diff --git a/.gitignore b/.gitignore index 4668ab2..732ac2d 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ large-demo-set.ini~ +__pycache__ diff --git a/.gitignore~ b/.gitignore~ new file mode 100644 index 0000000..4668ab2 --- /dev/null +++ b/.gitignore~ @@ -0,0 +1 @@ +large-demo-set.ini~ diff --git a/example1.txt b/example-b1ddi.txt similarity index 96% rename from example1.txt rename to example-b1ddi.txt index 8bfa2b6..e4055da 100644 --- a/example1.txt +++ b/example-b1ddi.txt @@ -1,6 +1,6 @@ Running the script, showing log output: -% ./b1ddi-demo-automation.py -c ~/configs/apj-demo.ini +% ./b1ddi-demo-automation.py -c ~/configs/demo.ini --app b1ddi INFO:__main__:====== B1DDI Automation Demo Version 0.2.4 ====== INFO:__main__:Checking config... @@ -57,7 +57,7 @@ INFO:__main__:--------------------------------------------------- INFO:__main__:Please remember to clean up when you have finished: INFO:__main__:$ ./b1ddi-demo-automation.py -c /Users/marrison/configs/demo.ini --remove -% ./b1ddi-demo-automation.py -c ~/configs/demo.ini --remove +% ./b1ddi-demo-automation.py -c ~/configs/demo.ini --app b1ddi --remove INFO:__main__:====== B1DDI Automation Demo Version 0.2.4 ====== INFO:__main__:------ Cleaning Up Demo Data ------ diff --git a/example-b1td.txt b/example-b1td.txt new file mode 100644 index 0000000..1fd606a --- /dev/null +++ b/example-b1td.txt @@ -0,0 +1,65 @@ +% ./bloxone_automation_tools.py --config ~/Projects/configs/b1td_demo.ini --app b1td +INFO:__main__:====== B1TD PoV Automation Version 0.4.2 ====== +INFO:__main__:------ Creating PoV Environment ------ +INFO:__main__:---- Create Network List ---- +INFO:__main__:Creating Network List Zaphod-network +INFO:__main__:+++ Network List Zaphod-network created +INFO:__main__:---- Create Allow List ---- +INFO:__main__:Creating Allow List Zaphod-allow +INFO:__main__:+++ Allow List Zaphod-allow created +INFO:__main__:---- Create Deny List ---- +INFO:__main__:Creating Deny List Zaphod-deny +INFO:__main__:+++ Deny List Zaphod-deny created +INFO:__main__:---- Create Web Category Filters ---- +INFO:__main__:Retrieving category filters... +INFO:__main__:Creating category filter: Zaphod-risk_fraud_crime +INFO:__main__:+++ Web Category Filter Zaphod-risk_fraud_crime created +INFO:__main__:Creating category filter: Zaphod-undesireable +INFO:__main__:+++ Web Category Filter Zaphod-undesireable created +INFO:__main__:---- Create Application Filters ---- +INFO:__main__:Retrieving application filters... +INFO:__main__:Creating application filter: Zaphod-data_storage_apps +INFO:__main__:+++ Application Filter Zaphod-data_storage_apps created +INFO:__main__:Creating application filter: Zaphod-Office365 +INFO:__main__:+++ Application Filter Zaphod-Office365 created +INFO:__main__:Creating application filter: Zaphod-Facebook +INFO:__main__:+++ Application Filter Zaphod-Facebook created +INFO:__main__:---- Create Customer Policy ---- +INFO:__main__:Retrieving ruleset for policy medium +INFO:__main__:Adding local resolution app filter rules +INFO:__main__:Adding base rules +INFO:__main__:Adding action_block threat feeds +INFO:__main__:Adding action_block filters +INFO:__main__:Adding action_log threat feeds +INFO:__main__:Adding action_log filters +INFO:__main__:Creating Security Policy Zaphod-policy +INFO:__main__:+++ Security Poicy Zaphod-policy created +INFO:__main__:--------------------------------------------------- +INFO:__main__:B1TD PoV environment