20220205 v04.2 Initial Release

Added low  policy level to yml, completed documentation

.gitignore

@@ -1 +1,2 @@
 large-demo-set.ini~
+__pycache__

.gitignore~

@@ -0,0 +1 @@
+large-demo-set.ini~

example1.txt → example-b1ddi.txt

@@ -1,6 +1,6 @@
 Running the script, showing log output:
 
-% ./b1ddi-demo-automation.py -c ~/configs/apj-demo.ini 
+% ./b1ddi-demo-automation.py -c ~/configs/demo.ini --app b1ddi
 
 INFO:__main__:====== B1DDI Automation Demo Version 0.2.4 ======
 INFO:__main__:Checking config...
@@ -57,7 +57,7 @@ INFO:__main__:---------------------------------------------------
 INFO:__main__:Please remember to clean up when you have finished:
 INFO:__main__:$ ./b1ddi-demo-automation.py -c /Users/marrison/configs/demo.ini --remove
 
-% ./b1ddi-demo-automation.py -c ~/configs/demo.ini --remove
+% ./b1ddi-demo-automation.py -c ~/configs/demo.ini --app b1ddi --remove
 
 INFO:__main__:====== B1DDI Automation Demo Version 0.2.4 ======
 INFO:__main__:------ Cleaning Up Demo Data ------

example-b1td.txt

@@ -0,0 +1,65 @@
+% ./bloxone_automation_tools.py --config ~/Projects/configs/b1td_demo.ini --app b1td 
+INFO:__main__:====== B1TD PoV Automation Version 0.4.2 ======
+INFO:__main__:------ Creating PoV Environment ------
+INFO:__main__:---- Create Network List ----
+INFO:__main__:Creating Network List Zaphod-network
+INFO:__main__:+++ Network List Zaphod-network created
+INFO:__main__:---- Create Allow List ----
+INFO:__main__:Creating Allow List Zaphod-allow
+INFO:__main__:+++ Allow List Zaphod-allow created
+INFO:__main__:---- Create Deny List ----
+INFO:__main__:Creating Deny List Zaphod-deny
+INFO:__main__:+++ Deny List Zaphod-deny created
+INFO:__main__:---- Create Web Category Filters ----
+INFO:__main__:Retrieving category filters... 
+INFO:__main__:Creating category filter: Zaphod-risk_fraud_crime
+INFO:__main__:+++ Web Category Filter Zaphod-risk_fraud_crime created
+INFO:__main__:Creating category filter: Zaphod-undesireable
+INFO:__main__:+++ Web Category Filter Zaphod-undesireable created
+INFO:__main__:---- Create Application Filters ----
+INFO:__main__:Retrieving application filters... 
+INFO:__main__:Creating application filter: Zaphod-data_storage_apps
+INFO:__main__:+++ Application Filter Zaphod-data_storage_apps created
+INFO:__main__:Creating application filter: Zaphod-Office365
+INFO:__main__:+++ Application Filter Zaphod-Office365 created
+INFO:__main__:Creating application filter: Zaphod-Facebook
+INFO:__main__:+++ Application Filter Zaphod-Facebook created
+INFO:__main__:---- Create Customer Policy ----
+INFO:__main__:Retrieving ruleset for policy medium
+INFO:__main__:Adding local resolution app filter rules
+INFO:__main__:Adding base rules
+INFO:__main__:Adding action_block threat feeds
+INFO:__main__:Adding action_block filters
+INFO:__main__:Adding action_log threat feeds
+INFO:__main__:Adding action_log filters
+INFO:__main__:Creating Security Policy Zaphod-policy
+INFO:__main__:+++ Security Poicy Zaphod-policy created
+INFO:__main__:---------------------------------------------------
+INFO:__main__:B1TD PoV environment data created in 8.28S
+INFO:__main__:Please remember to clean up when you have finished:
+INFO:__main__:$ ./bloxone_automation_tools.py --config /Users/marrison/Projects/configs/b1td_demo.ini --app b1td --remove
+
+
+
+% ./bloxone_automation_tools.py --config ~/Projects/configs/b1td_demo.ini --app b1td --remove
+INFO:__main__:====== B1TD PoV Automation Version 0.4.2 ======
+INFO:__main__:------ Cleaning Up B1TD PoV Environment ------
+INFO:__main__:Security policy Zaphod-policy found.
+INFO:__main__:+++ Security policy Zaphod-policy deleted.
+INFO:__main__:Network list Zaphod-network found.
+INFO:__main__:+++ Network list Zaphod-network deleted.
+INFO:__main__:Allow list Zaphod-allow found.
+INFO:__main__:+++ Allow list Zaphod-allow deleted.
+INFO:__main__:Deny list Zaphod-deny found.
+INFO:__main__:+++ Deny list Zaphod-deny deleted.
+INFO:__main__:Web Category Filter Zaphod-risk_fraud_crime found.
+INFO:__main__:Web Category Filter Zaphod-undesireable found.
+INFO:__main__:Deleting Web Category Filters
+INFO:__main__:+++ 2 Web Category Filters deleted.
+INFO:__main__:Application Filter Zaphod-data_storage_apps found.
+INFO:__main__:Application Filter Zaphod-Office365 found.
+INFO:__main__:Application Filter Zaphod-Facebook found.
+INFO:__main__:Deleting Application Filters
+INFO:__main__:+++ 3 Application filters deleted.
+INFO:__main__:---------------------------------------------------
+INFO:__main__:B1TD Environment removed in 10.72S

policy_definitions.yml

@@ -109,5 +109,56 @@ policy_medium:
       type: named_feed
     - name: spambot-ip
       type: named_feed
+    # - name: pubic-doh-ip
+      # type: named_feed
+
+policy_low: 
+  action_block:
+    - name: base
+      type: named_feed
+    - name: antimalware
+      type: named_feed
+    - name: ext-base-antimalware
+      type: named_feed
+    - name: malware-dga
+      type: named_feed
+    - name: ransomware
+      type: named_feed
+    - name: Threat Insight - Data Exfiltration
+      type: custom_list
+
+  action_log:
+    - name: ext-ransomware
+      type: named_feed
+    - name: surbl-lite
+      type: named_feed
+    - name: multi-domain.surbl
+      type: named_feed
+    - name: cryptocurrency
+      type: named_feed
+    - name: public-doh
+      type: named_feed
+    - name: fresh-domain.surbl
+      type: named_feed
+    - name: farsightnod
+      type: named_feed
+    - name: Threat Insight - DGA
+      type: custom_list
+    - name: Threat Insight - DNS Messenger
+      type: custom_list
+    - name: antimalware-ip
+      type: named_feed
+    - name: exploitkit-ip
+      type: named_feed
+    - name: ext-tor-exit-node-ip
+      type: named_feed
+    - name: ext-antimalware-ip
+      type: named_feed
+    - name: ext-exploitkit-ip
+      type: named_feed
+    - name: bot-ip
+      type: named_feed
+    - name: bogon
+      type: named_feed
     # - name: pubic-doh-ip
       # type: named_feed