moved stuff into own function
This commit is contained in:
Michael Clemens
parent
43266302b3
commit
49e79abf49
|
|
@ -22,6 +22,27 @@ import sys
|
|||
from lxml import etree
|
||||
|
||||
style="**"
|
||||
level1="* "
|
||||
level2=" - "
|
||||
level3=" - "
|
||||
|
||||
def line(level,key,value):
|
||||
|
||||
lvl = ""
|
||||
output = ""
|
||||
valout = ""
|
||||
if level == 1:
|
||||
lvl = level1
|
||||
elif level == 2:
|
||||
lvl = level2
|
||||
elif level == 3:
|
||||
lvl = level3
|
||||
else:
|
||||
lvl = ""
|
||||
if value:
|
||||
valout = " " + value
|
||||
output = lvl + style + key + style + valout + "\n"
|
||||
return output
|
||||
|
||||
def main(xmlfile,outfile):
|
||||
|
||||
|
|
@ -41,34 +62,30 @@ def main(xmlfile,outfile):
|
|||
file.write(description +"\n")
|
||||
# Print general rule information (ID, Normalization, Severity, all Tags, Group By)
|
||||
file.write("## General Information\n")
|
||||
ruleid = "* " + style + "Rule ID:" + style + " " + rule.findtext('id')
|
||||
file.write(ruleid +"\n")
|
||||
normalization = "* " + style + "Normalization ID:" + style + " " + rule.findtext('normid')
|
||||
file.write(normalization + "\n")
|
||||
severity = "* " + style + "Severity:" + style + " " + rule.findtext('severity')
|
||||
file.write(severity + "\n")
|
||||
file.write(line(1,"Rule ID:",rule.findtext('id')))
|
||||
file.write(line(1,"Normalization ID:",rule.findtext('normid')))
|
||||
file.write(line(1,"Severity:",rule.findtext('severity')))
|
||||
for tags in rule.getiterator('tag'):
|
||||
file.write("* " + style + "Tag:" + style + " " + tags.text + "\n")
|
||||
file.write(line(1,"Tag:",tags.text))
|
||||
for rs in cdata.getiterator('ruleset'):
|
||||
correlationField = "* " + style + "Group By:" + style + " " + rs.get('correlationField')
|
||||
file.write(correlationField + "\n")
|
||||
file.write(line(1,"Group By:",rs.get('correlationField')))
|
||||
file.write("## Correlation Details\n")
|
||||
# Print rule parameters
|
||||
file.write("### Parameters\n")
|
||||
for param in cdata.getiterator('param'):
|
||||
if (param.get('name')):
|
||||
file.write("* " + style + param.get('name') + style + "\n")
|
||||
file.write(" - " + style + "Description:" + style + " " + param.get('description') + "\n")
|
||||
file.write(" - " + style + "Default Value:" + style + " " + param.get('defaultvalue') + "\n")
|
||||
file.write(line(1,param.get('name'),""))
|
||||
file.write(line(2,"Description:",param.get('description')))
|
||||
file.write(line(2,"Default Value:",param.get('defaultvalue')))
|
||||
# Print trigger information (Sequence, Timeout, Time Unit, Threshold)
|
||||
file.write("### Trigger\n")
|
||||
for trigger in cdata.getiterator('trigger'):
|
||||
if (trigger.get('name')):
|
||||
file.write("* " + style + trigger.get('name') + style + "\n")
|
||||
file.write(" - " + style + "Timeout:" + style + " " + trigger.get('timeout') + " " + trigger.get('timeUnit') + "\n")
|
||||
file.write(" - " + style + "Threshold:" + style + " " + trigger.get('threshold') + "\n")
|
||||
file.write(line(1,trigger.get('name'),""))
|
||||
file.write(line(2,"Timeout:",trigger.get('timeout') + " " + trigger.get('timeUnit')))
|
||||
file.write(line(2,"Threshold:",trigger.get('threshold')))
|
||||
if (trigger.get('ordered')):
|
||||
file.write(" - " + style + "Sequence:" + style + " " + trigger.get('ordered') + "\n")
|
||||
file.write(line(2,"Sequence:",trigger.get('ordered')))
|
||||
file.write("### Rules\n")
|
||||
# Parse CDATA element and print correlation rule match blocks
|
||||
for r in cdata.getiterator('rule'):
|
||||
|
|
@ -78,25 +95,24 @@ def main(xmlfile,outfile):
|
|||
file.write("#### " + r.get('name') + "\n")
|
||||
for e in r.iter():
|
||||
if str(e.tag) == 'activate':
|
||||
file.write("* " + style + "Activate:" + style + " ")
|
||||
if (e.get('type')):
|
||||
file.write(e.get('type') + "\n")
|
||||
file.write(line(1,"Activate:",e.get('type')))
|
||||
if str(e.tag) == 'action':
|
||||
file.write("* " + style + "Action:" + style + " \n")
|
||||
file.write(line(1,"Action",""))
|
||||
if (e.get('type')):
|
||||
file.write(" - " + style + "Type:" + style + " " + e.get('type') + "\n")
|
||||
file.write(line(2,"Type:",e.get('type')))
|
||||
if (e.get('trigger')):
|
||||
file.write(" - " + style + "Trigger:" + style + " " + e.get('trigger') + "\n")
|
||||
file.write(line(2,"Trigger:",e.get('trigger')))
|
||||
if str(e.tag) == 'match':
|
||||
file.write("* " + style + "Match:" + style + " \n")
|
||||
file.write(line(1,"Match",""))
|
||||
if (e.get('count')):
|
||||
file.write(" - " + style + "Count:" + style + " " + e.get('count') + "\n")
|
||||
file.write(line(2,"Count:",e.get('count')))
|
||||
if (e.get('matchType')):
|
||||
file.write(" - " + style + "Match Type:" + style + " " + e.get('matchType') + "\n")
|
||||
file.write(line(2,"Match Type:",e.get('matchType')))
|
||||
if str(e.tag) == 'matchFilter':
|
||||
file.write("* " + style + "Match Filter:" + style + " \n")
|
||||
file.write(line(1,"Match Filter",""))
|
||||
if (e.get('type')):
|
||||
file.write(" - " + style + "Logical Element Type:" + style + " " + e.get('type') + "\n")
|
||||
file.write(line(2,"Logical Element Type:",e.get('type')))
|
||||
if str(e.tag) == 'singleFilterComponent':
|
||||
if (e.get('type')):
|
||||
t = e.get('type')
|
||||
|
|
@ -106,8 +122,8 @@ def main(xmlfile,outfile):
|
|||
if (e.get('name') == "value"):
|
||||
v = e.get('value')
|
||||
if o and v and t:
|
||||
file.write(" - " + style + "Filter Component" + style + " \n")
|
||||
file.write(" - " + style + "Condition:" + style + " '" + t + "' " + o + " '" + v + "' \n")
|
||||
file.write(line(2,"Filter Component",""))
|
||||
file.write(line(3,"Condition:","'" + t + "' " + o + " '" + v + "'"))
|
||||
file.write("******\n")
|
||||
file.close()
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue