def update_available(**_): """ Check if updated signatures are. Variables: None Arguments: last_update => ISO time of last update. type => Signature type to check Data Block: None Result example: { "update_available" : true } # If updated rules are available. """ sig_type = request.args.get('type', '*') last_update = iso_to_epoch( request.args.get('last_update', '1970-01-01T00:00:00.000000Z')) last_modified = iso_to_epoch(STORAGE.get_signature_last_modified(sig_type)) return make_api_response({"update_available": last_modified > last_update})
def download_signatures(**kwargs): """ Download signatures from the system. Variables: None Arguments: query => Query used to filter the signatures Default: All deployed signatures Data Block: None Result example: <A zip file containing all signatures files from the different sources> """ user = kwargs['user'] query = request.args.get('query', 'status:DEPLOYED') access = user['access_control'] last_modified = STORAGE.get_signature_last_modified() query_hash = sha256( f'{query}.{access}.{last_modified}'.encode('utf-8')).hexdigest() with forge.get_cachestore('al_ui.signature') as signature_cache: response = _get_cached_signatures(signature_cache, query_hash) if response: return response with Lock(f"al_signatures_{query_hash[:7]}.zip", 30): response = _get_cached_signatures(signature_cache, query_hash) if response: return response output_files = {} keys = [ k['id'] for k in STORAGE.signature.stream_search( query, fl="id", access_control=access, as_obj=False) ] signature_list = sorted(STORAGE.signature.multiget( keys, as_dictionary=False, as_obj=False), key=lambda x: x['order']) for sig in signature_list: out_fname = f"{sig['type']}/{sig['source']}" output_files.setdefault(out_fname, []) output_files[out_fname].append(sig['data']) output_zip = InMemoryZip() for fname, data in output_files.items(): output_zip.append(fname, "\n\n".join(data)) rule_file_bin = output_zip.read() signature_cache.save(query_hash, rule_file_bin, ttl=DEFAULT_CACHE_TTL) return make_file_response(rule_file_bin, f"al_signatures_{query_hash[:7]}.zip", len(rule_file_bin), content_type="application/zip")