def decideAffectedElement(attack_name, affected_element_ip): attack_dict = { "attempted administrator privilege gain": 4, "attempted user privilege gain": 4, "score! get the lotion!": 4, "potential corporate privacy violation": 4, "executable code was detected": 4, "successful administrator priviledge gain": 4, "successful user priviledge gain": 4, "a network trojan was detected": 4, "unsuccessful user privilege gain": 4, "web application attack": 4, "attempted denial of service": 3, "attempted information leak": 3, "potentially bad traffic": 3, "attempt to login by a default username and password": 3, "detection of a denial of service attack": 3, "misc attack": 3, "detection of a non-standard protocol or event": 3, "decode of an rpc query": 3, "denial of service": 3, "large scale information leak": 3, "information leak": 3, "a suspicious filename was detected": 3, "an attempted login using a suspicious user-name was detected": 3, "a system call was detected": 3, "a client was using an unusual port": 3, "access to a potentially vulnerable web application": 3, "generic icmp event": 2, "misc activity": 2, "detection of a network scan": 2, "not suspicious traffic": 2, "generic protocol command decode": 2, "a suspicious string was detected": 2, "unknown traffic= -": 2, "a tcp connection was detected= -": 1, } affected_element = rf.parseSystemFile(affected_element_ip) ##### # Query the database of the system db = systemdb.systemDatabase() temp = db.getFromTable('prueba1',affected_element,'rating','ip="'+affected_element_ip+'"') temp2 = db.getFromTable('prueba1',affected_element,'id','ip="'+affected_element_ip+'"') affected_element_relevance = temp.strip("'(,)'") affected_element_id = temp2.strip("'(,)'") # ##### info = ['' for i in range(4)] info[0], info[1], info[2], info[3] = affected_element , affected_element_relevance, attack_dict[attack_name], affected_element_id return info
def init(): elements = rf.getElements() db = systemdb.systemDatabase() for element in elements: info = element.split(':') element_name = info[0] element_id = info[1] element_rating = info[2] temp = element_name + '-' + element_id params = [0,0,0,0,0,0,0,0] data = ds.calculateParams(params ,element_name , element_rating, 0) # system_risk_dict['element_name - element_id'] = element_risk system_risk_dict[temp] = ds.calculateRisk(data) # updating an element db.modifyDatabase(element_name, element_id,'risk', system_risk_dict[temp]) db.closeDatabase() print 'Initialized system risk.'