A Rebase and Squash for the First Release

.gitignore

@@ -0,0 +1,12 @@
+
+docs/api/.DS_Store
+
+users/migrations/
+
+docs/.DS_Store
+
+docs/screenshots/images/.DS_Store
+
+docs/screenshots/.DS_Store
+
+.DS_Store

.travis.yml

@@ -0,0 +1,24 @@
+language: python
+matrix:
+    include:
+        - "3.8"
+
+services:
+    - docker
+
+install:
+    - pip install pipenv
+    - pipenv install
+    - sudo apt update -y
+    - sudo apt install nikto -y
+before_script:
+    - docker-compose up -d --build
+
+script:
+    - docker-compose exec web python manage.py makemigrations
+    - docker-compose exec web python manage.py migrate
+    - docker-compose exec web python manage.py test
+    - docker-compose run web prospector --profile prospector_profile
+
+after_script:
+    - nikto -h localhost -p 8000

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "python.pythonPath": "C:\\Users\\Exit\\AppData\\Local\\Programs\\Python\\Python39\\python.exe"
+}

Dockerfile

@@ -0,0 +1,16 @@
+# Pull Base
+FROM python:3.8
+
+# Environment Variables
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONUNBUFFERED 1
+
+# Work Directory
+WORKDIR /code
+
+# Install Dependencies
+COPY Pipfile Pipfile.lock /code/
+RUN pip install pipenv && pipenv install --system
+
+# Copy Project
+COPY . /code/

Pipfile

@@ -0,0 +1,22 @@
+[[source]]
+name = "pypi"
+url = "https://pypi.org/simple"
+verify_ssl = true
+
+[dev-packages]
+autopep8 = "*"
+
+[packages]
+django = "*"
+psycopg2 = "*"
+django-crispy-forms = "*"
+django-allauth = "*"
+djangorestframework = "==3.11.0"
+django-rest-auth = "*"
+pyyaml = "*"
+drf-yasg = "*"
+prospector = "*"
+packaging = "*"
+
+[requires]
+python_version = "3.8"

README.md

@@ -0,0 +1,48 @@
+SIEMEz
+=====
+
+SIEMEz is a truly free security solution that allows anyone the ability to deploy their own Security Incident and Event Management System.
+SIEMEz allows for the ingestion of Syslog content which can then be searched and analysed. The aim of the project is to allow for easy integration of DevOps, Machine Learning and Advanced Automation.
+
+# Motivation
+While there are several SIEM solutions available, many require enterprise licensing to utilise effectively.
+The annoyance of enterprise licensing for user management, or even dashboarding and the lack of further integration of other areas of computing has led
+to the creation of this project. Security for hobbyists, small- medium, and large businesses should not be held ransom to enterprise licensing.
+
+# Build Status
+Build status from TravisCI
+[![Build Status](https://img.shields.io/travis/TheAlgorithms/Python.svg?label=Travis%20CI&logo=travis&style=flat-square)](https://travis-ci.com/github/jwhitt3r/SIEMEz)
+
+# Documentation
+For all documentation regarding SIEMEz, please navigate to the [Wiki](https://github.com/jwhitt3r/SIEMEz/wiki).
+
+# Code Style
+This project follows the standard styling of [PEP8](https://www.python.org/dev/peps/pep-0008/)
+
+# Framework
+The core of SIEMEz is the Django framework, with its maturity in the web development world, coupled with the flexibility of Python, allows anyone to extend SIEMEz.
+In addition, the pipenv virtual environment is used along with Docker for the ability to deploy quickly, seamlessly and efficiently.
+
+Overall the project utilises five main components:
+* Django Web and Rest Framework
+* Pipenv
+* Docker
+* Python
+* RSyslog
+
+The TravisCI also allows for extensions to allow for DevSecOps extensions, see .travis.yml
+
+# Features
+SIEMEz allows for the quick deployment and integration of log files to allow for quick security analysis but also extending to the easy integration of machine learning models.
+
+# License
+This project is ment to be flexible and easy to integrate but allowing others to use and adapt to their needs. While this is the case, any changes to the project should be open and discussed to better the security community.
+
+# Contribution
+To help out with SIEMEz contact me at: contribute@siemez.io
+Follow me on [Twitter](https://twitter.com/Jack_WJ)
+
+# Screenshots
+![Event Dashboard](https://github.com/jwhitt3r/SIEMEz/blob/master/docs/screenshots/images/event_dashboard.png)
+![Incident Case](https://github.com/jwhitt3r/SIEMEz/blob/master/docs/screenshots/images/incident_case.png)
+![Search Event](https://github.com/jwhitt3r/SIEMEz/blob/master/docs/screenshots/images/search_event.png)

