From f5e1c8c5095d6fc24d2014089c6522c39165149a Mon Sep 17 00:00:00 2001 From: Paulo Date: Sun, 9 Oct 2022 09:22:39 -0300 Subject: [PATCH 01/51] fix timeout not being used in scan --- flare/analytics/command_control.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 3b66781..2936bf4 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -301,7 +301,7 @@ def run_query(self): query = self.hour_query(self.period, self.beacon_src_ip, self.beacon_dest_ip, self.beacon_destination_port, self.beacon_timestamp, FLOW_BYTES, self.beacon_flow_id) self.dprint(query) - resp = helpers.scan(query=query, client=self.es, scroll="90m", index=self.es_index, timeout="10m") + resp = helpers.scan(query=query, client=self.es, scroll="90m", index=self.es_index, request_timeout=self.es_timeout) df = pd.io.json.json_normalize([rec['_source'] for rec in resp]) df.rename(columns=dict((x, x.replace("_source.", "")) for x in df.columns), inplace=True) if len(df) == 0: From 0bd4e789bcbe793d86c5e29d9e6a22d5df11c949 Mon Sep 17 00:00:00 2001 From: Paulo Date: Mon, 10 Oct 2022 19:21:19 -0300 Subject: [PATCH 02/51] print query --- flare/analytics/command_control.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 2936bf4..4ecabd8 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -264,7 +264,8 @@ def hour_query(self, h, *fields): if fields: query["_source"] = list(fields) self.dprint(query) - + + print(self.query) return query # this is a sliding window average - for notes... percent grouping is "not exactly a thing" .... with love tho From 729a3935de1ac866ea2b9148ddb7752506abeaae Mon Sep 17 00:00:00 2001 From: Paulo Date: Mon, 10 Oct 2022 20:13:14 -0300 Subject: [PATCH 03/51] fix @timestamp format --- flare/analytics/command_control.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 4ecabd8..efa52e6 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -190,8 +190,10 @@ def hour_query(self, h, *fields): SECONDS = 1000 MINUTES = 60 * SECONDS HOURS = 60 * MINUTES - lte = NOW - gte = int(NOW - h * HOURS) + # lte = NOW + lte = datetime.datetime.now().strftime('%Y-%m-%dT%H:%M:%S.%f%z') + # gte = int(NOW - h * HOURS) + gte = (datetime.datetime.now() - datetime.timedelta(hours=h)).strftime('%Y-%m-%dT%H:%M:%S.%f%z') if self.es_index: if self.filter: @@ -214,8 +216,7 @@ def hour_query(self, h, *fields): "range": { self.beacon_timestamp: { "gte": gte, - "lte": lte, - "format": "epoch_millis" + "lte": lte } } } @@ -249,8 +250,7 @@ def hour_query(self, h, *fields): "range": { "timestamp": { "gte": gte, - "lte": lte, - "format": "epoch_millis" + "lte": lte } } } @@ -265,7 +265,7 @@ def hour_query(self, h, *fields): query["_source"] = list(fields) self.dprint(query) - print(self.query) + print(f"SCAN QUERY: {query}") return query # this is a sliding window average - for notes... percent grouping is "not exactly a thing" .... with love tho From 6fbd28438ce74dc591b3a8436ff4f40aba5db94b Mon Sep 17 00:00:00 2001 From: Paulo Date: Mon, 10 Oct 2022 20:44:44 -0300 Subject: [PATCH 04/51] borabora --- flare/analytics/command_control.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index efa52e6..9504a6d 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -302,7 +302,8 @@ def run_query(self): query = self.hour_query(self.period, self.beacon_src_ip, self.beacon_dest_ip, self.beacon_destination_port, self.beacon_timestamp, FLOW_BYTES, self.beacon_flow_id) self.dprint(query) - resp = helpers.scan(query=query, client=self.es, scroll="90m", index=self.es_index, request_timeout=self.es_timeout) + #scroll="90m" + resp = helpers.scan(query=query, client=self.es, scroll="1m", index=self.es_index, request_timeout=self.es_timeout) df = pd.io.json.json_normalize([rec['_source'] for rec in resp]) df.rename(columns=dict((x, x.replace("_source.", "")) for x in df.columns), inplace=True) if len(df) == 0: From 4552f4df6a6f6f31bfa06d5235711ae3befc10b3 Mon Sep 17 00:00:00 2001 From: Paulo Date: Mon, 10 Oct 2022 20:56:53 -0300 Subject: [PATCH 05/51] sort_doc --- flare/analytics/command_control.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 9504a6d..e55008a 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -227,7 +227,8 @@ def hour_query(self, h, *fields): {"term": {self.beacon_event_key: self.beacon_event_type}} ] } - } + }, + "sort": ["_doc"] } else: if self.filter: @@ -259,7 +260,8 @@ def hour_query(self, h, *fields): } } } - } + }, + "sort": ["_doc"] } if fields: query["_source"] = list(fields) From af325d776a87e0c903472825fb68834614b4a597 Mon Sep 17 00:00:00 2001 From: Paulo Date: Mon, 10 Oct 2022 21:14:35 -0300 Subject: [PATCH 06/51] tem q dar --- flare/analytics/command_control.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index e55008a..d8e6f2a 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -11,7 +11,7 @@ sys.exit(0) try: - from elasticsearch import Elasticsearch, helpers, RequestsHttpConnection + from elasticsearch import Elasticsearch, helpers except: print("Please make sure you have elasticsearch module installed. pip -r requirements.txt or pip install elasticsearch") sys.exit(0) @@ -153,9 +153,9 @@ def __init__(self, try: self.vprint('{info}[INFO]{endc} Attempting to connect to elasticsearch...'.format(info=bcolors.OKBLUE, endc=bcolors.ENDC)) if self.auth == "None": - self.es = Elasticsearch(self.es_host, port=self.es_port, timeout=self.es_timeout, verify_certs=False, use_ssl=self.use_ssl, connection_class=RequestsHttpConnection) + self.es = Elasticsearch(self.es_host, port=self.es_port, timeout=self.es_timeout, verify_certs=False, use_ssl=self.use_ssl) else: - self.es = Elasticsearch(self.es_host, port=self.es_port, timeout=self.es_timeout, http_auth=(self.auth_user, self.auth_password), verify_certs=False, use_ssl=self.use_ssl, connection_class=RequestsHttpConnection) + self.es = Elasticsearch(self.es_host, port=self.es_port, timeout=self.es_timeout, http_auth=(self.auth_user, self.auth_password), verify_certs=False, use_ssl=self.use_ssl) self.vprint('{green}[SUCCESS]{endc} Connected to elasticsearch on {host}:{port}'.format(green=bcolors.OKGREEN, endc=bcolors.ENDC, host=self.es_host, port=str(self.es_port))) except Exception as e: self.vprint(e) From 2985505f4e7c4380c6d4d28c66ec7b86fb8419b4 Mon Sep 17 00:00:00 2001 From: Paulo Date: Mon, 10 Oct 2022 21:17:25 -0300 Subject: [PATCH 07/51] quero ir embora --- flare/analytics/command_control.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index d8e6f2a..e85846e 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -153,9 +153,9 @@ def __init__(self, try: self.vprint('{info}[INFO]{endc} Attempting to connect to elasticsearch...'