soc-faker is used to generate fake data for use by Security Operation Centers, Information security professionals, product teams, and many more.
soc-faker
is compatible with Python 2.x and 3.x. You can install soc-faker
using pip
as well as cloning this repository directly.
At the time of writing this document, soc-faker
has the ability to fake data for the following main categories. You can find specific details for each category by selecting the links below:
- Alert
- Computer
- Application
- Employee
- File
- Logs
- Network
- Organization
- Products
- User Agent
- Vulnerability
- Registry
- Timestamp
pip install soc-faker --user
git clone git@github.com:swimlane/soc-faker.git
cd soc-faker
python setup.py install
The following libraries are required and installed by soc-faker
requests
pendulum
ipaddress
Pillow
networkx
matplotlib
PyGithub
PyYAML
Faker
In addition, you must provide a GitHub Personal Access Token to utilize specific features that rely on data from public github repositories.
Please follow this guide to get a personal access token https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
Once you have a PAT you can provide this token during initialization of the the SocFaker
object:
from socfaker import SocFaker
sf = SocFaker(github_token='YOUR PERSONAL ACCESS TOKEN')
You can use the provided Dockerfile to get a development and testing environment up and running for soc-faker
.
To use the Dockerfile
run, cd to this repositories directory and run:
docker build --force-rm -t socfaker .
Once it is built, then run the docker container:
docker run socfaker
Running this will call the test python file in bin\test.py. Modify this file for additional testing and development.
Tests within this project should cover all available properties and methods. As this project grows the tests will become more robust but for now we are testing that they exist and return outputs.
- carcass - Python packaging template
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
We use SemVer for versioning.
Please read CHANGELOG.md for details on features for a specific version of soc-faker
- Josh Rickard - Initial work - MSAdministrator
- Nick Tausek
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE file for details
soc-faker
is a Swimlane open-source project; we believe in giving back to the open-source community by sharing some of the projects we build for our application. Swimlane is an automated cyber security operations and incident response platform that enables cyber security teams to leverage threat intelligence, speed up incident response and automate security operations.
SecOps Hub is an open, product-agnostic, online community for security professionals to share ideas, use cases, best practices, and incident response strategies.
- This project utilizes data from the OSSEM project by hunters-forge
.. toctree::
:maxdepth: 2
:caption: Contents:
docs/source/faker/application
docs/source/faker/azure
docs/source/faker/computer
docs/source/faker/elastic
docs/source/faker/employee
docs/source/faker/file
docs/source/faker/logs
docs/source/faker/network
docs/source/faker/organization
docs/source/faker/qualysguard
docs/source/faker/servicenow
docs/source/faker/useragent
docs/source/faker/vulnerability
- Manager (Employee Object)
- Date Between
- Date X periods back (date after 1/1/2018)
- Date X per. Forward (date after 1/1/2018)
- Duration/Span
- Physical Address?
- URL
- fuzzy?
- File Path
- File Reputation?
- Generate Fake PCAP files