20220207 v0.4.2 Updated documentation.

README.html

@@ -4,7 +4,7 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <meta name="generator" content="Docutils 0.16: http://docutils.sourceforge.net/" />
-<title>B1DDI Demo Automation</title>
+<title>BloxOne Automation Tools</title>
 <style type="text/css">
 
 /*
@@ -360,8 +360,8 @@
 </style>
 </head>
 <body>
-<div class="document" id="b1ddi-demo-automation">
-<h1 class="title">B1DDI Demo Automation</h1>
+<div class="document" id="bloxone-automation-tools">
+<h1 class="title">BloxOne Automation Tools</h1>
 
 <div class="line-block">
 <div class="line">Version: 0.4.2</div>
@@ -453,6 +453,15 @@ <h2>Modules</h2>
 </pre>
 </div>
 </div>
+<div class="section" id="installation">
+<h1>Installation</h1>
+<p>The simplest way to install and maintain the tools is to clone this
+repository:</p>
+<pre class="literal-block">
+% git clone https://github.com/ccmarris/bloxone_automation_tools
+</pre>
+<p>Alternative you can download as a Zip file.</p>
+</div>
 <div class="section" id="basic-configuration">
 <h1>Basic Configuration</h1>
 <p>There are two simple inifiles for configuration. Although these can be combined
@@ -582,10 +591,13 @@ <h2>BloxOne Threat Defense Specific keys</h2>
 the external network or IP must be specified using the <em>ext_net</em> key and where
 appropriate the <em>ext_cidr</em> key.</p>
 <p>The <em>policy_level</em> key is used to specify the acceptable risk level of the
-customer and is set to <em>medium</em> by default. This controls the threat feeds
-and associated policy actions that are implemented when creating the security
-policy. The associated policy definition is defined in the
-<em>policy_definitions.yml</em> file.</p>
+customer and controls the threat feeds used to create the policy rules within
+the security policy. The policy levels, high, medium, low and logonly are
+predefined in the policy_definitions.yml file.</p>
+<div class="admonition note">
+<p class="first admonition-title">Note</p>
+<p class="last">The <em>policy_level</em> is set to <strong>medium</strong> as the default.</p>
+</div>
 </div>
 <div class="section" id="yaml-configuration-files">
 <h2>YAML Configuration files</h2>
@@ -711,19 +723,19 @@ <h1>Usage</h1>
 either <em>b1ddi</em> or <em>b1td</em>.</p>
 <p>For example:</p>
 <pre class="literal-block">
-% ./b1ddi_demo_automation.py --app b1ddi
-% ./b1ddi_demo_automation.py --app b1td
-% ./b1ddi_demo_automation.py -c &lt;path to inifile&gt; --app &lt;app&gt;
-% ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1ddi
-% ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1td
+% ./bloxone_automation_tools.py --app b1ddi
+% ./bloxone_automation_tools.py --app b1td
+% ./bloxone_automation_tools.py -c &lt;path to inifile&gt; --app &lt;app&gt;
+% ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1ddi
+% ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1td
 </pre>
 <p>To run in clean-up mode simply add <em>--remove</em> or <em>-r</em> to the command line:</p>
 <pre class="literal-block">
-% ./b1ddi_demo_automation.py --app b1ddi --remove
-% ./b1ddi_demo_automation.py --app b1td --remove
-% ./b1ddi_demo_automation.py -c &lt;path to inifile&gt; --app &lt;app&gt; --remove
-% ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1ddi --remove
-% ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1td --remove
+% ./bloxone_automation_tools.py --app b1ddi --remove
+% ./bloxone_automation_tools.py --app b1td --remove
+% ./bloxone_automation_tools.py -c &lt;path to inifile&gt; --app &lt;app&gt; --remove
+% ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1ddi --remove
+% ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1td --remove
 </pre>
 <div class="admonition note">
 <p class="first admonition-title">Note</p>

README.rst

@@ -1,6 +1,6 @@
-=====================
-B1DDI Demo Automation
-=====================
+========================
+BloxOne Automation Tools
+========================
 
 | Version: 0.4.2
 | Author: Chris Marrison
@@ -100,6 +100,18 @@ Complete list of modules::
     import yaml
 
 
+Installation
+------------
+
+The simplest way to install and maintain the tools is to clone this 
+repository::
+
+    % git clone https://github.com/ccmarris/bloxone_automation_tools
+
+
+Alternative you can download as a Zip file.
+
+
 Basic Configuration
 -------------------
 
@@ -249,10 +261,13 @@ the external network or IP must be specified using the *ext_net* key and where
 appropriate the *ext_cidr* key.
 
