Skip to content

Commit

Permalink
Update event_generators with new indexes definitions
Browse files Browse the repository at this point in the history
  • Loading branch information
@QU3B1M
QU3B1M committed Nov 13, 2024
1 parent bdb0519 commit 73a2101
Show file tree
Hide file tree
Showing 10 changed files with 861 additions and 266 deletions.
72 changes: 67 additions & 5 deletions ecs/agent/event-generator/event_generator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ def generate_random_agent():
'name': f'Agent{random.randint(0, 99)}',
'type': random.choice(['filebeat', 'windows', 'linux', 'macos']),
'version': f'v{random.randint(0, 9)}-stable',
'is_connected': random.choice([True, False]),
'status': random.choice(['active', 'inactive']),
'last_login': generate_random_date(),
'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}'],
'key': f'key{random.randint(0, 999)}'
Expand All @@ -47,13 +47,76 @@ def generate_random_agent():


def generate_random_host():
family = random.choice(['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL'])
family = random.choice(
['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL'])
version = f'{random.randint(0, 99)}.{random.randint(0, 99)}'
host = {
'architecture': random.choice(['x86_64', 'arm64']),
'boot': {
'id': f'boot{random.randint(0, 9999)}'
},
'cpu': {
'usage': random.uniform(0, 100)
},
'disk': {
'read': {
'bytes': random.randint(0, 1000000)
},
'write': {
'bytes': random.randint(0, 1000000)
}
},
'domain': f'domain{random.randint(0, 999)}',
'geo': {
'city_name': random.choice(['San Francisco', 'New York', 'Berlin', 'Tokyo']),
'continent_code': random.choice(['NA', 'EU', 'AS']),
'continent_name': random.choice(['North America', 'Europe', 'Asia']),
'country_iso_code': random.choice(['US', 'DE', 'JP']),
'country_name': random.choice(['United States', 'Germany', 'Japan']),
'location': {
'lat': round(random.uniform(-90.0, 90.0), 6),
'lon': round(random.uniform(-180.0, 180.0), 6)
},
'name': f'geo{random.randint(0, 999)}',
'postal_code': f'{random.randint(10000, 99999)}',
'region_iso_code': f'region{random.randint(0, 999)}',
'region_name': f'Region {random.randint(0, 999)}',
'timezone': random.choice(['PST', 'EST', 'CET', 'JST'])
},
'hostname': f'host{random.randint(0, 9999)}',
'id': f'hostid{random.randint(0, 9999)}',
'ip': f'{random.randint(1, 255)}.{random.randint(1, 255)}.{random.randint(1, 255)}.{random.randint(1, 255)}',
'mac': f'{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}',
'name': f'hostname{random.randint(0, 9999)}',
'network': {
'egress': {
'bytes': random.randint(0, 1000000),
'packets': random.randint(0, 1000000)
},
'ingress': {
'bytes': random.randint(0, 1000000),
'packets': random.randint(0, 1000000)
}
},
'os': {
'family': family,
'full': f'{family} {version}',
}
'kernel': f'kernel{random.randint(0, 999)}',
'name': family,
'platform': random.choice(['linux', 'windows', 'macos']),
'type': family,
'version': version
},
'pid_ns_ino': f'{random.randint(1000000, 9999999)}',
'risk': {
'calculated_level': random.choice(['low', 'medium', 'high']),
'calculated_score': random.uniform(0, 100),
'calculated_score_norm': random.uniform(0, 1),
'static_level': random.choice(['low', 'medium', 'high']),
'static_score': random.uniform(0, 100),
'static_score_norm': random.uniform(0, 1)
},
'uptime': random.randint(0, 1000000)
}
return host

Expand Down Expand Up @@ -105,8 +168,7 @@ def main():

logging.info('Data generation completed.')

inject = input(
"Do you want to inject the generated data into your indexer? (y/n) ").strip().lower()
inject = input("Do you want to inject the generated data into your indexer? (y/n) ").strip().lower()
if inject == 'y':
ip = input(f"Enter the IP of your Indexer (default: '{IP}'): ") or IP
port = input(f"Enter the port of your Indexer (default: '{PORT}'): ") or PORT
Expand Down
116 changes: 95 additions & 21 deletions ecs/states-fim/event-generator/event_generator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,46 +28,120 @@
def generate_random_date():
start_date = datetime.datetime.now()
end_date = start_date - datetime.timedelta(days=10)
random_date = end_date + (start_date - end_date) * random.random()
random_date = start_date + (end_date - start_date) * random.random()
return random_date.strftime(DATE_FORMAT)


def generate_random_agent():
agent = {
'id': f'agent{random.randint(0, 99)}',
'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}']
'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}'],
'host': generate_random_host()
}
return agent


