Skip to content

Commit

Permalink
Merge pull request #5 from asmith-1/main
Browse files Browse the repository at this point in the history
Add support for Chronicle Regions
  • Loading branch information
redhatrises authored Dec 11, 2023
2 parents e2a8f24 + b6a6412 commit 89acf2f
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 4 deletions.
2 changes: 1 addition & 1 deletion ccib/__main__.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

falcon = FalconAPI()
queue = Queue(maxsize=10)
chronicle = Chronicle(config.get('chronicle', 'customer_id'), config.get('chronicle', 'service_account'))
chronicle = Chronicle(config.get('chronicle', 'customer_id'), config.get('chronicle', 'service_account'),config.get('chronicle','region'))

FalconReaderThread(falcon, queue).start()
ChronicleWriterThread(queue, chronicle).start()
22 changes: 20 additions & 2 deletions ccib/chronicle.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,33 @@
class Chronicle:
OAUTH2_SCOPES = ['https://www.googleapis.com/auth/chronicle-backstory',
'https://www.googleapis.com/auth/malachite-ingestion']
INGEST_ENDPOINT = 'https://malachiteingestion-pa.googleapis.com/v2/unstructuredlogentries:batchCreate'


def __init__(self, customer_id, service_account_file):
def __init__(self, customer_id, service_account_file,region):
self.customer_id = customer_id
self.region = region
# Create a credential using Google Developer Service Account Credential and Chronicle # API Scope.
self.credentials = service_account.Credentials.from_service_account_file(
service_account_file, scopes=self.OAUTH2_SCOPES)
# Build an HTTP session to make authorized OAuth requests.
self.http_session = requests.AuthorizedSession(self.credentials)
# https://cloud.google.com/chronicle/docs/reference/search-api#regional_endpoints
# https://cloud.google.com/chronicle/docs/reference/ingestion-api#regional_endpoints
# select region
match self.region:
case "EU":
self.INGEST_ENDPOINT = 'https://europe-malachiteingestion-pa.googleapis.com/v2/unstructuredlogentries:batchCreate'
case "UK":
self.INGEST_ENDPOINT = 'https://europe-west2-malachiteingestion-pa.googleapis.com/v2/unstructuredlogentries:batchCreate'
case "IL":
self.INGEST_ENDPOINT = 'https://me-west1-malachiteingestion-pa.googleapis.com/v2/unstructuredlogentries:batchCreate'
case "AU":
self.INGEST_ENDPOINT = 'https://australia-southeast1-malachiteingestion-pa.googleapis.com/v2/unstructuredlogentries:batchCreate'
case "SG":
self.INGEST_ENDPOINT = 'https://asia-southeast1-malachiteingestion-pa.googleapis.com/v2/unstructuredlogentries:batchCreate'
case _:
self.INGEST_ENDPOINT = 'https://malachiteingestion-pa.googleapis.com/v2/unstructuredlogentries:batchCreate'


def send_indicators(self, indicators):
ts = int(datetime.datetime.utcnow().timestamp() * 1000000)
Expand Down
2 changes: 1 addition & 1 deletion ccib/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
import configparser


class FigConfig(configparser.SafeConfigParser):
class FigConfig(configparser.ConfigParser):
FALCON_CLOUD_REGIONS = {'us-1', 'us-2', 'eu-1', 'us-gov-1'}
ENV_DEFAULTS = [
['logging', 'level', 'LOG_LEVEL'],
Expand Down

0 comments on commit 89acf2f

Please sign in to comment.