forked from naisanza/verodin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ruby-to-snort.rb
executable file
·94 lines (80 loc) · 1.87 KB
/
ruby-to-snort.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/usr/bin/env ruby
#
# This script does the following:
# - Connect to sguil mysql database
# - Identify new events
# - POST them to a rails server
#
#
# Created: Sat Nov 3 05:31:05 UTC 2018
#
require "mysql"
require "rest-client"
require "json"
# VARS
DBHOST = "localhost"
DBPORT = "3306"
DBNAME = "securityonion_db"
DBUSER = "sguil"
DBPASS = "password"
class SguilConnector
def initialize(dbhost, dbuser, dbpass, dbname, dbport)
# DataBase Info
@DBHOST = dbhost
@DBUSER = dbuser
@DBPASS = dbpass
@DBNAME = dbname
@DBPORT = dbport
end
def connect
# DBPORT is running on default port
puts "host: #{@DBHOST}"
puts "user: #{@DBUSER}"
puts "pass: #{@DBPASS}"
puts " db: #{@DBNAME}"
puts "port: #{@DBPORT}"
return con = Mysql.new(@DBHOST, @DBUSER, @DBPASS, @DBNAME)
end
end
class EventHandler
def initialize(sguil, query)
# Use SGUIL database connection
@CON = sguil
@QUERY = query
end
def get_events
# Get all events from sql
# http://nsmwiki.org/Sguil_FAQ#What_tables_are_in_the_database.3F
# SELECT * FROM securityonion_db.event;
return @CON.query(@QUERY)
end
end
class Postmates
def initialize(hashes, api_endpoint)
# Expects a Mysql::Result object
@HASHES = hashes
@REMOTE = api_endpoint
end
def get
# Test connection to endpoint
puts RestClient.get @REMOTE
end
def put
# Send via endpoint
@HASHES.each_hash do |hash|
events = []
events << hash
events_json = events.to_json
puts events_json
RestClient.put @REMOTE, events_json
#RestClient.put @REMOTE, events_json, {:content_type => :json}
end
end
end
query = "SELECT * FROM securityonion_db.event;"
remote = "http://localhost:3000/api/v1"
sql = SguilConnector.new(DBHOST, DBUSER, DBPASS, DBNAME, DBPORT).connect
events = EventHandler.new(sql, query).get_events()
#get = Postmates.new(events, remote).get
post = Postmates.new(events, remote).put
sql.close