data created in 8.28S +INFO:__main__:Please remember to clean up when you have finished: +INFO:__main__:$ ./bloxone_automation_tools.py --config /Users/marrison/Projects/configs/b1td_demo.ini --app b1td --remove + + + +% ./bloxone_automation_tools.py --config ~/Projects/configs/b1td_demo.ini --app b1td --remove +INFO:__main__:====== B1TD PoV Automation Version 0.4.2 ====== +INFO:__main__:------ Cleaning Up B1TD PoV Environment ------ +INFO:__main__:Security policy Zaphod-policy found. +INFO:__main__:+++ Security policy Zaphod-policy deleted. +INFO:__main__:Network list Zaphod-network found. +INFO:__main__:+++ Network list Zaphod-network deleted. +INFO:__main__:Allow list Zaphod-allow found. +INFO:__main__:+++ Allow list Zaphod-allow deleted. +INFO:__main__:Deny list Zaphod-deny found. +INFO:__main__:+++ Deny list Zaphod-deny deleted. +INFO:__main__:Web Category Filter Zaphod-risk_fraud_crime found. +INFO:__main__:Web Category Filter Zaphod-undesireable found. +INFO:__main__:Deleting Web Category Filters +INFO:__main__:+++ 2 Web Category Filters deleted. +INFO:__main__:Application Filter Zaphod-data_storage_apps found. +INFO:__main__:Application Filter Zaphod-Office365 found. +INFO:__main__:Application Filter Zaphod-Facebook found. +INFO:__main__:Deleting Application Filters +INFO:__main__:+++ 3 Application filters deleted. +INFO:__main__:--------------------------------------------------- +INFO:__main__:B1TD Environment removed in 10.72S diff --git a/policy_definitions.yml b/policy_definitions.yml index a875a5b..cd2a7aa 100644 --- a/policy_definitions.yml +++ b/policy_definitions.yml @@ -109,5 +109,56 @@ policy_medium: type: named_feed - name: spambot-ip type: named_feed + # - name: pubic-doh-ip + # type: named_feed + +policy_low: + action_block: + - name: base + type: named_feed + - name: antimalware + type: named_feed + - name: ext-base-antimalware + type: named_feed + - name: malware-dga + type: named_feed + - name: ransomware + type: named_feed + - name: Threat Insight - Data Exfiltration + type: custom_list + + action_log: + - name: ext-ransomware + type: named_feed + - name: surbl-lite + type: named_feed + - name: multi-domain.surbl + type: named_feed + - name: cryptocurrency + type: named_feed + - name: public-doh + type: named_feed + - name: fresh-domain.surbl + type: named_feed + - name: farsightnod + type: named_feed + - name: Threat Insight - DGA + type: custom_list + - name: Threat Insight - DNS Messenger + type: custom_list + - name: antimalware-ip + type: named_feed + - name: exploitkit-ip + type: named_feed + - name: ext-tor-exit-node-ip + type: named_feed + - name: ext-antimalware-ip + type: named_feed + - name: ext-exploitkit-ip + type: named_feed + - name: bot-ip + type: named_feed + - name: bogon + type: named_feed # - name: pubic-doh-ip # type: named_feed \ No newline at end of file diff --git a/todo.txt b/todo.txt deleted file mode 100644 index 9cec58d..0000000 --- a/todo.txt +++ /dev/null @@ -1,14 +0,0 @@ -Actions: - - - Check Org is not SE Org for B1TD POC - - Configure a pass and block list with name of company-allow, company-block one bogus - entry in each. - - Create an external network - - Create a content filter with the Risk/Fraud category and - information/communication - - Create an app filter with the Personal Storage category - - - Create an appropriate policy with 'PoC best practise' settings - - - Add external network and DFPs to Policy - \ No newline at end of file