Esempi in Python per Not

Linguaggio di programmazione: Python

Spazio dei nomi/nome del pacchetto: grapl_analyzerlib.prelude

Classe/tipologia: Not

Esempi su hotexamples.com: 5

Not in Python: 5 esempi trovati. Questi sono i migliori esempi reali in Python per grapl_analyzerlib.prelude.Not, estratti da progetti open source. Li puoi valutare, per aiutarci a migliorare la qualità dei nostri esempi.

Metodi utilizzati di frequente

Mostra Nascondi

Not(5)

Metodi utilizzati di frequente

Not (5)

Esempio n. 1

Mostra file

File: main.py Progetto: grapl-security/grapl-analyzers

 def get_queries(self) -> OneOrMany[ProcessQuery]:
     return (
         ProcessQuery()
         .with_process_name(eq="firefox.exe")
         .with_process_name(eq="chrome.exe")
         .with_created_files(
             FileQuery()
             .with_file_path(contains=[Not("AppData"), Not("tmp")])
         )
     )

Esempio n. 2

Mostra file

 def get_queries(self) -> OneOrMany[ProcessQuery]:
     # Search for a process that executes cmd.exe,
     # where the process args references SetupComplete or PartnerSetupComplete
     # And the process is *not* executing from specific Windows directories
     return (ProcessQuery().with_children(ProcessQuery().with_bin_file(
         FileQuery().with_file_path(ends_with="cmd.exe")).with_arguments(
             contains=r"C:\Windows\Setup\Scripts\SetupComplete.cmd"
         ).with_arguments(
             contains=r"C:\Windows\Setup\Scripts\PartnerSetupComplete.cmd"
         )).with_bin_file(FileQuery().with_file_path(contains=[
             Not(r'C:\Windows\System32\\*'),
             Not(r'C:\Windows\SysWOW64\\*'),
             Not(r'C:\Windows\WinSxS\\*'),
             Not(r'C:\Windows\Setup\\*'),
         ])))

Esempio n. 3

Mostra file

    def get_queries(self) -> OneOrMany[ProcessQuery]:
        invalid_parents = [
            Not("services.exe"),
            Not("smss.exe"),
            Not("ngentask.exe"),
            Not("userinit.exe"),
            Not("GoogleUpdate.exe"),
            Not("conhost.exe"),
            Not("MpCmdRun.exe"),
        ]

        return (ProcessQuery().with_process_name(
            eq=invalid_parents).with_children(ProcessQuery().with_process_name(
                eq="svchost.exe")).with_asset(AssetQuery().with_hostname()))

Esempio n. 4

Mostra file

    def get_queries(self) -> OneOrMany[ProcessQuery]:
        # TODO: We should be checking binary paths for these to ensure we handle impersonation
        parent_whitelist = [
            Not("svchost.exe"),
            Not("RuntimeBroker.exe"),
            Not("chrome.exe"),
            Not("explorer.exe"),
            Not("SIHClient.exe"),
            Not("conhost.exe"),
            Not("MpCmdRun.exe"),
            Not("GoogleUpdateComRegisterShell64.exe"),
            Not("GoogleUpdate.exe"),
            Not("notepad.exe"),
            Not("OneDrive.exe"),
            Not("VBoxTray.exe"),
            Not("Firefox Installer.exe"),
        ]

        return (ProcessQuery().with_process_name(
            eq=parent_whitelist).with_children(
                ProcessQuery().with_process_name(eq="cmd.exe")).with_asset(
                    AssetQuery().with_hostname()))

Esempio n. 5

Mostra file

    def get_queries(self) -> OneOrMany[ProcessQuery]:
        parent_whitelist = [
            Not("svchost.exe"),
            Not("RuntimeBroker.exe"),
            Not("chrome.exe"),
            Not("explorer.exe"),
            Not("SIHClient.exe"),
            Not("conhost.exe"),
            Not("MpCmdRun.exe"),
            Not("GoogleUpdateComRegisterShell64.exe"),
            Not("GoogleUpdate.exe"),
            Not("notepad.exe"),
            Not("OneDrive.exe"),
            Not("VBoxTray.exe"),
            Not("Firefox Installer.exe"),
        ]

        return (
            ProcessQuery()
            .with_process_name(eq=parent_whitelist)
            .with_children(
                ProcessQuery()
                .with_process_name(eq="cmd.exe")
            )
        )