Bitdefender_generator_updates

Backend/event_generators/endpoint_security/bitdefender_gravityzone_accounts.py

@@ -0,0 +1,144 @@
+"""
+Bitdefender GravityZone - Accounts API Event Generator
+API Endpoint: /v1.0/jsonrpc/accounts
+Methods: getAccountsList, deleteAccount, createAccount, updateAccount,
+         configureNotificationsSettings, getNotificationsSettings
+"""
+import json
+import random
+import uuid
+from datetime import datetime, timezone
+
+
+# ── Helpers ───────────────────────────────────────────────────────────────────
+
+def _now_iso() -> str:
+    return datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+
+def _rand_id() -> str:
+    return str(uuid.uuid4())
+
+
+# ── Domain constants ──────────────────────────────────────────────────────────
+
+_ROLES = [1, 2, 3, 4, 5]  # 1=company admin, 2=network admin, 3=reporter, etc.
+_LANGUAGES = ["en_US", "en_GB", "de_DE", "fr_FR", "es_ES"]
+_NAMES = ["alice", "bob", "carol", "dave", "eve", "frank"]
+
+
+# ── Private builders ──────────────────────────────────────────────────────────
+
+def _fake_account() -> dict:
+    name = random.choice(_NAMES)
+    return {
+        "id": _rand_id(),
+        "email": f"{name}.{random.randint(10, 99)}@example.com",
+        "profile": {
+            "fullName": name.capitalize() + " Smith",
+            "timezone": "UTC",
+            "preferredLanguage": random.choice(_LANGUAGES),
+        },
+        "role": random.choice(_ROLES),
+        "isActive": random.choice([True, True, True, False]),
+        "twoFactorAuthEnabled": random.choice([True, False]),
+        "lastLogin": _now_iso(),
+    }
+
+
+def _build_getAccountsList() -> dict:
+    accounts = [_fake_account() for _ in range(random.randint(2, 6))]
+    return {
+        "method": "getAccountsList",
+        "result": {
+            "total": len(accounts),
+            "page": 1,
+            "perPage": 30,
+            "pagesCount": 1,
+            "items": accounts,
+        },
+    }
+
+
+def _build_createAccount() -> dict:
+    return {
+        "method": "createAccount",
+        "result": {"id": _rand_id()},
+    }
+
+
+def _build_updateAccount() -> dict:
+    return {
+        "method": "updateAccount",
+        "result": {"result": True},
+    }
+
+
+def _build_deleteAccount() -> dict:
+    return {
+        "method": "deleteAccount",
+        "result": {"result": True},
+    }
+
+
+def _build_configureNotificationsSettings() -> dict:
+    return {
+        "method": "configureNotificationsSettings",
+        "result": {"result": True},
+    }
+
+
+def _build_getNotificationsSettings() -> dict:
+    return {
+        "method": "getNotificationsSettings",
+        "result": {
+            "notifications": {
+                "malwareDetectionAlert": {
+                    "sendEmail": True,
+                    "emailAddresses": ["soc@example.com"],
+                },
+                "blocklistThreats": {"sendEmail": False, "emailAddresses": []},
+                "productRegistration": {
+                    "sendEmail": True,
+                    "emailAddresses": ["admin@example.com"],
+                },
+                "licenseExpiration": {
+                    "sendEmail": True,
+                    "emailAddresses": ["admin@example.com"],
+                },
+            }
+        },
+    }
+
+
+_SCENARIOS = [
+    _build_getAccountsList,
+    _build_createAccount,
+    _build_updateAccount,
+    _build_deleteAccount,
+    _build_configureNotificationsSettings,
+    _build_getNotificationsSettings,
+]
+
+
+# ── Public generator ──────────────────────────────────────────────────────────
+
+def bitdefender_gravityzone_accounts_log(overrides: dict | None = None) -> dict:
+    """Return one simulated GravityZone Accounts API event."""
+    scenario = random.choice(_SCENARIOS)()
+    event = {
+        "timestamp": _now_iso(),
+        "vendor": "bitdefender",
+        "product": "gravityzone",
+        "api": "accounts",
+        "jsonrpc": "2.0",
+        "method": scenario["method"],
+        "id": _rand_id(),
+        "result": scenario["result"],
+    }
+    if overrides:
+        event.update(overrides)
+    return event
+
+
+if __name__ == "__main__":
+    print(json.dumps(bitdefender_gravityzone_accounts_log(), indent=2))

