def decideAffectedElement(attack_name, affected_element_ip):
attack_dict = { "attempted administrator privilege gain": 4,
"attempted user privilege gain": 4,
"score! get the lotion!": 4,
"potential corporate privacy violation": 4,
"executable code was detected": 4,
"successful administrator priviledge gain": 4,
"successful user priviledge gain": 4,
"a network trojan was detected": 4,
"unsuccessful user privilege gain": 4,
"web application attack": 4,
"attempted denial of service": 3,
"attempted information leak": 3,
"potentially bad traffic": 3,
"attempt to login by a default username and password": 3,
"detection of a denial of service attack": 3,
"misc attack": 3,
"detection of a non-standard protocol or event": 3,
"decode of an rpc query": 3,
"denial of service": 3,
"large scale information leak": 3,
"information leak": 3,
"a suspicious filename was detected": 3,
"an attempted login using a suspicious user-name was detected": 3,
"a system call was detected": 3,
"a client was using an unusual port": 3,
"access to a potentially vulnerable web application": 3,
"generic icmp event": 2,
"misc activity": 2,
"detection of a network scan": 2,
"not suspicious traffic": 2,
"generic protocol command decode": 2,
"a suspicious string was detected": 2,
"unknown traffic= -": 2,
"a tcp connection was detected= -": 1,
}
affected_element = rf.parseSystemFile(affected_element_ip)
#####
# Query the database of the system
db = systemdb.systemDatabase()
temp = db.getFromTable('prueba1',affected_element,'rating','ip="'+affected_element_ip+'"')
temp2 = db.getFromTable('prueba1',affected_element,'id','ip="'+affected_element_ip+'"')
affected_element_relevance = temp.strip("'(,)'")
affected_element_id = temp2.strip("'(,)'")
#
#####
info = ['' for i in range(4)]
info[0], info[1], info[2], info[3] = affected_element , affected_element_relevance, attack_dict[attack_name], affected_element_id
return info
def init():
elements = rf.getElements()
db = systemdb.systemDatabase()
for element in elements:
info = element.split(':')
element_name = info[0]
element_id = info[1]
element_rating = info[2]
temp = element_name + '-' + element_id
params = [0,0,0,0,0,0,0,0]
data = ds.calculateParams(params ,element_name , element_rating, 0)
# system_risk_dict['element_name - element_id'] = element_risk
system_risk_dict[temp] = ds.calculateRisk(data)
# updating an element
db.modifyDatabase(element_name, element_id,'risk', system_risk_dict[temp])
db.closeDatabase()
print 'Initialized system risk.'