.format(info=bcolors.OKBLUE, endc=bcolors.ENDC)) if self.auth == "None": - self.es = Elasticsearch(self.es_host, port=self.es_port, timeout=self.es_timeout, verify_certs=False, use_ssl=self.use_ssl) + self.es = Elasticsearch(f"{self.es_host}:{self.es_port}", timeout=self.es_timeout, verify_certs=False, use_ssl=self.use_ssl) else: - self.es = Elasticsearch(self.es_host, port=self.es_port, timeout=self.es_timeout, http_auth=(self.auth_user, self.auth_password), verify_certs=False, use_ssl=self.use_ssl) + self.es = Elasticsearch(f"{self.es_host}:{self.es_port}", timeout=self.es_timeout, http_auth=(self.auth_user, self.auth_password), verify_certs=False, use_ssl=self.use_ssl) self.vprint('{green}[SUCCESS]{endc} Connected to elasticsearch on {host}:{port}'.format(green=bcolors.OKGREEN, endc=bcolors.ENDC, host=self.es_host, port=str(self.es_port))) except Exception as e: self.vprint(e) From dc2fa28cd043f41b91fe5be6f8186140a9e83733 Mon Sep 17 00:00:00 2001 From: Paulo Date: Mon, 10 Oct 2022 21:19:36 -0300 Subject: [PATCH 08/51] please --- flare/analytics/command_control.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index e85846e..7b2cdc7 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -153,9 +153,9 @@ def __init__(self, try: self.vprint('{info}[INFO]{endc} Attempting to connect to elasticsearch...'.format(info=bcolors.OKBLUE, endc=bcolors.ENDC)) if self.auth == "None": - self.es = Elasticsearch(f"{self.es_host}:{self.es_port}", timeout=self.es_timeout, verify_certs=False, use_ssl=self.use_ssl) + self.es = Elasticsearch(f"{self.es_host}:{self.es_port}", timeout=self.es_timeout, verify_certs=False) else: - self.es = Elasticsearch(f"{self.es_host}:{self.es_port}", timeout=self.es_timeout, http_auth=(self.auth_user, self.auth_password), verify_certs=False, use_ssl=self.use_ssl) + self.es = Elasticsearch(f"{self.es_host}:{self.es_port}", timeout=self.es_timeout, http_auth=(self.auth_user, self.auth_password), verify_certs=False) self.vprint('{green}[SUCCESS]{endc} Connected to elasticsearch on {host}:{port}'.format(green=bcolors.OKGREEN, endc=bcolors.ENDC, host=self.es_host, port=str(self.es_port))) except Exception as e: self.vprint(e) From aa33c0bb1fbc7693ea9c9f67200b5449f8fe0193 Mon Sep 17 00:00:00 2001 From: Paulo Date: Mon, 10 Oct 2022 21:21:49 -0300 Subject: [PATCH 09/51] porthost --- flare/analytics/command_control.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 7b2cdc7..9cd2d86 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -153,9 +153,9 @@ def __init__(self, try: self.vprint('{info}[INFO]{endc} Attempting to connect to elasticsearch...'.format(info=bcolors.OKBLUE, endc=bcolors.ENDC)) if self.auth == "None": - self.es = Elasticsearch(f"{self.es_host}:{self.es_port}", timeout=self.es_timeout, verify_certs=False) + self.es = Elasticsearch(f"http://{self.es_host}:{self.es_port}", timeout=self.es_timeout, verify_certs=False) else: - self.es = Elasticsearch(f"{self.es_host}:{self.es_port}", timeout=self.es_timeout, http_auth=(self.auth_user, self.auth_password), verify_certs=False) + self.es = Elasticsearch(f"http://{self.es_host}:{self.es_port}", timeout=self.es_timeout, http_auth=(self.auth_user, self.auth_password), verify_certs=False) self.vprint('{green}[SUCCESS]{endc} Connected to elasticsearch on {host}:{port}'.format(green=bcolors.OKGREEN, endc=bcolors.ENDC, host=self.es_host, port=str(self.es_port))) except Exception as e: self.vprint(e) From 711c7171949acfc5f3844c7debd8b351e98ef1ee Mon Sep 17 00:00:00 2001 From: Paulo Date: Mon, 10 Oct 2022 21:38:54 -0300 Subject: [PATCH 10/51] backto 90m --- flare/analytics/command_control.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 9cd2d86..a0f89a7 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -304,8 +304,7 @@ def run_query(self): query = self.hour_query(self.period, self.beacon_src_ip, self.beacon_dest_ip, self.beacon_destination_port, self.beacon_timestamp, FLOW_BYTES, self.beacon_flow_id) self.dprint(query) - #scroll="90m" - resp = helpers.scan(query=query, client=self.es, scroll="1m", index=self.es_index, request_timeout=self.es_timeout) + resp = helpers.scan(query=query, client=self.es, scroll="90m", index=self.es_index, request_timeout=self.es_timeout) df = pd.io.json.json_normalize([rec['_source'] for rec in resp]) df.rename(columns=dict((x, x.replace("_source.", "")) for x in df.columns), inplace=True) if len(df) == 0: From 5dfc9726dc2bd01da38d6400f315f5fae7d9d504 Mon Sep 17 00:00:00 2001 From: Paulo Date: Tue, 11 Oct 2022 11:26:15 -0300 Subject: [PATCH 11/51] 3500-4m --- flare/analytics/command_control.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index a0f89a7..85c426b 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -304,7 +304,7 @@ def run_query(self): query = self.hour_query(self.period, self.beacon_src_ip, self.beacon_dest_ip, self.beacon_destination_port, self.beacon_timestamp, FLOW_BYTES, self.beacon_flow_id) self.dprint(query) - resp = helpers.scan(query=query, client=self.es, scroll="90m", index=self.es_index, request_timeout=self.es_timeout) + resp = helpers.scan(query=query, client=self.es, scroll="4m", size=3500, index=self.es_index, request_timeout=self.es_timeout) df = pd.io.json.json_normalize([rec['_source'] for rec in resp]) df.rename(columns=dict((x, x.replace("_source.", "")) for x in df.columns), inplace=True) if len(df) == 0: From f45e8d076f2cfb4a119c7953056bb5c6d9c8f4cc Mon Sep 17 00:00:00 2001 From: Paulo Date: Tue, 11 Oct 2022 11:40:20 -0300 Subject: [PATCH 12/51] do not raise on error --- flare/analytics/command_control.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 85c426b..0fff2a6 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -304,7 +304,7 @@ def run_query(self): query = self.hour_query(self.period, self.beacon_src_ip, self.beacon_dest_ip, self.beacon_destination_port, self.beacon_timestamp, FLOW_BYTES, self.beacon_flow_id) self.dprint(query) - resp = helpers.scan(query=query, client=self.es, scroll="4m", size=3500, index=self.es_index, request_timeout=self.es_timeout) + resp = helpers.scan(query=query, client=self.es, scroll="4m", size=3500, index=self.es_index, request_timeout=self.es_timeout,raise_on_error=False) df = pd.io.json.json_normalize([rec['_source'] for rec in resp]) df.rename(columns=dict((x, x.replace("_source.", "")) for x in df.columns), inplace=True) if len(df) == 0: From 0f994f37951e89b5c08f94ad03de49fb07e4da6c Mon Sep 17 00:00:00 2001 From: Paulo Date: Tue, 11 Oct 2022 12:51:34 -0300 Subject: [PATCH 13/51] remove flow bytes and id --- flare/analytics/command_control.py | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 0fff2a6..2a6070f 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -91,8 +91,8 @@ def __init__(self, self.beacon_dest_ip = self.config.get('beacon', 'field_destination_ip') self.beacon_destination_port = self.config.get('beacon', 'field_destination_port') self.beacon_timestamp = self.config.get('beacon', 'field_timestamp') - self.beacon_flow_bytes_toserver = self.config.get('beacon', 'field_flow_bytes_toserver') - self.beacon_flow_id = self.config.get('beacon', 'field_flow_id') + # self.beacon_flow_bytes_toserver = self.config.get('beacon', 'field_flow_bytes_toserver') + # self.beacon_flow_id = self.config.get('beacon', 'field_flow_id') self.beacon_event_key = self.config.get('beacon','event_key') self.beacon_event_type = self.config.get('beacon','event_type') self.filter = self.config.get('beacon','filter') @@ -100,6 +100,7 @@ def __init__(self, self.auth_user = self.config.config.get('beacon','username') self.auth_password = self.config.config.get('beacon', 'password') self.suricata_defaults = self.config.config.getboolean('beacon','suricata_defaults') + self.domain_field = self.config.get('beacon','domain_field') try: self.debug = self.config.config.getboolean('beacon', 'debug') except: @@ -127,14 +128,15 @@ def __init__(self, self.beacon_dest_ip = 'dest_ip' self.beacon_destination_port = 'dest_port' self.beacon_timestamp = '@timestamp' - self.beacon_flow_bytes_toserver = 'bytes_toserver' - self.beacon_flow_id = 'flow_id' + # self.beacon_flow_bytes_toserver = 'bytes_toserver' + # self.beacon_flow_id = 'flow_id' self.beacon_event_type = 'flow' self.beacon_event_key = 'event_type' self.filter = '' self.verbose = verbose self.suricata_defaults = False self.debug = debug + self.domain_field = 'domain' self.ver = {'4': {'filtered': 'query'}, '5': {'bool': 'must'}} self.filt = list(self.ver[self.kibana_version].keys())[0] @@ -142,7 +144,7 @@ def __init__(self, self.whois = WhoisLookup() self.info = '{info}[INFO]{endc}'.format(info=bcolors.OKBLUE, endc=bcolors.ENDC) self.success = '{green}[SUCCESS]{endc}'.format(green=bcolors.OKGREEN, endc=bcolors.ENDC) - self.fields = [self.beacon_src_ip, self.beacon_dest_ip, self.beacon_destination_port, self.beacon_flow_bytes_toserver, 'dest_degree', 'occurrences', 'percent', 'interval'] + self.fields = [self.beacon_src_ip, self.beacon_dest_ip, self.beacon_destination_port, 'dest_degree', 'occurrences', 'percent', 'interval'] try: _ = (self.auth_user, self.auth_password) @@ -265,6 +267,8 @@ def hour_query(self, h, *fields): } if fields: query["_source"] = list(fields) + if self.domain_field != '': + query["_source"].append(self.domain_field) self.dprint(query) print(f"SCAN QUERY: {query}") @@ -297,12 +301,12 @@ def percent_grouping(self, d, total): def run_query(self): self.vprint("{info} Gathering flow data... this may take a while...".format(info=self.info)) - FLOW_BYTES = self.beacon_flow_bytes_toserver - if self.suricata_defaults: - FLOW_BYTES = 'flow.' + FLOW_BYTES + # FLOW_BYTES = self.beacon_flow_bytes_toserver + # if self.suricata_defaults: + # FLOW_BYTES = 'flow.' + FLOW_BYTES query = self.hour_query(self.period, self.beacon_src_ip, self.beacon_dest_ip, self.beacon_destination_port, - self.beacon_timestamp, FLOW_BYTES, self.beacon_flow_id) + self.beacon_timestamp) self.dprint(query) resp = helpers.scan(query=query, client=self.es, scroll="4m", size=3500, index=self.es_index, request_timeout=self.es_timeout,raise_on_error=False) df = pd.io.json.json_normalize([rec['_source'] for rec in resp]) @@ -348,11 +352,11 @@ def find_beacon(self, q_job, beacon_list): SRC_IP = work[self.beacon_src_ip].unique()[0] DEST_IP = work[self.beacon_dest_ip].unique()[0] DEST_PORT = str(int(work[self.beacon_destination_port].unique()[0])) - BYTES_TOSERVER = work[self.beacon_flow_bytes_toserver].sum() + # BYTES_TOSERVER = work[self.beacon_flow_bytes_toserver].sum() SRC_DEGREE = len(work[self.beacon_dest_ip].unique()) OCCURRENCES = total self.l_list.acquire() - beacon_list.append([SRC_IP, DEST_IP, DEST_PORT, BYTES_TOSERVER, SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW]) + beacon_list.append([SRC_IP, DEST_IP, DEST_PORT, SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW]) self.l_list.release() q_job.task_done() From 6db8d40ba1f564b97073235b0479ed7859891238 Mon Sep 17 00:00:00 2001 From: Paulo Date: Tue, 11 Oct 2022 13:15:28 -0300 Subject: [PATCH 14/51] gambiarra pra funcionar --- flare/analytics/command_control.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 2a6070f..22ae2e1 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -267,7 +267,7 @@ def hour_query(self, h, *fields): } if fields: query["_source"] = list(fields) - if self.domain_field != '': + if self.domain_field != "''": query["_source"].append(self.domain_field) self.dprint(query) From 5b9e288108b001a0e85d1028ed57bdae6cc36755 Mon Sep 17 00:00:00 2001 From: Paulo Date: Tue, 11 Oct 2022 14:00:38 -0300 Subject: [PATCH 15/51] add domain field --- flare/analytics/command_control.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 22ae2e1..e348c16 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -136,7 +136,7 @@ def __init__(self, self.verbose = verbose self.suricata_defaults = False self.debug = debug - self.domain_field = 'domain' + self.domain_field = "''" self.ver = {'4': {'filtered': 'query'}, '5': {'bool': 'must'}} self.filt = list(self.ver[self.kibana_version].keys())[0] @@ -145,6 +145,8 @@ def __init__(self, self.info = '{info}[INFO]{endc}'.format(info=bcolors.OKBLUE, endc=bcolors.ENDC) self.success = '{green}[SUCCESS]{endc}'.format(green=bcolors.OKGREEN, endc=bcolors.ENDC) self.fields = [self.beacon_src_ip, self.beacon_dest_ip, self.beacon_destination_port, 'dest_degree', 'occurrences', 'percent', 'interval'] + if self.domain_field != "''": + self.fields.append(self.domain_field) try: _ = (self.auth_user, self.auth_password) From 7cb6a2875e460c45bf096c22cca799a5f0f7c8a6 Mon Sep 17 00:00:00 2001 From: Paulo Date: Tue, 11 Oct 2022 14:12:25 -0300 Subject: [PATCH 16/51] fix add domain_field --- flare/analytics/command_control.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index e348c16..a986f44 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -356,9 +356,11 @@ def find_beacon(self, q_job, beacon_list): DEST_PORT = str(int(work[self.beacon_destination_port].unique()[0])) # BYTES_TOSERVER = work[self.beacon_flow_bytes_toserver].sum() SRC_DEGREE = len(work[self.beacon_dest_ip].unique()) - OCCURRENCES = total + OCCURRENCES = total self.l_list.acquire() beacon_list.append([SRC_IP, DEST_IP, DEST_PORT, SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW]) + if self.domain_field != "''": + beacon_list[-1].append(work[self.domain_field].unique()[0]) self.l_list.release() q_job.task_done() From 74a0e3827f42d1b2e83204eee7d2e3801600eaaa Mon Sep 17 00:00:00 2001 From: Paulo Date: Tue, 11 Oct 2022 14:24:43 -0300 Subject: [PATCH 17/51] FIX DOMAIN FIELD --- flare/analytics/command_control.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index a986f44..2b7afab 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -358,9 +358,11 @@ def find_beacon(self, q_job, beacon_list): SRC_DEGREE = len(work[self.beacon_dest_ip].unique()) OCCURRENCES = total self.l_list.acquire() - beacon_list.append([SRC_IP, DEST_IP, DEST_PORT, SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW]) if self.domain_field != "''": - beacon_list[-1].append(work[self.domain_field].unique()[0]) + DOMAIN = work[self.domain_field].unique()[0] + beacon_list.append([SRC_IP, DEST_IP, DEST_PORT, SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW,DOMAIN]) + else: + beacon_list.append([SRC_IP, DEST_IP, DEST_PORT, SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW]) self.l_list.release() q_job.task_done() From 5b6499794b9b88ab4b080b653aa0915ddb8fa5fa Mon Sep 17 00:00:00 2001 From: Paulo Date: Tue, 22 Nov 2022 16:19:04 -0300 Subject: [PATCH 18/51] fix --- flare/analytics/command_control.