def __init__(self, name, options={}, overwrite=True, update=False, idmef=None, ruleid=None, timer_rst=False): already_initialized = (update or not overwrite) and hasattr( self, "_name") if already_initialized is True: return IDMEF.__init__(self, ruleid) Timer.__init__(self, 0) self._version = self.FORMAT_VERSION self._options = { "threshold": -1, "expire": 0, "alert_on_expire": False } name = getName(name) self._name = name self._update_count = 0 self.setOptions(options) if isinstance(idmef, IDMEF): self.addAlertReference(idmef) t = self._getTime(idmef) self._time_min = t - self._options["expire"] if self._options["expire"] > 0: self._time_max = t + self._options["expire"] else: self._time_max = -1 if name not in _CONTEXT_TABLE: _CONTEXT_TABLE[name] = [] _CONTEXT_TABLE[name].append(self) logger.debug("[add]%s", self.getStat(), level=3) x = self._mergeIntersect(debug=False) if x > 0: logger.critical( "A context merge happened on initialization. This should NOT happen : please report this error." )
def run(self, idmef): t = time.localtime(int(idmef.get("alert.create_time"))) if not (t.tm_wday == 5 or t.tm_wday == 6 or t.tm_hour < 9 or t.tm_hour > 17): return if idmef.get("alert.assessment.impact.completion") != "succeeded": return ca = IDMEF(ruleid=self.name) ca.addAlertReference(idmef) ca.set("alert.classification", idmef.get("alert.classification")) ca.set("alert.correlation_alert.name", "Critical system activity on day off") ca.alert()
def run(self, idmef): t = time.localtime(int(idmef.get("alert.create_time"))) if not (t.tm_wday == 5 or t.tm_wday == 6 or t.tm_hour < 9 or t.tm_hour > 17): return if idmef.get("alert.assessment.impact.completion") != "succeeded": return ca = IDMEF() ca.addAlertReference(idmef) ca.set("alert.classification", idmef.get("alert.classification")) ca.set("alert.correlation_alert.name", "Critical system activity on day off") ca.alert()
def __init__(self, name, options={}, overwrite=True, update=False, idmef=None): already_initialized = (update or (overwrite is False)) and hasattr(self, "_name") if already_initialized is True: return self._version = self.FORMAT_VERSION self._options = {"threshold": -1, "expire": 0, "alert_on_expire": False} IDMEF.__init__(self) Timer.__init__(self, 0) name = getName(name) self._name = name self._update_count = 0 self._options.update(options) self.setOptions(self._options) if isinstance(idmef, IDMEF): self.addAlertReference(idmef) t = self._getTime(idmef) self._time_min = t - self._options["expire"] if self._options["expire"] > 0: self._time_max = t + self._options["expire"] else: self._time_max = -1 if not name in _CONTEXT_TABLE: _CONTEXT_TABLE[name] = [] _CONTEXT_TABLE[name].append(self) logger.debug("[add]%s", self.getStat(), level=3) x = self._mergeIntersect(debug=False) if x > 0: logger.critical( "A context merge happened on initialization. This should NOT happen : please report this error." )
def __setstate__(self, dict): IDMEF.__setstate__(self, dict) Timer.__setstate__(self, dict)