Home Esplora Aiuto
Accedi
tum
/
soc
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Pull Requests 0 Commit 6 Rilasci 0 Wiki

Nessuna descrizione

Albero (Tree): 7efe524391
Rami (Branch) Tag
soc
/
soc-integrator
/
app
/
models.py

models.py 2.3KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. from datetime import datetime, timezone
    2. 

  2. from typing import Any, Literal
    3. 

  3. 

  4. from pydantic import BaseModel, Field
    5. 

  5. 

  6. 

  7. def utc_now() -> datetime:
    8. 

  8.     return datetime.now(timezone.utc)
    9. 

  9. 

  10. 

  11. class WazuhIngestRequest(BaseModel):
    12. 

  12.     source: str = "wazuh"
    13. 

  13.     rule_id: str | None = None
    14. 

  14.     alert_id: str | None = None
    15. 

  15.     severity: int | None = None
    16. 

  16.     title: str | None = None
    17. 

  17.     payload: dict[str, Any] = Field(default_factory=dict)
    18. 

  18. 

  19. 

  20. class ActionCreateIncidentRequest(BaseModel):
    21. 

  21.     title: str
    22. 

  22.     severity: str = "medium"
    23. 

  23.     source: str = "soc-integrator"
    24. 

  24.     dedupe_key: str | None = None
    25. 

  25.     payload: dict[str, Any] = Field(default_factory=dict)
    26. 

  26. 

  27. 

  28. class TriggerShuffleRequest(BaseModel):
    29. 

  29.     workflow_id: str
    30. 

  30.     execution_argument: dict[str, Any] = Field(default_factory=dict)
    31. 

  31. 

  32. 

  33. class ShuffleProxyRequest(BaseModel):
    34. 

  34.     method: str = "GET"
    35. 

  35.     path: str
    36. 

  36.     params: dict[str, Any] = Field(default_factory=dict)
    37. 

  37.     payload: dict[str, Any] = Field(default_factory=dict)
    38. 

  38. 

  39. 

  40. class ShuffleLoginRequest(BaseModel):
    41. 

  41.     username: str
    42. 

  42.     password: str
    43. 

  43. 

  44. 

  45. class MvpIncidentIngestRequest(BaseModel):
    46. 

  46.     source: Literal["wazuh", "shuffle", "manual"] = "wazuh"
    47. 

  47.     event_type: Literal["ioc_dns", "ioc_ips", "vpn_geo_anomaly", "auth_anomaly", "generic"] = "generic"
    48. 

  48.     event_id: str
    49. 

  49.     timestamp: datetime
    50. 

  50.     severity: Literal["low", "medium", "high", "critical"] = "medium"
    51. 

  51.     title: str
    52. 

  52.     description: str
    53. 

  53.     asset: dict[str, Any] = Field(default_factory=dict)
    54. 

  54.     network: dict[str, Any] = Field(default_factory=dict)
    55. 

  55.     tags: list[str] = Field(default_factory=list)
    56. 

  56.     risk_context: dict[str, Any] = Field(default_factory=dict)
    57. 

  57.     raw: dict[str, Any] = Field(default_factory=dict)
    58. 

  58.     payload: dict[str, Any] = Field(default_factory=dict)
    59. 

  59. 

  60. 

  61. class MvpIocEvaluateRequest(BaseModel):
    62. 

  62.     ioc_type: Literal["domain", "ip"]
    63. 

  63.     ioc_value: str
    64. 

  64.     source_event: dict[str, Any] = Field(default_factory=dict)
    65. 

  65. 

  66. 

  67. class MvpVpnEvaluateRequest(BaseModel):
    68. 

  68.     user: str
    69. 

  69.     src_ip: str
    70. 

  70.     country_code: str
    71. 

  71.     success: bool
    72. 

  72.     event_time: datetime
    73. 

  73.     is_admin: bool = False
    74. 

  74.     off_hours: bool = False
    75. 

  75.     first_seen_country: bool = False
    76. 

  76.     event_id: str | None = None
    77. 

  77. 

  78. 

  79. class ApiResponse(BaseModel):
    80. 

  80.     ok: bool = True
    81. 

  81.     message: str = "ok"
    82. 

  82.     timestamp: datetime = Field(default_factory=utc_now)
    83. 

  83.     data: dict[str, Any] = Field(default_factory=dict)
    84. 

  84.