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 2b7afab..649939f 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -141,7 +141,7 @@ def __init__(self, self.ver = {'4': {'filtered': 'query'}, '5': {'bool': 'must'}} self.filt = list(self.ver[self.kibana_version].keys())[0] self.query = list(self.ver[self.kibana_version].values())[0] - self.whois = WhoisLookup() + # self.whois = WhoisLookup() self.info = '{info}[INFO]{endc}'.format(info=bcolors.OKBLUE, endc=bcolors.ENDC) self.success = '{green}[SUCCESS]{endc}'.format(green=bcolors.OKGREEN, endc=bcolors.ENDC) self.fields = [self.beacon_src_ip, self.beacon_dest_ip, self.beacon_destination_port, 'dest_degree', 'occurrences', 'percent', 'interval'] @@ -367,7 +367,7 @@ def find_beacon(self, q_job, beacon_list): q_job.task_done() - def find_beacons(self, group=True, focus_outbound=False, whois=True, csv_out=None, html_out=None, json_out=None): + def find_beacons(self, group=True, focus_outbound=False, whois=False, csv_out=None, html_out=None, json_out=None): for triad_id in self.high_freq: self.q_job.put(triad_id) From 8461ad3c266e6e640f21995897b870eacb025f2b Mon Sep 17 00:00:00 2001 From: Paulo Date: Tue, 22 Nov 2022 16:19:44 -0300 Subject: [PATCH 19/51] go --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index c74f8fe..6b1c697 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.4', + version='0.5', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 65925f25a879498f68977c844ce41411dd254fbf Mon Sep 17 00:00:00 2001 From: Paulo Date: Tue, 22 Nov 2022 16:29:45 -0300 Subject: [PATCH 20/51] fix --- flare/analytics/command_control.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 649939f..65c14f2 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -367,7 +367,7 @@ def find_beacon(self, q_job, beacon_list): q_job.task_done() - def find_beacons(self, group=True, focus_outbound=False, whois=False, csv_out=None, html_out=None, json_out=None): + def find_beacons(self, group=False, focus_outbound=True, whois=False, csv_out=None, html_out=None, json_out=None): for triad_id in self.high_freq: self.q_job.put(triad_id) From f645cec93ba56d324b5df42a84571de2ba46d0f1 Mon Sep 17 00:00:00 2001 From: Paulo Date: Tue, 22 Nov 2022 16:29:54 -0300 Subject: [PATCH 21/51] fix --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 6b1c697..0776343 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.5', + version='0.6', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 8d5a82f7036671cc8a4c2b173534fc3b6b7a2e28 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 10:20:08 -0300 Subject: [PATCH 22/51] fix --- flare/analytics/command_control.py | 10 +++++----- setup.py | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 65c14f2..d99bd9a 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -267,11 +267,11 @@ def hour_query(self, h, *fields): }, "sort": ["_doc"] } - if fields: - query["_source"] = list(fields) - if self.domain_field != "''": - query["_source"].append(self.domain_field) - self.dprint(query) + # if fields: + # query["_source"] = list(fields) + # if self.domain_field != "''": + # query["_source"].append(self.domain_field) + # self.dprint(query) print(f"SCAN QUERY: {query}") return query diff --git a/setup.py b/setup.py index 0776343..4b16f18 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.6', + version='0.7', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 029948ea8593870f869b8864e0760cbae0ed38e7 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 10:54:13 -0300 Subject: [PATCH 23/51] new --- flare/analytics/command_control.py | 3 ++- setup.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index d99bd9a..41cde29 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -144,7 +144,7 @@ def __init__(self, # self.whois = WhoisLookup() self.info = '{info}[INFO]{endc}'.format(info=bcolors.OKBLUE, endc=bcolors.ENDC) self.success = '{green}[SUCCESS]{endc}'.format(green=bcolors.OKGREEN, endc=bcolors.ENDC) - self.fields = [self.beacon_src_ip, self.beacon_dest_ip, self.beacon_destination_port, 'dest_degree', 'occurrences', 'percent', 'interval'] + self.fields = ['dest_degree', 'occurrences', 'percent', 'interval'] if self.domain_field != "''": self.fields.append(self.domain_field) @@ -313,6 +313,7 @@ def run_query(self): resp = helpers.scan(query=query, client=self.es, scroll="4m", size=3500, index=self.es_index, request_timeout=self.es_timeout,raise_on_error=False) df = pd.io.json.json_normalize([rec['_source'] for rec in resp]) df.rename(columns=dict((x, x.replace("_source.", "")) for x in df.columns), inplace=True) + self.fields.append(df.columns) if len(df) == 0: raise Exception("Elasticsearch did not retrieve any data. Please ensure your settings are correct inside the config file.") diff --git a/setup.py b/setup.py index 4b16f18..73343f1 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.7', + version='0.8', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From b5a76343bd39fc54a91fd73e8ce87c81dd387216 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 11:08:19 -0300 Subject: [PATCH 24/51] go --- flare/analytics/command_control.py | 14 +++++++++----- setup.py | 2 +- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 41cde29..3784c3f 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -352,18 +352,22 @@ def find_beacon(self, q_job, beacon_list): if percent > self.MIN_PERCENT and total > self.MIN_OCCURRENCES: PERCENT = str(int(percent)) WINDOW = str(window) - SRC_IP = work[self.beacon_src_ip].unique()[0] - DEST_IP = work[self.beacon_dest_ip].unique()[0] - DEST_PORT = str(int(work[self.beacon_destination_port].unique()[0])) + # SRC_IP = work[self.beacon_src_ip].unique()[0] + # DEST_IP = work[self.beacon_dest_ip].unique()[0] + # DEST_PORT = str(int(work[self.beacon_destination_port].unique()[0])) # BYTES_TOSERVER = work[self.beacon_flow_bytes_toserver].sum() + list_to_append = [] + for column in work.columns: + list_to_append.append(work.iloc[0][column]) SRC_DEGREE = len(work[self.beacon_dest_ip].unique()) OCCURRENCES = total self.l_list.acquire() if self.domain_field != "''": DOMAIN = work[self.domain_field].unique()[0] - beacon_list.append([SRC_IP, DEST_IP, DEST_PORT, SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW,DOMAIN]) + list_to_append.append([SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW,DOMAIN]) else: - beacon_list.append([SRC_IP, DEST_IP, DEST_PORT, SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW]) + list_to_append.append([SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW]) + beacon_list.append(list_to_append) self.l_list.release() q_job.task_done() diff --git a/setup.py b/setup.py index 73343f1..25148c6 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.8', + version='0.9', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 4fe181543b8eba4352a46f7478ca6dbe6be7995d Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 11:15:30 -0300 Subject: [PATCH 25/51] test --- flare/analytics/command_control.