+
Installation
+
The simplest way to install and maintain the tools is to clone this
+repository:
+
+% git clone https://github.com/ccmarris/bloxone_automation_tools
+
+
Alternative you can download as a Zip file.
+
Basic Configuration
There are two simple inifiles for configuration. Although these can be combined
@@ -582,10 +591,13 @@
BloxOne Threat Defense Specific keys
the external network or IP must be specified using the
ext_net key and where
appropriate the
ext_cidr key.
The policy_level key is used to specify the acceptable risk level of the
-customer and is set to medium by default. This controls the threat feeds
-and associated policy actions that are implemented when creating the security
-policy. The associated policy definition is defined in the
-policy_definitions.yml file.
+customer and controls the threat feeds used to create the policy rules within
+the security policy. The policy levels, high, medium, low and logonly are
+predefined in the policy_definitions.yml file.
+
+
Note
+
The policy_level is set to medium as the default.
+
YAML Configuration files
@@ -711,19 +723,19 @@
Usage
either
b1ddi or
b1td.
For example:
-% ./b1ddi_demo_automation.py --app b1ddi
-% ./b1ddi_demo_automation.py --app b1td
-% ./b1ddi_demo_automation.py -c <path to inifile> --app <app>
-% ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1ddi
-% ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1td
+% ./bloxone_automation_tools.py --app b1ddi
+% ./bloxone_automation_tools.py --app b1td
+% ./bloxone_automation_tools.py -c <path to inifile> --app <app>
+% ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1ddi
+% ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1td
To run in clean-up mode simply add --remove or -r to the command line:
-% ./b1ddi_demo_automation.py --app b1ddi --remove
-% ./b1ddi_demo_automation.py --app b1td --remove
-% ./b1ddi_demo_automation.py -c <path to inifile> --app <app> --remove
-% ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1ddi --remove
-% ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1td --remove
+% ./bloxone_automation_tools.py --app b1ddi --remove
+% ./bloxone_automation_tools.py --app b1td --remove
+% ./bloxone_automation_tools.py -c <path to inifile> --app <app> --remove
+% ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1ddi --remove
+% ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1td --remove
Note
diff --git a/README.rst b/README.rst
index eedd907..004d7bb 100644
--- a/README.rst
+++ b/README.rst
@@ -1,6 +1,6 @@
-=====================
-B1DDI Demo Automation
-=====================
+========================
+BloxOne Automation Tools
+========================
| Version: 0.4.2
| Author: Chris Marrison
@@ -100,6 +100,18 @@ Complete list of modules::
import yaml
+Installation
+------------
+
+The simplest way to install and maintain the tools is to clone this
+repository::
+
+ % git clone https://github.com/ccmarris/bloxone_automation_tools
+
+
+Alternative you can download as a Zip file.
+
+
Basic Configuration
-------------------
@@ -249,10 +261,13 @@ the external network or IP must be specified using the *ext_net* key and where
appropriate the *ext_cidr* key.
The *policy_level* key is used to specify the acceptable risk level of the
-customer and is set to *medium* by default. This controls the threat feeds
-and associated policy actions that are implemented when creating the security
-policy. The associated policy definition is defined in the
-*policy_definitions.yml* file.
+customer and controls the threat feeds used to create the policy rules within
+the security policy. The policy levels, high, medium, low and logonly are
+predefined in the policy_definitions.yml file.
+
+.. note::
+
+ The *policy_level* is set to **medium** as the default.
YAML Configuration files
@@ -388,19 +403,19 @@ either *b1ddi* or *b1td*.
