def heuritics_statistics(**kwargs): """ Gather all heuristics stats in system Variables: None Arguments: None Data Block: None Result example: [{"id": "AL_HEUR_001", # Heuristics ID "count": "100", # Count of times heuristics seen "min": 0, # Lowest score found "avg": 172, # Average of all scores "max": 780, # Highest score found }, ... ] """ user = kwargs['user'] stats = forge.get_statistics_cache().get('heuristics') or [] return make_api_response([ x for x in stats if Classification.is_accessible( user['classification'], x['classification']) ])
def signature_statistics(**kwargs): """ Gather all signatures stats in system Variables: None Arguments: None Data Block: None Result example: [ # List of signature stats {"sid": "ORG_000000", # Signature ID "rev": 1, # Signature version "classification": "U", # Classification of the signature "name": "Signature Name" # Signature name "count": "100", # Count of times signatures seen "min": 0, # Lowest score found "avg": 172, # Average of all scores "max": 780, # Highest score found }, ... ]""" user = kwargs['user'] stats = forge.get_statistics_cache().get('signatures') or [] return make_api_response([ x for x in stats if Classification.is_accessible( user['classification'], x['classification']) ])
def test_stats(datastore, client): cache = forge.get_statistics_cache() cache.delete() res = client.heuristics.stats() assert len(res) == 0 stats = datastore.calculate_heuristic_stats() cache.set('heuristics', stats) res = client.heuristics.stats() assert len(res) == datastore.heuristic.search('id:*')['total']
def __init__(self, config=None): super().__init__('assemblyline.statistics_aggregator') self.config = config or forge.get_config() self.cache = forge.get_statistics_cache(config=self.config) self.datastore = forge.get_datastore(archive_access=True) self.scheduler = BackgroundScheduler(daemon=True) if self.config.core.metrics.apm_server.server_url is not None: self.log.info(f"Exporting application metrics to: {self.config.core.metrics.apm_server.server_url}") elasticapm.instrument() self.apm_client = elasticapm.Client(server_url=self.config.core.metrics.apm_server.server_url, service_name="metrics_aggregator") else: self.apm_client = None
def test_signature_stats(datastore, login_session): _, session, host = login_session cache = forge.get_statistics_cache() cache.delete() resp = get_api_data(session, f"{host}/api/v4/signature/stats/") assert len(resp) == 0 stats = datastore.calculate_signature_stats() cache.set('signatures', stats) signature_count = datastore.signature.search("id:*", rows=0)['total'] resp = get_api_data(session, f"{host}/api/v4/signature/stats/") assert len(resp) == signature_count for sig_stat in resp: assert sorted(list(sig_stat.keys())) == [ 'avg', 'classification', 'count', 'id', 'max', 'min', 'name', 'source', 'type' ]