in cdata.getiterator('ruleset'):
|
|
|
|
correlationField = "* Group By: " + x.get('correlationField')
|
2018-03-15 12:40:59 -04:00
|
|
|
file.write(correlationField + "\n")
|
|
|
|
file.write("## Correlation Details\n")
|
2018-03-17 08:39:55 -04:00
|
|
|
# Print rule parameters
|
2018-03-15 12:40:59 -04:00
|
|
|
file.write("### Parameters\n")
|
|
|
|
for p in cdata.getiterator('param'):
|
|
|
|
file.write("* Name: " + p.get('name') + "\n")
|
|
|
|
file.write(" - Description: " + p.get('description') + "\n")
|
|
|
|
file.write(" - Default Value: " + p.get('defaultvalue') + "\n")
|
2018-03-17 08:39:55 -04:00
|
|
|
# Print trigger information (Ordered, Timeout, Time Unit, Threshold)
|
2018-03-15 12:40:59 -04:00
|
|
|
file.write("### Trigger\n")
|
2018-03-16 13:33:10 -04:00
|
|
|
for t in cdata.getiterator('trigger'):
|
|
|
|
if (t.get('ordered')):
|
|
|
|
trigger_ordered = "* Ordered: " + str(t.get('ordered'))
|
|
|
|
file.write(trigger_ordered + "\n")
|
|
|
|
if (t.get('timeout')):
|
|
|
|
trigger_timeout = "* Timeout: " + str(t.get('timeout'))
|
|
|
|
file.write(trigger_timeout + "\n")
|
|
|
|
if (t.get('timeUnit')):
|
|
|
|
trigger_timeunit = "* Timeunit: " + str(t.get('timeUnit'))
|
|
|
|
file.write(trigger_timeunit + "\n")
|
|
|
|
if (t.get('threshold')):
|
|
|
|
trigger_threshold = "* Threshold: " + str(t.get('threshold'))
|
|
|
|
file.write(trigger_threshold + "\n")
|
2018-03-15 12:40:59 -04:00
|
|
|
file.write("### Rules\n")
|
2018-03-17 08:39:55 -04:00
|
|
|
# Parse CDATA element and print correlation rule match blocks
|
2018-03-15 12:40:59 -04:00
|
|
|
for r in cdata.getiterator('rule'):
|
|
|
|
file.write("#### Name: " + r.get('name') + "\n")
|
|
|
|
for e in r.iter():
|
|
|
|
if str(e.tag) == 'match':
|
|
|
|
file.write("* Match: \n")
|
|
|
|
if (e.get('count')):
|
|
|
|
file.write(" - Count: " + e.get('count') + "\n")
|
|
|
|
if (e.get('matchType')):
|
|
|
|
file.write(" - Match Type: " + e.get('matchType') + "\n")
|
|
|
|
if str(e.tag) == 'matchFilter':
|
|
|
|
file.write("* Match Filter: \n")
|
|
|
|
if (e.get('type')):
|
|
|
|
file.write(" - Type: " + e.get('type') + "\n")
|
|
|
|
if str(e.tag) == 'singleFilterComponent':
|
|
|
|
if (e.get('type')):
|
2018-03-16 13:33:10 -04:00
|
|
|
file.write(" - Filter Component \n - Type: " + e.get('type') + "\n")
|
2018-03-15 12:40:59 -04:00
|
|
|
if str(e.tag) == 'filterData':
|
|
|
|
if (e.get('name') == "operator"):
|
|
|
|
file.write(" - Operator: " + e.get('value') + "\n")
|
2018-03-16 13:33:10 -04:00
|
|
|
if (e.get('name') == "value"):
|
|
|
|
file.write(" - Value: " + e.get('value') + "\n")
|
2018-03-15 12:40:59 -04:00
|
|
|
file.write("******\n")
|
|
|
|
file.close()
|
|
|
|
|
|
|
|
if __name__=="__main__":
|
|
|
|
if len(sys.argv) != 3:
|
|
|
|
print('Invalid Numbers of Arguments. Script will be terminated.')
|
|
|
|
print('Usage: python esm2markdown <rule xml file> <markdown output file>')
|
|
|
|
print('Example: python esm2markdown RuleExport_2018_03_01_12_36_37.xml documentation.mk')
|
|
|
|
else:
|
|
|
|
main(sys.argv[1],sys.argv[2]);
|