Python Inquisit 예제들

예제 #1

파일: Parser.py 프로젝트: smlynn/Inquisition

    def __init__(self,
                 cfg,
                 logTTL=30,
                 maxLogsToProcess=0,
                 parserID=0,
                 parserName='Syslog',
                 logFile='/var/log/syslog',
                 keepPersistentStats=True,
                 metricsMode=False,
                 baselineMode=False,
                 sentryClient=None):
        Inquisit.__init__(self,
                          cfg,
                          lgrName=__name__,
                          sentryClient=sentryClient)

        self.parserID = parserID
        self.parserName = parserName
        self.logFile = logFile
        self.logTTL = int(logTTL)
        self.maxLogsToProcess = int(maxLogsToProcess)
        self.keepPersistentStats = bool(keepPersistentStats)
        self.metricsMode = bool(metricsMode)
        self.baselineMode = bool(baselineMode)

        # initialize offset file
        self.offsetFile = '/opt/inquisition/tmp/' + str(
            self.parserID) + '_' + self.parserName + '.offset'

        # load templates into template store
        self.templateStore = self.fetchTemplates()
        self.lgr.info('loaded [ ' + str(len(self.templateStore)) +
                      ' ] templates for ' + self.__str__())

        self.lgr.debug(self.__str__() + ' created [ SUCCESSFULLY ]')

예제 #2

    def __init__(self, cfg, sentryClient=None):
        Inquisit.__init__(self,
                          cfg,
                          lgrName=__name__,
                          sentryClient=sentryClient)

        # start connection pool manager
        self.connPool = urllib3.PoolManager()

예제 #3

class InquisitTestCase(unittest.TestCase):
    def setUp(self):
        # generate config
        cfg = configparser.ConfigParser()
        cfg.read('build/tests/unit_tests_GOOD.cfg')

        self.inquisit = Inquisit(cfg)

    def test_generateLogger(self):
        self.assertIsInstance(self.inquisit.lgr, logging.Logger)

    def test_bounceInquisitionDbConnection(self):
        self.inquisit.bounceInquisitionDbConnection()
        self.assertIsInstance(self.inquisit.inquisitionDbHandle,
                              pymysql.connections.Connection)

예제 #4

파일: inquisition.py 프로젝트: magneticstain/Inquisition

def main():
    """
    Main runtime module

    :return: void
    """

    # read in config file
    cfg = generateCfg()

    # start local logger
    lgr = Inquisit.generateLogger(cfg, __name__)
    lgr.info('starting inquisition.py...')

    # create Sentry client for debugging (if API key is available)
    sentryClient = None
    try:
        sentryApiKey = cfg['debug']['sentry_api_key']
    except KeyError:
        sentryApiKey = ''
    if sentryApiKey:
        # API key provided, initialize client
        sentryClient = raven.Client(
            dsn='https://' + sentryApiKey + '@sentry.io/174245',
            release=raven.fetch_git_sha(path.dirname(__file__))
        )

    # initialize subroutine instances
    anatomize = Anatomize(cfg, sentryClient)
    erudite = Erudite(cfg, sentryClient)
    sage = Sage(cfg, sentryClient)
    augur = Augur(cfg, sentryClient)

    if not cfg.getboolean('cli', 'config_check'):
        # start log polling/parsing
        anatomize.startAnatomizer()

        # begin fetching OSINT data for threat detection engine
        augur.fetchIntelData()

        # start log anomaly engine (Erudite)
        erudite.startAnomalyDetectionEngine()

        try:
            baselineMode = cfg.getboolean('learning', 'enableBaselineMode')
        except (configparser.NoSectionError, configparser.NoOptionError, KeyError):
            baselineMode = False
        if not baselineMode:
            # not running in baseline mode; start network threat detection engine
            # network threat engine (Sage)
            sage.startNetworkThreatEngine()
        else:
            lgr.info('running in baseline mode, not running network threat analysis engine (Sage)')
    else:
        msg = 'configuration check is [ SUCCESSFUL ], exiting...'
        print('[INFO] ' + msg)
        lgr.info(msg)

    lgr.debug('exiting inquisition.py bootstrapper')

예제 #5

    def __init__(self, cfg, sentryClient=None):
        Inquisit.__init__(self,
                          cfg,
                          lgrName=__name__,
                          sentryClient=sentryClient)

        self.lgr.info('loading Anatomize.py instance...')

        # load parsers and associated templates
        try:
            self.parserStore = self.fetchParsers()
            self.lgr.debug('loaded [ ' + str(len(self.parserStore)) +
                           ' ] parsers into parser store')
        except (InternalError, ProgrammingError) as e:
            self.lgr.critical(
                'could not fetch parsers from inquisition database :: [ ' +
                str(e) + ' ]')
            if Inquisit.sentryClient:
                Inquisit.sentryClient.captureException()

            exit(1)

        self.lgr.info('loading of Anatomize.py [ COMPLETE ]')

예제 #6

파일: Revelation.py 프로젝트: smlynn/Inquisition

 def __init__(self, cfg, sentryClient=None):
     Inquisit.__init__(self,
                       cfg,
                       lgrName=__name__,
                       sentryClient=sentryClient)

예제 #7

    def setUp(self):
        # generate config
        cfg = configparser.ConfigParser()
        cfg.read('build/tests/unit_tests_GOOD.cfg')

        self.inquisit = Inquisit(cfg)