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 3784c3f..5ca8816 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -313,6 +313,8 @@ def run_query(self): resp = helpers.scan(query=query, client=self.es, scroll="4m", size=3500, index=self.es_index, request_timeout=self.es_timeout,raise_on_error=False) df = pd.io.json.json_normalize([rec['_source'] for rec in resp]) df.rename(columns=dict((x, x.replace("_source.", "")) for x in df.columns), inplace=True) + print(df.columns) + exit() self.fields.append(df.columns) if len(df) == 0: raise Exception("Elasticsearch did not retrieve any data. Please ensure your settings are correct inside the config file.") From 1865b8501cc1119a750df4e818cd660357bd2dcc Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 11:17:29 -0300 Subject: [PATCH 26/51] test --- flare/analytics/command_control.py | 8 ++++++-- setup.py | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 5ca8816..76dc800 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -313,9 +313,13 @@ def run_query(self): resp = helpers.scan(query=query, client=self.es, scroll="4m", size=3500, index=self.es_index, request_timeout=self.es_timeout,raise_on_error=False) df = pd.io.json.json_normalize([rec['_source'] for rec in resp]) df.rename(columns=dict((x, x.replace("_source.", "")) for x in df.columns), inplace=True) + print("COLUMNS:") print(df.columns) - exit() - self.fields.append(df.columns) + print("self.fields:") + print(self.fields) + self.fields += df.columns.tolist() + print("self.fields after append:") + print(self.fields) if len(df) == 0: raise Exception("Elasticsearch did not retrieve any data. Please ensure your settings are correct inside the config file.") diff --git a/setup.py b/setup.py index 25148c6..17d9ecd 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.9', + version='0.91', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 3cc296e72532344cead7c15b65ed56192c8e9ab5 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 11:23:56 -0300 Subject: [PATCH 27/51] bo --- flare/analytics/command_control.py | 11 ++++------- setup.py | 2 +- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 76dc800..342a1b4 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -313,13 +313,10 @@ def run_query(self): resp = helpers.scan(query=query, client=self.es, scroll="4m", size=3500, index=self.es_index, request_timeout=self.es_timeout,raise_on_error=False) df = pd.io.json.json_normalize([rec['_source'] for rec in resp]) df.rename(columns=dict((x, x.replace("_source.", "")) for x in df.columns), inplace=True) - print("COLUMNS:") - print(df.columns) - print("self.fields:") - print(self.fields) - self.fields += df.columns.tolist() - print("self.fields after append:") - print(self.fields) + for field in df.columns.tolist(): + if field not in self.fields: + self.fields.append(field) + if len(df) == 0: raise Exception("Elasticsearch did not retrieve any data. Please ensure your settings are correct inside the config file.") diff --git a/setup.py b/setup.py index 17d9ecd..29fdca5 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.91', + version='0.92', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From a6ab82f4a8567edadc1a4a53eea654ab5005989b Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 11:28:57 -0300 Subject: [PATCH 28/51] test --- flare/analytics/command_control.py | 1 + setup.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 342a1b4..7d27f70 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -326,6 +326,7 @@ def run_query(self): df['triad_id'] = (df[self.beacon_src_ip] + df[self.beacon_dest_ip] + df[self.beacon_destination_port].astype(str)).apply(hash) df['triad_freq'] = df.groupby('triad_id')['triad_id'].transform('count').fillna(0).astype(int) self.high_freq = list(df[df.triad_freq > self.MIN_OCCURRENCES].groupby('triad_id').groups.keys()) + pprint(df) return df def find_beacon(self, q_job, beacon_list): diff --git a/setup.py b/setup.py index 29fdca5..eb8b7de 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.92', + version='0.93', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 3e779d4502e19bc48978b84900c69e9d393cd07a Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 11:29:59 -0300 Subject: [PATCH 29/51] test --- flare/analytics/command_control.py | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 7d27f70..a8c6b24 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -326,7 +326,7 @@ def run_query(self): df['triad_id'] = (df[self.beacon_src_ip] + df[self.beacon_dest_ip] + df[self.beacon_destination_port].astype(str)).apply(hash) df['triad_freq'] = df.groupby('triad_id')['triad_id'].transform('count').fillna(0).astype(int) self.high_freq = list(df[df.triad_freq > self.MIN_OCCURRENCES].groupby('triad_id').groups.keys()) - pprint(df) + print(df) return df def find_beacon(self, q_job, beacon_list): diff --git a/setup.py b/setup.py index eb8b7de..8e514b5 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.93', + version='0.94', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 231b1950460f6a4d2a2b9fae366f6b23bbf7c8d1 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 11:37:12 -0300 Subject: [PATCH 30/51] to lunch --- flare/analytics/command_control.py | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index a8c6b24..6d1744f 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -362,7 +362,7 @@ def find_beacon(self, q_job, beacon_list): # BYTES_TOSERVER = work[self.beacon_flow_bytes_toserver].sum() list_to_append = [] for column in work.columns: - list_to_append.append(work.iloc[0][column]) + list_to_append.append(work.iloc[0][column].values[0]) SRC_DEGREE = len(work[self.beacon_dest_ip].unique()) OCCURRENCES = total self.l_list.acquire() diff --git a/setup.py b/setup.py index 8e514b5..1870851 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.94', + version='0.95', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From a2bceae7aabe4fd1c83cbccbc7cb8fae1d2f8bc7 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 11:37:23 -0300 Subject: [PATCH 31/51] fix --- flare/analytics/command_control.