Backend/event_generators/endpoint_security/bitdefender_gravityzone_companies.py

@@ -0,0 +1,80 @@
+"""
+Bitdefender GravityZone - Companies API Event Generator
+API Endpoint: /v1.0/jsonrpc/companies
+Methods: getCompanyDetails, updateCompanyDetails
+"""
+import json
+import random
+import uuid
+from datetime import datetime, timezone
+
+
+# ── Helpers ───────────────────────────────────────────────────────────────────
+
+def _now_iso() -> str:
+    return datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+
+def _rand_id() -> str:
+    return str(uuid.uuid4())
+
+
+# ── Domain constants ──────────────────────────────────────────────────────────
+
+_COUNTRIES = ["US", "GB", "DE", "FR", "CA", "AU"]
+_COMPANY_NAMES = ["Acme Corp", "Globex Inc", "Initech", "Umbrella LLC"]
+_CITIES = ["New York", "London", "Berlin", "Toronto"]
+
+
+# ── Private builders ──────────────────────────────────────────────────────────
+
+def _build_getCompanyDetails() -> dict:
+    return {
+        "method": "getCompanyDetails",
+        "result": {
+            "id": _rand_id(),
+            "name": random.choice(_COMPANY_NAMES),
+            "address": f"{random.randint(1, 999)} Main St",
+            "city": random.choice(_CITIES),
+            "country": random.choice(_COUNTRIES),
+            "phone": (
+                f"+1-{random.randint(200, 999)}-"
+                f"{random.randint(100, 999)}-{random.randint(1000, 9999)}"
+            ),
+            "licenseType": random.choice(["business", "enterprise"]),
+            "parentId": None,
+        },
+    }
+
+
+def _build_updateCompanyDetails() -> dict:
+    return {
+        "method": "updateCompanyDetails",
+        "result": {"result": True},
+    }
+
+
+_SCENARIOS = [_build_getCompanyDetails, _build_updateCompanyDetails]
+
+
+# ── Public generator ──────────────────────────────────────────────────────────
+
+def bitdefender_gravityzone_companies_log(overrides: dict | None = None) -> dict:
+    """Return one simulated GravityZone Companies API event."""
+    scenario = random.choice(_SCENARIOS)()
+    event = {
+        "timestamp": _now_iso(),
+        "vendor": "bitdefender",
+        "product": "gravityzone",
+        "api": "companies",
+        "jsonrpc": "2.0",
+        "method": scenario["method"],
+        "id": _rand_id(),
+        "result": scenario["result"],
+    }
+    if overrides:
+        event.update(overrides)
+    return event
+
+
+if __name__ == "__main__":
+    print(json.dumps(bitdefender_gravityzone_companies_log(), indent=2))

