def put_metric_data(num_yara_rules: int, binaries: List[BinaryInfo]) -> None:
"""Publish custom metric data to CloudWatch.
Args:
num_yara_rules: Number of YARA rules in the analyzer.
binaries: List of analyzed BinaryInfo()s.
"""
LOGGER.debug('Sending metric data')
metric_data = [
{
'MetricName': 'AnalyzedBinaries',
'Value': len(binaries),
'Unit': 'Count'
},
{
'MetricName': 'MatchedBinaries',
'Value': sum(1 for b in binaries if b.yara_matches),
'Unit': 'Count'
},
{
'MetricName': 'YaraRules',
'Value': num_yara_rules,
'Unit': 'Count'
},
{
'MetricName': 'S3DownloadLatency',
'StatisticValues': _compute_statistics([b.download_time_ms for b in binaries]),
'Unit': 'Milliseconds'
}
]
CLOUDWATCH.put_metric_data(Namespace='BinaryAlert', MetricData=metric_data)
def _download_from_s3(self) -> None:
"""Download binary from S3 and measure elapsed time."""
LOGGER.debug('Downloading %s to %s', self.object_key, self.download_path)
start_time = time.time()
self.s3_last_modified, self.s3_metadata = analyzer_aws_lib.download_from_s3(
self.bucket_name, self.object_key, self.download_path)
self.download_time_ms = (time.time() - start_time) * 1000
def __enter__(self) -> Any: # mypy/typing doesn't support recursive type yet
"""Download the binary from S3 and run YARA analysis."""
self._download_from_s3()
self.computed_sha, self.computed_md5 = file_hash.compute_hashes(self.download_path)
LOGGER.debug('Running YARA analysis')
self.yara_matches = self.yara_analyzer.analyze(
self.download_path, original_target_path=self.filepath
)
return self
def __enter__(self):
"""Download the binary from S3 and run YARA analysis."""
self._download_from_s3()
self.computed_sha, self.computed_md5 = file_hash.compute_hashes(
self.download_path)
LOGGER.debug('Running YARA analysis')
self.yara_matches = self.yara_analyzer.analyze(
self.download_path, original_target_path=self.filepath)
return self