This collection of libraries is designed to be used in various SOC applications. We've included most of our common tools and services to make your job easier and more efficient.
- Alienvault OTX
- Cisco Umbrella
- Vectra client for vectra-api
- IOC enrichment
- URL defanger
- Stakeholder IP lookup
- TAMU directory search
- Quick links generator
- IP geolocation lookup
- Website screenshot grabber
- Website description lookup
- Elasticsearch
- Slack
- Linux display session checker
We've also made sure to leave out some tools that might be better suited for separate repos, like case management libraries (Jira, ELK, etc.) and Prometheus exporters.
To ensure the quality of our libraries, we use Pytest for unit testing. Be sure to check out our TESTING.md for more information.
Thanks for choosing soclib! We hope it makes your SOC work a little bit easier. 💪
Install the Python pip modules from requirements.txt
using:
pip3 install -r ./requirements.txt
You will need to set the following environment variables. This can also be done using a .env
file.
# Slack
SLACK_ALERT_LEVEL=
SLACK_TOKEN=
SLACK_CHANNEL=
# JIRA
JIRA_USERNAME=
JIRA_TOKEN=
JIRA_PROJECT_KEY=
# Vectra
VECTRA_API_URL=
TEST_STAKEHOLDER=
TEST_DETECTION_ID=
TEST_HOST_ID=
VECTRA_TIMEOUT=[seconds]
# Vectra (Production only)
AZURE_CLIENT_ID=
AZURE_TENANT_ID=
AZURE_CLIENT_SECRET=
# Reputation Services
UMBRELLA_API_KEY=
OTX_API_KEY=
# SOC DB
DB_USER=
DB_HOST_IP=
DB_PORT=
DB_PASS=
READ_ONLY=TRUE
DB_NAME=
Here is a list of tasks that need to be done:
- Clean up everything in stakeholder folder (soc-db-utils, etc.)
- VectraClient
- UmbrellaCleint
- OTXClient
- Azure auth
- TimeoutHTTPAdapter
- misc.get_website_description
- misc.linux_session_check
- misc.search_directory
- web.get_screenshot
- geolocation.get_location_data
- custom_errors
- custom_errors
- geolocation
- log_handlers
- misc
- reputation
- stakeholder
- custom_errors
- tests
- timeout_adapter
- vectra
- web