-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfalco_functions.py
71 lines (61 loc) · 2.69 KB
/
falco_functions.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
import os
import yaml
from config import *
import sys
import csv
#################################################
# Open Falco Rules file and write YAML output #
# - returns a PyYAML object #
#################################################
def writeFalcoRulesFileYaml(rules_file, list_name, yaml_string):
try:
with open(rules_file, "w") as stream:
f = open(rules_file,"w")
f.write("# This Falco rules file is autogenerated by falco-misp-connector - please do not alter manually\n")
f.write("- list: " + list_name + "\n")
f.write(" items: " + yaml_string + "\n")
f.close()
except yaml.YAMLError as exc:
print(f"Couldn't write Falco rules file " + rules_file + ". Please check the file exists, is readable and is YAML formatted. Error {err=}, {type(err)=}")
sys.exit(0)
return
##############################################
# Write CSV File #
# - no return value #
##############################################
def writeFalcoCSVFile(input_dict, filename):
try:
with open(filename, 'w', newline='\n') as file:
writer = csv.writer(file)
for hash in input_dict.keys():
writer.writerow([hash,str(input_dict[hash][0])])
except Exception as err:
print(f"- WARNING: Couldn't write Falco malware hash file: " + filename + ". Error {err=}, {type(err)=}")
##############################################
# Read CSV File #
# - no return value #
##############################################
def readFalcoCSVFile(filename):
sha256_dict = {}
try:
with open(filename, newline='\n') as csvfile:
malwareHashCSV = csv.reader(csvfile, delimiter=',')
for row in malwareHashCSV:
sha256_dict[row[0]] = [row[1],'','']
except Exception as err:
print(f"- WARNING: Couldn't parse Falco malware hash file: " + filename + " from CSV. Error {err=}, {type(err)=}")
return sha256_dict
#################################################
# Write a file with Newline charaters for test #
# - Nothing #
#################################################
def writeNewlineFile(newline_file, newline_string):
try:
with open(newline_file, "w") as stream:
f = open(newline_file,"w")
f.write(newline_string)
f.close()
except yaml.YAMLError as exc:
print(f"Couldn't write Newline file " + newline_file + ". Please check the file exists. Error {err=}, {type(err)=}")
sys.exit(0)
return