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 6d1744f..3cd2134 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -326,7 +326,7 @@ def run_query(self): df['triad_id'] = (df[self.beacon_src_ip] + df[self.beacon_dest_ip] + df[self.beacon_destination_port].astype(str)).apply(hash) df['triad_freq'] = df.groupby('triad_id')['triad_id'].transform('count').fillna(0).astype(int) self.high_freq = list(df[df.triad_freq > self.MIN_OCCURRENCES].groupby('triad_id').groups.keys()) - print(df) + # print(df) return df def find_beacon(self, q_job, beacon_list): From 6407dd6932bba3130d13e43726fbdbf523016ca7 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 12:51:14 -0300 Subject: [PATCH 32/51] fix --- flare/analytics/command_control.py | 12 +++++++----- setup.py | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 3cd2134..1497e51 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -360,17 +360,19 @@ def find_beacon(self, q_job, beacon_list): # DEST_IP = work[self.beacon_dest_ip].unique()[0] # DEST_PORT = str(int(work[self.beacon_destination_port].unique()[0])) # BYTES_TOSERVER = work[self.beacon_flow_bytes_toserver].sum() - list_to_append = [] - for column in work.columns: - list_to_append.append(work.iloc[0][column].values[0]) + list_to_append = [] SRC_DEGREE = len(work[self.beacon_dest_ip].unique()) OCCURRENCES = total self.l_list.acquire() if self.domain_field != "''": DOMAIN = work[self.domain_field].unique()[0] - list_to_append.append([SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW,DOMAIN]) + list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW,DOMAIN] else: - list_to_append.append([SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW]) + list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW] + for column in work.columns: + list_to_append.append(work.iloc[0][column].values[0]) + print("beacon found") + print(list_to_append) beacon_list.append(list_to_append) self.l_list.release() diff --git a/setup.py b/setup.py index 1870851..6a30fa1 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.95', + version='0.96', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 72871f4069ad8d0052a2189fd96e6b318d8ddea4 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 12:56:37 -0300 Subject: [PATCH 33/51] fix --- flare/analytics/command_control.py | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 1497e51..1a73b15 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -370,7 +370,7 @@ def find_beacon(self, q_job, beacon_list): else: list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW] for column in work.columns: - list_to_append.append(work.iloc[0][column].values[0]) + list_to_append.append(work.iloc[0][column]) print("beacon found") print(list_to_append) beacon_list.append(list_to_append) diff --git a/setup.py b/setup.py index 6a30fa1..ed791cb 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.96', + version='0.97', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From e630f8c437e32ee6a6854ae12b7fae16ff8141fc Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 12:59:33 -0300 Subject: [PATCH 34/51] test --- flare/analytics/command_control.py | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 1a73b15..1515bf1 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -369,7 +369,7 @@ def find_beacon(self, q_job, beacon_list): list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW,DOMAIN] else: list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW] - for column in work.columns: + for column in work.columns.tolist(): list_to_append.append(work.iloc[0][column]) print("beacon found") print(list_to_append) diff --git a/setup.py b/setup.py index ed791cb..711c64b 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.97', + version='0.98', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 87f209ecc98f66f5d3021e7d2914c90db90b4e8a Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 13:13:47 -0300 Subject: [PATCH 35/51] fix --- flare/analytics/command_control.py | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 1515bf1..c98346c 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -370,7 +370,7 @@ def find_beacon(self, q_job, beacon_list): else: list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW] for column in work.columns.tolist(): - list_to_append.append(work.iloc[0][column]) + list_to_append.append(work.iloc[0][column].fillna(0)) print("beacon found") print(list_to_append) beacon_list.append(list_to_append) diff --git a/setup.py b/setup.py index 711c64b..04edaf4 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.98', + version='0.99', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 82157793149ac685a84060d6dee7f3e5dfc5aa33 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 13:32:47 -0300 Subject: [PATCH 36/51] test --- flare/analytics/command_control.py | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index c98346c..cddd48e 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -398,7 +398,7 @@ def find_beacons(self, group=False, focus_outbound=True, whois=False, csv_out=No beacon_list = list(beacon_list) beacon_df = pd.DataFrame(beacon_list, - columns=self.fields).dropna() + columns=self.fields)#.dropna() beacon_df.interval = beacon_df.interval.astype(int) beacon_df['dest_degree'] = beacon_df.groupby(self.beacon_dest_ip)[self.beacon_dest_ip].transform('count').fillna(0).astype(int) self.vprint('{info} Calculating destination degree.'.format(info=self.info)) diff --git a/setup.py b/setup.py index 04edaf4..f90362b 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='0.99', + version='1.01', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From f098f349a3e0ec83946967b878139007dc468f04 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 13:38:26 -0300 Subject: [PATCH 37/51] bora --- flare/analytics/command_control.py | 3 ++- setup.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index cddd48e..2a585bf 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -327,6 +327,7 @@ def run_query(self): df['triad_freq'] = df.groupby('triad_id')['triad_id'].transform('count').fillna(0).astype(int) self.high_freq = list(df[df.triad_freq > self.MIN_OCCURRENCES].groupby('triad_id').groups.keys()) # print(df) + df.fillna(0, inplace=True) return df def find_beacon(self, q_job, beacon_list): @@ -370,7 +371,7 @@ def find_beacon(self, q_job, beacon_list): else: list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW] for column in work.columns.tolist(): - list_to_append.append(work.iloc[0][column].fillna(0)) + list_to_append.append(work.iloc[0][column]) print("beacon found") print(list_to_append) beacon_list.append(list_to_append) diff --git a/setup.py b/setup.py index f90362b..9b2b3e9 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.01', + version='1.11', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From c3eb451436aa79f3b2e4a5d3906de94c4680022e Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 15:39:05 -0300 Subject: [PATCH 38/51] go --- flare/analytics/command_control.py | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 2a585bf..2e5c50e 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -327,7 +327,7 @@ def run_query(self): df['triad_freq'] = df.groupby('triad_id')['triad_id'].transform('count').fillna(0).astype(int) self.high_freq = list(df[df.triad_freq > self.MIN_OCCURRENCES].groupby('triad_id').groups.keys()) # print(df) - df.fillna(0, inplace=True) + # df.fillna(0, inplace=True) return df def find_beacon(self, q_job, beacon_list): diff --git a/setup.py b/setup.py index 