def getCharts(deviceIP, evidence):
charts = {}
charts["DEVICE"] = {}
charts["VENDOR"] = {}
allDevices = dbManager.allIdentifiers(D_DB_FILE)
allVendors = dbManager.allIdentifiers(V_DB_FILE)
# TO BE IMPLEMENTED - low priority
for device in allDevices:
charts["DEVICE"][device] = {}
charts["DEVICE"][device]["EVIDENCE"] = dbManager.select(
E_DB_FILE, deviceIP)
charts["DEVICE"][device]["PROFILE"] = dbManager.select(
D_DB_FILE, device)
charts["DEVICE"][device][
"SIMILARITY"] = similarityScore.jaccardSimilarity(
charts["DEVICE"][device]["EVIDENCE"],
charts["DEVICE"][device]["PROFILE"])
for vendor in allVendors:
charts["VENDOR"][vendor] = {}
charts["VENDOR"][vendor]["EVIDENCE"] = dbManager.select(
E_DB_FILE, deviceIP)
charts["VENDOR"][vendor]["PROFILE"] = dbManager.select(
V_DB_FILE, vendor)
charts["VENDOR"][vendor][
"SIMILARITY"] = similarityScore.jaccardSimilarity(
charts["VENDOR"][vendor]["EVIDENCE"],
charts["VENDOR"][vendor]["PROFILE"])
return charts
def getRequests():
requestsDict = {}
allRequestTimeStamps = dbManager.allIdentifiers(R_DB_FILE)
for requestTimeStamp in allRequestTimeStamps:
request = dbManager.select(R_DB_FILE, requestTimeStamp)
if "RESPONSE" not in request:
requestsDict[requestTimeStamp] = request
return requestsDict
def getVendorProfile(evidence):
vendorProfile = {}
vendors = dbManager.allIdentifiers(V_DB_FILE)
if "VENDOR" in evidence.keys():
for vendor in evidence["VENDOR"]:
if vendor in vendors:
vendorProfile = dbManager.select(V_DB_FILE, vendor)
break
return vendorProfile
def getDeviceProfile(evidence):
deviceProfile = {}
devices = dbManager.allIdentifiers(D_DB_FILE)
if "MODEL" in evidence.keys():
for model in evidence["MODEL"]:
if model in devices:
deviceProfile = dbManager.select(D_DB_FILE, model)
break
return deviceProfile
def getTimelines(deviceIP):
timelines = {}
timelines["IDENTIFICATION"] = {}
timelines["VULNERABILITY"] = {}
allEvents = dbManager.allIdentifiers(EVENTS_DB_FILE)
for eventID in allEvents:
event = dbManager.select(EVENTS_DB_FILE, eventID)
if "TARGET_IPADDR" in event.keys(
) and deviceIP in event["TARGET_IPADDR"]:
if "TYPE" in event.keys() and "IDENTIFICATION" in event["TYPE"]:
timelines["IDENTIFICATION"][eventID] = event
if "TYPE" in event.keys() and "VULNERABILITY" in event["TYPE"]:
timelines["VULNERABILITY"][eventID] = event
return timelines
if profile != "NA":
newProfile = helper.breakDownDict(profile, "", {})
print("Inserting device profile {0}".format(name))
DBManager.insert(D_DB_FILE, name, newProfile)
# Status
DBManager.insert(S_DB_FILE, "ID_QUEUE", {"IP": []})
DBManager.insert(S_DB_FILE, "VULN_QUEUE", {"IP": []})
DBManager.insert(S_DB_FILE, "IDENTIFIED", {"IP": []})
DBManager.insert(S_DB_FILE, "COMPLETED", {"IP": []})
DBManager.insert(S_DB_FILE, "DECK", {"IP": []})
# Requests
# Known CVEs
fr = open("ssasse_platform/InferenceEngine/Databases/known_cves.json",
"r",
encoding="utf-8")
knownDict = json.loads(fr.read())
fr.close()
devices = dbManager.allIdentifiers(D_DB_FILE)
for device in devices:
if device in knownDict.keys():
for cveDict in knownDict[device]:
#print("Inserting vuln {0} into {1}".format(cveDict,device))
DBManager.insertVulnerabilityTableEntry(D_DB_FILE, VULN_DB_FILE,
device, cveDict)
print("inference prep done")
def getSummary():
summary = {}
summary["AGGREGATE"] = {}
summary["AGGREGATE"]["TOTAL_DEVICES"] = 0
summary["AGGREGATE"]["IDENTIFIED"] = 0
summary["AGGREGATE"]["UNIDENTIFIED"] = 0
summary["AGGREGATE"]["TOTAL_VULNERABILITIES"] = 0
