diff --git a/README.md b/README.md index 64b8a4c..856b791 100755 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ # General Description This repository contains two Python scripts used for triaging compromised systems with Assemblyline. -1. The "Pusher" (`al_incident_submitter.py`): pushes files from the compromised system to an Assemblyline +1. The "Pusher" (`al-incident-submitter`): pushes files from the compromised system to an Assemblyline instance for analysis. -2. The "Puller" (`al_incident_analyzer.py`): pulls the submissions from the +2. The "Puller" (`al-incident-analyzer`): pulls the submissions from the Assemblyline instance and reports on if the submissions are safe/unsafe. -3. The "Downloader" (`al_incident_downloader.py`): downloads files submitted to Assemblyline that are under a certain +3. The "Downloader" (`al-incident-downloader`): downloads files submitted to Assemblyline that are under a certain score threshold, matching the folder structure of the files as they were submitted. @@ -75,10 +75,10 @@ On the compromised machine... To get a sense of the options available to you: ``` -python3 al_incident_submitter.py --help -Usage: al_incident_submitter.py [OPTIONS] COMMAND [ARGS]... +al-incident-submitter --help +Usage: al-incident-submitter [OPTIONS] COMMAND [ARGS]... - Example: python al_incident_submitter.py --url="https://" --username="" --apikey="/path/to/file/containing/apikey" --incident_num=123 --min_score=100 --download_path=/path/to/where/you/want/downloads diff --git a/assemblyline_incident_manager/al_incident_analyzer.py b/assemblyline_incident_manager/al_incident_analyzer.py index 237ad56..c81fcd4 100755 --- a/assemblyline_incident_manager/al_incident_analyzer.py +++ b/assemblyline_incident_manager/al_incident_analyzer.py @@ -35,7 +35,7 @@ def main(url: str, username: str, apikey: str, min_score: int, incident_num: str, is_test: bool): """ Example: - python al_incident_analyzer.py --url="https://" --username="" --apikey="/path/to/file/containing/apikey" --incident_num=123 + al-incident-analyzer --url="https://" --username="" --apikey="/path/to/file/containing/apikey" --incident_num=123 """ # Here is the query that we will be using to retrieve all submission details incident_num = prepare_query_value(incident_num) diff --git a/assemblyline_incident_manager/al_incident_downloader.py b/assemblyline_incident_manager/al_incident_downloader.py index b2e7174..474f418 100755 --- a/assemblyline_incident_manager/al_incident_downloader.py +++ b/assemblyline_incident_manager/al_incident_downloader.py @@ -46,7 +46,7 @@ def main(url: str, username: str, apikey: str, min_score: int, incident_num: str, download_path: str, upload_path, is_test: bool, num_of_downloaders: int, do_not_verify_ssl: bool): """ Example: - python directory_downloader.py --url="https://" --username="" --apikey="/path/to/file/containing/apikey" --incident_num=123 --min_score=100 --download_path=/path/to/where/you/want/downloads --upload_path=/path/from/where/files/were/uploaded/from + al-incident-downloader --url="https://" --username="" --apikey="/path/to/file/containing/apikey" --incident_num=123 --min_score=100 --download_path=/path/to/where/you/want/downloads --upload_path=/path/from/where/files/were/uploaded/from """ # Here is the query that we will be using to retrieve all submission details incident_num = prepare_query_value(incident_num) diff --git a/assemblyline_incident_manager/al_incident_submitter.py b/assemblyline_incident_manager/al_incident_submitter.py index 3432455..54ef669 100755 --- a/assemblyline_incident_manager/al_incident_submitter.py +++ b/assemblyline_incident_manager/al_incident_submitter.py @@ -93,7 +93,7 @@ def get_id_from_data(file_path: str) -> str: def main(url: str, username: str, apikey: str, ttl: int, classification: str, service_selection: str, is_test: bool, path: str, fresh: bool, incident_num: str, resubmit_dynamic: bool, alert: bool, threads: int, dedup_hashes: bool, priority: int, do_not_verify_ssl: bool): """ Example: - python al_incident_submitter.py --url="https://" --username="" --apikey="/path/to/file/containing/apikey" --classification="" --service_selection="," --path="/path/to/compromised/directory" --incident_num=123 + al-incident_submitter --url="https://" --username="" --apikey="/path/to/file/containing/apikey" --classification="" --service_selection="," --path="/path/to/compromised/directory" --incident_num=123 """ global hash_table global total_file_count