def __init__(self, aminerConfig, propertyPath, binDefinition, reportInterval, reportEventHandlers, resetAfterReportFlag=True, persistenceId='Default'): """Initialize the analysis component. @param reportInterval delay in seconds between creation of two reports. The parameter is applied to the parsed record data time, not the system time. Hence reports can be delayed when no data is received.""" self.lastReportTime = None self.nextReportTime = 0.0 self.propertyPath = propertyPath self.binDefinition = binDefinition self.histogramData = {} self.reportInterval = reportInterval self.reportEventHandlers = reportEventHandlers self.resetAfterReportFlag = resetAfterReportFlag self.persistenceId = persistenceId self.nextPersistTime = None PersistencyUtil.addPersistableComponent(self) self.persistenceFileName = AMinerConfig.buildPersistenceFileName( aminerConfig, 'PathDependentHistogramAnalysis', persistenceId) persistenceData = PersistencyUtil.loadJson(self.persistenceFileName) if persistenceData is not None: raise Exception('No data reading, def merge yet')
def __init__(self, aminerConfig, parallelCheckCount, correlationTestCount, \ maxFailCount, anomalyEventHandlers, persistenceId='Default', recordCountBeforeEvent=0x10000): """Initialize the detector. This will also trigger reading or creation of persistence storage location. @param parallelCheckCount number of rule detection checks to run in parallel. @param correlationTestCount number of tests to perform on a rule under test. @param maxFailCount maximal number of test failures so that rule is still eligible for reporting.""" self.lastTimestamp = 0.0 self.parallelCheckCount = parallelCheckCount self.correlationTestCount = correlationTestCount self.maxFailCount = maxFailCount self.anomalyEventHandlers = anomalyEventHandlers self.maxRuleAttributes = 5 self.lastUnhandledMatch = None self.nextPersistTime = None self.totalRecords = 0 self.recordCountBeforeEvent = recordCountBeforeEvent PersistencyUtil.addPersistableComponent(self) self.persistenceFileName = AMinerConfig.buildPersistenceFileName( aminerConfig, 'TimeCorrelationDetector', persistenceId) persistenceData = PersistencyUtil.loadJson(self.persistenceFileName) if persistenceData is None: self.featureList = [] self.eventCountTable = [ 0 ] * parallelCheckCount * parallelCheckCount * 2 self.eventDeltaTable = [ 0 ] * parallelCheckCount * parallelCheckCount * 2
def __init__(self, aminerConfig, anomalyEventHandlers, timestampPath, analyzePathList, minBinElements, minBinTime, syncBinsFlag=True, debugMode=False, persistenceId='Default'): """Initialize the detector. This will also trigger reading or creation of persistence storage location. @param timestampPath if not None, use this path value for timestamp based bins. @param analyzePathList list of match pathes to analyze in this detector. @param minBinElements evaluate the latest bin only after at least that number of elements was added to it. @param minBinTime evaluate the latest bin only when the first element is received after minBinTime has elapsed. @param syncBinsFlag if true the bins of all analyzed path values have to be filled enough to trigger analysis. @param debugMode if true, generate an analysis report even when average of last bin was within expected range.""" self.anomalyEventHandlers = anomalyEventHandlers self.timestampPath = timestampPath self.minBinElements = minBinElements self.minBinTime = minBinTime self.syncBinsFlag = syncBinsFlag self.debugMode = debugMode self.nextPersistTime = None PersistencyUtil.addPersistableComponent(self) self.persistenceFileName = AMinerConfig.buildPersistenceFileName(aminerConfig, \ 'MatchValueAverageChangeDetector', persistenceId) persistenceData = PersistencyUtil.loadJson(self.persistenceFileName) if persistenceData is None: self.statData = [] for path in analyzePathList: self.statData.append((path, [],))
def __init__(self, aminerConfig, histogramDefs, reportInterval, reportEventHandlers, resetAfterReportFlag=True, persistenceId='Default'): """Initialize the analysis component. @param histogramDefs is a list of tuples containing the target property path to analyze and the BinDefinition to apply for binning. @param reportInterval delay in seconds between creation of two reports. The parameter is applied to the parsed record data time, not the system time. Hence reports can be delayed when no data is received.""" self.lastReportTime = None self.nextReportTime = 0.0 self.histogramData = [] for (path, binDefinition) in histogramDefs: self.histogramData.append(HistogramData(path, binDefinition)) self.reportInterval = reportInterval self.reportEventHandlers = reportEventHandlers self.resetAfterReportFlag = resetAfterReportFlag self.persistenceId = persistenceId self.nextPersistTime = None PersistencyUtil.addPersistableComponent(self) self.persistenceFileName = AMinerConfig.buildPersistenceFileName( aminerConfig, 'HistogramAnalysis', persistenceId) persistenceData = PersistencyUtil.loadJson(self.persistenceFileName) if persistenceData != None: raise Exception('No data reading, def merge yet')