summary["AGGREGATE"]["HIGH_VULNS"] = 0
summary["AGGREGATE"]["MED_VULNS"] = 0
summary["AGGREGATE"]["LOW_VULNS"] = 0
summary["TABLE"] = {}
summary["REQUESTS"] = getRequests()
allIPs = dbManager.allIdentifiers(E_DB_FILE)
for deviceIP in allIPs:
summary["AGGREGATE"][
"TOTAL_DEVICES"] = summary["AGGREGATE"]["TOTAL_DEVICES"] + 1
summary["TABLE"][deviceIP] = {}
summary["TABLE"][deviceIP]["VENDOR"] = "NA"
summary["TABLE"][deviceIP]["MODEL"] = "NA"
summary["TABLE"][deviceIP]["FIRMWARE_ID"] = "NA"
summary["TABLE"][deviceIP]["DEVICE_TYPE"] = "NA"
summary["TABLE"][deviceIP]["HIGH_VULNS"] = 0
summary["TABLE"][deviceIP]["MED_VULNS"] = 0
summary["TABLE"][deviceIP]["LOW_VULNS"] = 0
evidence = dbManager.select(E_DB_FILE, deviceIP)
# count identified
if "MODEL" in evidence.keys():
summary["AGGREGATE"][
"IDENTIFIED"] = summary["AGGREGATE"]["IDENTIFIED"] + 1
summary["TABLE"][deviceIP]["MODEL"] = evidence["MODEL"]
else:
summary["AGGREGATE"][
"UNIDENTIFIED"] = summary["AGGREGATE"]["UNIDENTIFIED"] + 1
# fill table
if "VENDOR" in evidence.keys():
summary["TABLE"][deviceIP]["VENDOR"] = evidence["VENDOR"]
if "FIRMWARE_ID" in evidence.keys():
summary["TABLE"][deviceIP]["FIRMWARE_ID"] = evidence["FIRMWARE_ID"]
if "DEVICE_TYPE" in evidence.keys():
summary["TABLE"][deviceIP]["DEVICE_TYPE"] = evidence["DEVICE_TYPE"]
# find children
children = getChildren(evidence)
for key, val in children.items():
summary["TABLE"][deviceIP + ":" + key] = {}
summary["TABLE"][deviceIP + ":" + key]["VENDOR"] = val.get(
"VENDOR", "NA")
summary["TABLE"][deviceIP + ":" + key]["MODEL"] = val.get(
"MODEL", "NA")
summary["TABLE"][deviceIP + ":" + key]["FIRMWARE_ID"] = "-"
summary["TABLE"][deviceIP + ":" + key]["DEVICE_TYPE"] = "-"
summary["TABLE"][deviceIP + ":" + key]["HIGH_VULNS"] = "-"
summary["TABLE"][deviceIP + ":" + key]["MED_VULNS"] = "-"
summary["TABLE"][deviceIP + ":" + key]["LOW_VULNS"] = "-"
# count vulns
if "VULNERABILITIES" in evidence.keys():
for vulnerabilityID in evidence["VULNERABILITIES"]:
summary["AGGREGATE"]["TOTAL_VULNERABILITIES"] = summary[
"AGGREGATE"]["TOTAL_VULNERABILITIES"] + 1
vulnerability = dbManager.select(VULN_DB_FILE, vulnerabilityID)
if helper.singleInList("high", vulnerability["SEVERITY"]):
summary["AGGREGATE"][
"HIGH_VULNS"] = summary["AGGREGATE"]["HIGH_VULNS"] + 1
summary["TABLE"][deviceIP]["HIGH_VULNS"] = summary[
"TABLE"][deviceIP]["HIGH_VULNS"] + 1
if helper.singleInList("medium", vulnerability["SEVERITY"]):
summary["AGGREGATE"][
"MED_VULNS"] = summary["AGGREGATE"]["MED_VULNS"] + 1
summary["TABLE"][deviceIP]["MED_VULNS"] = summary["TABLE"][
deviceIP]["MED_VULNS"] + 1
if helper.singleInList("low", vulnerability["SEVERITY"]):
summary["AGGREGATE"][
"LOW_VULNS"] = summary["AGGREGATE"]["LOW_VULNS"] + 1
summary["TABLE"][deviceIP]["LOW_VULNS"] = summary["TABLE"][
deviceIP]["LOW_VULNS"] + 1
return summary
# DEST_IPADDR
# TARGET_MACADDR
# DEST_MACADDR
# EVENTS_DB
# TARGET_IPADDR
# INFO - find and replace
maskedIPs = {}
maskedMACs = {}
ipCounter = 0
macCounter = 0
# find all IPs and map them to masked
allIPs = dbManager.allIdentifiers(E_DB_FILE)
for deviceIP in allIPs:
if deviceIP not in maskedIPs.keys():
maskedIPs[deviceIP] = "IP_{0}".format(ipCounter)
ipCounter = ipCounter + 1
evidence = dbManager.select(E_DB_FILE, deviceIP)
if "TARGET_IPADDR" in evidence.keys():
for targetIP in evidence["TARGET_IPADDR"]:
ipKey = helper.singleInList(targetIP, maskedIPs.keys())
if ipKey == False:
maskedIPs[targetIP] = "IP_{0}".format(ipCounter)
ipCounter = ipCounter + 1