how to implement it in python?
Closed this issue · 5 comments
https://gist.github.com/senaps/df18fe3cade2dd5557b1e990da29768c
this is how im trying to implement the appsensor in a python application!
anybody able to help me?
i want to send a ACE3 detect into the server, i have the ui, but it doesn't get the logs.
@senaps Thanks for reaching out. Can you post the actual http request/response/error you're seeing? Usually the issue is that people are not adding the header, but it looks like you've got that setup properly.
I usually recommend people try to access /api/v1.0/responses as that just takes a get request (https://github.com/jtmelton/appsensor/blob/master/execution-modes/appsensor-ws-rest-server/src/main/java/org/owasp/appsensor/handler/RestRequestHandler.java). It does require a param, so ?earliest=SomeRFC3339Timestamp should be added (see http://henry.precheur.org/projects/rfc3339). Hope this helps.
so, i have the responses thing, i can send a get request and it sends back an empty list! i don't know if thats expected behavior or not, but at-least it's not throwing any errors!
what im getting problem with now is, addAttack thing.
sensor = apis.RestRequestHandlerApi()
s = sensor.resource_rest_request_handler_add_attack_post(body="ACE3")
# s = sensor.resource_rest_request_handler_get_responses_get()
i thought i may need to send the detection point id with it, but no way i could do that! it gives me the following error:
ApiException: (400) Reason: Bad Request HTTP response headers: HTTPHeaderDict({'Date': 'Sun, 18 Feb 2018 06:39:57 GMT', 'Content-Length': '288', 'Content-Type': 'text/plain;charset=UTF-8', 'Connection': 'close', 'Server': 'Apache-Coyote/1.1'}) HTTP response body: Can not instantiate value of type [simple type, class org.owasp.appsensor.core.Attack] from String value ('ACE3'); no single-String constructor/factory method at [Source: org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$UnCloseableInputStream@6caa8fb5; line: 1, column: 1]
so what should i send as parameter?
this is what returns when no parameters are provided!:
ApiException: (404) Reason: Not Found HTTP response headers: HTTPHeaderDict({'Date': 'Sun, 18 Feb 2018 06:47:53 GMT', 'Content-Length': '0', 'Server': 'Apache-Coyote/1.1'})
maybe i have to create an attack object?
there is a JsonDetectionpoint() class that i can use to create a detection point, but it doesn't look like an attack object! :) im really stuck!
Very good - responses is working! So, events and attacks are about the same level of effort - if you get attacks working, then events will work and vice versa. For events, I think the POSTed json body should look something like this:
{"user":{"username":"bob"},"detectionPoint":{"category":"Access Control","label":"ACE3","responses":[]},"timestamp":"2018-02-18T18:54:58.506Z","detectionSystem" {"detectionSystemId":"localhostme", "ipAddress":"10.20.30.40"}}
The content type is going to be JSON. If you want a lot of detail, you can see the following link: http://appsensor.org/docs/v2.3.0/api/ui/index.html#!/RestRequestHandler/resource_RestRequestHandler_addEvent_POST . It should give you details of the post for events, and the post for attacks can be seen on the same page. Hope this helps.
i was able to fix the problem with the help of sample data you provided. awesome!
i got into a new problem and that is detection points for other than Hour and Shift doesn't show! and i get a There are no categories found to be active in this time period. in month and week and day. though the number for their attack increases with every new attack im doing.
i think there is something wrong with something else because i didn't have this problem until i was able to send the first event!
Glad to hear it's working.
As for the new problem, do you mean in the dashboard itself or in the server? Let me know what you're seeing and I'll try to help however I can.
Note the dashboard is very much a proof of concept. You can use it, but most users (at least the ones who talk to me) tell me they send the data to some other reporting system. The dashboard is not particularly useful for long term data analysis either. It's ok if you just want to view what's going on "right now".