def heuritics_statistics(**kwargs):
"""
Gather all heuristics stats in system
Variables:
None
Arguments:
None
Data Block:
None
Result example:
[{"id": "AL_HEUR_001", # Heuristics ID
"count": "100", # Count of times heuristics seen
"min": 0, # Lowest score found
"avg": 172, # Average of all scores
"max": 780, # Highest score found
}, ... ]
"""
user = kwargs['user']
stats = forge.get_statistics_cache().get('heuristics') or []
return make_api_response([
x for x in stats if Classification.is_accessible(
user['classification'], x['classification'])
])
def signature_statistics(**kwargs):
"""
Gather all signatures stats in system
Variables:
None
Arguments:
None
Data Block:
None
Result example:
[ # List of signature stats
{"sid": "ORG_000000", # Signature ID
"rev": 1, # Signature version
"classification": "U", # Classification of the signature
"name": "Signature Name" # Signature name
"count": "100", # Count of times signatures seen
"min": 0, # Lowest score found
"avg": 172, # Average of all scores
"max": 780, # Highest score found
},
...
]"""
user = kwargs['user']
stats = forge.get_statistics_cache().get('signatures') or []
return make_api_response([
x for x in stats if Classification.is_accessible(
user['classification'], x['classification'])
])
def test_stats(datastore, client):
cache = forge.get_statistics_cache()
cache.delete()
res = client.heuristics.stats()
assert len(res) == 0
stats = datastore.calculate_heuristic_stats()
cache.set('heuristics', stats)
res = client.heuristics.stats()
assert len(res) == datastore.heuristic.search('id:*')['total']
def __init__(self, config=None):
super().__init__('assemblyline.statistics_aggregator')
self.config = config or forge.get_config()
self.cache = forge.get_statistics_cache(config=self.config)
self.datastore = forge.get_datastore(archive_access=True)
self.scheduler = BackgroundScheduler(daemon=True)
if self.config.core.metrics.apm_server.server_url is not None:
self.log.info(f"Exporting application metrics to: {self.config.core.metrics.apm_server.server_url}")
elasticapm.instrument()
self.apm_client = elasticapm.Client(server_url=self.config.core.metrics.apm_server.server_url,
service_name="metrics_aggregator")
else:
self.apm_client = None
def test_signature_stats(datastore, login_session):
_, session, host = login_session
cache = forge.get_statistics_cache()
cache.delete()
resp = get_api_data(session, f"{host}/api/v4/signature/stats/")
assert len(resp) == 0
stats = datastore.calculate_signature_stats()
cache.set('signatures', stats)
signature_count = datastore.signature.search("id:*", rows=0)['total']
resp = get_api_data(session, f"{host}/api/v4/signature/stats/")
assert len(resp) == signature_count
for sig_stat in resp:
assert sorted(list(sig_stat.keys())) == [
'avg', 'classification', 'count', 'id', 'max', 'min', 'name',
'source', 'type'
]