api/admin.py

@@ -0,0 +1 @@
+# from django.contrib import admin

api/apps.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class ApiConfig(AppConfig):
+    name = 'api'

api/models.py

@@ -0,0 +1 @@
+# from django.db import models

api/serializers.py

@@ -0,0 +1,10 @@
+from rest_framework import serializers
+from siem.models import Event
+
+
+class EventSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        fields = ('id', 'receivedat', 'devicereportedtime', 'facility', 'priority',
+                  'fromhost', 'fromhostip', 'message', 'infounitid', 'syslogtag',)
+        model = Event

api/tests.py

@@ -0,0 +1,40 @@
+from django.test import TestCase
+from django.urls import reverse, resolve
+from rest_framework import status
+from rest_framework.test import APITestCase
+from django.contrib.auth import get_user_model
+from siem.models import Event
+from api.serializers import EventSerializer
+import datetime
+import json
+
+
+class AccountTests(APITestCase):
+    def setUp(self):
+        self.user = get_user_model().objects.create_user(
+            username='reviewuser',
+            email='reviewuser@email.com',
+            password='testpass123',
+        ) 
+        self.event = Event.objects.create(
+        receivedat = datetime.datetime.now().time().strftime('%Y-%m-%d %H:%M'),
+        devicereportedtime = datetime.datetime.now().time().strftime('%Y-%m-%d %H:%M'),
+        facility = 1,
+        priority = 1,
+        fromhost = 'testmachine',
+        fromhostip = '127.0.0.1',
+        message = 'this is a test message',
+        infounitid = 1,
+        syslogtag = 'testtag',
+        )
+
+        self.client.login(email='reviewuser@email.com', password='testpass123')
+        self.url = reverse('api')
+
+    def test_get_collection(self):
+        self.response = self.client.get(self.url, {'page': 1})
+        self.events = Event.objects.all()
+        self.serializer = EventSerializer(self.events, many=True)
+        self.assertEqual(self.response.data.get('results'), self.serializer.data)
+        self.assertEqual(self.response.status_code, 200)
+

api/urls.py

@@ -0,0 +1,8 @@
+from django.urls import path
+from .views import EventList, EventDetail
+
+
+urlpatterns = [
+    path('<int:pk>/', EventDetail.as_view()),
+    path('', EventList.as_view(), name="api"),
+]

api/views.py

@@ -0,0 +1,12 @@
+from rest_framework import generics
+
+from siem.models import Event
+from .serializers import EventSerializer
+
+class EventList(generics.ListCreateAPIView):
+    queryset = Event.objects.all()
+    serializer_class = EventSerializer
+
+class EventDetail(generics.RetrieveUpdateDestroyAPIView):
+    queryset = Event.objects.all()
+    serializer_class = EventSerializer

cases/admin.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.

cases/apps.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class CasesConfig(AppConfig):
+    name = 'cases'

cases/forms.py

@@ -0,0 +1,32 @@
+from django import forms
+from .models import Case
+from siem.models import Event
+from crispy_forms.helper import FormHelper
+from crispy_forms.layout import Layout, Field
+from django.db.models import Count
+
+class CustomCaseUpdate(forms.ModelForm):
+    connect_events = forms.ModelMultipleChoiceField( queryset=Event.objects.all().order_by('-receivedat'), widget=forms.widgets.CheckboxSelectMultiple())
+    class Meta:
+        model = Case
+        fields = ('case_name','author','case_notes', 'connect_events',)
+        labels = {
+            'connect_events': 'Connected Events',
+            'case_name': 'Case Name',
+            'author': 'Author',
+            'case_notes': 'Case Notes',
+        }
+
+class CustomCaseNew(forms.ModelForm):
+    connect_events = forms.ModelMultipleChoiceField( queryset=Event.objects.all().order_by('-receivedat'), widget=forms.widgets.CheckboxSelectMultiple())
+    class Meta:
+        model = Case
+        fields = ('case_name', 'author', 'case_notes', 'connect_events',  )
+
+        labels = {
+            'connect_events': 'Connected Events',
+            'case_name': 'Case Name',
+            'author': 'Author',
+            'case_notes': 'Case Notes',
+        }
+

