bcmc · NoDataFound · Jan 31, 2017 · Jan 31, 2017 · Jan 31, 2017 · Jan 31, 2017
diff --git a/automation/README.md b/automation/README.md
@@ -0,0 +1,88 @@
+####DISCLAIMER
+
+                  ANY DOWNLOAD AND USE OF THIS UNSUPPORTED SOFTWARE PROGRAM PRODUCT IS DONE AT
+                  THE USERS OWN RISK AND THE USER WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO
+                  – WITHOUT LIMITATION – ANY COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM
+                  SUCH ACTIVITIES. SHOULD IT PROVE DEFECTIVE,     USER ASSUMES THE COST OF ALL
+                  NECESSARY SERVICING, REPAIR AND/OR CORRECTION.     IT IS THEREFORE UP TO THE
+                  USER TO TAKE ADEQUATE PRECAUTION AGAINST POSSIBLE DAMAGES     RESULTING FROM
+                  THIS UNSUPPORTED SOFTWARE.
+
+##Description
+
+```bash        
+                 Automation to support the quick correlation, tagging, and visualization of AIS data.   
+   _____  .___  _________           
+  /  _  \ |   |/   _____/                           
+ /  /_\  \|   |\_____  \                            
+/    |    \   |/        \    Author: Cory Kennedy (@corykennedy)                       
+\____|__  /___/___v1.0_  /                          
+        \/  AUTOMISPER \/                            
+
+                           + Automation can also be used as standalone scripts                          
+                           + Scripts are simply a working POC and written to only support TAXII 1.1  
+```
+
+##Dependancies
+```bash
+            + Active AIS Participation | https://www.us-cert.gov/ais                    
+            + Working Flare instance   | https://github.com/bcmc/oss
+            + Working MISP instance    | https://github.com/MISP/MISP                      
+            + Working CTI-Toolkit      | https://github.com/certau/cti-toolkit.git (MISP server)
+```
+
+##Installation Summary
+```bash
+            + Install scripts & crontabs onto your MISP and Flare servers               
+                    + Need help with crontabs?  Try: https://crontab.guru/                   
+            + The below will execute the scripts at 2:30am daily and log all output
+```
+
+##FLARE Installation
+
+Step 1: GIT the automation branch
+
+      git clone -b Automation --single-branch https://github.com/NoDataFound/oss.git oss-automation
+
+Step 2:  Move scripts from oss-automation/scripts/flare to your flare server
+  Example: 
+```bash    
+    mv oss-automation/scripts/flare/* /opt/Flare/scripts/
+```
+
+Step 3: Install crontabs
+
+    export VISUAL=nano; crontab -e
+
+Example  - GNU nano 2.3.1                    File: /tmp/crontab.aisautomation
+
+     30 2 * * * /opt/Flare/scripts/CISCP.sh &>/opt/Flare/scripts/logs/CISCP_`date +\%y-\%m-\%d`.out
+     32 2 * * * /opt/Flare/scripts/AIS.sh &>/opt/Flare/scripts/logs/AIS_`date +\%y-\%m-\%d`.out
+
+Save with ctrl + x
+
+###### Flare server is complete. Proceed to MISP
+
+##MISP Installation
+
+Step 1: GIT the automation branch
+
+      git clone -b Automation --single-branch https://github.com/NoDataFound/oss.git oss-automation
+
+Step 2:  Move scripts from oss-automation/scripts/misp to your MISP server
+  Example: 
+
+      mv oss-automation/scripts/misp/* /home/misp/scripts/
+
+Step 3: Install crontabs
+
+    export VISUAL=nano; crontab -e
+
+Example  - GNU nano 2.3.1                    File: /tmp/crontab.mispautomation
+
+    30 2 * * * /home/misp/scripts/MISP.sh
+
+Save with ctrl + x
+
+###### MISP server is complete! YOU ARE DONE!
