Skip to content

Commit

Permalink
Refinement of common module and notification system
Browse files Browse the repository at this point in the history
Improvements and adjustments to the common module and notification system. This includes minor bug fixes, code optimizations, and architectural improvements to enhance performance and maintainability.
  • Loading branch information
ygalnezri committed Dec 8, 2024
1 parent 505988f commit d6358ca
Show file tree
Hide file tree
Showing 13 changed files with 637 additions and 642 deletions.
9 changes: 7 additions & 2 deletions .env
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,13 @@ ALLOWED_HOST=
CSRF_TRUSTED_ORIGINS=

# DJANGO EMAIL Configuration
EMAIL_FROM=[email protected]
SMTP_SERVER=localhost
EMAIL_FROM=
SMTP_SERVER=
EMAIL_PORT=25
EMAIL_USE_TLS=False
EMAIL_USE_SSL=False
EMAIL_HOST_USER=
EMAIL_HOST_PASSWORD=
WATCHER_URL=https://example.watcher.local
WATCHER_LOGO=https://raw.githubusercontent.com/thalesgroup-cert/Watcher/master/Watcher/static/Watcher-logo-simple.png
EMAIL_SUBJECT_TAG_SITE_MONITORING=INCIDENT
Expand Down
43 changes: 22 additions & 21 deletions Watcher/Watcher/common/core.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,18 +6,14 @@
import re
from html import unescape
from site_monitoring.models import Site
from datetime import datetime
from secrets import token_hex
from .mail_template.threats_watcher_template import get_threats_watcher_template
from .mail_template.data_leak_template import get_data_leak_template
from .mail_template.data_leak_group_template import get_data_leak_group_template
from .mail_template.dns_finder_template import get_dns_finder_template
from .mail_template.dns_finder_group_template import get_dns_finder_group_template
from .mail_template.site_monitoring_template import get_site_monitoring_template
from .mail_template.dns_finder_template import get_dns_finder_template
from .mail_template.dns_finder_cert_transparency import get_dns_finder_cert_transparency_template

thehive_url = settings.THE_HIVE_URL
api_key = settings.THE_HIVE_API_KEY

from datetime import datetime
from secrets import token_hex

def generate_ref():
"""
Expand Down Expand Up @@ -228,10 +224,6 @@ def generate_ref():
'subject': "[ALERT] Data Leak Detected",
'template_func': get_data_leak_template,
},
'data_leak_group': {
'subject': "[ALERT] Group Data Leak Detected",
'template_func': get_data_leak_group_template,
},
'website_monitoring': {
'subject': "[ALERT] Website Monitoring Detected",
'template_func': get_site_monitoring_template,
Expand All @@ -240,9 +232,9 @@ def generate_ref():
'subject': "[ALERT] DNS Finder",
'template_func': get_dns_finder_template,
},
'dns_finder_group': {
'subject': "[ALERT] Group DNS Finder",
'template_func': get_dns_finder_group_template,
'dns_finder_cert_transparency': {
'subject': "[ALERT] DNS Finder",
'template_func': get_dns_finder_cert_transparency_template,
},
}

Expand Down Expand Up @@ -304,11 +296,13 @@ def collect_observables(app_name, context_data):

return observables


def remove_html_tags(text):
"""Remove HTML tags from a text."""
clean = re.compile('<.*?>')
return re.sub(clean, '', text)


def send_app_specific_notifications(app_name, context_data, subscribers):
from .utils.send_thehive_alerts import send_thehive_alert

Expand All @@ -324,14 +318,14 @@ def send_app_specific_notifications(app_name, context_data, subscribers):
if not app_config_slack or not app_config_citadel or not app_config_thehive or not app_config_email:
return


if not subscribers.exists():
return

custom_field_key = settings.THE_HIVE_CUSTOM_FIELD

observables = collect_observables(app_name, context_data)

thehive_url = settings.THE_HIVE_URL
api_key = settings.THE_HIVE_API_KEY

def send_notification(channel, content_template, subscribers_filter, send_func, **kwargs):
"""Helper to format and send notification based on the channel."""
if subscribers.filter(**subscribers_filter).exists():
Expand Down Expand Up @@ -412,13 +406,21 @@ def send_notification(channel, content_template, subscribers_filter, send_func,
if not alert.dns_twisted.domain_name:
print(f"Error: domain_name is missing in dns_twisted for alert {alert.pk if alert.pk else 'Unknown'}")
return

source = context_data.get('source')
if source == 'print_callback':
email_body = get_dns_finder_cert_transparency_template(alert)
elif source == 'check_dnstwist':
email_body = get_dns_finder_template(alert)
else:
print(f"Warning: Unknown source '{source}' for alert.")
email_body = "Alert with no specific model defined."

common_data = {
'alert': alert,
'details_url': settings.WATCHER_URL + app_config_slack['url_suffix'],
'app_name': 'dns_finder'
}
email_words = context_data.get('alert', [])
email_body = get_dns_finder_template(alert)

send_notification(
channel="slack",
Expand Down Expand Up @@ -501,7 +503,6 @@ def send_notification(channel, content_template, subscribers_filter, send_func,
pass

if app_config_email:
# Récupération des abonnés ayant une adresse email
email_list = [subscriber.user_rec.email for subscriber in subscribers.filter(email=True)]

except Exception as e:
Expand Down
Loading

0 comments on commit d6358ca

Please sign in to comment.