From 57c5396c370f06ebd02c47a7ff543abf1d293197 Mon Sep 17 00:00:00 2001 From: Alexandr Kolnik Date: Sun, 19 Feb 2023 13:08:08 +0600 Subject: [PATCH 1/2] Add a responder to send case information to Telegram --- responders/Telegram/README.md | 15 ++++++ responders/Telegram/Telegram.json | 42 ++++++++++++++++ responders/Telegram/requirements.txt | 1 + responders/Telegram/telegram.py | 73 ++++++++++++++++++++++++++++ 4 files changed, 131 insertions(+) create mode 100644 responders/Telegram/README.md create mode 100644 responders/Telegram/Telegram.json create mode 100644 responders/Telegram/requirements.txt create mode 100644 responders/Telegram/telegram.py diff --git a/responders/Telegram/README.md b/responders/Telegram/README.md new file mode 100644 index 000000000..1552e42a5 --- /dev/null +++ b/responders/Telegram/README.md @@ -0,0 +1,15 @@ +### Telegram responder + +##### Data required for the work of the responder + +* **api_token** +How to create a telegram bot and get API token [read here](https://flowxo.com/how-to-create-a-bot-for-telegram-short-and-simple-guide-for-beginners/) + +* **chat_id** +How to get a group or channal chat ID [read here](https://stackoverflow.com/questions/32423837/telegram-bot-how-to-get-a-group-chat-id) + +* **date_format** +Make the date and time format convenient for you or use the default. About date and time code formats [here](https://www.geeksforgeeks.org/python-datetime-strptime-function/) + +* **tag** +If you want a tag to be attached to the case when executing the responder, specify its name (optional) \ No newline at end of file diff --git a/responders/Telegram/Telegram.json b/responders/Telegram/Telegram.json new file mode 100644 index 000000000..ec2179c72 --- /dev/null +++ b/responders/Telegram/Telegram.json @@ -0,0 +1,42 @@ +{ + "name": "Telegram", + "version": "1.0", + "author": "Alex Kolnik, PS Cloud Services, @ps_kz", + "url": "https://github.com/TheHive-Project/Cortex-Analyzers", + "license": "AGPL-V3", + "description": "Send a message to Telegram with information from TheHive case", + "dataTypeList": ["thehive:case"], + "command": "Telegram/telegram.py", + "baseConfig": "Telegram", + "configurationItems": [ + { + "name": "api_token", + "description": "The token is a string, like 110201543:AAHdqTcvCH1vGWJxfSeofSAs0K5PALDsaw, which is required to authorize the bot and send requests to the Bot API", + "type": "string", + "multi": false, + "required": true + }, + { + "name": "chat_id", + "description": "ID of the chat or channel to which the message will be sent", + "type": "number", + "multi": false, + "required": true + }, + { + "name": "date_format", + "description": "https://www.geeksforgeeks.org/python-datetime-strptime-function/", + "type": "string", + "multi": false, + "required": true, + "defaultValue": "%d.%m.%Y %H:%M" + }, + { + "name": "tag", + "description": "Tag name to be assigned to the case", + "type": "string", + "multi": false, + "required": false + } + ] +} \ No newline at end of file diff --git a/responders/Telegram/requirements.txt b/responders/Telegram/requirements.txt new file mode 100644 index 000000000..37dfee161 --- /dev/null +++ b/responders/Telegram/requirements.txt @@ -0,0 +1 @@ +cortexutils \ No newline at end of file diff --git a/responders/Telegram/telegram.py b/responders/Telegram/telegram.py new file mode 100644 index 000000000..a92d45b09 --- /dev/null +++ b/responders/Telegram/telegram.py @@ -0,0 +1,73 @@ +#!/usr/bin/env python3 +# encoding: utf-8 + +import json +import requests +from datetime import datetime +from cortexutils.responder import Responder + + +class Telegram(Responder): + + def __init__(self): + Responder.__init__(self) + self.api_token = self.get_param( + "config.api_token", None, "Missing Telegram bot API token") + self.chat_id = self.get_param( + "config.chat_id", None, "Missing Telegram Chat ID") + self.date_format = self.get_param( + "config.date_format", "%d.%m.%Y %H:%M") + self.tag = self.get_param("config.tag", None) + + def run(self): + Responder.run(self) + + # converting TheHive severities to readable + severities = { + 1: 'Low', + 2: 'Medium', + 3: 'High', + 4: 'Critical' + } + + caseId = self.get_param("data.caseId") + title = self.get_param("data.title") + severity = severities[self.get_param("data.severity", 2)] + owner = self.get_param("data.owner") + description = self.get_param("data.description") + + startDate_datetime = datetime.fromtimestamp( + self.get_param("data.startDate", 0) / 1000) + startDate_formated = startDate_datetime.strftime(self.date_format) + + # markdown syntax in TheHive is different from Telegram + description = description.replace("**", "*") + description = description.replace("\n\n", "\n") + + msg_content = f'#Case{caseId}\n' + msg_content += f'*{title}*\n\n' + msg_content += f'*Severity*: {severity}\n' + msg_content += f'*Assignee*: {owner}\n' + msg_content += f'*Date*: {startDate_formated}\n\n' + msg_content += f'*Description*:\n{description}' + + msg_data = {} + msg_data['chat_id'] = self.chat_id + msg_data['text'] = msg_content + msg_data['parse_mode'] = 'markdown' + message = json.dumps(msg_data) + + hook_url = f'https://api.telegram.org/bot{self.api_token}/sendMessage' + headers = {'content-type': 'application/json', + 'Accept-Charset': 'UTF-8'} + resp_code = requests.post(hook_url, headers=headers, data=message) + + self.report({"message": f"{resp_code.text}"}) + + def operations(self, raw): + if self.tag: + return [self.build_operation("AddTagToCase", tag=self.tag)] + + +if __name__ == "__main__": + Telegram().run() From 7a815b9ddbe915137205097e2c9bb6d6dbac5594 Mon Sep 17 00:00:00 2001 From: "Fabien B." <15647296+nusantara-self@users.noreply.github.com> Date: Wed, 16 Oct 2024 17:55:18 +0900 Subject: [PATCH 2/2] Update Telegram.json - Subscription requirements --- responders/Telegram/Telegram.json | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/responders/Telegram/Telegram.json b/responders/Telegram/Telegram.json index ec2179c72..f3c49f036 100644 --- a/responders/Telegram/Telegram.json +++ b/responders/Telegram/Telegram.json @@ -38,5 +38,9 @@ "multi": false, "required": false } - ] -} \ No newline at end of file + ], + "registration_required": true, + "subscription_required": false, + "free_subscription": true, + "service_homepage": "https://www.telegram.org" +}