def __init__(self,
name,
options={},
overwrite=True,
update=False,
idmef=None,
ruleid=None,
timer_rst=False):
already_initialized = (update or not overwrite) and hasattr(
self, "_name")
if already_initialized is True:
return
IDMEF.__init__(self, ruleid)
Timer.__init__(self, 0)
self._version = self.FORMAT_VERSION
self._options = {
"threshold": -1,
"expire": 0,
"alert_on_expire": False
}
name = getName(name)
self._name = name
self._update_count = 0
self.setOptions(options)
if isinstance(idmef, IDMEF):
self.addAlertReference(idmef)
t = self._getTime(idmef)
self._time_min = t - self._options["expire"]
if self._options["expire"] > 0:
self._time_max = t + self._options["expire"]
else:
self._time_max = -1
if name not in _CONTEXT_TABLE:
_CONTEXT_TABLE[name] = []
_CONTEXT_TABLE[name].append(self)
logger.debug("[add]%s", self.getStat(), level=3)
x = self._mergeIntersect(debug=False)
if x > 0:
logger.critical(
"A context merge happened on initialization. This should NOT happen : please report this error."
)
def run(self, idmef):
t = time.localtime(int(idmef.get("alert.create_time")))
if not (t.tm_wday == 5 or t.tm_wday == 6 or t.tm_hour < 9 or t.tm_hour > 17):
return
if idmef.get("alert.assessment.impact.completion") != "succeeded":
return
ca = IDMEF(ruleid=self.name)
ca.addAlertReference(idmef)
ca.set("alert.classification", idmef.get("alert.classification"))
ca.set("alert.correlation_alert.name", "Critical system activity on day off")
ca.alert()
def run(self, idmef):
t = time.localtime(int(idmef.get("alert.create_time")))
if not (t.tm_wday == 5 or t.tm_wday == 6 or t.tm_hour < 9 or t.tm_hour > 17):
return
if idmef.get("alert.assessment.impact.completion") != "succeeded":
return
ca = IDMEF()
ca.addAlertReference(idmef)
ca.set("alert.classification", idmef.get("alert.classification"))
ca.set("alert.correlation_alert.name", "Critical system activity on day off")
ca.alert()
def __init__(self, name, options={}, overwrite=True, update=False, idmef=None):
already_initialized = (update or (overwrite is False)) and hasattr(self, "_name")
if already_initialized is True:
return
self._version = self.FORMAT_VERSION
self._options = {"threshold": -1, "expire": 0, "alert_on_expire": False}
IDMEF.__init__(self)
Timer.__init__(self, 0)
name = getName(name)
self._name = name
self._update_count = 0
self._options.update(options)
self.setOptions(self._options)
if isinstance(idmef, IDMEF):
self.addAlertReference(idmef)
t = self._getTime(idmef)
self._time_min = t - self._options["expire"]
if self._options["expire"] > 0:
self._time_max = t + self._options["expire"]
else:
self._time_max = -1
if not name in _CONTEXT_TABLE:
_CONTEXT_TABLE[name] = []
_CONTEXT_TABLE[name].append(self)
logger.debug("[add]%s", self.getStat(), level=3)
x = self._mergeIntersect(debug=False)
if x > 0:
logger.critical(
"A context merge happened on initialization. This should NOT happen : please report this error."
)
def __setstate__(self, dict):
IDMEF.__setstate__(self, dict)
Timer.__setstate__(self, dict)
def __setstate__(self, dict):
IDMEF.__setstate__(self, dict)
Timer.__setstate__(self, dict)