def generate_random_host():
host = {
'architecture': random.choice(['x86_64', 'arm64']),
'boot': {
'id': f'bootid{random.randint(0, 9999)}'
},
'cpu': {
'usage': random.uniform(0, 100)
},
'disk': {
'read': {
'bytes': random.randint(1000, 1000000)
},
'write': {
'bytes': random.randint(1000, 1000000)
}
},
'domain': f'domain{random.randint(0, 1000)}',
'geo': {
'city_name': 'CityName',
'continent_code': 'NA',
'continent_name': 'North America',
'country_iso_code': 'US',
'country_name': 'United States',
'location': {
'lat': round(random.uniform(-90, 90), 6),
'lon': round(random.uniform(-180, 180), 6)
},
'name': f'hostname{random.randint(0, 999)}',
'postal_code': f'{random.randint(10000, 99999)}',
'region_iso_code': 'US-CA',
'region_name': 'California',
'timezone': 'America/Los_Angeles'
},
'hostname': f'host{random.randint(0, 1000)}',
'id': f'id{random.randint(0, 1000)}',
'ip': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}',
'mac': f'{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}',
'name': f'host{random.randint(0, 1000)}',
'network': {
'egress': {
'bytes': random.randint(1000, 1000000),
'packets': random.randint(100, 10000)
},
'ingress': {
'bytes': random.randint(1000, 1000000),
'packets': random.randint(100, 10000)
}
},
'os': {
'family': random.choice(['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']),
'full': f'{random.choice(["debian", "ubuntu", "macos", "ios", "android", "RHEL"])} {random.randint(0, 99)}.{random.randint(0, 99)}',
'kernel': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}',
'name': random.choice(['Linux', 'Windows', 'macOS']),
'platform': random.choice(['platform1', 'platform2']),
'type': random.choice(['os_type1', 'os_type2']),
'version': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}'
},
'pid_ns_ino': f'pid_ns{random.randint(0, 9999)}',
'risk': {
'calculated_level': random.choice(['low', 'medium', 'high']),
'calculated_score': random.uniform(0, 10),
'calculated_score_norm': random.uniform(0, 1),
'static_level': random.choice(['low', 'medium', 'high']),
'static_score': random.uniform(0, 10),
'static_score_norm': random.uniform(0, 1)
},
'type': random.choice(['type1', 'type2']),
'uptime': random.randint(1000, 1000000)
}
return host


def generate_random_file():
file = {
'attributes': f'attr{random.randint(0, 999)}',
'gid': f'gid{random.randint(0, 999)}',
'group': f'group{random.randint(0, 99)}',
'attributes': random.choice(['attribute1', 'attribute2']),
'gid': f'gid{random.randint(0, 1000)}',
'group': f'group{random.randint(0, 1000)}',
'hash': {
'md5': f'md5_{random.randint(0, 999)}',
'sha1': f'sha1_{random.randint(0, 999)}',
'sha256': f'sha256_{random.randint(0, 999)}'
'md5': f'{random.randint(0, 9999)}',
'sha1': f'{random.randint(0, 9999)}',
'sha256': f'{random.randint(0, 9999)}'
},
'inode': f'inode{random.randint(0, 999)}',
'mode': f'mode{random.randint(0, 999)}',
'inode': f'inode{random.randint(0, 1000)}',
'mode': f'mode{random.randint(0, 1000)}',
'mtime': generate_random_date(),
'name': f'file{random.randint(0, 999)}',
'owner': f'owner{random.randint(0, 99)}',
'path': f'/path/to/file{random.randint(0, 999)}',
'size': random.randint(0, 99999),
'target_path': f'/path/to/target_file{random.randint(0, 999)}',
'type': f'type{random.randint(0, 99)}',
'uid': f'uid{random.randint(0, 999)}'
'name': f'name{random.randint(0, 1000)}',
'owner': f'owner{random.randint(0, 1000)}',
'path': f'/path/to/file',
'size': random.randint(1000, 1000000),
'target_path': f'/path/to/target{random.randint(0, 1000)}',
'type': random.choice(['file_type1', 'file_type2']),
'uid': f'uid{random.randint(0, 1000)}'
}
return file


def generate_random_registry():
registry = {
'key': f'regkey{random.randint(0, 999)}',
'value': f'regvalue{random.randint(0, 999)}'
'key': f'registry_key{random.randint(0, 1000)}',
'value': f'registry_value{random.randint(0, 1000)}'
}
return registry

Expand All @@ -78,6 +152,7 @@ def generate_random_data(number):
event_data = {
'agent': generate_random_agent(),
'file': generate_random_file(),
'host': generate_random_host(),
'registry': generate_random_registry()
}
data.append(event_data)
Expand Down Expand Up @@ -120,8 +195,7 @@ def main():

logging.info('Data generation completed.')