For example::
- % ./b1ddi_demo_automation.py --app b1ddi
- % ./b1ddi_demo_automation.py --app b1td
- % ./b1ddi_demo_automation.py -c
--app
- % ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1ddi
- % ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1td
+ % ./bloxone_automation_tools.py --app b1ddi
+ % ./bloxone_automation_tools.py --app b1td
+ % ./bloxone_automation_tools.py -c --app
+ % ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1ddi
+ % ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1td
To run in clean-up mode simply add *--remove* or *-r* to the command line::
- % ./b1ddi_demo_automation.py --app b1ddi --remove
- % ./b1ddi_demo_automation.py --app b1td --remove
- % ./b1ddi_demo_automation.py -c --app --remove
- % ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1ddi --remove
- % ./b1ddi_demo_automation.py -c ~/configs/customer.ini --app b1td --remove
+ % ./bloxone_automation_tools.py --app b1ddi --remove
+ % ./bloxone_automation_tools.py --app b1td --remove
+ % ./bloxone_automation_tools.py -c --app --remove
+ % ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1ddi --remove
+ % ./bloxone_automation_tools.py -c ~/configs/customer.ini --app b1td --remove
.. note::
@@ -537,12 +552,14 @@ files.
In addition to the output to console the *-o* or *--out* option can be used
to create a .log file.
+
License
-------
This project, and the bloxone module are licensed under the 2-Clause BSD License
- please see LICENSE file for details.
+
Aknowledgements
---------------
diff --git a/bloxone_automation_tools.py b/bloxone_automation_tools.py
index 51a9678..23fe7f5 100755
--- a/bloxone_automation_tools.py
+++ b/bloxone_automation_tools.py
@@ -1539,22 +1539,21 @@ def create_b1td_pov(b1tdc, config):
# Create External Network
ids['net_id'] = create_network_list(b1tdc, config=config)
- # if net_id:
+ if ids['net_id']:
- # Create allow and deny lists
- custom_lists = create_custom_lists(b1tdc, config=config)
- ids.update(custom_lists)
- # if len(custom_lists) == 2:
+ # Create allow and deny lists
+ custom_lists = create_custom_lists(b1tdc, config=config)
+ if len(custom_lists) == 2:
+ ids.update(custom_lists)
- # Create content filter
- ids['cat_filters'] = create_content_filters(b1tdc, config=config)
+ # Create content filter
+ ids['cat_filters'] = create_content_filters(b1tdc, config=config)
- # Create App filter
- ids['application_filters'] = create_application_filters(b1tdc, config=config)
+ # Create App filter
+ ids['application_filters'] = create_application_filters(b1tdc, config=config)
- # Find unassigned DFPs
- # Create Policy
- create_policy(b1tdc, config=config, ids=ids)
+ # Create Security Policy
+ create_policy(b1tdc, config=config, ids=ids)
return status
diff --git a/policy_definitions.yml b/policy_definitions.yml
index cd2a7aa..98e9003 100644
--- a/policy_definitions.yml
+++ b/policy_definitions.yml
@@ -160,5 +160,54 @@ policy_low:
type: named_feed
- name: bogon
type: named_feed
+ # - name: pubic-doh-ip
+ # type: named_feed
+
+policy_logonly:
+ action_log:
+ - name: base
+ type: named_feed
+ - name: antimalware
+ type: named_feed
+ - name: ext-base-antimalware
+ type: named_feed
+ - name: malware-dga
+ type: named_feed
+ - name: ransomware
+ type: named_feed
+ - name: ext-ransomware
+ type: named_feed
+ - name: surbl-lite
+ type: named_feed
+ - name: multi-domain.surbl
+ type: named_feed
+ - name: cryptocurrency
+ type: named_feed
+ - name: public-doh
+ type: named_feed
+ - name: fresh-domain.surbl
+ type: named_feed
+ - name: farsightnod
+ type: named_feed
+ - name: Threat Insight - Data Exfiltration
+ type: custom_list
+ - name: Threat Insight - DGA
+ type: custom_list
+ - name: Threat Insight - DNS Messenger
+ type: custom_list
+ - name: antimalware-ip
+ type: named_feed
+ - name: exploitkit-ip
+ type: named_feed
+ - name: ext-tor-exit-node-ip
+ type: named_feed
+ - name: ext-antimalware-ip
+ type: named_feed
+ - name: ext-exploitkit-ip
+ type: named_feed
+ - name: bot-ip
+ type: named_feed
+ - name: bogon
+ type: named_feed
# - name: pubic-doh-ip
# type: named_feed
\ No newline at end of file