def __init__(self,
options,
print_input=None,
print_output=None,
dry_run=False):
self._events_processed = 0
self._alert_generated = 0
self._print_input = print_input
self._print_output = print_output
self._continue = True
self._dry_run = dry_run
self._criteria = self._parse_criteria(
env.config.get("general", "criteria"))
if not options.input_file:
self._receiver = ClientReader(self)
else:
self._receiver = FileReader(options.input_file,
options.input_offset,
options.input_limit)
self.client = ClientEasy(
options.profile, ClientEasy.PERMISSION_IDMEF_READ
| ClientEasy.PERMISSION_IDMEF_WRITE, "Prelude Correlator",
"Correlator", "CS-SI", VERSION)
self.client.setConfigFilename(options.config)
self.client.start()
def __init__(self, env, options, print_input=None, print_output=None, dry_run=False):
self._env = env
self._events_processed = 0
self._alert_generated = 0
self._print_input = print_input
self._print_output = print_output
self._continue = True
self._dry_run = dry_run
self._criteria = self._parse_criteria(self._env.config.get("general", "criteria"))
if not options.readfile:
self._receiver = ClientReader(self)
else:
self._receiver = FileReader(options.readfile, options.readoff, options.readlimit)
self.client = ClientEasy(
options.profile,
ClientEasy.PERMISSION_IDMEF_READ | ClientEasy.PERMISSION_IDMEF_WRITE,
"Prelude Correlator",
"Correlator",
"CS-SI",
VERSION,
)
self.client.start()
def __init__(self, env, print_input=None, print_output=None, dry_run=False):
self._env = env
self._events_processed = 0
self._alert_generated = 0
self._print_input = print_input
self._print_output = print_output
self._continue = True
self._dry_run = dry_run
self._client = ClientEasy("prelude-correlator", ClientEasy.PERMISSION_IDMEF_READ|ClientEasy.PERMISSION_IDMEF_WRITE,
"Prelude-Correlator", "Correlator", "CS-SI",
VERSION)
self._client.start()
class PreludeClient(object):
def __init__(self,
options,
print_input=None,
print_output=None,
dry_run=False):
self._events_processed = 0
self._alert_generated = 0
self._print_input = print_input
self._print_output = print_output
self._continue = True
self._dry_run = dry_run
self._criteria = self._parse_criteria(
env.config.get("general", "criteria"))
if not options.input_file:
self._receiver = ClientReader(self)
else:
self._receiver = FileReader(options.input_file,
options.input_offset,
options.input_limit)
self.client = ClientEasy(
options.profile, ClientEasy.PERMISSION_IDMEF_READ
| ClientEasy.PERMISSION_IDMEF_WRITE, "Prelude Correlator",
"Correlator", "CS-SI", VERSION)
self.client.setConfigFilename(options.config)
self.client.start()
def _handle_event(self, idmef):
if self._print_input:
self._print_input.write(str(idmef))
env.pluginmanager.run(idmef)
self._events_processed += 1
def stats(self):
logger.info("%d events received, %d correlationAlerts generated.",
self._events_processed, self._alert_generated)
def correlationAlert(self, idmef):
self._alert_generated = self._alert_generated + 1
if not self._dry_run:
self.client.sendIDMEF(idmef)
if self._print_output:
self._print_output.write(str(idmef))
# Reinject correlation alerts for meta-correlation
self._receiver.inject(idmef)
def run(self):
last = time.time()
for msg in self._receiver.run():
if msg and self._criteria.match(msg):
self._handle_event(msg)
now = time.time()
if now - last >= 1:
context.wakeup(now)
last = now
if not self._continue:
break
def stop(self):
self._continue = False
@staticmethod
def _parse_criteria(criteria):
if not criteria:
return IDMEFCriteria("alert")
criteria = "alert && (%s)" % criteria
try:
return IDMEFCriteria(criteria)
except Exception as e:
raise error.UserError("Invalid criteria provided '%s': %s" %
(criteria, e))
class PreludeClient(object):
def __init__(self, env, options, print_input=None, print_output=None, dry_run=False):
