A Python package to fake SOC (Security Operations Center) data
Project description
soc-faker
soc-faker is used to generate fake data for use by Security Operation Centers, Information security professionals, product teams, and many more.
Getting Started
soc-faker
is compatible with Python 2.x and 3.x. You can install soc-faker
using pip
as well as cloning this repository directly.
At the time of writing this document, soc-faker
has the ability to fake data for the following main categories. You can find specific details for each category by selecting the links below:
- Alert
- Computer
- Application
- Employee
- File
- Logs
- Network
- Organization
- Products
- User Agent
- Vulnerability
- Registry
- Timestamp
Installing soc-faker
pip install soc-faker --user
Installing from source
git clone git@github.com:swimlane/soc-faker.git
cd soc-faker
python setup.py install
Prerequisites
The following libraries are required and installed by soc-faker
requests
pendulum
ipaddress
Pillow
networkx
matplotlib
PyGithub
PyYAML
Faker
GitHub PAT
In addition, you must provide a GitHub Personal Access Token to utilize specific features that rely on data from public github repositories.
Please follow this guide to get a personal access token https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
Once you have a PAT you can provide this token during initialization of the the SocFaker
object:
from socfaker import SocFaker
sf = SocFaker(github_token='YOUR PERSONAL ACCESS TOKEN')
Development
You can use the provided Dockerfile to get a development and testing environment up and running for soc-faker
.
To use the Dockerfile
run, cd to this repositories directory and run:
docker build --force-rm -t socfaker .
Once it is built, then run the docker container:
docker run socfaker
Running this will call the test python file in bin\test.py. Modify this file for additional testing and development.
Running the tests
Tests within this project should cover all available properties and methods. As this project grows the tests will become more robust but for now we are testing that they exist and return outputs.
Built With
- carcass - Python packaging template
Contributing
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
Versioning
We use SemVer for versioning.
Change Log
Please read CHANGELOG.md for details on features for a specific version of soc-faker
Authors
- Josh Rickard - Initial work - MSAdministrator
- Nick Tausek
See also the list of contributors who participated in this project.
License
This project is licensed under the MIT License - see the LICENSE file for details
Credits
soc-faker
is a Swimlane open-source project; we believe in giving back to the open-source community by sharing some of the projects we build for our application. Swimlane is an automated cyber security operations and incident response platform that enables cyber security teams to leverage threat intelligence, speed up incident response and automate security operations.
SecOps Hub is an open, product-agnostic, online community for security professionals to share ideas, use cases, best practices, and incident response strategies.
Acknowledgments
- This project utilizes data from the OSSEM project by hunters-forge
.. toctree::
:maxdepth: 2
:caption: Contents:
docs/source/faker/application
docs/source/faker/azure
docs/source/faker/computer
docs/source/faker/elastic
docs/source/faker/employee
docs/source/faker/file
docs/source/faker/logs
docs/source/faker/network
docs/source/faker/organization
docs/source/faker/qualysguard
docs/source/faker/servicenow
docs/source/faker/useragent
docs/source/faker/vulnerability
TODO
Employee
- Manager (Employee Object)
Date
- Date Between
- Date X periods back (date after 1/1/2018)
- Date X per. Forward (date after 1/1/2018)
- Duration/Span
Address
- Physical Address?
Network
- URL
File Info
- fuzzy?
- File Path
- File Reputation?
PCAP
- Generate Fake PCAP files
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for soc_faker-1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | aa0111f183bf25d4b53452390b472c32e7bad2477b956589fa87531cef8b606f |
|
MD5 | 72afc486a4894b9437f0ec27253bff02 |
|
BLAKE2b-256 | 91d170903bead0ed463be458e773374471cca49ffb369af7658ac6fcf7e02365 |
Hashes for soc_faker-1.0.0-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 82dbc1d6bad1db3003cddd867713a9ba261056fe6c74253338944d22f3e42795 |
|
MD5 | 7424c52f10578fca39f32c7c5ab90ec8 |
|
BLAKE2b-256 | 5c54fd5de21d39a79e770f090620ad535024a6538e03eefaac04299067269138 |