 The *policy_level* key is used to specify the acceptable risk level of the 
-customer and is set to *medium* by default. This controls the threat feeds
-and associated policy actions that are implemented when creating the security
-policy. The associated policy definition is defined in the 
-*policy_definitions.yml* file.
+customer and controls the threat feeds used to create the policy rules within
+the security policy. The policy levels, high, medium, low and logonly are 
+predefined in the policy_definitions.yml file. 
+
+.. note::
+
+    The *policy_level* is set to **medium** as the default.
 
 
 YAML Configuration files
@@ -388,19 +403,19 @@ either *b1ddi* or *b1td*.
 
 For example::
 
-    % ./b1ddi_demo_automation.py --app b1ddi
-    % ./b1ddi_demo_automation.py --app b1td
-    % ./b1ddi_demo_automation.py -c <path to inifile> --app <app>
-    % ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1ddi
-    % ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1td
+    % ./bloxone_automation_tools.py --app b1ddi
+    % ./bloxone_automation_tools.py --app b1td
+    % ./bloxone_automation_tools.py -c <path to inifile> --app <app>
+    % ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1ddi
+    % ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1td
     
 To run in clean-up mode simply add *--remove* or *-r* to the command line::
 
-    % ./b1ddi_demo_automation.py --app b1ddi --remove
-    % ./b1ddi_demo_automation.py --app b1td --remove
-    % ./b1ddi_demo_automation.py -c <path to inifile> --app <app> --remove
-    % ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1ddi --remove
-    % ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1td --remove
+    % ./bloxone_automation_tools.py --app b1ddi --remove
+    % ./bloxone_automation_tools.py --app b1td --remove
+    % ./bloxone_automation_tools.py -c <path to inifile> --app <app> --remove
+    % ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1ddi --remove
+    % ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1td --remove
 
 .. note::
 
@@ -537,12 +552,14 @@ files.
 In addition to the output to console the *-o* or *--out* option can be used 
 to create a <customer>.log file.
 
+
 License
 -------
 
 This project, and the bloxone module are licensed under the 2-Clause BSD License
 - please see LICENSE file for details.
 
+
 Aknowledgements
 ---------------
 

bloxone_automation_tools.py

@@ -1539,22 +1539,21 @@ def create_b1td_pov(b1tdc, config):
 
     # Create External Network
     ids['net_id'] = create_network_list(b1tdc, config=config)
-    # if net_id:
+    if ids['net_id']:
 
-    # Create allow and deny lists
-    custom_lists = create_custom_lists(b1tdc, config=config)
-    ids.update(custom_lists)
-    # if len(custom_lists) == 2:
+        # Create allow and deny lists
+        custom_lists = create_custom_lists(b1tdc, config=config)
+        if len(custom_lists) == 2:
+            ids.update(custom_lists)
 
-    # Create content filter
-    ids['cat_filters'] = create_content_filters(b1tdc, config=config)
+            # Create content filter
+            ids['cat_filters'] = create_content_filters(b1tdc, config=config)
 
-    # Create App filter
-    ids['application_filters'] = create_application_filters(b1tdc, config=config)
+            # Create App filter
+            ids['application_filters'] = create_application_filters(b1tdc, config=config)
 
-    # Find unassigned DFPs
-    # Create Policy
-    create_policy(b1tdc, config=config, ids=ids)
+            # Create Security Policy
+            create_policy(b1tdc, config=config, ids=ids)
 
     return status
 

policy_definitions.yml

@@ -160,5 +160,54 @@ policy_low:
       type: named_feed
     - name: bogon
       type: named_feed
+    # - name: pubic-doh-ip
+      # type: named_feed
+
+policy_logonly: 
+  action_log:
+    - name: base
+      type: named_feed
+    - name: antimalware
+      type: named_feed
+    - name: ext-base-antimalware
+      type: named_feed
+    - name: malware-dga
+      type: named_feed
+    - name: ransomware
+      type: named_feed
+    - name: ext-ransomware
+      type: named_feed
+    - name: surbl-lite
+      type: named_feed
+    - name: multi-domain.surbl
+      type: named_feed
+    - name: cryptocurrency
+      type: named_feed
+    - name: public-doh
+      type: named_feed
+    - name: fresh-domain.surbl
+      type: named_feed
+    - name: farsightnod
+      type: named_feed
+    - name: Threat Insight - Data Exfiltration
+      type: custom_list
+    - name: Threat Insight - DGA
+      type: custom_list
+    - name: Threat Insight - DNS Messenger
+      type: custom_list
+    - name: antimalware-ip
+      type: named_feed
+    - name: exploitkit-ip
+      type: named_feed
+    - name: ext-tor-exit-node-ip
+      type: named_feed
+    - name: ext-antimalware-ip
+      type: named_feed
+    - name: ext-exploitkit-ip
+      type: named_feed
+    - name: bot-ip
+      type: named_feed
+    - name: bogon
+      type: named_feed
     # - name: pubic-doh-ip
       # type: named_feed