inject = input(
"Do you want to inject the generated data into your indexer? (y/n) ").strip().lower()
inject = input("Do you want to inject the generated data into your indexer? (y/n) ").strip().lower()
if inject == 'y':
ip = input(f"Enter the IP of your Indexer (default: '{IP}'): ") or IP
port = input(f"Enter the port of your Indexer (default: '{PORT}'): ") or PORT
Expand Down
92 changes: 81 additions & 11 deletions ecs/states-inventory-hardware/event-generator/event_generator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,39 +28,109 @@
def generate_random_date():
start_date = datetime.datetime.now()
end_date = start_date - datetime.timedelta(days=10)
random_date = end_date + (start_date - end_date) * random.random()
random_date = start_date + (end_date - start_date) * random.random()
return random_date.strftime(DATE_FORMAT)


def generate_random_agent():
agent = {
'id': f'agent{random.randint(0, 99)}',
'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}']
'groups': [f'group{random.randint(0, 99)}', f'group{random.randint(0, 99)}'],
'host': generate_random_host()
}
return agent


def generate_random_host():
host = {
'architecture': random.choice(['x86_64', 'arm64']),
'boot': {
'id': f'bootid{random.randint(0, 9999)}'
},
'cpu': {
'cores': random.randint(1, 16),
'name': f'cpu_{random.randint(1, 999)}',
'speed': random.randint(1000, 4000)
'name': f'CPU{random.randint(1, 999)}',
'speed': random.randint(1000, 5000),
'usage': random.uniform(0, 100)
},
'disk': {
'read': {
'bytes': random.randint(1000, 1000000)
},
'write': {
'bytes': random.randint(1000, 1000000)
}
},
'domain': f'domain{random.randint(0, 1000)}',
'geo': generate_random_geo(),
'hostname': f'host{random.randint(0, 1000)}',
'id': f'id{random.randint(0, 1000)}',
'ip': f'{random.randint(1, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}.{random.randint(0, 255)}',
'mac': f'{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}:{random.randint(0, 255):02x}',
'memory': {
'free': random.randint(1000, 16000),
'total': random.randint(2000, 32000),
'free': random.randint(1000, 100000),
'total': random.randint(1000, 100000),
'used': {
'percentage': random.randint(1, 100)
'percentage': random.uniform(0, 100)
}
}
},
'name': f'host{random.randint(0, 1000)}',
'network': {
'egress': {
'bytes': random.randint(1000, 1000000),
'packets': random.randint(100, 10000)
},
'ingress': {
'bytes': random.randint(1000, 1000000),
'packets': random.randint(100, 10000)
}
},
'os': {
'family': random.choice(['debian', 'ubuntu', 'macos', 'ios', 'android', 'RHEL']),
'full': f'{random.choice(["debian", "ubuntu", "macos", "ios", "android", "RHEL"])} {random.randint(0, 99)}.{random.randint(0, 99)}',
'kernel': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}',
'name': random.choice(['Linux', 'Windows', 'macOS']),
'platform': random.choice(['platform1', 'platform2']),
'type': random.choice(['os_type1', 'os_type2']),
'version': f'{random.randint(0, 9)}.{random.randint(0, 9)}.{random.randint(0, 9)}'
},
'pid_ns_ino': f'pid_ns{random.randint(0, 9999)}',
'risk': {
'calculated_level': random.choice(['low', 'medium', 'high']),
'calculated_score': random.uniform(0, 10),
'calculated_score_norm': random.uniform(0, 1),
'static_level': random.choice(['low', 'medium', 'high']),
'static_score': random.uniform(0, 10),
'static_score_norm': random.uniform(0, 1)
},
'type': random.choice(['type1', 'type2']),
'uptime': random.randint(1000, 1000000)
}
return host


def generate_random_geo():
geo = {
'city_name': 'CityName',
'continent_code': 'NA',
'continent_name': 'North America',
'country_iso_code': 'US',
'country_name': 'United States',
'location': {
'lat': round(random.uniform(-90, 90), 6),
'lon': round(random.uniform(-180, 180), 6)
},
'name': f'location{random.randint(0, 999)}',
'postal_code': f'{random.randint(10000, 99999)}',
'region_iso_code': 'US-CA',
'region_name': 'California',
'timezone': 'America/Los_Angeles'
}
return geo


def generate_random_observer():
observer = {
'serial_number': f'{random.randint(1000000000, 9999999999)}'
'serial_number': f'serial{random.randint(0, 9999)}'
}
return observer

Expand All @@ -69,7 +139,7 @@ def generate_random_data(number):
data = []
for _ in range(number):
event_data = {
'@timestamp': datetime.datetime.now().strftime(DATE_FORMAT),
'@timestamp': generate_random_date(),
'agent': generate_random_agent(),
'host': generate_random_host(),
'observer': generate_random_observer()
Expand Down
Loading

0 comments on commit 73a2101

Please sign in to comment.