From b609949e6dcf7caf20e58a16063bce27000f50bf Mon Sep 17 00:00:00 2001
From: Wes <wes@barely3am.com>
Date: Tue, 6 Dec 2016 12:44:25 -0500
Subject: [PATCH] problem: csirtg.io plugin outputs too much debug information
 (#374)

* fixing debugging output for csirtg.io plugin

* fixing default description
---
 cowrie.cfg.dist         |  1 +
 cowrie/output/csirtg.py | 15 ++++++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/cowrie.cfg.dist b/cowrie.cfg.dist
index ba3377e..e6e33d9 100644
--- a/cowrie.cfg.dist
+++ b/cowrie.cfg.dist
@@ -438,4 +438,5 @@ logfile = log/cowrie.json
 #[output_csirtg]
 #username=wes
 #feed=scanners
+#description=random scanning activity
 #token=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
diff --git a/cowrie/output/csirtg.py b/cowrie/output/csirtg.py
index 2d2aefe..ea54133 100644
--- a/cowrie/output/csirtg.py
+++ b/cowrie/output/csirtg.py
@@ -12,6 +12,7 @@ logger = logging.getLogger(__name__)
 USERNAME = os.environ.get('CSIRTG_USER')
 FEED = os.environ.get('CSIRTG_FEED')
 TOKEN = os.environ.get('CSIRG_TOKEN')
+DESCRIPTION = os.environ.get('CSIRTG_DESCRIPTION', 'random scanning activity')
 
 
 class Output(cowrie.core.output.Output):
@@ -20,6 +21,10 @@ class Output(cowrie.core.output.Output):
         self.user = cfg.get('output_csirtg', 'username') or USERNAME
         self.feed = cfg.get('output_csirtg', 'feed') or FEED
         self.token = cfg.get('output_csirtg', 'token') or TOKEN
+        try:
+            self.description = cfg.get('output_csirtg', 'description')
+        except Exception:
+            self.description = DESCRIPTION
         self.port = os.environ.get('COWRIE_PORT', 22)
         self.context = {}
         self.client = Client(token=self.token)
@@ -36,10 +41,10 @@ class Output(cowrie.core.output.Output):
         ts = e['timestamp']
 
         today = str(datetime.now().date())
-        logger.info('today is %s' % today)
+        logger.debug('today is %s' % today)
 
         if not self.context.get(today):
-            logger.info('resetting context for %s' % today)
+            logger.debug('resetting context for %s' % today)
             self.context = {}
             self.context[today] = {}
 
@@ -54,12 +59,12 @@ class Output(cowrie.core.output.Output):
                 'protocol': 'tcp',
                 'tags': 'scanner,ssh',
                 'firsttime': ts,
-                'lasttime': ts
+                'lasttime': ts,
+                'description': self.description
             }
 
             ret = Indicator(self.client, i).submit()
 
             logger.info('logged to csirtg %s ' % ret['indicator']['location'])
-        else:
-            pprint(self.context)
+
         self.context[today][peerIP].append(sid)