9b2b3e9..878c9c4 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.11', + version='1.12', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 0fc4aecc2d0f5f74dd39e97b0da248ea6dfabc89 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 15:44:16 -0300 Subject: [PATCH 39/51] t --- flare/analytics/command_control.py | 4 +++- setup.py | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 2e5c50e..3a48c0e 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -328,11 +328,13 @@ def run_query(self): self.high_freq = list(df[df.triad_freq > self.MIN_OCCURRENCES].groupby('triad_id').groups.keys()) # print(df) # df.fillna(0, inplace=True) + print("Finished gathering data...") return df def find_beacon(self, q_job, beacon_list): - + print("Entrou na thread") while not q_job.empty(): + print("Entrou no while") triad_id = q_job.get() self.l_df.acquire() work = self.flow_data[self.flow_data.triad_id == triad_id] diff --git a/setup.py b/setup.py index 878c9c4..69505d2 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.12', + version='1.13', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 28e6bcaa95507898ca2b402c115d6a9d1a03e4e9 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 16:01:24 -0300 Subject: [PATCH 40/51] test --- flare/analytics/command_control.py | 13 ++++++++----- setup.py | 2 +- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 3a48c0e..47d8d8c 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -55,6 +55,7 @@ def __init__(self, es_index='logstash-flow-*', kibana_version='4', verbose=True, + data_fields=[], debug=True): """ @@ -147,6 +148,8 @@ def __init__(self, self.fields = ['dest_degree', 'occurrences', 'percent', 'interval'] if self.domain_field != "''": self.fields.append(self.domain_field) + self.fields += data_fields + self.data_fields = data_fields try: _ = (self.auth_user, self.auth_password) @@ -313,9 +316,9 @@ def run_query(self): resp = helpers.scan(query=query, client=self.es, scroll="4m", size=3500, index=self.es_index, request_timeout=self.es_timeout,raise_on_error=False) df = pd.io.json.json_normalize([rec['_source'] for rec in resp]) df.rename(columns=dict((x, x.replace("_source.", "")) for x in df.columns), inplace=True) - for field in df.columns.tolist(): - if field not in self.fields: - self.fields.append(field) + # for field in df.columns.tolist(): + # if field not in self.fields: + # self.fields.append(field) if len(df) == 0: raise Exception("Elasticsearch did not retrieve any data. Please ensure your settings are correct inside the config file.") @@ -327,7 +330,7 @@ def run_query(self): df['triad_freq'] = df.groupby('triad_id')['triad_id'].transform('count').fillna(0).astype(int) self.high_freq = list(df[df.triad_freq > self.MIN_OCCURRENCES].groupby('triad_id').groups.keys()) # print(df) - # df.fillna(0, inplace=True) + df.fillna(0, inplace=True) print("Finished gathering data...") return df @@ -372,7 +375,7 @@ def find_beacon(self, q_job, beacon_list): list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW,DOMAIN] else: list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW] - for column in work.columns.tolist(): + for column in self.data_fields: list_to_append.append(work.iloc[0][column]) print("beacon found") print(list_to_append) diff --git a/setup.py b/setup.py index 69505d2..56e5448 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.13', + version='1.14', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 0e27741f291ff241edf72db188350ae4e0e4c71b Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 16:22:40 -0300 Subject: [PATCH 41/51] test --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 56e5448..2e2c537 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.14', + version='1.15', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 44100890243b369929c6933d7ff1de95cd66be2d Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 16:29:53 -0300 Subject: [PATCH 42/51] test --- flare/analytics/command_control.py | 1 + setup.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 47d8d8c..173549c 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -376,6 +376,7 @@ def find_beacon(self, q_job, beacon_list): else: list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW] for column in self.data_fields: + print(work.iloc[0]) list_to_append.append(work.iloc[0][column]) print("beacon found") print(list_to_append) diff --git a/setup.py b/setup.py index 2e2c537..edbba6b 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.15', + version='1.16', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 72e2e55607dee13923daedf29405fb2ddb507b85 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 16:37:58 -0300 Subject: [PATCH 43/51] fix --- flare/analytics/command_control.py | 6 ++++-- setup.py | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 173549c..1f2f989 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -376,8 +376,10 @@ def find_beacon(self, q_job, beacon_list): else: list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW] for column in self.data_fields: - print(work.iloc[0]) - list_to_append.append(work.iloc[0][column]) + if column in work.iloc[0].columns.tolist(): + list_to_append.append(work.iloc[0][column]) + else: + list_to_append.append("''") print("beacon found") print(list_to_append) beacon_list.append(list_to_append) diff --git a/setup.py b/setup.py index edbba6b..0bf62f8 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.16', + version='1.17', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 01cac6808749fd7a1be5fe06a6cf7164740ae876 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 16:47:25 -0300 Subject: [PATCH 44/51] go --- flare/analytics/command_control.py | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 1f2f989..0435af3 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -376,7 +376,7 @@ def find_beacon(self, q_job, beacon_list): else: list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW] for column in self.data_fields: - if column in work.iloc[0].columns.tolist(): + if column in work.columns.tolist(): list_to_append.append(work.iloc[0][column]) else: list_to_append.append("''") diff --git a/setup.py b/setup.py index 0bf62f8..2fe67b4 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.17', + version='1.18', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 93492bb0e35f2a27a45384e3a95d23ca2a7ff891 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 17:26:24 -0300 Subject: [PATCH 45/51] test --- flare/analytics/command_control.py | 7 ++----- setup.py | 2 +- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 0435af3..42607e0 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -270,11 +270,8 @@ def hour_query(self, h, *fields): }, "sort": ["_doc"] } - # if fields: - # query["_source"] = list(fields) - # if self.domain_field != "''": - # query["_source"].append(self.domain_field) - # self.dprint(query) + + query["_source"] = self.data_fields print(f"SCAN QUERY: {query}") return query diff --git a/setup.py b/setup.py index 2fe67b4..6f49127 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.18', + version='1.19', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From f7f6516b41b4870389eb4573e47c03a97ebdf2f2 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 17:27:32 -0300 Subject: [PATCH 46/51] test --- flare/analytics/command_control.