self._env = env
self._events_processed = 0
self._alert_generated = 0
self._print_input = print_input
self._print_output = print_output
self._continue = True
self._dry_run = dry_run
self._criteria = self._parse_criteria(self._env.config.get("general", "criteria"))
if not options.readfile:
self._receiver = ClientReader(self)
else:
self._receiver = FileReader(options.readfile, options.readoff, options.readlimit)
self.client = ClientEasy(
options.profile,
ClientEasy.PERMISSION_IDMEF_READ | ClientEasy.PERMISSION_IDMEF_WRITE,
"Prelude Correlator",
"Correlator",
"CS-SI",
VERSION,
)
self.client.start()
def _handle_event(self, idmef):
if self._print_input:
self._print_input.write(str(idmef))
self._env.pluginmanager.run(idmef)
self._events_processed += 1
def stats(self):
logger.info(
"%d events received, %d correlationAlerts generated.", self._events_processed, self._alert_generated
)
def correlationAlert(self, idmef):
self._alert_generated = self._alert_generated + 1
if not self._dry_run:
self.client.sendIDMEF(idmef)
if self._print_output:
self._print_output.write(str(idmef))
def run(self):
last = time.time()
for msg in self._receiver.run():
if msg and self._criteria.match(msg):
self._handle_event(msg)
now = time.time()
if now - last >= 1:
context.wakeup(now)
last = now
if not self._continue:
break
def stop(self):
self._continue = False
@staticmethod
def _parse_criteria(criteria):
if not criteria:
return IDMEFCriteria("alert")
criteria = "alert && (%s)" % (criteria)
try:
return IDMEFCriteria(criteria)
except Exception as e:
raise error.UserError("Invalid criteria provided '%s': %s" % (criteria, e))
class PreludeClient:
def __init__(self, env, print_input=None, print_output=None, dry_run=False):
self._env = env
self._events_processed = 0
self._alert_generated = 0
self._print_input = print_input
self._print_output = print_output
self._continue = True
self._dry_run = dry_run
self._client = ClientEasy("prelude-correlator", ClientEasy.PERMISSION_IDMEF_READ|ClientEasy.PERMISSION_IDMEF_WRITE,
"Prelude-Correlator", "Correlator", "CS-SI",
VERSION)
self._client.start()
def _handle_event(self, idmef):
if self._print_input:
self._print_input.write(str(idmef))
self._env.pluginmanager.run(idmef)
self._events_processed += 1
def stats(self):
logger.info("%d events received, %d correlationAlerts generated.", self._events_processed, self._alert_generated)
def correlationAlert(self, idmef):
self._alert_generated = self._alert_generated + 1
if not self._dry_run:
self._client.sendIDMEF(idmef)
if self._print_output:
self._print_output.write(str(idmef))
def _recvEventsFromClient(self, idmef):
try:
ret = self._client.recvIDMEF(idmef, 1000)
except:
ret = 0
return ret
def _readEventsFromFile(self, idmef, count=True):
if count and self._env._input_limit > 0 and self._env._input_count >= self._env._input_limit:
self._continue = 0
return 0
try:
idmef << self._env._input_fd
except EOFError:
self._continue = 0
return 0
if count:
self._env._input_count += 1
return 1
def _readEvents(self, _read_func_cb):
criteria = self._env.config.get("general", "criteria")
if criteria:
criteria = "alert && (%s)" % (criteria)
else:
criteria = "alert"
try:
criteria = IDMEFCriteria(criteria)
except Exception as e:
raise error.UserError("Invalid criteria provided '%s': %s" % (criteria, e))
last = time.time()
while self._continue:
msg = idmef.IDMEF()
r = _read_func_cb(msg)
if r:
if criteria.match(msg):
self._handle_event(msg)
now = time.time()
if now - last >= 1:
context.wakeup(now)
last = now
def readEvents(self, offset):
for i in range(0, offset):
self._readEventsFromFile(idmef.IDMEF(), count=False)
self._readEvents(self._readEventsFromFile)
def recvEvents(self):
self._readEvents(self._recvEventsFromClient)
def stop(self):
self._continue = False