From 0606fe5417ae86f5f6798f3188e942158da4b739 Mon Sep 17 00:00:00 2001 From: arnydo Date: Thu, 15 Nov 2018 14:44:37 -0500 Subject: [PATCH 01/14] Create Dockerfile --- Dockerfile | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d9df70d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,10 @@ +FROM python:3 + +WORKDIR /opt/synapse + +COPY . . +RUN pip install --no-cache-dir -r requirements.txt + +EXPOSE 5000 + +CMD [ "python3", "./app.py"] From 3ec4a736b5f9be193f5625659ce8d46d38d2c912 Mon Sep 17 00:00:00 2001 From: arnydo Date: Thu, 15 Nov 2018 14:51:51 -0500 Subject: [PATCH 02/14] Add Docker steps --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index be69185..c874d8e 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,14 @@ Have a look at the detailed [user guide](docs/user_guide.md), but in short: While all OS running python3 can be used for Synapse, we recommend the use of Ubuntu. +## Running in Docker + + 1. Build Image: ```docker build -t synapse .``` + 2. Run Container: ```docker run --rm -ti --name synapse -p 5000:5000 synapse``` + + You can also mount the config file for easier adjustments + ```docker run -d --name synapse -v ${pwd}/conf/synapse.conf:/opt/synapse/conf/synapse.conf -p 5000:5000 synapse``` + ## Roadmap * Alert creation from QRadar offense From 823d7d5bb7308f4f3ca05dfbf899d696355098dc Mon Sep 17 00:00:00 2001 From: arnydo Date: Thu, 15 Nov 2018 14:52:25 -0500 Subject: [PATCH 03/14] Update Docker info --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c874d8e..c75333e 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ While all OS running python3 can be used for Synapse, we recommend the use of Ub ## Running in Docker 1. Build Image: ```docker build -t synapse .``` - 2. Run Container: ```docker run --rm -ti --name synapse -p 5000:5000 synapse``` + 2. Run Container: ```docker run -d --name synapse -p 5000:5000 synapse``` You can also mount the config file for easier adjustments ```docker run -d --name synapse -v ${pwd}/conf/synapse.conf:/opt/synapse/conf/synapse.conf -p 5000:5000 synapse``` From db86370d6ed0a363313109dd18a42075ba20cd5e Mon Sep 17 00:00:00 2001 From: Max H <10329648+8ear@users.noreply.github.com> Date: Sun, 4 Oct 2020 22:06:13 +0200 Subject: [PATCH 04/14] Update Dockerfile --- Dockerfile | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index d9df70d..89d2c75 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,17 @@ -FROM python:3 +FROM python:3-slim +# Add a work directory WORKDIR /opt/synapse +# Copy the files from outside directory into the container image COPY . . -RUN pip install --no-cache-dir -r requirements.txt +# Install python dependencies +RUN set -eu \ + ;pip3 install --no-cache --no-cache-dir -r requirements.txt + +# Expose the default port 5000 EXPOSE 5000 -CMD [ "python3", "./app.py"] +# Activate our "entrypoint script" app.py +ENTRYPOINT [ "./app.py"] From 29251abb9dcc68571e3f0ab04e24998997a99311 Mon Sep 17 00:00:00 2001 From: 8ear <10329648+8ear@users.noreply.github.com> Date: Sat, 30 Jan 2021 10:43:29 +0100 Subject: [PATCH 05/14] Add makefile so that a fork can be easily updated from origin --- Makefile | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..243708e --- /dev/null +++ b/Makefile @@ -0,0 +1,15 @@ + + +# Add remote url for mainstream +add-remote-url: + git remote add base https://github.com/arnydo/Synapse +# Update from mainstream +update-from-origin: + git fetch base + git merge base/master +# Build the docker container +docker-build: + docker build -t synapse -f Dockerfile . +# DEV only +update-toc: + docker