+
diff --git a/automation/flare/AIS.sh b/automation/flare/AIS.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+# ------------------------------DISCLAIMER-------------------------------------#
+# ANY DOWNLOAD AND USE OF THIS UNSUPPORTED SOFTWARE PROGRAM PRODUCT IS DONE AT #
+# THE USERS OWN RISK AND THE USER WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO #
+# – WITHOUT LIMITATION – ANY COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM #
+# SUCH ACTIVITIES. SHOULD IT PROVE DEFECTIVE,     USER ASSUMES THE COST OF ALL #
+# NECESSARY SERVICING, REPAIR AND/OR CORRECTION.     IT IS THEREFORE UP TO THE #
+# USER TO TAKE ADEQUATE PRECAUTION AGAINST POSSIBLE DAMAGES     RESULTING FROM #
+# THIS UNSUPPORTED SOFTWARE.                                                   #
+# ------------------------------DISCLAIMER-------------------------------------#
+# Simple shell script to pull the AIS feed from AIS Data
+# There are much better ways to do this. This is only a quick working POC
+# Author: Cory Kennedy (@corykennedy)
+#                          _____  .___  _________
+#                         /  _  \ |   |/   _____/
+#                        /  /_\  \|   |\_____  \
+#                       /    |    \   |/        \
+#                       \____|__  /___/___v1.0_  /
+#                               \/             \/
+#                                   AIS Automation
+# Usage: ./AIS.sh
+# -----------------------------------------------------------------------------
+#Move into our working directory
+cd /opt/Flare/
+#Poll AIS server for AIS feed using TAXII 1.1 and format date parameters
+./poll.sh 1.1 AIS -b $(date -d '1 days ago' --utc "+%FT%T.%N" | sed -r 's/[[:digit:]]{6}$/Z/') -e $(date -d --utc "+%FT%T.%N" | sed -r 's/[[:digit:]]{6}$/Z/')
+#Move into our working feed directory
+cd /opt/Flare/subscribeFeeds/AIS/
+#Prepare all files for transport
+tar -zcvf /opt/Flare/TRANSFER/AIS_`date +%y-%m-%d`.tgz .
+#Cleanup files after completion
+rm -rf /opt/Flare/subscribeFeeds/AIS/*
+# ------------------------------DISCLAIMER-------------------------------------#
+# ANY DOWNLOAD AND USE OF THIS UNSUPPORTED SOFTWARE PROGRAM PRODUCT IS DONE AT #
+# THE USERS OWN RISK AND THE USER WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO #
+# – WITHOUT LIMITATION – ANY COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM #
+# SUCH ACTIVITIES. SHOULD IT PROVE DEFECTIVE,     USER ASSUMES THE COST OF ALL #
+# NECESSARY SERVICING, REPAIR AND/OR CORRECTION.     IT IS THEREFORE UP TO THE #
+# USER TO TAKE ADEQUATE PRECAUTION AGAINST POSSIBLE DAMAGES     RESULTING FROM #
+# THIS UNSUPPORTED SOFTWARE.                                                   #
+# ------------------------------DISCLAIMER-------------------------------------#
diff --git a/automation/flare/CISCP.sh b/automation/flare/CISCP.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+# ------------------------------DISCLAIMER-------------------------------------#
+# ANY DOWNLOAD AND USE OF THIS UNSUPPORTED SOFTWARE PROGRAM PRODUCT IS DONE AT #
+# THE USERS OWN RISK AND THE USER WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO #
+# – WITHOUT LIMITATION – ANY COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM #
+# SUCH ACTIVITIES. SHOULD IT PROVE DEFECTIVE,     USER ASSUMES THE COST OF ALL #
+# NECESSARY SERVICING, REPAIR AND/OR CORRECTION.     IT IS THEREFORE UP TO THE #
+# USER TO TAKE ADEQUATE PRECAUTION AGAINST POSSIBLE DAMAGES     RESULTING FROM #
+# THIS UNSUPPORTED SOFTWARE.                                                   #
+# ------------------------------DISCLAIMER-------------------------------------#
+# Simple shell script to pull the CISCP feed from AIS Data
+# There are much better ways to do this. This is only a quick working POC.
+# Author: Cory Kennedy (@corykennedy)
+#             _________ .___  ____________________________
+#              \_   ___ \|   |/   _____/\_   ___ \______   \
+#              /    \  \/|   |\_____  \ /    \  \/|     ___/
+#              \     \___|   |/        \\     \___|    |
+#               \______  /___/_______  / \______  /v1.1|
+#                      \/            \/         \/
+#                                          AIS Automation
+# Usage: ./CISCP.sh
+# -----------------------------------------------------------------------------
+#Move into our working directory
+cd /opt/Flare/
+#Poll AIS server for AIS feed using TAXII 1.1 and format date parameters
+./poll.sh 1.1 CISCP -b $(date -d '1 days ago' --utc "+%FT%T.%N"| sed -r 's/[[:digit:]]{6}$/Z/') -e $(date -d --utc "+%FT%T.%N" | sed -r 's/[[:digit:]]{6}$/Z/')
+#Move into our working feed directory
+cd /opt/Flare/subscribeFeeds/CISCP/
+#Prepare all files for transport
+tar -zcvf /opt/Flare/TRANSFER/CISCP_`date +%y-%m-%d`.tgz .