cases/models.py

@@ -0,0 +1,17 @@
+from django.db import models
+from django.contrib.auth import get_user_model
+from siem.models import Event
+from django.urls import reverse
+
+class Case(models.Model):
+    author = models.ForeignKey(get_user_model(), on_delete=models.CASCADE)
+    case_name = models.CharField(max_length=60)
+    date_created = models.DateTimeField(auto_now_add=True, blank=True)
+    connect_events = models.ManyToManyField(Event)
+    case_notes = models.TextField()
+
+    def __str__(self):
+        return '{}'.format(self.case_name)
+
+    def get_absolute_url(self):    
+        return reverse('case_detail', args=[str(self.id)])

cases/tests.py

@@ -0,0 +1,75 @@
+from django.test import SimpleTestCase, TestCase, Client
+from django.urls import reverse, resolve
+from django.contrib.auth import get_user_model
+import datetime
+from .views import CaseListView, CaseDeleteView, CaseDetailView, CaseUpdateView, CaseCreateView
+from .models import Case
+from siem.models import Event
+
+class CasepageTests(TestCase):
+    def setUp(self):
+        self.user = get_user_model().objects.create_user(
+            username='reviewuser',
+            email='reviewuser@email.com',
+            password='testpass123'
+        )
+        self.event = Event.objects.create(
+            receivedat = datetime.datetime.now().time().strftime('%Y-%m-%d %H:%M'),
+            devicereportedtime = datetime.datetime.now().time().strftime('%Y-%m-%d %H:%M'),
+            facility = 1,
+            priority = 1,
+            fromhost = 'testmachine',
+            fromhostip = '127.0.0.1',
+            message = 'this is a test message',
+            infounitid = 1,
+            syslogtag = 'testtag',
+        )
+        self.case = Case.objects.create(
+            date_created = datetime.datetime.now().time().strftime('%Y-%m-%d %H:%M'),
+            author = self.user,
+            case_notes = "test note",
+            case_name = "test case",
+        )
+        self.client.login(email='reviewuser@email.com', password='testpass123')
+
+    def test_case_list_view_for_logged_in_user(self):
+        self.client.login(email='reviewuser@email.com', password='testpass123')
+        response = self.client.get(reverse('case_list'))
+        self.assertEqual(response.status_code, 200)
+        self.assertContains(response, 'Incident Cases')
+        self.assertTemplateUsed('cases/case_list.html')
+
+    def test_case_detail_view_for_logged_in_user(self):
+        self.client.login(email='reviewuser@email.com', password='testpass123')        
+        self.response = self.client.get(reverse('case_detail', args=(self.case.pk,)))
+        self.assertEqual(self.response.status_code, 200)
+        self.assertContains(self.response, 'Test Case')
+        self.assertNotContains(self.response, 'This should not be on the search events page.')
+        self.assertTemplateUsed('cases/case_detail.html')
+
+    def test_case_edit_view_for_logged_in_user(self):
+        self.client.login(email='reviewuser@email.com', password='testpass123')
+        self.response = self.client.get(reverse('case_edit', args=(self.case.pk,)))
+        self.assertEqual(self.response.status_code, 200)
+        self.assertContains(self.response, 'Edit Post')
+        self.assertNotContains(self.response, 'This should not be on the search events page.')
+
+    def test_case_delete_view_for_logged_in_user(self):
+        self.client.login(email='reviewuser@email.com', password='testpass123')
+        self.response = self.client.get(reverse('case_delete', args=(self.case.pk,)))
+        self.assertEqual(self.response.status_code, 200)
+        self.assertContains(self.response, 'Delete Case')
+        self.assertNotContains(self.response, 'This should not be on the search events page.')
+
+    def test_case_creation(self):
+        self.assertEqual(f'{self.case.author}', 'reviewuser')
+        self.assertEqual(f'{self.case.case_notes}',  'test note')
+        self.assertEqual(f'{self.case.case_name}', 'test case')
+
+    def test_event_url_resolves_event(self):
+        view = resolve('/cases/')
+        self.assertEqual(
+            view.func.__name__,
+            CaseListView.as_view().__name__
+        )
+

cases/urls.py

@@ -0,0 +1,9 @@
+from django.urls import path
+from .views import CaseListView, CaseDeleteView, CaseDetailView, CaseUpdateView, CaseCreateView
+urlpatterns = [
+    path('', CaseListView.as_view(), name='case_list'),
+    path('<int:pk>/edit/', CaseUpdateView.as_view(), name='case_edit'),
+    path('new/', CaseCreateView.as_view(), name='case_new'),
+    path('<int:pk>/delete/', CaseDeleteView.as_view(), name='case_delete'),
+    path('<int:pk>/', CaseDetailView.as_view(), name='case_detail'),
+]