run -v $(shell pwd)":/app" -w /app --rm -it sebdah/markdown-toc README.md --skip-headers 2 --replace From 97d8b1360ccd8c7a43f222daced84161ba419efd Mon Sep 17 00:00:00 2001 From: 8ear <10329648+8ear@users.noreply.github.com> Date: Sat, 30 Jan 2021 10:44:25 +0100 Subject: [PATCH 06/14] Update Docker container --- .docker/s6/prepare | 41 +++++++++++++++++++++++++++++++++++++++ .docker/s6/run | 4 ++++ .dockerignore | 11 +++++++++++ Dockerfile | 48 ++++++++++++++++++++++++++++++++++++++-------- 4 files changed, 96 insertions(+), 8 deletions(-) create mode 100755 .docker/s6/prepare create mode 100755 .docker/s6/run create mode 100644 .dockerignore diff --git a/.docker/s6/prepare b/.docker/s6/prepare new file mode 100755 index 0000000..f61e8a8 --- /dev/null +++ b/.docker/s6/prepare @@ -0,0 +1,41 @@ +#!/usr/bin/with-contenv bash +CONFIG_FILE=${CONFIG_FILE:-"synapse.conf"} +LOG_FILE="$myWORKDIR/logs/synapse.log" + +echo "${0##*/} || Write config file..." +cat << EOF > $CONFIG_FILE +[api] +debug:${DEBUG:-False} +host:${HOST:-"0.0.0.0"} +port:${PORT:-5000} +threaded:${API_THREADED:-True} + +[TheHive] +url:${TH_URL:-http://thehive:9001} +user:${TH_USER:-synapse} +api_key:${TH_API_KEY} + +[EWS] +#ip or domain to EWS server +server:${EWS_HOST} +#According to exchangelib doc: +#"username is usually in WINDOMAIN\username format +#some servers also accept usernames in PrimarySMTPAddress +#('myusername@example.com') format (Office365 requires it) +username:${EWS_USERNAME} +password:${EWS_PASSWORD} +auth_type:${EWS_AUTH_TYPE:-"NTLM"} +smtp_address:${EWS_SMTP_ADDRESS} +folder_name:${EWS_FOLDER_NAME:-"TheHive"} + +[QRadar] +#ip or domain to QRadar +server:${QRADAR_SERVER} +auth_token:${QRADAR_AUTH_TOKEN} +cert_filepath:${QRADAR_CERT_FILEPATH:-"/home/dc/qradar.crt"} +api_version:${QRADAR_API_VERSION:"0.8"} + +EOF + +echo "${0##*/} || Change permission for configuration file..." && chmod 644 "$CONFIG_FILE" +echo "${0##*/} || Fix permissions in ${myWORKDIR}..." && chown -r abc. ${myWORKDIR} diff --git a/.docker/s6/run b/.docker/s6/run new file mode 100755 index 0000000..95f0153 --- /dev/null +++ b/.docker/s6/run @@ -0,0 +1,4 @@ +#!/usr/bin/with-contenv bash + +exec s6-setuidgid abc \ + ${myWORKDIR}/venv/bin/python ${myWORKDIR}/app.py diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..14211aa --- /dev/null +++ b/.dockerignore @@ -0,0 +1,11 @@ +LICENSE +README.md +.gitignore +.github +.git +make.sh +Makefile +docs +example* +Dockerfile +.dockerignore \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 89d2c75..2783cf7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,49 @@ -FROM python:3-slim - +FROM python:3.8 +ARG UID=40000 +ENV myWORKDIR /opt/synapse # Add a work directory -WORKDIR /opt/synapse +WORKDIR ${myWORKDIR} +# Add user +RUN set -eu \ + ;adduser --home ${myWORKDIR} --no-create-home --uid ${UID} --disabled-password --disabled-login --shell /bin/sh abc -quiet \ + ;chown abc. ${myWORKDIR} \ + ; + +# Switch to non privileged user +USER abc # Copy the files from outside directory into the container image -COPY . . +COPY requirements.txt requirements.txt -# Install python dependencies +# Install python virtual environment +# VIRUTAL_ENV is required see https://pythonspeed.com/articles/activate-virtualenv-dockerfile/ +ENV VIRTUAL_ENV=${myWORKDIR}/venv RUN set -eu \ - ;pip3 install --no-cache --no-cache-dir -r requirements.txt + ;python3 -m venv ${VIRTUAL_ENV} \ + ; +# Set required environment variables +ENV PATH ${VIRTUAL_ENV}/bin:$PATH +# Install python dependencies into virtual environment +RUN set -eu \ + ;pip3 install --no-cache-dir -r requirements.txt \ + ; + +# Add S6 Overlay +USER root +ADD https://github.com/just-containers/s6-overlay/releases/latest/download/s6-overlay-amd64.tar.gz /tmp/ +RUN set -eu \ + ;tar xzf /tmp/s6-overlay-amd64.tar.gz -C / \ + ; + +#COPY s6/permissions /etc/fix-attrs.d/00-synapse-set-permissions +COPY .docker/s6/prepare /etc/cont-init.d/00-synapse-prepare +COPY .docker/s6/run /etc/services.d/synapse/run + +ENTRYPOINT ["/init"] +HEALTHCHECK --interval=30s --timeout=30s --start-period=60s --retries=3 CMD curl --fail http://127.0.0.1:5000 || exit 1 # Expose the default port 5000 EXPOSE 5000 -# Activate our "entrypoint script" app.py -ENTRYPOINT [ "./app.py"] +# Copy the files from outside directory into the container image +COPY --chown=abc:abc . . From 9ed666e8bd96548bcc158563f2afbea6edd33983 Mon Sep 17 00:00:00 2001 From: 8ear <10329648+8ear@users.noreply.github.com> Date: Sat, 30 Jan 2021 10:44:41 +0100 Subject: [PATCH 07/14] Add example docker-compose file --- example.docker-compose.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 example.docker-compose.yml diff --git a/example.docker-compose.yml b/example.docker-compose.yml new file mode 100644 index 0000000..8cbc1e2 --- /dev/null +++ b/example.docker-compose.yml @@ -0,0 +1,8 @@ +version: "2" +services: + synapse: + image: synapse + build: + context: . + environment: + - DEBUG=True \ No newline at end of file From 01e8dcf7663ddde969cb4569a5f38a28f27666c4 Mon Sep 17 00:00:00 2001 From: 8ear <10329648+8ear@users.noreply.github.com> Date: Sat, 30 Jan 2021 10:45:00 +0100 Subject: [PATCH 08/14] Fix log bug in app.py --- app.py | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/app.py b/app.py index 49b7bbc..5e08da8 100644 --- a/app.py +++ b/app.py @@ -9,6 +9,7 @@ from workflows.Ews2Case import connectEws from workflows.QRadar2Alert import allOffense2Alert from workflows.ManageWebhooks import manageWebhook +from sys import stdout app_dir = os.path.dirname(os.path.abspath(__file__)) @@ -19,17 +20,23 @@ #log format as: 2013-03-08 11:37:31,411 : : WARNING :: Testing foo formatter = logging.Formatter('%(asctime)s :: %(levelname)s :: %(message)s') #handler writes into, limited to 1Mo in append mode - if not os.path.exists('logs'): - #create logs directory if does no exist (typically at first start) - os.makedirs('logs') - pathLog = app_dir + '/logs/synapse.log' - file_handler = logging.handlers.RotatingFileHandler(pathLog, 'a', 1000000, 1) - #level debug - file_handler.setLevel(logging.DEBUG) - #using the format defined earlier - file_handler.setFormatter(formatter) - #Adding the file handler - logger.addHandler(file_handler) + if not os.path.exists('/.dockerenv'): + pathLogFolder = app_dir + '/logs' + pathLog = pathLogFolder + '/synapse.log' + if not os.path.exists(pathLogFolder): + #create logs directory if does no exist (typically at first start) + os.makedirs(pathLogFolder) + file_handler = logging.handlers.RotatingFileHandler(pathLog, 'a', 1000000, 1) + #level debug + file_handler.setLevel(logging.DEBUG) + #using the format defined earlier + file_handler.setFormatter(formatter) + #Adding the file handler + logger.addHandler(file_handler) + else: + consoleHandler = logging.StreamHandler(stdout) #set streamhandler to stdout + #consoleHandler.setFormatter(formatter) + logger.addHandler(consoleHandler) app = Flask(__name__) From f409394605aee86b850269607996783ee7b1a048 Mon Sep 17 00:00:00 2001 From: 8ear <10329648+8ear@users.noreply.github.com> Date: Sat, 30 Jan 2021 10:45:26 +0100 Subject: [PATCH 09/14] Upgrade python dependencies --- requirements.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/requirements.txt b/requirements.txt index 885928c..c4c1cb9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,10 +2,10 @@ asn1crypto==0.24.0 cached-property==1.5.1 certifi==2018.8.24 -cffi==1.11.5 +cffi #==1.11.5 chardet==3.0.4 click==7.0 -cryptography==2.3.1 +cryptography>=3.2 defusedxml==0.5.0 dnspython==1.15.0 exchangelib==1.12.0 @@ -14,9 +14,9 @@ future==0.16.0 idna==2.7 isodate==0.6.0 itsdangerous==0.24 -jinja2==2.10 -lxml==4.2.5 -markupsafe==1.0 +Jinja2>=2.10.1 +lxml>=4.6.2 +markupsafe==1.1.1 ntlm-auth==1.2.0 pycparser==2.19 pygments==2.2.0 @@ -29,5 +29,5 @@ six==1.11.0 python-slugify==1.2.6 thehive4py==1.5.1 tzlocal==1.5.1 -urllib3==1.23 -werkzeug==0.14.1 +urllib3<1.25,>=1.21.1 #is required for request 2.20 +werkzeug>=0.15.3 From d02514096a5f7867f54b2d0a3c3d5090943bf5fc Mon Sep 17 00:00:00 2001 From: 8ear <10329648+8ear@users.noreply.github.com> Date: Sat, 30 Jan 2021 10:46:14 +0100 Subject: [PATCH 10/14] Add TOC at Readme file (easy update via Makefile) --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index c75333e..8b228b1 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,14 @@ It leverages TheHive API to automate case and alert creation. Case creation from email or alert creation from SIEM event are casual usecase for Synapse. + +# Table of Contents + 1. [How to use](#how-to-use) + 1. [Running in Docker](#running-in-docker) + 1. [Roadmap](#roadmap) + 1. [Special thanks](#special-thanks) + + ## Big Picture Most of the time, a usecase implies several actions and conditions. From 8262c432b09bb355313f0dc9a7aa761b9ebf833f Mon Sep 17 00:00:00 2001 From: 8ear <10329648+8ear@users.noreply.github.com> Date: Sat, 30 Jan 2021 10:47:36 +0100 Subject: [PATCH 11/14] Expand github workflows --- .github/dependabot.yml | 7 ++ .github/pull_request_template.md | 10 +++ .github/workflows/dockerfile_lint.yml | 15 ++++ .github/workflows/git_help.yml | 27 +++++++ .github/workflows/git_lint_pull_request.yml | 40 +++++++++++ .github/workflows/git_release.yml | 78 +++++++++++++++++++++ .github/workflows/git_release_check.yml | 37 ++++++++++ .github/workflows/reviewdog.yml | 28 ++++++++ .github/workflows/sysdig_cis_benchmark.yml | 15 ++++ .github/workflows/workflow.yml | 24 +++++++ 10 files changed, 281 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/pull_request_template.md create mode 100644 .github/workflows/dockerfile_lint.yml create mode 100644 .github/workflows/git_help.yml create mode 100644 .github/workflows/git_lint_pull_request.yml create mode 100644 .github/workflows/git_release.yml create mode 100644 .github/workflows/git_release_check.yml create mode 100644 .github/workflows/reviewdog.yml create mode 100644 .github/workflows/sysdig_cis_benchmark.yml create mode 100644 .github/workflows/workflow.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..583decf --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" \ No newline at end of file diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..66d80bd --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,10 @@ +`````release_notes +## Whats new +- ... + +## Which Bugfixes +- ... + +## Whats removed +- ... +```` \ No newline at end of file diff --git a/.github/workflows/dockerfile_lint.yml b/.github/workflows/dockerfile_lint.yml new file mode 100644 index 0000000..fd18ed6 --- /dev/null +++ b/.github/workflows/dockerfile_lint.yml @@ -0,0 +1,15 @@ +# https://github.com/marketplace/actions/docker-lint +name: Dockerfile Lint +on: [push] +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@master + - name: lint + uses: luke142367/Docker-Lint-Action@v1.0.0 + with: + target: ./Dockerfile + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/git_help.yml b/.github/workflows/git_help.yml new file mode 100644 index 0000000..1e10161 --- /dev/null +++ b/.github/workflows/git_help.yml @@ -0,0 +1,27 @@ +name: Git - Mark Issue with Help Wanted - actions-ecosystem + +on: + issues: + types: + - opened + - edited + - reopened + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - uses: actions-ecosystem/action-regex-match@v2 + id: regex-match + with: + text: ${{ github.event.issue.title }} + regex: "help|not work" + flags: 'gi' + + - uses: actions-ecosystem/action-add-labels@v1 + if: ${{ steps.regex-match.outputs.match != '' }} + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + labels: 'help wanted' \ No newline at end of file diff --git a/.github/workflows/git_lint_pull_request.yml b/.github/workflows/git_lint_pull_request.yml new file mode 100644 index 0000000..6cc362a --- /dev/null +++ b/.github/workflows/git_lint_pull_request.yml @@ -0,0 +1,40 @@ +name: Git - Lint Pull Request Title - actions-ecosystem + +on: + pull_request: + types: + - opened + - edited + - reopened + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - uses: actions-ecosystem/action-regex-match@v2 + id: regex-match + with: + text: ${{ github.event.pull_request.title }} + regex: '(?:add|update|fix)\([a-z]+\):\s.+' + + - uses: actions-ecosystem/action-create-comment@v1 + if: ${{ steps.regex-match.outputs.match == '' }} + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + body: | + :warning: The title of this PR is invalid. + + Please make the title match the regex `(?:add|update|fix)\([a-z]+\):\s.+`. + + e.g.) `add(cli): enable --verbose flag`, `fix(api): avoid unexpected error in handler` + + - uses: actions-ecosystem/action-add-labels@v1 + if: ${{ steps.regex-match.outputs.match == '' }} + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + labels: 'invalid/title' + + - run: exit 1 + if: ${{ steps.regex-match.outputs.match == '' }} \ No newline at end of file diff --git a/.github/workflows/git_release.yml b/.github/workflows/git_release.yml new file mode 100644 index 0000000..00c30a4 --- /dev/null +++ b/.github/workflows/git_release.yml @@ -0,0 +1,78 @@ +name: Git Create Release - actions-ecosystem + +on: + push: + branches: + - master + pull_request: + types: + - labeled + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - uses: actions-ecosystem/action-get-merged-pull-request@v1 + id: get-merged-pull-request + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions-ecosystem/action-release-label@v1 + id: release-label + if: ${{ steps.get-merged-pull-request.outputs.title != null }} + with: + labels: ${{ steps.get-merged-pull-request.outputs.labels }} + + - uses: actions-ecosystem/action-get-latest-tag@v1 + id: get-latest-tag + if: ${{ steps.release-label.outputs.level != null }} + with: + semver_only: true + + - uses: actions-ecosystem/action-bump-semver@v1 + id: bump-semver + if: ${{ steps.release-label.outputs.level != null }} + with: + current_version: ${{ steps.get-latest-tag.outputs.tag }} + level: ${{ steps.release-label.outputs.level }} + + - uses: actions-ecosystem/action-regex-match@v2 + id: regex-match + if: ${{ steps.bump-semver.outputs.new_version != null }} + with: + text: ${{ steps.get-merged-pull-request.outputs.body }} + regex: '```release_note([\s\S]*)```' + + - uses: actions-ecosystem/action-push-tag@v1 + if: ${{ steps.bump-semver.outputs.new_version != null }} + with: + tag: ${{ steps.bump-semver.outputs.new_version }} + message: "${{ steps.bump-semver.outputs.new_version }}: PR #${{ steps.get-merged-pull-request.outputs.number }} ${{ steps.get-merged-pull-request.outputs.title }}" + + - uses: actions/create-release@v1 + if: ${{ steps.release-label.outputs.level == 'major' || steps.release-label.outputs.level == 'minor' }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: ${{ steps.bump-semver.outputs.new_version }} + release_name: ${{ steps.bump-semver.outputs.new_version }} + body: ${{ steps.regex-match.outputs.group1 }} + + - uses: actions-ecosystem/action-create-comment@v1 + if: ${{ steps.bump-semver.outputs.new_version != null }} + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + number: ${{ steps.get-merged-pull-request.outputs.number }} + body: | + The new version [${{ steps.bump-semver.outputs.new_version }}](https://github.com/${{ github.repository }}/releases/tag/${{ steps.bump-semver.outputs.new_version }}) has been released :tada: + + - uses: actions-ecosystem/action-create-comment@v1 + if: ${{ steps.bump-semver.outputs.new_version != null }} + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + body: | + This PR will update [${{ github.repository }}](https://github.com/${{ github.repository }}) from [${{ steps.get-latest-tag.outputs.tag }}](https://github.com/${{ github.repository }}/releases/tag/${{ steps.get-latest-tag.outputs.tag }}) to ${{ steps.bump-semver.outputs.new_version }} :rocket: + + If this update isn't as you expected, you may want to change or remove the *release label*. \ No newline at end of file diff --git a/.github/workflows/git_release_check.yml b/.github/workflows/git_release_check.yml new file mode 100644 index 0000000..251d800 --- /dev/null +++ b/.github/workflows/git_release_check.yml @@ -0,0 +1,37 @@ +name: Check Release + +on: + pull_request: + types: + - labeled + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - uses: actions-ecosystem/action-release-label@v1 + id: release-label + if: ${{ startsWith(github.event.label.name, 'release/') }} + + - uses: actions-ecosystem/action-get-latest-tag@v1 + id: get-latest-tag + if: ${{ steps.release-label.outputs.level != null }} + with: + semver_only: true + + - uses: actions-ecosystem/action-bump-semver@v1 + id: bump-semver + if: ${{ steps.release-label.outputs.level != null }} + with: + current_version: ${{ steps.get-latest-tag.outputs.tag }} + level: ${{ steps.release-label.outputs.level }} + + - uses: actions-ecosystem/action-create-comment@v1 + if: ${{ steps.bump-semver.outputs.new_version != null }} + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + body: | + This PR will update [${{ github.repository }}](https://github.com/${{ github.repository }}) from [${{ steps.get-latest-tag.outputs.tag }}](https://github.com/${{ github.repository }}/releases/tag/${{ steps.get-latest-tag.outputs.tag }}) to ${{ steps.bump-semver.outputs.new_version }} :rocket: + If this update isn't as you expected, you may want to change or remove the *release label*. \ No newline at end of file diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml new file mode 100644 index 0000000..285d726 --- /dev/null +++ b/.github/workflows/reviewdog.yml @@ -0,0 +1,28 @@ +name: shellcheck / hadolint - reviewdog +# https://github.com/reviewdog/action-shellcheck +on: [pull_request] +jobs: + shellcheck: + #name: runner / shellcheck + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: shellcheck + uses: reviewdog/action-shellcheck@v1 + with: + github_token: ${{ secrets.github_token }} + reporter: github-pr-review # Change reporter. + path: "." # Optional. + pattern: "*.sh" # Optional. + exclude: "./.git/*" # Optional. + hadolint: + #name: runner / hadolint + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v2 + - name: hadolint + uses: reviewdog/action-hadolint@v1 + with: + github_token: ${{ secrets.github_token }} + reporter: github-pr-review # Default is github-pr-check \ No newline at end of file diff --git a/.github/workflows/sysdig_cis_benchmark.yml b/.github/workflows/sysdig_cis_benchmark.yml new file mode 100644 index 0000000..bace2a6 --- /dev/null +++ b/.github/workflows/sysdig_cis_benchmark.yml @@ -0,0 +1,15 @@ +name: Sysdig CIS Benchmarks +on: + pull_request: + # paths: + # - '.docker/**' +jobs: + run: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Sysdig CIS Dockerfile Benchmark + uses: sysdiglabs/benchmark-dockerfile@v1.0.0 + with: + directory: . \ No newline at end of file diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml new file mode 100644 index 0000000..4c4529e --- /dev/null +++ b/.github/workflows/workflow.yml @@ -0,0 +1,24 @@ +name: package pip +on: + push: + branches: + - master + schedule: + - cron: '0 0 * * *' +jobs: + run: + name: Run + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - package-ecosystem: "pip" + # Look for `build.gradle` in the `root` directory + directory: "/" + # Check for updates once weekly + schedule: + interval: "weekly" + ignore: + # Ignore updates to packages that start 'aws' + # Wildcards match zero or more arbitrary characters + - dependency-name: "flask*" \ No newline at end of file From 685d7acd74d59d5ab0f8a52e12f7f4c060e11e80 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 30 Jan 2021 09:51:28 +0000 Subject: [PATCH 12/14] Bump luke142367/Docker-Lint-Action from v1.0.0 to v1.1.1 Bumps [luke142367/Docker-Lint-Action](https://github.com/luke142367/Docker-Lint-Action) from v1.0.0 to v1.1.1. - [Release notes](https://github.com/luke142367/Docker-Lint-Action/releases) - [Commits](https://github.com/luke142367/Docker-Lint-Action/compare/v1.0.0...5c4c86226f39785a66827bbc2e322600c9afa3a9) Signed-off-by: dependabot[bot] --- .github/workflows/dockerfile_lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dockerfile_lint.yml b/.github/workflows/dockerfile_lint.yml index fd18ed6..0f059aa 100644 --- a/.github/workflows/dockerfile_lint.yml +++ b/.github/workflows/dockerfile_lint.yml @@ -8,7 +8,7 @@ jobs: - name: Checkout uses: actions/checkout@master - name: lint - uses: luke142367/Docker-Lint-Action@v1.0.0 + uses: luke142367/Docker-Lint-Action@v1.1.1 with: target: ./Dockerfile env: From 8d55ceb70367b225b95a46f9b187381a4b462a14 Mon Sep 17 00:00:00 2001 From: 8ear <10329648+8ear@users.noreply.github.com> Date: Tue, 2 Feb 2021 22:34:12 +0100 Subject: [PATCH 13/14] Fix healthcheck in docker container Add healthcheck config in docker-compose example file --- .docker/s6/prepare | 6 +++--- Dockerfile | 2 +- example.docker-compose.yml | 23 ++++++++++++++++++++++- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/.docker/s6/prepare b/.docker/s6/prepare index f61e8a8..ef626ad 100755 --- a/.docker/s6/prepare +++ b/.docker/s6/prepare @@ -1,5 +1,5 @@ #!