def default_process_edges() -> Dict[str, Tuple[EdgeT, str]]:
from grapl_analyzerlib.nodes.process_outbound_connection import (
ProcessOutboundConnectionSchema, )
from grapl_analyzerlib.nodes.process_inbound_connection import (
ProcessInboundConnectionSchema, )
return {
"children": (
EdgeT(ProcessSchema, ProcessSchema, EdgeRelationship.ManyToOne),
"parent",
),
"created_connections": (
EdgeT(
ProcessSchema,
ProcessOutboundConnectionSchema,
EdgeRelationship.ManyToMany,
),
"connections_from",
),
"inbound_connections": (
EdgeT(
ProcessSchema,
ProcessInboundConnectionSchema,
EdgeRelationship.ManyToMany,
),
"bound_by",
),
}
def meta_into_edge(dynamodb, schema: "Schema", f_edge):
table = dynamodb.Table(os.environ["BUCKET_PREFIX"] + "-grapl_schema_table")
edge_res = table.get_item(Key={"f_edge": f_edge})["Item"]
edge_t = schema.edges[f_edge][0] # type: EdgeT
return EdgeT(type(schema), edge_t.dest,
EdgeRelationship(edge_res["relationship"]))
def default_ip_connection_edges() -> Dict[str, Tuple[EdgeT, str]]:
return {
"inbound_ip_connection_to": (
EdgeT(IpConnectionSchema, IpAddressSchema,
EdgeRelationship.ManyToOne),
"ip_connections_from",
)
}
def default_lens_edges() -> Dict[str, Tuple[EdgeT, str]]:
from grapl_analyzerlib.nodes.entity import EntitySchema
return {
"scope": (
EdgeT(LensSchema, EntitySchema, EdgeRelationship.ManyToMany),
"in_scope",
),
}
def default_entity_edges():
from grapl_analyzerlib.nodes.lens import LensSchema
from grapl_analyzerlib.nodes.risk import RiskSchema
return {
"in_scope": (
(
EdgeT(EntitySchema, LensSchema, EdgeRelationship.ManyToMany),
"scope",
)
),
"risks": (
(
EdgeT(EntitySchema, RiskSchema, EdgeRelationship.ManyToMany),
"risky_nodes",
)
),
}
def default_risk_edges() -> Dict[str, Tuple[EdgeT, str]]:
from grapl_analyzerlib.nodes.entity import EntitySchema
return {
"risky_nodes": (
EdgeT(RiskSchema, EntitySchema, EdgeRelationship.ManyToMany),
"risks",
)
}
def default_network_connection_edges() -> Dict[str, Tuple[EdgeT, str]]:
from grapl_analyzerlib.nodes.ip_port import IpPortSchema
return {
"inbound_network_connection_to": (
EdgeT(NetworkConnectionSchema, IpPortSchema, EdgeRelationship.ManyToOne),
"inbound_network_connections_from",
)
}
def default_ip_address_edges() -> Dict[str, Tuple[EdgeT, str]]:
from grapl_analyzerlib.nodes.ip_connection import IpConnectionSchema
return {
"ip_connections": (
EdgeT(IpAddressSchema, IpConnectionSchema,
EdgeRelationship.ManyToMany),
"connecting_ips",
),
}
def default_ip_port_edges() -> Dict[str, Tuple[EdgeT, str]]:
from grapl_analyzerlib.nodes.network_connection import (
NetworkConnectionSchema,
)
return {
"network_connections": (
EdgeT(IpPortSchema, NetworkConnectionSchema, EdgeRelationship.ManyToMany),
"network_connections_from",
)
}
def default_process_inbound_connection_edges() -> Dict[str, Tuple[EdgeT, str]]:
from grapl_analyzerlib.nodes.ip_address import IpAddressSchema
return {
"bound_port": (
EdgeT(
ProcessInboundConnectionSchema,
IpPortSchema,
EdgeRelationship.ManyToMany,
),
"bound_by",
),
"bound_ip": (
EdgeT(
ProcessInboundConnectionSchema,
IpAddressSchema,
EdgeRelationship.ManyToMany,
),
"bound_ports",
),
}
def default_process_outbound_connection_edges() -> Dict[str, Tuple[EdgeT, str]]:
return {
"connected_over": (
# The IP + Port that was connected to
EdgeT(
ProcessOutboundConnectionSchema,
IpPortSchema,
EdgeRelationship.ManyToOne,
),
"process_connections",
),
"connected_to": (
# The IP + Port that was connected to
EdgeT(
ProcessOutboundConnectionSchema,
IpPortSchema,
EdgeRelationship.ManyToOne,
),
"ip_port_connections_from",
),
}
def default_file_edges() -> Dict[str, Tuple[EdgeT, str]]:
return {
"spawned_from": (
EdgeT(ProcessSchema, FileSchema, EdgeRelationship.ManyToOne),
"bin_file",
),
"creator": (
EdgeT(ProcessSchema, FileSchema, EdgeRelationship.OneToMany),
"created_files",
),
"writers": (
EdgeT(ProcessSchema, FileSchema, EdgeRelationship.ManyToMany),
"wrote_files",
),
"readers": (
EdgeT(ProcessSchema, FileSchema, EdgeRelationship.ManyToMany),
"read_files",
),
"deleter": (
EdgeT(ProcessSchema, FileSchema, EdgeRelationship.OneToMany),
"deleted_files",
),
}
def default_asset_edges() -> Dict[str, Tuple[EdgeT, str]]:
return {
"asset_ip": (
EdgeT(AssetSchema, IpAddressSchema, EdgeRelationship.ManyToMany),
"ip_assigned_to",
),
"asset_processes": (
EdgeT(
AssetSchema,
ProcessSchema,
EdgeRelationship.ManyToOne,
),
"process_asset",
),
"files_on_asset": (
EdgeT(
AssetSchema,
FileSchema,
EdgeRelationship.ManyToOne,
),
"file_asset",
),
}
def meta_into_edge(schema, predicate_meta):
if predicate_meta.get("list"):
return EdgeT(type(schema), BaseSchema, EdgeRelationship.OneToMany)
else:
return EdgeT(type(schema), BaseSchema, EdgeRelationship.OneToOne)
def meta_into_edge(dynamodb, schema, f_edge):
table = dynamodb.Table(os.environ["BUCKET_PREFIX"] + "-grapl_schema_table")
edge_res = table.get_item(Key={"f_edge": f_edge})["Item"]
print(edge_res)
return EdgeT(type(schema), BaseSchema,
EdgeRelationship(edge_res["relationship"]))
def meta_into_edge(schema_table: Table, schema: Schema, f_edge) -> EdgeT:
edge_res = schema_table.get_item(Key={"f_edge": f_edge})["Item"]
edge_t = schema.edges[f_edge][0] # type: EdgeT
return EdgeT(type(schema), edge_t.dest, EdgeRelationship(edge_res["relationship"]))