def run(self):
work_queue = self.initialize_queue()
self.database_controller = BinaryDatabaseController(work_queue)
self.database_controller.start()
# Import previous work, if enabled
legacy_feed_directory = self.get_config_string("legacy_feed_directory",
None)
if legacy_feed_directory:
self.migrate_legacy_reports(legacy_feed_directory)
# Prepare binary analysis ("detonation") provider
consumer_threads = []
provider = self.get_provider()
for i in range(self.num_quick_scan_threads):
database_arbiter = self.database_controller.register(
"consumer", quick_scan=True)
t = QuickScanThread(database_arbiter,
self.cb,
provider,
dirty_event=self.feed_dirty)
consumer_threads.append(t)
t.start()
for i in range(self.num_deep_scan_threads):
database_arbiter = self.database_controller.register(
"consumer", quick_scan=False)
t = DeepAnalysisThread(database_arbiter,
self.cb,
provider,
dirty_event=self.feed_dirty)
consumer_threads.append(t)
t.start()
# Start feed server
metadata = self.get_metadata()
self.start_feed_server(metadata)
# Start collecting binaries
collectors = self.start_binary_collectors(self.filter_spec)
# Synchronize feed with Carbon Black
self.get_or_create_feed()
if cbint.utils.cbserver.is_server_at_least(self.cb, "4.1"):
feed_synchronizer = FeedSyncRunner(self.cb, self.name,
self.feed_dirty)
feed_synchronizer.start()
try:
while True:
sleep(1)
except KeyboardInterrupt:
print 'stopping...'
for t in consumer_threads + collectors:
t.stop()
for t in consumer_threads + collectors:
t.join()
print 'stopped %s' % t
def test_lastline(self):
CbAPIProducerThread(self.daemon.work_queue, self.daemon.cb, self.daemon.name, rate_limiter=0,
stop_when_done=True).run()
dirty_flag = threading.Event()
t = DeepAnalysisThread(self.daemon.work_queue, self.daemon.cb, self.daemon.get_provider(),
dirty_event=dirty_flag)
t.start()
unanalyzed = self.daemon.work_queue.number_unanalyzed()
while unanalyzed:
print unanalyzed
sleep(.1)
unanalyzed = self.daemon.work_queue.number_unanalyzed()
t.stop()
t.join()
def test_bluecoat(self):
CbAPIProducerThread(self.daemon.work_queue, self.daemon.cb, self.daemon.name, rate_limiter=0,
stop_when_done=True).run()
dirty_flag = threading.Event()
t = DeepAnalysisThread(self.daemon.work_queue, self.daemon.cb, self.daemon.get_provider(),
dirty_event=dirty_flag)
t.start()
unanalyzed = self.daemon.work_queue.number_unanalyzed()
while unanalyzed:
print unanalyzed
sleep(.1)
unanalyzed = self.daemon.work_queue.number_unanalyzed()
t.stop()
t.join()
def test_yara(self):
CbAPIProducerThread(self.daemon.work_queue, self.daemon.cb, self.daemon.name, rate_limiter=0,
stop_when_done=True).run()
yara_provider = YaraProvider('yara-test', os.path.join(test_dir, 'data', 'yara_rules'))
dirty_flag = threading.Event()
t = DeepAnalysisThread(self.daemon.work_queue, self.daemon.cb, yara_provider, dirty_event=dirty_flag)
t.start()
unanalyzed = self.daemon.work_queue.number_unanalyzed()
while unanalyzed:
print unanalyzed
sleep(.1)
unanalyzed = self.daemon.work_queue.number_unanalyzed()
t.stop()
t.join()
def test_yara(self):
CbAPIProducerThread(self.daemon.work_queue,
self.daemon.cb,
self.daemon.name,
rate_limiter=0,
stop_when_done=True).run()
yara_provider = YaraProvider(
'yara-test', os.path.join(test_dir, 'data', 'yara_rules'))
dirty_flag = threading.Event()
t = DeepAnalysisThread(self.daemon.work_queue,
self.daemon.cb,
yara_provider,
dirty_event=dirty_flag)
t.start()
unanalyzed = self.daemon.work_queue.number_unanalyzed()
while unanalyzed:
print unanalyzed
sleep(.1)
unanalyzed = self.daemon.work_queue.number_unanalyzed()
t.stop()
t.join()