def __init__(self, aminerConfig, targetPath, anomalyEventHandlers, persistenceId='Default', autoIncludeFlag=False, defaultInterval=3600, realertInterval=86400, outputLogLine=True): """Initialize the detector. This will also trigger reading or creation of persistence storage location. @param targetPath to extract a source identification value from each logatom.""" self.targetPath = targetPath self.anomalyEventHandlers = anomalyEventHandlers self.autoIncludeFlag = autoIncludeFlag self.defaultInterval = defaultInterval self.realertInterval = realertInterval # This timestamps is compared with timestamp values from log atoms # for activation of alerting logic. The first timestamp from logs # above this value will trigger alerting. self.nextCheckTimestamp = 0 self.lastSeenTimestamp = 0 self.nextPersistTime = None self.outputLogLine = outputLogLine self.aminerConfig = aminerConfig PersistencyUtil.addPersistableComponent(self) self.persistenceFileName = AMinerConfig.buildPersistenceFileName( aminerConfig, self.__class__.__name__, persistenceId) persistenceData = PersistencyUtil.loadJson(self.persistenceFileName) if persistenceData is None: self.expectedValuesDict = {} else: self.expectedValuesDict = persistenceData
def __init__(self, aminerConfig, targetPathList, anomalyEventHandlers, persistenceId='Default', allowMissingValuesFlag=False, autoIncludeFlag=False, outputLogLine=True): """Initialize the detector. This will also trigger reading or creation of persistence storage location. @param targetPathList the list of values to extract from each match to create the value combination to be checked. @param allowMissingValuesFlag when set to True, the detector will also use matches, where one of the pathes from targetPathList does not refer to an existing parsed data object. @param autoIncludeFlag when set to True, this detector will report a new value only the first time before including it in the known values set automatically.""" self.targetPathList = targetPathList self.anomalyEventHandlers = anomalyEventHandlers self.allowMissingValuesFlag = allowMissingValuesFlag self.autoIncludeFlag = autoIncludeFlag self.outputLogLine = outputLogLine self.aminerConfig = aminerConfig self.persistenceFileName = AMinerConfig.buildPersistenceFileName( aminerConfig, self.__class__.__name__, persistenceId) self.nextPersistTime = None self.loadPersistencyData() PersistencyUtil.addPersistableComponent(self)
def __init__(self, aminerConfig, anomalyEventHandlers, \ persistenceId='Default', autoIncludeFlag=False, outputLogLine=True): """Initialize the detector. This will also trigger reading or creation of persistence storage location.""" self.anomalyEventHandlers = anomalyEventHandlers self.autoIncludeFlag = autoIncludeFlag self.nextPersistTime = None self.outputLogLine = outputLogLine self.aminerConfig = aminerConfig PersistencyUtil.addPersistableComponent(self) self.persistenceFileName = AMinerConfig.buildPersistenceFileName( aminerConfig, self.__class__.__name__, persistenceId) persistenceData = PersistencyUtil.loadJson(self.persistenceFileName) if persistenceData is None: self.knownPathSet = set() else: self.knownPathSet = set(persistenceData)
def __init__(self, aminerConfig, ruleset, anomalyEventHandlers, persistenceId='Default'): """Initialize the detector. This will also trigger reading or creation of persistence storage location. @param ruleset a list of MatchRule rules with appropriate CorrelationRules attached as actions.""" self.eventClassificationRuleset = ruleset self.anomalyEventHandlers = anomalyEventHandlers self.nextPersistTime = time.time()+600.0 self.historyAEvents = [] self.historyBEvents = [] eventCorrelationSet = set() for rule in self.eventClassificationRuleset: if rule.matchAction.artefactARules is not None: eventCorrelationSet |= set(rule.matchAction.artefactARules) if rule.matchAction.artefactBRules is not None: eventCorrelationSet |= set(rule.matchAction.artefactBRules) self.eventCorrelationRuleset = list(eventCorrelationSet) PersistencyUtil.addPersistableComponent(self) self.persistenceFileName = AMinerConfig.buildPersistenceFileName( aminerConfig, 'TimeCorrelationViolationDetector', persistenceId)
def __init__(self, programName, aminerConfig): self.programName = programName self.analysisContext = AnalysisContext(aminerConfig) self.runAnalysisLoopFlag = True self.logStreamsByName = {} self.persistenceFileName = AMinerConfig.buildPersistenceFileName( self.analysisContext.aminerConfig, self.__class__.__name__ + '/RepositioningData') self.nextPersistTime = time.time() + 600 self.repositioningDataDict = {} self.masterControlSocket = None self.remoteControlSocket = None # This dictionary provides a lookup list from file descriptor # to associated object for handling the data to and from the given # descriptor. Currently supported handler objects are: # * Parent process socket # * Remote control listening socket # * LogStreams # * Remote control connections self.trackedFdsDict = {} # Override the signal handler to allow graceful shutdown. def gracefulShutdownHandler(_signo, _stackFrame): """This is the signal handler function to react on typical shutdown signals.""" print('%s: caught signal, shutting down' % programName, file=sys.stderr) self.runAnalysisLoopFlag = False import signal signal.signal(signal.SIGHUP, gracefulShutdownHandler) signal.signal(signal.SIGINT, gracefulShutdownHandler) signal.signal(signal.SIGTERM, gracefulShutdownHandler) # Do this on at the end of the initialization to avoid having # partially initialized objects inside the registry. self.analysisContext.addTimeTriggeredComponent(self)