+#Cleanup files after completion
+rm -rf /opt/Flare/subscribeFeeds/CISCP/*
+# ------------------------------DISCLAIMER-------------------------------------#
+# ANY DOWNLOAD AND USE OF THIS UNSUPPORTED SOFTWARE PROGRAM PRODUCT IS DONE AT #
+# THE USERS OWN RISK AND THE USER WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO #
+# – WITHOUT LIMITATION – ANY COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM #
+# SUCH ACTIVITIES. SHOULD IT PROVE DEFECTIVE,     USER ASSUMES THE COST OF ALL #
+# NECESSARY SERVICING, REPAIR AND/OR CORRECTION.     IT IS THEREFORE UP TO THE #
+# USER TO TAKE ADEQUATE PRECAUTION AGAINST POSSIBLE DAMAGES     RESULTING FROM #
+# THIS UNSUPPORTED SOFTWARE.                                                   #
+# ------------------------------DISCLAIMER-------------------------------------#
diff --git a/automation/misp/MISP.sh b/automation/misp/MISP.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+# ------------------------------DISCLAIMER-------------------------------------#
+# ANY DOWNLOAD AND USE OF THIS UNSUPPORTED SOFTWARE PROGRAM PRODUCT IS DONE AT #
+# THE USERS OWN RISK AND THE USER WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO #
+# – WITHOUT LIMITATION – ANY COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM #
+# SUCH ACTIVITIES. SHOULD IT PROVE DEFECTIVE,     USER ASSUMES THE COST OF ALL #
+# NECESSARY SERVICING, REPAIR AND/OR CORRECTION.     IT IS THEREFORE UP TO THE #
+# USER TO TAKE ADEQUATE PRECAUTION AGAINST POSSIBLE DAMAGES     RESULTING FROM #
+# THIS UNSUPPORTED SOFTWARE.                                                   #
+# ------------------------------DISCLAIMER-------------------------------------#
+# Simple script to automate AIS data into MISP
+# Author: Cory Kennedy (@corykennedy)
+# -----------------------------------------------------------------------------
+#      _____  .___  _________               _____  .___  ___________________
+#     /  _  \ |   |/   _____/    .__       /     \ |   |/   _____/\______   \
+#    /  /_\  \|   |\_____  \   __|  |___  /  \ /  \|   |\_____  \  |     ___/
+#   /    |    \   |/        \ /__    __/ /    Y    \   |/        \ |    |
+#   \____|__  /___/TAXII1.1 /    |__|    \____|__  /___/_______  / |____|
+#           \/            \/                     \/            \/
+# Usage: ./MISP.sh
+# -----------------------------------------------------------------------------
+#Transfer files from AIS host, then remove source files.
+#Assumes you have ssh-copy-id yourself onto your flare host.
+rsync -avz --remove-source-files -e ssh user@your.flare.host:/opt/Flare/TRANSFER /home/misp/feeds/
+#Move into our working directory
+cd /home/misp/feeds/TRANSFER/
+#Find compressed AIS files and uncompress them
+cat *.tgz | tar -zxvf - -i
+#Import into MISP
+python /home/misp/cti-toolkit/stixtransclient.py --file /home/misp/feeds/TRANSFER/ -r --misp --misp-url https://misp --misp-key [YOURMISPKEY] --misp-threat 2 --misp-distribution 0 --misp-info "AIS"
+#Cleanup transfered files after completion
+rm -rf /home/misp/feeds/TRANSFER/
+# ------------------------------DISCLAIMER-------------------------------------#
+# ANY DOWNLOAD AND USE OF THIS UNSUPPORTED SOFTWARE PROGRAM PRODUCT IS DONE AT #
+# THE USERS OWN RISK AND THE USER WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO #
+# – WITHOUT LIMITATION – ANY COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM #
+# SUCH ACTIVITIES. SHOULD IT PROVE DEFECTIVE,     USER ASSUMES THE COST OF ALL #
+# NECESSARY SERVICING, REPAIR AND/OR CORRECTION.     IT IS THEREFORE UP TO THE #
+# USER TO TAKE ADEQUATE PRECAUTION AGAINST POSSIBLE DAMAGES     RESULTING FROM #
+# THIS UNSUPPORTED SOFTWARE.                                                   #
+# ------------------------------DISCLAIMER-------------------------------------#