SIREN/app.py at main · Rootless-Ghost/SIREN · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
"""
SIREN - Security Incident Response Engine & Notation
=====================================================
A professional incident response documentation tool following
the NIST 800-61 (Computer Security Incident Handling Guide) framework.

Built for SOC analysts, incident responders, and security teams
who need fast, structured, and exportable incident reports.

Author: Rootless-Ghost
License: MIT
"""

from flask import Flask, render_template, request, jsonify
from src.report_engine import IncidentReport, SeverityLevel, IncidentCategory
from src.report_exporter import ReportExporter
from datetime import datetime
import json
import os
import logging

app = Flask(__name__)
app.config["SECRET_KEY"] = os.urandom(32).hex()

# Basic logging configuration; can be overridden by application configuration
logging.basicConfig(level=logging.INFO)


@app.route("/")
def index():
    """Serve the main SIREN web interface."""
    return render_template(
        "index.html",
        severity_levels=[level.value for level in SeverityLevel],
        categories=[cat.value for cat in IncidentCategory],
    )


@app.route("/api/generate", methods=["POST"])
def generate_report():
    """
    Generate an incident report from submitted form data.

    Accepts JSON payload with incident metadata, timeline events,
    IOCs, affected systems, executive summary, and recommendations.

    Returns:
        JSON with Markdown and JSON exports of the report.
    """
    try:
        data = request.get_json()

        if not data:
            return jsonify({"error": "No data provided"}), 400

        # ------ Build the IncidentReport object ------
        report = IncidentReport(
            title=data.get("title", "Untitled Incident"),
            severity=data.get("severity", "Medium"),
            category=data.get("category", "Other"),
            analyst=data.get("analyst", "Unknown Analyst"),
            description=data.get("description", ""),
            detection_date=data.get("detection_date", ""),
            containment_date=data.get("containment_date", ""),
            eradication_date=data.get("eradication_date", ""),
            recovery_date=data.get("recovery_date", ""),
            executive_summary=data.get("executive_summary", ""),
        )

        # Timeline events
        for event in data.get("timeline_events", []):
            report.add_timeline_event(
                timestamp=event.get("timestamp", ""),
                description=event.get("description", ""),
                source=event.get("source", ""),
            )

        # Indicators of Compromise
        for ioc in data.get("iocs", []):
            report.add_ioc(
                ioc_type=ioc.get("type", ""),
                value=ioc.get("value", ""),
                context=ioc.get("context", ""),
            )

        # Affected systems
        for system in data.get("affected_systems", []):
            report.add_affected_system(
                hostname=system.get("hostname", ""),
                ip_address=system.get("ip_address", ""),
                impact=system.get("impact", ""),
            )

        # Recommendations
        for rec in data.get("recommendations", []):
            report.add_recommendation(rec)

        # ------ Export ------
        exporter = ReportExporter(report)
        markdown_output = exporter.to_markdown()
        json_output = exporter.to_json()

        return jsonify(
            {
                "success": True,
                "incident_id": report.incident_id,
                "markdown": markdown_output,
                "json": json_output,
            }
        )

    except Exception as e:
        logging.exception("Error generating incident report")
        return (
            jsonify(
                {
                    "error": "An internal error has occurred while generating the report."
                }
            ),
            500,
        )


@app.route("/api/sample", methods=["GET"])
def get_sample():
    """Return the sample Qakbot incident report for demo purposes."""
    sample_path = os.path.join(
        os.path.dirname(__file__), "samples", "sample_qakbot_incident.json"
    )
    try:
        with open(sample_path, "r") as f:
            sample_data = json.load(f)
        return jsonify(sample_data)
    except FileNotFoundError:
        return jsonify({"error": "Sample file not found"}), 404


if __name__ == "__main__":
    print("\n" + "=" * 55)
    print("  SIREN - Security Incident Response Engine & Notation")
    print("=" * 55)
    print("  Running at: http://127.0.0.1:5000")
    print("  Press Ctrl+C to stop\n")
    debug_env = os.getenv("FLASK_DEBUG", "").lower()
    debug_mode = debug_env in ("1", "true", "yes")
    app.run(debug=debug_mode, host="127.0.0.1", port=5004)