soc-faker: generating fake data for SOC and security automation

soc-faker

soc-faker is used to generate fake data for use by Security Operation Centers, Information security professionals, product teams, and many more.

soc-faker is compatible with Python 2.x and 3.x. You can install soc-faker using pip as well as cloning this repository directly.

At the time of writing this document, soc-faker has the ability to fake data for the following main categories. You can find specific details for each category by selecting the links below:

• Agent
• Alert
• Application
• Cloud
• Computer
• Container
• DNS
• Employee
• File
• HTTP
• Location
• Logs
  • SysMon
  • Windows Event Logs
• Network
• Operating System
• Organization
• PCAP
• Process
• Products
  • AlienVault USM
  • Azure
  • Elastic
  • QualysGuard
  • ServiceNow
• Registry
• Timestamp
• TLS
• Url
• User Agent
• Vulnerability
• Words

Install

pip install soc-faker --user

or

git clone https://github.com/swimlane/soc-faker.git
cd soc-faker
python setup.py install

Usage

It is a Python package that can be imported or be used via the command-line utility to generate fake data related to security tools, products, and general data related to security.

Importing soc-faker

After you have installed soc-faker from source or using pip you can import and instantiate it by doing the following:

Once you have instantiated an instance of soc-faker you can then access any of the different properties and methods available based on your needs. If you would like to see soc-faker in action, then please see the bin/test.py script in the repository under the bin folder for an example of all available properties and methods.

Additionally, please read the documentation for more details about each available property and method.

Command-Line Usage

When soc-faker is installed, it automatically creates a command-line utility for your use. This utility can be accessed by simply typing soc-faker in your shell of choice.

To see soc-faker help type:

You can access each property just like you can from the library, the only difference is you replace a . between properties with space. For example, if you wanted to get some randomly generated hashes quickly you can run:

This will return the following to your shell:

md5:    aa3150ac34ee6a5911e61ab6a5052a6d

sha1:   de5c15f64d979ed84bac340c334a63d94401059d

sha256: 118a9f9de8f3dd6471ef113959485ecbaf66368dea16758eab4e22da182d0e9f

If you run into any issues, just type what you think is correct and the built-in help will guide you through all available groups, commands, etc. for each data point within soc-faker.

Copyright (c) 2019 Swimlane

Source: https://github.com/swimlane/