from flask import Flask, request import socket from datetime import datetime import json from jira import JIRA app = Flask(__name__) # Jira Service Management Integration section jira_url = 'https://xxxxx.atlassian.net/' username = 'your email here' api_token = 'your api key here' jira_project = 'your project key here' def get_host_ip(): try: # Get the hostname host_name = socket.gethostname() print(f"Hostname: {host_name}") # Debug print # Get the IP address of the host host_ip = socket.gethostbyname(host_name) print(f"Host IP: {host_ip}") # Debug print return host_ip except Exception as e: print(f"Error getting host IP: {e}") # Debug print return "Unable to get Host IP" def format_udm_to_html(payload, source_ip): # Example UDM event based on the provided payload and source_ip # This is a simplified example; you should expand this according to your data and the UDM schema # Extract required information from the payload files = payload.get('files', []) username = payload.get('userName', 'Unknown') client_ip = payload['clientIPs'][0] if payload['clientIPs'] else 'Unknown' nes = payload['nes'][0] if payload['nes'] else 'Unknown' udm_event = { "incidentmetadata": { "event_type": "Cyber Storage", "event_timestamp": datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%SZ'), "product_log_id": "Superna Zero Trust Webhook", "vendor_name": "Superna", "product_name": "Eyeglass Data Security Edition", "product_version": "V2.5.9", }, "principal": { "hostname": payload.get('clientIPs', 'Unknown'), "ip": payload.get('clientIPs', 'Unknown'), "user": { "user_id": payload.get('userName', 'Unknown'), } }, "target": { "hostname": payload.get('clientIPs', 'Unknown'), "ip": payload.get('clientIPs', 'Unknown') }, "security_result": { "about": "Superna Zero Trust Cyber Storage Threat Detection", "category": "SOFTWARE_MALICIOUS", "category_details": "Ransomware", "threat_name": "Superna Threat detector", "severity": payload.get('severity', 'Unknown'), "action_details": payload.get('actions', [{}])[0].get('action', 'Unknown'), "priority": payload.get('state', 'Unknown'), "confidence": "HIGH_CONFIDENCE" }, "file_list": files, # Added file list "nes": nes # Added NES } return json.dumps(udm_event) # return json vs html def send_to_jira(jira_url,username, api_token,jira_project, udm_message, source_ip,payload): # Connect to Jira jira = JIRA(jira_url, basic_auth=(username, api_token)) files = payload.get('files', []) username = payload.get('userName', 'Unknown') client_ip = payload['clientIPs'][0] if payload['clientIPs'] else 'Unknown' nes = payload['nes'][0] if payload['nes'] else 'Unknown' summary = 'Suspected Ransomware Attack detected on user name ' + payload.get('userName', 'Unknown') + ' on host: ' + client_ip + ' on cluster ' + nes # Define the new issue details for a Service Desk Incident new_issue = { 'project': {'key': jira_project}, # Make sure this is the correct project key for your service desk 'summary': summary, 'description': 'Superna Zero Trust Alert' + udm_message, 'issuetype': {'name': 'Report an incident'}, # Assuming 'Incident' is a valid issue type in your project # 'urgency': {'name': 'Critical'}, 'priority': {'name': 'Highest'} } # Create the issue issue = jira.create_issue(fields=new_issue) # Print created issue id and URL to access it print(f"Issue {issue.key} created: {jira_url}/browse/{issue.key}") @app.route('/webhook', methods=['POST']) def webhook(): try: payload = request.json source_ip = get_host_ip() # Get the host IP udm_message = format_udm_to_html(payload, source_ip) # Format the payload as UDM html send_to_jira(jira_url,username, api_token,jira_project, udm_message, source_ip, payload) # Pass source_ip here as well return "Success", 200 except Exception as e: return str(e), 500 if __name__ == '__main__': app.run(host='0.0.0.0', port=5000,debug=True)