def __init__(self) -> None:
super(ProcessSchema, self).__init__()
(
self.with_int_prop("process_id")
.with_int_prop("created_timestamp")
.with_int_prop("terminate_time")
.with_str_prop("image_name")
.with_str_prop("process_name")
.with_str_prop("arguments")
.with_forward_edge("children", OneToMany(ProcessSchema), "parent")
.with_forward_edge("bin_file", ManyToOne(FileSchema), "spawned_from")
.with_forward_edge("created_files", OneToMany(FileSchema), "creator")
.with_forward_edge("deleted_files", OneToMany(FileSchema), "deleter")
.with_forward_edge("read_files", ManyToMany(FileSchema), "readers")
.with_forward_edge("wrote_files", ManyToMany(FileSchema), "writers")
.with_forward_edge(
"created_connections",
ManyToMany(ProcessOutboundConnectionSchema),
"connections_from",
)
.with_forward_edge(
"inbound_connections",
ManyToMany(ProcessInboundConnectionSchema),
"bound_by",
)
# .with_forward_edge('bound_connections', [uid])
)
def __init__(self) -> None:
super(LensSchema, self).__init__()
(
self.with_str_prop("lens")
.with_int_prop("score")
.with_forward_edge("scope", ManyToMany(AnyNodeSchema), "in_scope")
)
def __init__(self):
super(IpAddressSchema, self).__init__()
(self.with_str_prop("ip_address").with_int_prop("first_seen_timestamp")
.with_int_prop("last_seen_timestamp").with_forward_edge(
"ip_connections", ManyToMany(IpConnectionSchema),
"connecting_ips"))
def provision_mg(mclient) -> None:
# drop_all(mclient)
# drop_all(___local_dg_provision_client)
schemas = (
AssetSchema(),
ProcessSchema(),
FileSchema(),
IpConnectionSchema(),
IpAddressSchema(),
IpPortSchema(),
NetworkConnectionSchema(),
ProcessInboundConnectionSchema(),
ProcessOutboundConnectionSchema(),
)
mg_schemas = [
s.with_forward_edge("risks", ManyToMany(RiskSchema), "risky_nodes")
for s in schemas
]
mg_schemas.append(RiskSchema())
mg_schemas.append(LensSchema())
mg_schema_str = format_schemas(mg_schemas)
set_schema(mclient, mg_schema_str)
def __init__(self) -> None:
super(IpPortSchema, self).__init__()
(self.with_str_prop("ip_address").with_str_prop("protocol").
with_int_prop("port").with_int_prop("first_seen_timestamp").
with_int_prop("last_seen_timestamp").with_forward_edge(
"network_connections",
ManyToMany(NetworkConnectionSchema),
"connections_from",
))
def __init__(self) -> None:
super(ProcessInboundConnectionSchema, self).__init__()
(
self.with_str_prop("ip_address")
.with_str_prop("protocol")
.with_int_prop("created_timestamp")
.with_int_prop("terminated_timestamp")
.with_int_prop("last_seen_timestamp")
.with_int_prop("port")
.with_forward_edge(
"bound_port",
# The IP + Port that was bound
ManyToMany(IpPortSchema),
"bound_by",
)
.with_forward_edge(
"bound_ip",
# The IP that was bound
ManyToMany(IpAddressSchema),
"bound_ports",
)
)
def provision_eg(eclient) -> None:
# drop_all(mclient)
# drop_all(___local_dg_provision_client)
schemas = [
AssetSchema(),
ProcessSchema(),
FileSchema(),
IpConnectionSchema(),
IpAddressSchema(),
IpPortSchema(),
NetworkConnectionSchema(),
ProcessInboundConnectionSchema(),
ProcessOutboundConnectionSchema(),
]
eg_schemas = [s.with_forward_edge('risks', ManyToMany(RiskSchema), 'risky_nodes') for s in schemas]
eg_schemas.append(RiskSchema())
eg_schemas.append(LensSchema())
eg_schema_str = format_schemas(eg_schemas)
print(eg_schema_str)
set_schema(eclient, eg_schema_str)
def __init__(self):
super(LensSchema, self).__init__()
(self.with_str_prop('lens').with_int_prop('score').with_forward_edge(
'scope', ManyToMany(AnyNodeSchema), 'in_scope'))
eclient = DgraphClient(DgraphClientStub('localhost:9080'))
# drop_all(mclient)
# drop_all(eclient)
schemas = (
AssetSchema(),
ProcessSchema(),
FileSchema(),
IpConnectionSchema(),
IpAddressSchema(),
IpPortSchema(),
NetworkConnectionSchema(),
ProcessInboundConnectionSchema(),
ProcessOutboundConnectionSchema(),
)
schema_str = format_schemas(schemas)
eg_schemas = [
s.with_forward_edge('risks', ManyToMany(RiskSchema), 'risky_nodes')
for s in schemas
]
risk_schema = RiskSchema()
lens_schema = LensSchema()
eg_schemas.extend([risk_schema, lens_schema])
eg_schema_str = format_schemas(eg_schemas)
set_schema(eclient, eg_schema_str)