Example #1
0
 def __init__(self) -> None:
     super(ProcessSchema, self).__init__()
     (
         self.with_int_prop("process_id")
         .with_int_prop("created_timestamp")
         .with_int_prop("terminate_time")
         .with_str_prop("image_name")
         .with_str_prop("process_name")
         .with_str_prop("arguments")
         .with_forward_edge("children", OneToMany(ProcessSchema), "parent")
         .with_forward_edge("bin_file", ManyToOne(FileSchema), "spawned_from")
         .with_forward_edge("created_files", OneToMany(FileSchema), "creator")
         .with_forward_edge("deleted_files", OneToMany(FileSchema), "deleter")
         .with_forward_edge("read_files", ManyToMany(FileSchema), "readers")
         .with_forward_edge("wrote_files", ManyToMany(FileSchema), "writers")
         .with_forward_edge(
             "created_connections",
             ManyToMany(ProcessOutboundConnectionSchema),
             "connections_from",
         )
         .with_forward_edge(
             "inbound_connections",
             ManyToMany(ProcessInboundConnectionSchema),
             "bound_by",
         )
         # .with_forward_edge('bound_connections', [uid])
     )
Example #2
0
 def __init__(self) -> None:
     super(LensSchema, self).__init__()
     (
         self.with_str_prop("lens")
         .with_int_prop("score")
         .with_forward_edge("scope", ManyToMany(AnyNodeSchema), "in_scope")
     )
Example #3
0
    def __init__(self):
        super(IpAddressSchema, self).__init__()

        (self.with_str_prop("ip_address").with_int_prop("first_seen_timestamp")
         .with_int_prop("last_seen_timestamp").with_forward_edge(
             "ip_connections", ManyToMany(IpConnectionSchema),
             "connecting_ips"))
Example #4
0
def provision_mg(mclient) -> None:
    # drop_all(mclient)
    # drop_all(___local_dg_provision_client)

    schemas = (
        AssetSchema(),
        ProcessSchema(),
        FileSchema(),
        IpConnectionSchema(),
        IpAddressSchema(),
        IpPortSchema(),
        NetworkConnectionSchema(),
        ProcessInboundConnectionSchema(),
        ProcessOutboundConnectionSchema(),
    )
    mg_schemas = [
        s.with_forward_edge("risks", ManyToMany(RiskSchema), "risky_nodes")
        for s in schemas
    ]

    mg_schemas.append(RiskSchema())
    mg_schemas.append(LensSchema())

    mg_schema_str = format_schemas(mg_schemas)
    set_schema(mclient, mg_schema_str)
Example #5
0
 def __init__(self) -> None:
     super(IpPortSchema, self).__init__()
     (self.with_str_prop("ip_address").with_str_prop("protocol").
      with_int_prop("port").with_int_prop("first_seen_timestamp").
      with_int_prop("last_seen_timestamp").with_forward_edge(
          "network_connections",
          ManyToMany(NetworkConnectionSchema),
          "connections_from",
      ))
 def __init__(self) -> None:
     super(ProcessInboundConnectionSchema, self).__init__()
     (
         self.with_str_prop("ip_address")
         .with_str_prop("protocol")
         .with_int_prop("created_timestamp")
         .with_int_prop("terminated_timestamp")
         .with_int_prop("last_seen_timestamp")
         .with_int_prop("port")
         .with_forward_edge(
             "bound_port",
             # The IP + Port that was bound
             ManyToMany(IpPortSchema),
             "bound_by",
         )
         .with_forward_edge(
             "bound_ip",
             # The IP that was bound
             ManyToMany(IpAddressSchema),
             "bound_ports",
         )
     )
Example #7
0
def provision_eg(eclient) -> None:
    # drop_all(mclient)
    # drop_all(___local_dg_provision_client)

    schemas = [
        AssetSchema(),
        ProcessSchema(),
        FileSchema(),
        IpConnectionSchema(),
        IpAddressSchema(),
        IpPortSchema(),
        NetworkConnectionSchema(),
        ProcessInboundConnectionSchema(),
        ProcessOutboundConnectionSchema(),
    ]

    eg_schemas = [s.with_forward_edge('risks', ManyToMany(RiskSchema), 'risky_nodes') for s in schemas]

    eg_schemas.append(RiskSchema())
    eg_schemas.append(LensSchema())
    eg_schema_str = format_schemas(eg_schemas)
    print(eg_schema_str)
    set_schema(eclient, eg_schema_str)
Example #8
0
 def __init__(self):
     super(LensSchema, self).__init__()
     (self.with_str_prop('lens').with_int_prop('score').with_forward_edge(
         'scope', ManyToMany(AnyNodeSchema), 'in_scope'))
Example #9
0

eclient = DgraphClient(DgraphClientStub('localhost:9080'))

# drop_all(mclient)
# drop_all(eclient)

schemas = (
    AssetSchema(),
    ProcessSchema(),
    FileSchema(),
    IpConnectionSchema(),
    IpAddressSchema(),
    IpPortSchema(),
    NetworkConnectionSchema(),
    ProcessInboundConnectionSchema(),
    ProcessOutboundConnectionSchema(),
)

schema_str = format_schemas(schemas)

eg_schemas = [
    s.with_forward_edge('risks', ManyToMany(RiskSchema), 'risky_nodes')
    for s in schemas
]

risk_schema = RiskSchema()
lens_schema = LensSchema()
eg_schemas.extend([risk_schema, lens_schema])
eg_schema_str = format_schemas(eg_schemas)
set_schema(eclient, eg_schema_str)