/usr/bin/with-contenv bash -CONFIG_FILE=${CONFIG_FILE:-"synapse.conf"} +CONFIG_FILE=${CONFIG_FILE:-"$myWORKDIR/conf/synapse.conf"} LOG_FILE="$myWORKDIR/logs/synapse.log" echo "${0##*/} || Write config file..." @@ -11,7 +11,7 @@ port:${PORT:-5000} threaded:${API_THREADED:-True} [TheHive] -url:${TH_URL:-http://thehive:9001} +url:${TH_URL:-http://thehive:9000} user:${TH_USER:-synapse} api_key:${TH_API_KEY} @@ -32,7 +32,7 @@ folder_name:${EWS_FOLDER_NAME:-"TheHive"} #ip or domain to QRadar server:${QRADAR_SERVER} auth_token:${QRADAR_AUTH_TOKEN} -cert_filepath:${QRADAR_CERT_FILEPATH:-"/home/dc/qradar.crt"} +cert_filepath:${QRADAR_CERT_FILEPATH:-"/opt/synapse/qradar.crt"} api_version:${QRADAR_API_VERSION:"0.8"} EOF diff --git a/Dockerfile b/Dockerfile index 2783cf7..6532c29 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,7 +40,7 @@ COPY .docker/s6/prepare /etc/cont-init.d/00-synapse-prepare COPY .docker/s6/run /etc/services.d/synapse/run ENTRYPOINT ["/init"] -HEALTHCHECK --interval=30s --timeout=30s --start-period=60s --retries=3 CMD curl --fail http://127.0.0.1:5000 || exit 1 +HEALTHCHECK --interval=60s --timeout=30s --start-period=60s --retries=3 CMD curl --fail http://127.0.0.1:5000/version || exit 1 # Expose the default port 5000 EXPOSE 5000 diff --git a/example.docker-compose.yml b/example.docker-compose.yml index 8cbc1e2..eb95579 100644 --- a/example.docker-compose.yml +++ b/example.docker-compose.yml @@ -4,5 +4,26 @@ services: image: synapse build: context: . + # healthcheck: + # test: [ "CMD", "curl", "--fail", "http://127.0.0.1:5000/ews2case" ] + # timeout: 30s + # interval: 60s + # retries: 3 + # start_period: 20s environment: - - DEBUG=True \ No newline at end of file + - DEBUG=${TH_SYNAPSE_DEBUG:-True} + - TH_URL=${TH_SYNAPSE_TH_URL:-http://thehive:9000} + - TH_USER=${TH_SYNAPSE_TH_USER:-synapse} + - TH_API_KEY=${TH_SYNAPSE_TH_API_KEY} + - EWS_HOST=${TH_SYNAPSE_EWS_HOST} + - EWS_USERNAME=${TH_SYNAPSE_EWS_USERNAME} + - EWS_PASSWORD=${TH_SYNAPSE_EWS_PASSWORD} + - EWS_AUTH_TYPE=${TH_SYNAPSE_EWS_AUTH_TYPE:-NTLM} + - EWS_SMTP_ADDRESS=${TH_SYNAPSE_EWS_SMTP_ADDRESS} + - EWS_FOLDER_NAME=${TH_SYNAPSE_EWS_FOLDER_NAME} + - QRADAR_SERVER=${TH_SYNAPSE_QRADAR_SERVER} + - QRADAR_AUTH_TOKEN=${TH_SYNAPSE_QRADAR_AUTH_TOKEN} + - QRADAR_CERT_FILEPATH=${TH_SYNAPSE_QRADAR_CERT_FILEPATH:-"/opt/synapse/qradar.crt"} + - QRADAR_API_VERSION=${TH_SYNAPSE_QRADAR_API_VERSION:"0.8"} + volumes: + # $QRADAR_CERT_FILE_PATH:"/opt/synapse/qradar.crt" \ No newline at end of file From 53814796cb4baed719f21651cb74ec184b87f86d Mon Sep 17 00:00:00 2001 From: 8ear <10329648+8ear@users.noreply.github.com> Date: Thu, 4 Feb 2021 21:01:25 +0100 Subject: [PATCH 14/14] Update Makefile and Readme --- Makefile | 2 +- README.md | 18 +++++++++++++----- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 243708e..0c41d7c 100644 --- a/Makefile +++ b/Makefile @@ -12,4 +12,4 @@ docker-build: docker build -t synapse -f Dockerfile . # DEV only update-toc: - docker run -v $(shell pwd)":/app" -w /app --rm -it sebdah/markdown-toc README.md --skip-headers 2 --replace + docker run -v $(shell pwd)":/app" -w /app --rm -it sebdah/markdown-toc README.md --skip-headers 1 --replace --inline diff --git a/README.md b/README.md index 1ca1747..d66d51b 100644 --- a/README.md +++ b/README.md @@ -9,10 +9,18 @@ Currently, Synapse supports the following alert sources: # Table of Contents - 1. [How to use](#how-to-use) - 1. [Running in Docker](#running-in-docker) - 1. [Roadmap](#roadmap) - 1. [Special thanks](#special-thanks) + +1. [Overview](#overview) +1. [Using Synapse](#using-synapse) +1. [Running in Docker](#running-in-docker) +1. [License](#license) +1. [Updates](#updates) +1. [Contributing](#contributing) +1. [Support](#support) +1. [Community Discussions](#community-discussions) +1. [Website](#website) +1. [Roadmap](#roadmap) +1. [Special Thanks](#special-thanks) # Overview @@ -75,7 +83,7 @@ We have set up a Google forum at