[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [ISSForum] Anyone have any "helpful" scripts?
Thanks everyone. I talked to one of my "Perl-enabled" friends and he whipped
out the following script.
I've used it successfully with ActivePerl 5.8.
c:\perl\bin\perl iss-policy.pl some.policy 1 default > new.policy
perl - perl executable
iss-policy.pl - perl script below in a text file named iss-policy.pl
some.policy - is policy you'd like to change
1 - ( Is the Priority Level, 1 for High, 2 for Medium and 3 for Low)
default - is the user you'd like the alert to go to. I have two
groups and 5 individuals defined in the response file.
Note: the script output is to Standard Out, so you'll want to Pipe the
output to a new file.
> - pipe command
new.policy - New policy :)
Have fun. With a few edits, I'll be using this script to make mass changes
from now on.
Disclaimer: Use at your risk. There is NO error checking.
=Start Script =====================================
# modify a policy file to ....
# Ex. perl\bin\perl iss-policy.pl some.policy 1 default > new.policy
# ARGV name of the policy file
# ARGV priority level
# ARGV email address
if ($#ARGV != 2)
printf("incorrect number of command line arguments:\n");
printf("\texpected 3, got %d\n", ($#ARGV + 1));
printf("the arguments were:\n");
for($i = 0; $i <= $#ARGV; $i++)
$email_address) = @ARGV;
$search_pattern = "Priority\t=L\t$priority_level;";
open(FILE, "< " . $policy_file_name)
|| die "Can't open policy file $policy_file_name: $!";
while ($line = <FILE>)
if ($line =~ $search_pattern)
# skipping the error check on reading the next line
$next_line = <FILE>;
# skipping the error check on valid pattern match
# add the email address in before the '\]'
$next_line =~ s/\\\]/\\EMAIL\\\]/;
print "Choice =S\tDefault;\n";
=End Script =====================================
From: David Singer [mailto:david_singer2001@xxxxxxxxxxx]
Sent: Wednesday, October 01, 2003 4:12 PM
To: leo.cuellar@xxxxxx; ISSForum@xxxxxxx
Subject: Re: [ISSForum] Anyone have any "helpful" scripts?
Here's a PHP script that I did to turn on Email response for all attacks and
audits in a Network Sensor policy.
I'm not a great programmer so I'm sure that someone wlse would have done a
better job but it does work and even has comments
I first created a global Email response called "Email Alert" and then used
the script to add this to each and every event as a default regardless of
whether the event was enabled.
To use the script just substitute for the name of your policy file in the
script and whatever you called the global email response.
From: "CUELLAR,LEO (HP-Vancouver,ex1)" <leo.cuellar@xxxxxx>
Subject: [ISSForum] Anyone have any "helpful" scripts?
Date: Mon, 29 Sep 2003 14:51:14 -0700
Does anyone have any scripts that would make Policy editing "easier"?
For example, I want to be paged for all High and Medium events.
Translation, go to each and every event in a policy, add the email tab and
set to my email. (repeat as necessary, hundreds of times). Second
translation, use Perl, and some creative hacking to come up with a script
that edits the policy file.
I'm wondering if others on this forum have encountered similar issues and
have come up with other scripts.
E-mail just got a whole lot better. New ninemsn Premium. Click here
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo