def StartInterrogationHunt(self):
"""Starts an interrogation hunt on all available clients."""
flow_name = compatibility.GetName(flows_discovery.Interrogate)
flow_args = flows_discovery.InterrogateArgs(lightweight=False)
description = "Interrogate run by cron to keep host info fresh."
if data_store.RelationalDBEnabled():
hunt_id = hunt.CreateAndStartHunt(
flow_name,
flow_args,
self.token.username,
client_limit=0,
client_rate=50,
crash_limit=config.CONFIG["Cron.interrogate_crash_limit"],
description=description,
duration=rdfvalue.DurationSeconds("1w"),
output_plugins=self.GetOutputPlugins())
self.Log("Started hunt %s.", hunt_id)
else:
with hunts_implementation.StartHunt(
hunt_name=hunts_standard.GenericHunt.__name__,
client_limit=0,
flow_runner_args=rdf_flow_runner.FlowRunnerArgs(
flow_name=flow_name),
flow_args=flow_args,
output_plugins=self.GetOutputPlugins(),
crash_limit=config.CONFIG["Cron.interrogate_crash_limit"],
client_rate=50,
expiry_time=rdfvalue.DurationSeconds("1w"),
description=description,
token=self.token) as hunt_obj:
hunt_obj.GetRunner().Start()
self.Log("Started hunt %s.", hunt_obj.urn)
def StartInterrogationHunt(self):
"""Starts an interrogation hunt on all available clients."""
flow_name = compatibility.GetName(flows_discovery.Interrogate)
flow_args = flows_discovery.InterrogateArgs(lightweight=False)
description = "Interrogate run by cron to keep host info fresh."
hunt_id = hunt.CreateAndStartHunt(
flow_name,
flow_args,
self.token.username,
client_limit=0,
client_rate=config.CONFIG["Cron.interrogate_client_rate"],
crash_limit=config.CONFIG["Cron.interrogate_crash_limit"],
description=description,
duration=config.CONFIG["Cron.interrogate_duration"],
output_plugins=self.GetOutputPlugins())
self.Log("Started hunt %s.", hunt_id)
def Run(self):
hra = self.job.args.hunt_cron_action.hunt_runner_args
anbpcl = hra.avg_network_bytes_per_client_limit
hunt.CreateAndStartHunt(
self.job.args.hunt_cron_action.flow_name,
self.job.args.hunt_cron_action.flow_args,
CRON_JOB_USERNAME,
avg_cpu_seconds_per_client_limit=hra.avg_cpu_seconds_per_client_limit,
avg_network_bytes_per_client_limit=anbpcl,
avg_results_per_client_limit=hra.avg_results_per_client_limit,
client_limit=hra.client_limit,
client_rate=hra.client_rate,
client_rule_set=hra.client_rule_set,
crash_limit=hra.crash_limit,
description=hra.description,
duration=rdfvalue.Duration(hra.expiry_time),
original_object=hra.original_object,
output_plugins=hra.output_plugins,
per_client_cpu_limit=hra.per_client_cpu_limit,
per_client_network_bytes_limit=hra.per_client_network_limit_bytes,
)
def Run(self):
if data_store.RelationalDBReadEnabled("hunts"):
hra = self.job.args.hunt_cron_action.hunt_runner_args
anbpcl = hra.avg_network_bytes_per_client_limit
expiry_time = rdfvalue.RDFDatetime.Now() + hra.expiry_time
hunt.CreateAndStartHunt(
self.job.args.hunt_cron_action.flow_name,
self.job.args.hunt_cron_action.flow_args,
"Cron",
avg_cpu_seconds_per_client_limit=hra.
avg_cpu_seconds_per_client_limit,
avg_network_bytes_per_client_limit=anbpcl,
avg_results_per_client_limit=hra.avg_results_per_client_limit,
client_limit=hra.client_limit,
client_rate=hra.client_rate,
client_rule_set=hra.client_rule_set,
crash_limit=hra.crash_limit,
description=hra.description,
expiry_time=expiry_time,
original_object=hra.original_object,
output_plugins=hra.output_plugins,
per_client_cpu_limit=hra.per_client_cpu_limit,
per_client_network_bytes_limit=hra.
per_client_network_limit_bytes,
)
else:
action = self.job.args.hunt_cron_action
token = access_control.ACLToken(username="******")
hunt_args = rdf_hunts.GenericHuntArgs(
flow_args=action.flow_args,
flow_runner_args=rdf_flow_runner.FlowRunnerArgs(
flow_name=action.flow_name))
with implementation.StartHunt(hunt_name=GenericHunt.__name__,
args=hunt_args,
runner_args=action.hunt_runner_args,
token=token) as hunt_obj:
hunt_obj.Run()
