def __init__(self, config: StoqConfigParser) -> None:
super().__init__(config)
self.dispatch_rules = None
self.worker_rules = None
filename = getframeinfo(currentframe()).filename # type: ignore
parent = Path(filename).resolve().parent
self.timeout = config.getint('options', 'timeout', fallback=60)
self.strings_limit = config.getint('options',
'strings_limit',
fallback=None)
self.xor_first_match = config.getboolean('options',
'xor_first_match',
fallback=True)
dispatch_ruleset = config.get('options',
'dispatch_rules',
fallback='rules/dispatcher.yar')
if dispatch_ruleset:
if not os.path.isabs(dispatch_ruleset):
dispatch_ruleset = os.path.join(parent, dispatch_ruleset)
self.dispatch_rules = self._compile_rules(dispatch_ruleset)
worker_ruleset = config.get('options',
'worker_rules',
fallback='rules/stoq.yar')
if worker_ruleset:
if not os.path.isabs(worker_ruleset):
worker_ruleset = os.path.join(parent, worker_ruleset)
self.worker_rules = self._compile_rules(worker_ruleset)
def __init__(self, config: StoqConfigParser) -> None:
super().__init__(config)
self.publish_archive = config.getboolean(
'options', 'publish_archive', fallback=True
)
self.redis_host = config.get('options', 'redis_host', fallback='127.0.0.1')
self.redis_port = config.getint('options', 'redis_port', fallback=6379)
self.max_connections = config.getint('options', 'max_connections', fallback=15)
self.redis_queue = config.get('options', 'redis_queue', fallback='stoq')
self._connect()
def __init__(self, config: StoqConfigParser) -> None:
super().__init__(config)
self.required_workers.add('mimetype')
self.timeout = config.getint('options', 'timeout', fallback=45)
self.passwords = config.getlist(
'options', 'passwords', fallback=['-', 'infected', 'password']
)
self.maximum_size = config.getint(
'options', 'maximum_size', fallback=50_000_000
)
def __init__(self, config: StoqConfigParser) -> None:
super().__init__(config)
self.opswat_url = config.get('options', 'opswat_url', fallback=None)
if not self.opswat_url:
raise StoqPluginException('MetaDefender URL was not provided')
self.apikey = config.get('options', 'apikey', fallback=None)
if not self.apikey:
raise StoqPluginException('MetaDefender API Key was not provided')
self.delay = config.getint('options', 'delay', fallback=10)
self.max_attempts = config.getint('options',
'max_attempts',
fallback=10)
def __init__(self, config: StoqConfigParser) -> None:
super().__init__(config)
self.required_workers.add('mimetype')
self.timeout = config.getint('options', 'timeout', fallback=45)
self.passwords = config.getlist(
'options', 'passwords', fallback=['-', 'infected', 'password']
)
self.maximum_size = config.getint(
'options', 'maximum_size', fallback=50_000_000
)
self.always_dispatch = config.getlist('options', 'always_dispatch', fallback=[])
self.archive_extracted = config.getboolean(
'options', 'archive_extracted', fallback=True
)
def __init__(self, config: StoqConfigParser) -> None:
super().__init__(config)
self.es = None
self.es_host = config.get('options', 'es_host', fallback=None)
self.es_options = json.loads(
config.get('options', 'es_options', fallback='{}'))
self.es_timeout = config.getint('options', 'es_timeout', fallback=60)
self.es_retry = config.getboolean('options', 'es_retry', fallback=True)
self.es_max_retries = config.getint('options',
'es_max_retries',
fallback=10)
self.es_index = config.get('options', 'es_index', fallback='stoq')
self.index_by_month = config.getboolean('options',
'index_by_month',
fallback=True)
def __init__(self, config: StoqConfigParser) -> None:
super().__init__(config)
self.producer = None
self.servers = config.getlist('options', 'servers', fallback=['127.0.0.1:9092'])
self.group = config.get('options', 'group', fallback='stoq')
self.topic = config.get('options', 'topic', fallback="stoq")
self.publish_archive = config.getboolean(
'options', 'publish_archive', fallback=True
)
self.retries = config.getint('options', 'retries', fallback=5)
self.session_timeout_ms = config.getint(
'options', 'session_timeout_ms', fallback=15000
)
self.heartbeat_interval_ms = config.getint(
'options', 'heartbeat_interval_ms', fallback=5000
)
def __init__(self, config: StoqConfigParser) -> None:
super().__init__(config)
self.sandbox_url = config.get('options', 'sandbox_url', fallback=None)
if not self.sandbox_url:
raise StoqPluginException("Falcon Sandbox URL was not provided")
self.apikey = config.get('options', 'apikey', fallback=None)
if not self.apikey:
raise StoqPluginException("Falcon Sandbox API Key was not provided")
self.delay = config.getint('options', 'delay', fallback=30)
self.max_attempts = config.getint('options', 'max_attempts', fallback=10)
self.useragent = config.get('options', 'useragent', fallback='Falcon Sandbox')
# Available environments ID:
# 300: 'Linux (Ubuntu 16.04, 64 bit)',
# 200: 'Android Static Analysis’,
# 160: 'Windows 10 64 bit’,
# 110: 'Windows 7 64 bit’,
# 100: ‘Windows 7 32 bit’
self.environment_id = config.getint('options', 'environment_id', fallback=160)
self.wait_for_results = config.getboolean(
'options', 'wait_for_results', fallback=True
)
def __init__(self, config: StoqConfigParser) -> None:
super().__init__(config)
self.publish_client = None
self.ingest_client = None
self.project_id = config.get('options', 'project_id')
self.max_messages = config.getint('options',
'max_messages',
fallback=10)
self.publish_archive = config.getboolean('options',
'publish_archive',
fallback=True)
self.topic = config.get('options', 'topic', fallback='stoq')
self.subscription = config.get('options',
'subscription',
fallback='stoq')
def __init__(self, config: StoqConfigParser) -> None:
super().__init__(config)
self.project_id = config.get('options', 'project_id', fallback=None)
if not self.project_id:
raise StoqPluginException('project_id has not been defined')
self.archive_bucket = config.get('options', 'archive_bucket', fallback='')
self.connector_bucket = config.get('options', 'connector_bucket', fallback='')
self.use_sha = config.getboolean('options', 'use_sha', fallback=True)
self.use_datetime = config.getboolean('options', 'use_datetime', fallback=False)
self.max_retries = config.getint('options', 'max_retries', fallback=5)
self.use_encryption = config.getboolean(
'options', 'use_encryption', fallback=False
)
if self.use_encryption:
self.crypto_id = config.get('options', 'crypto_id')
self.keyring_id = config.get('options', 'keyring_id')
self.location_id = config.get('options', 'location_id')
# Creates an API client for the KMS API.
self.kms_client = googleapiclient.discovery.build(
'cloudkms', 'v1', cache_discovery=False
)
self.kms_key = f'projects/{self.project_id}/locations/{self.location_id}/keyRings/{self.keyring_id}/cryptoKeys/{self.crypto_id}'