from flask import Flask, request import logging import json from datetime import datetime, timezone from requests.adapters import HTTPAdapter from urllib3.util.retry import Retry import requests # Flask app initialization app = Flask(__name__) # Securonix HTTP Collector Endpoint Securonix_URL = "xxxxxxxx" Securonix_key = "yyyyyyy" # Configure logging logging.basicConfig( filename="app.log", level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s", ) # UEF Formatting Function def format_uef(payload): device_product = "Data Security Edition" device_vendor = "Superna" device_version = "V1" device_event_class_id = "security" version = "1.0" event_type = "threat_detection" event = payload.get("id", "Unknown") severity = payload.get("severity", "Unknown") state = payload.get("state", "Unknown") detected = payload.get("detected", "Unknown") detected_time = payload.get("detectedTime", 0) nes = ", ".join(payload.get("nes", [])) files = "; ".join(payload.get("files", [])) shares = "; ".join(share.get("name", "Unknown") for share in payload.get("shares", [])) alert_url = payload.get("url", "Unknown") try: timestamp = datetime.fromtimestamp(detected_time / 1000, tz=timezone.utc).isoformat() except Exception as e: timestamp = "Unknown" logging.error("Error converting detectedTime to timestamp: %s", str(e)) protocol = payload.get("protocol", "Unknown") client_ip = payload.get("clientIPs", ["Unknown"])[0] user = payload.get("userName", "Unknown") actions = [action.get("action", "Unknown") for action in payload.get("actions", [])] action = " | ".join(actions) uef_message = { "timestamp": timestamp, "device_product": device_product, "device_vendor": device_vendor, "device_version": device_version, "device_event_class_id": device_event_class_id, "version": version, "event_type": event_type, "event": event, "severity": severity, "state": state, "detected": detected, "detected_time": detected_time, "nes": nes, "files": files, "shares": shares, "protocol": protocol, "client_ip": client_ip, "user": user, "action": action, "Alert_url": alert_url } return uef_message # Securonix utilities def get_requests_session(): session = requests.Session() retries = Retry(total=3, backoff_factor=1, status_forcelist=[500, 502, 503, 504]) session.mount("https://", HTTPAdapter(max_retries=retries)) return session def send_to_Securonix(payload): headers = { "Content-Type": "application/json", "Authorization": f"Bearer {Securonix_key}" } session = get_requests_session() try: print("Sending payload to Securonix:", json.dumps(payload, indent=4)) logging.info("Sending payload to Securonix: %s", json.dumps(payload, indent=4)) response = session.post(Securonix_URL, headers=headers, json=payload) response_data = { "status_code": response.status_code, "response_text": response.text, "headers": dict(response.headers) } print("Response from Securonix:", json.dumps(response_data, indent=4)) logging.info("Response from Securonix: %s", json.dumps(response_data, indent=4)) return response_data except Exception as e: print(f"Exception while sending to Securonix: {str(e)}") logging.error("Exception while sending to Securonix: %s", str(e)) return {"error": str(e)} # Flask webhook route @app.route('/webhook', methods=['POST']) def webhook(): try: payload = request.json uef_message = format_uef(payload) response_data = send_to_Securonix(uef_message) return json.dumps(response_data), response_data.get("status_code", 500) except Exception as e: print(f"Error handling webhook: {str(e)}") logging.error("Error handling webhook: %s", str(e)) return json.dumps({"error": str(e)}), 500 if __name__ == '__main__': app.run(host='0.0.0.0', port=5000, debug=True)