Backend/event_generators/endpoint_security/bitdefender_gravityzone_incidents.py

@@ -0,0 +1,144 @@
+"""
+Bitdefender GravityZone - Incidents API Event Generator
+API Endpoint: /v1.0/jsonrpc/incidents
+Methods: addToBlocklist, getBlocklistItems, removeFromBlocklist,
+         createIsolateEndpointTask, createRestoreEndpointFromIsolationTask
+"""
+import json
+import random
+import uuid
+from datetime import datetime, timezone
+
+
+# ── Helpers ───────────────────────────────────────────────────────────────────
+
+def _now_iso() -> str:
+    return datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+
+def _rand_id() -> str:
+    return str(uuid.uuid4())
+
+def _rand_hostname() -> str:
+    return f"{random.choice(['DESKTOP', 'LAPTOP', 'WKS', 'SRV', 'WIN10'])}-{random.randint(1000, 9999)}"
+
+def _random_hash(hash_type: str = "sha256") -> str:
+    length = 64 if hash_type == "sha256" else 32
+    return f"{random.randint(0, 16 ** length - 1):0{length}x}"
+
+
+# ── Domain constants ──────────────────────────────────────────────────────────
+
+_HASH_TYPES = ["md5", "sha256"]
+_BLOCKLIST_REASONS = ["malware", "suspicious-activity", "policy-violation", "user-request"]
+_ISOLATION_REASONS = [
+    "ransomware-detected",
+    "lateral-movement-suspected",
+    "active-incident",
+    "threat-investigation",
+]
+
+
+# ── Private builders ──────────────────────────────────────────────────────────
+
+def _build_addToBlocklist() -> dict:
+    hash_type = random.choice(_HASH_TYPES)
+    return {
+        "method": "addToBlocklist",
+        "result": {
+            "hashType": hash_type,
+            "hashList": [_random_hash(hash_type) for _ in range(random.randint(1, 5))],
+            "sourceInfo": {
+                "type": random.choice(["file", "process"]),
+                "computerName": _rand_hostname(),
+                "filePath": "C:\\Windows\\Temp\\malware.exe",
+            },
+            "reason": random.choice(_BLOCKLIST_REASONS),
+            "result": True,
+        },
+    }
+
+
+def _build_getBlocklistItems() -> dict:
+    items = [
+        {
+            "id": _rand_id(),
+            "hash": _random_hash(),
+            "hashType": "sha256",
+            "addedAt": _now_iso(),
+            "addedBy": f"user{random.randint(1, 10)}@example.com",
+            "reason": random.choice(_BLOCKLIST_REASONS),
+            "status": random.choice(["active", "pending"]),
+        }
+        for _ in range(random.randint(2, 10))
+    ]
+    return {
+        "method": "getBlocklistItems",
+        "result": {"total": len(items), "items": items},
+    }
+
+
+def _build_removeFromBlocklist() -> dict:
+    return {
+        "method": "removeFromBlocklist",
+        "result": {"result": True},
+    }
+
+
+def _build_createIsolateEndpointTask() -> dict:
+    return {
+        "method": "createIsolateEndpointTask",
+        "result": {
+            "taskId": _rand_id(),
+            "endpointId": _rand_id(),
+            "computerName": _rand_hostname(),
+            "isolationReason": random.choice(_ISOLATION_REASONS),
+            "status": "pending",
+            "createdAt": _now_iso(),
+        },
+    }
+
+
+def _build_createRestoreEndpointFromIsolationTask() -> dict:
+    return {
+        "method": "createRestoreEndpointFromIsolationTask",
+        "result": {
+            "taskId": _rand_id(),
+            "endpointId": _rand_id(),
+            "computerName": _rand_hostname(),
+            "status": "pending",
+            "createdAt": _now_iso(),
+        },
+    }
+
+
+_SCENARIOS = [
+    _build_addToBlocklist,
+    _build_getBlocklistItems,
+    _build_removeFromBlocklist,
+    _build_createIsolateEndpointTask,
+    _build_createRestoreEndpointFromIsolationTask,
+]
+
+
+# ── Public generator ──────────────────────────────────────────────────────────
+
+def bitdefender_gravityzone_incidents_log(overrides: dict | None = None) -> dict:
+    """Return one simulated GravityZone Incidents API event."""
+    scenario = random.choice(_SCENARIOS)()
+    event = {
+        "timestamp": _now_iso(),
+        "vendor": "bitdefender",
+        "product": "gravityzone",
+        "api": "incidents",
+        "jsonrpc": "2.0",
+        "method": scenario["method"],
+        "id": _rand_id(),
+        "result": scenario["result"],
+    }
+    if overrides:
+        event.update(overrides)
+    return event
+
+
+if __name__ == "__main__":
+    print(json.dumps(bitdefender_gravityzone_incidents_log(), indent=2))