def get_same_class_events(event_id, events=None):
if type(event_id) is dict:
event_id = event_id['id']
if events is None:
with open(config.events_file) as f:
events = json.load(f)
else:
e_list = []
for e in events:
e_list.append(misc.load_event(e))
events = e_list
event = misc.load_event(event_id)
result = []
for e in events:
if e['id'] == event_id:
continue
if e['id'] == 100:
continue
if e['class'] == event['class']:
result.append(e['id'])
return result
def event(e):
"""Loads the json of an event.
Arguments:
e: The event as string (name) or the int (id).
"""
return load_event(e)
def get_fingerprint_name(cls, event, features):
event = load_event(event)
f_list = ""
for f in features:
f_list += f + '-'
f_list = f_list[:-1]
return config.fp_dir + "fp_%d_%s_%s.json" % (event['id'], event['name'], f_list)
def __init__(self, event, threshold=0.8, features=["source", "type_id"], max_rounds=None, save=False, load_saved=False):
super().__init__()
self.event = load_event(event)
self.features = features
self.max_rounds = max_rounds
self.save = save
self.load_saved = load_saved
self.result = None
self.threshold = threshold
self.delta_t = self.event['delta_t']
self.fp_name = Fingerprint.get_fingerprint_name(event, features)
def load_cfingerprint_as_dict(event, features=None):
"""Shortcut to load a cfingerprint"""
if features is None:
event = misc.load_event(event)
try:
features = event['features']
except:
print(f"[Warning] No features set for event {event['name']}")
return None
cfp_name = CharacteristicFingerprint.get_cfingerprint_name(event, features)
return fingerprint.load_fingerprint_file(cfp_name)
def get_cfingerprint_name(cls, event, features, reference_set):
event = misc.load_event(event)
f_list = ""
for f in features:
f_list += f + '-'
f_list = f_list[:-1]
ref_list = ""
for ref in reference_set:
ref_list += str(ref) + '-'
ref_list = ref_list[:-1]
fn = config.cfp_dir + "cfp_%d_%s_%s_%s.json" % (event['id'], event['name'], f_list, ref_list)
return fn
def fp(event,
threshold=0.8,
features=['source', 'type_id'],
load_saved=True,
save=True):
if type(event) is int or type(event) is str:
event = load_event(event)
fingerprint = Fingerprint(event,
threshold=threshold,
features=features,
load_saved=load_saved,
save=save)
fingerprint.start()
fingerprint.join()
return fingerprint
def rec(event, n=None):
if type(event) is int or type(event) is str:
event = load_event(event)
record.record(event, n)
def record(event, n=None):
"""Records the given event. The argument should be either the ID or the name.
n is the number of rounds, how often the event shall be performed and recorded."""
if n is None:
n = config.default_n
# load event
event_d = misc.load_event(event)
if event_d is None:
print("[Failed] Event " + str(event) + " not found!")
return None
if "delta_t" in event_d:
delta_t = event_d['delta_t']
else:
delta_t = config.default_time
if 'ssh' in event_d:
clean = None
if "clean" in event_d:
clean = event_d['clean']
action = SshEvent(event_d['ssh'], clean)
else:
# TODO Clean for CLI events
action = ScriptEvent(event_d['script'])
# Queues for communication
input_queue = Queue()
parser_queue = Queue()
# Create Threads
# 1. WriterThread
writer_thread = RecordWriter(event_d, parser_queue, n)
writer_thread.start()
# 2. ParserThread
parser_thread = ParserThread(input_queue, parser_queue)
parser_thread.start()
# 3. InputThread
record_thread = InputThread(input_queue, learn=True)
record_thread.start()
must_clean = action.must_clean()
for i in tqdm(range(0, n), desc="rounds"):
# 1) perform action
action.perform()
# 2) wait
time.sleep(delta_t)
if must_clean is True:
# 2.1 Pause Thread
record_thread.pause()
# 2.2 Clean
action.clean()
# 2.3 wait
time.sleep(delta_t)
# 3) increment round
record_thread.increment_round()
record_thread.stop()
parser_thread.stop()
writer_thread.stop()
record_thread.join()
parser_thread.join()
writer_thread.join()