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 42607e0..4d845f1 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -332,9 +332,7 @@ def run_query(self): return df def find_beacon(self, q_job, beacon_list): - print("Entrou na thread") while not q_job.empty(): - print("Entrou no while") triad_id = q_job.get() self.l_df.acquire() work = self.flow_data[self.flow_data.triad_id == triad_id] From ad6256c45015ca2a0885746ab7bd42ffdc8f01f0 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 17:33:31 -0300 Subject: [PATCH 47/51] fix --- flare/analytics/command_control.py | 12 ++++++------ setup.py | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 4d845f1..b20d3d0 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -361,15 +361,15 @@ def find_beacon(self, q_job, beacon_list): # DEST_IP = work[self.beacon_dest_ip].unique()[0] # DEST_PORT = str(int(work[self.beacon_destination_port].unique()[0])) # BYTES_TOSERVER = work[self.beacon_flow_bytes_toserver].sum() - list_to_append = [] + # list_to_append = [] SRC_DEGREE = len(work[self.beacon_dest_ip].unique()) OCCURRENCES = total self.l_list.acquire() - if self.domain_field != "''": - DOMAIN = work[self.domain_field].unique()[0] - list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW,DOMAIN] - else: - list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW] + # if self.domain_field != "''": + # DOMAIN = work[self.domain_field].unique()[0] + # list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW,DOMAIN] + # else: + list_to_append = [SRC_DEGREE, OCCURRENCES, PERCENT, WINDOW] for column in self.data_fields: if column in work.columns.tolist(): list_to_append.append(work.iloc[0][column]) diff --git a/setup.py b/setup.py index 6f49127..e1d6f45 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.19', + version='1.20', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 95827c275d455cb67cb307269e878bd1e14dd8dc Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 17:37:50 -0300 Subject: [PATCH 48/51] test --- flare/analytics/command_control.py | 14 +++++++------- setup.py | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index b20d3d0..092591f 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -146,8 +146,8 @@ def __init__(self, self.info = '{info}[INFO]{endc}'.format(info=bcolors.OKBLUE, endc=bcolors.ENDC) self.success = '{green}[SUCCESS]{endc}'.format(green=bcolors.OKGREEN, endc=bcolors.ENDC) self.fields = ['dest_degree', 'occurrences', 'percent', 'interval'] - if self.domain_field != "''": - self.fields.append(self.domain_field) + # if self.domain_field != "''": + # self.fields.append(self.domain_field) self.fields += data_fields self.data_fields = data_fields @@ -185,7 +185,7 @@ def dprint(self, msg): print(("[DEBUG] " + str(msg))) - def hour_query(self, h, *fields): + def hour_query(self, h): """ :param h: Number of hours to look for beaconing (recommend 24 if computer can support it) @@ -193,10 +193,10 @@ def hour_query(self, h, *fields): :return: """ # Timestamp in ES is in milliseconds - NOW = int(time.time() * 1000) - SECONDS = 1000 - MINUTES = 60 * SECONDS - HOURS = 60 * MINUTES + # NOW = int(time.time() * 1000) + # SECONDS = 1000 + # MINUTES = 60 * SECONDS + # HOURS = 60 * MINUTES # lte = NOW lte = datetime.datetime.now().strftime('%Y-%m-%dT%H:%M:%S.%f%z') # gte = int(NOW - h * HOURS) diff --git a/setup.py b/setup.py index e1d6f45..5a57ba9 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.20', + version='1.21', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From a33c9f67f3317ae30ca7d3e43d6a182bc949adf1 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 17:39:00 -0300 Subject: [PATCH 49/51] test --- flare/analytics/command_control.py | 3 +-- setup.py | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 092591f..d9af9b3 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -307,8 +307,7 @@ def run_query(self): # if self.suricata_defaults: # FLOW_BYTES = 'flow.' + FLOW_BYTES - query = self.hour_query(self.period, self.beacon_src_ip, self.beacon_dest_ip, self.beacon_destination_port, - self.beacon_timestamp) + query = self.hour_query(self.period) self.dprint(query) resp = helpers.scan(query=query, client=self.es, scroll="4m", size=3500, index=self.es_index, request_timeout=self.es_timeout,raise_on_error=False) df = pd.io.json.json_normalize([rec['_source'] for rec in resp]) diff --git a/setup.py b/setup.py index 5a57ba9..8c28f3c 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.21', + version='1.22', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 8bc70aefb64471894eecc39a81b6f25a3bcd788d Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 17:42:47 -0300 Subject: [PATCH 50/51] good to go --- flare/analytics/command_control.py | 4 ++-- setup.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index d9af9b3..2ff76dd 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -374,8 +374,8 @@ def find_beacon(self, q_job, beacon_list): list_to_append.append(work.iloc[0][column]) else: list_to_append.append("''") - print("beacon found") - print(list_to_append) + # print("beacon found") + # print(list_to_append) beacon_list.append(list_to_append) self.l_list.release() diff --git a/setup.py b/setup.py index 8c28f3c..9eafde0 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.22', + version='1.23', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License From 89c64076f9e2412aa40dc0cbedbfba4fc2a9fcb0 Mon Sep 17 00:00:00 2001 From: Paulo Date: Wed, 7 Dec 2022 20:38:59 -0300 Subject: [PATCH 51/51] fix --- flare/analytics/command_control.py | 3 ++- setup.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/flare/analytics/command_control.py b/flare/analytics/command_control.py index 2ff76dd..8d60e9d 100644 --- a/flare/analytics/command_control.py +++ b/flare/analytics/command_control.py @@ -96,7 +96,8 @@ def __init__(self, # self.beacon_flow_id = self.config.get('beacon', 'field_flow_id') self.beacon_event_key = self.config.get('beacon','event_key') self.beacon_event_type = self.config.get('beacon','event_type') - self.filter = self.config.get('beacon','filter') + # self.filter = self.config.get('beacon','filter') + self.filter = '' self.verbose = self.config.config.getboolean('beacon', 'verbose') self.auth_user = self.config.config.get('beacon','username') self.auth_password = self.config.config.get('beacon', 'password') diff --git a/setup.py b/setup.py index 9eafde0..e3d1c56 100644 --- a/setup.py +++ b/setup.py @@ -2,7 +2,7 @@ setup( name='Flare', - version='1.23', + version='1.24', platforms=["any"], # or more specific, e.g. "win32", "cygwin", "osx" license="""MIT License