def default_process_edges() -> Dict[str, Tuple[EdgeT, str]]: from grapl_analyzerlib.nodes.process_outbound_connection import ( ProcessOutboundConnectionSchema, ) from grapl_analyzerlib.nodes.process_inbound_connection import ( ProcessInboundConnectionSchema, ) return { "children": ( EdgeT(ProcessSchema, ProcessSchema, EdgeRelationship.ManyToOne), "parent", ), "created_connections": ( EdgeT( ProcessSchema, ProcessOutboundConnectionSchema, EdgeRelationship.ManyToMany, ), "connections_from", ), "inbound_connections": ( EdgeT( ProcessSchema, ProcessInboundConnectionSchema, EdgeRelationship.ManyToMany, ), "bound_by", ), }
def meta_into_edge(dynamodb, schema: "Schema", f_edge): table = dynamodb.Table(os.environ["BUCKET_PREFIX"] + "-grapl_schema_table") edge_res = table.get_item(Key={"f_edge": f_edge})["Item"] edge_t = schema.edges[f_edge][0] # type: EdgeT return EdgeT(type(schema), edge_t.dest, EdgeRelationship(edge_res["relationship"]))
def default_ip_connection_edges() -> Dict[str, Tuple[EdgeT, str]]: return { "inbound_ip_connection_to": ( EdgeT(IpConnectionSchema, IpAddressSchema, EdgeRelationship.ManyToOne), "ip_connections_from", ) }
def default_entity_edges(): from grapl_analyzerlib.nodes.lens import LensSchema from grapl_analyzerlib.nodes.risk import RiskSchema return { "in_scope": ( ( EdgeT(EntitySchema, LensSchema, EdgeRelationship.ManyToMany), "scope", ) ), "risks": ( ( EdgeT(EntitySchema, RiskSchema, EdgeRelationship.ManyToMany), "risky_nodes", ) ), }
def default_network_connection_edges() -> Dict[str, Tuple[EdgeT, str]]: from grapl_analyzerlib.nodes.ip_port import IpPortSchema return { "inbound_network_connection_to": ( EdgeT(NetworkConnectionSchema, IpPortSchema, EdgeRelationship.ManyToOne), "inbound_network_connections_from", ) }
def default_lens_edges() -> Dict[str, Tuple[EdgeT, str]]: from grapl_analyzerlib.nodes.entity import EntitySchema return { "scope": ( EdgeT(LensSchema, EntitySchema, EdgeRelationship.ManyToMany), "in_scope", ), }
def default_risk_edges() -> Dict[str, Tuple[EdgeT, str]]: from grapl_analyzerlib.nodes.entity import EntitySchema return { "risky_nodes": ( EdgeT(RiskSchema, EntitySchema, EdgeRelationship.ManyToMany), "risks", ) }
def default_ip_address_edges() -> Dict[str, Tuple[EdgeT, str]]: from grapl_analyzerlib.nodes.ip_connection import IpConnectionSchema return { "ip_connections": ( EdgeT(IpAddressSchema, IpConnectionSchema, EdgeRelationship.ManyToMany), "connecting_ips", ), }
def default_ip_port_edges() -> Dict[str, Tuple[EdgeT, str]]: from grapl_analyzerlib.nodes.network_connection import ( NetworkConnectionSchema, ) return { "network_connections": ( EdgeT(IpPortSchema, NetworkConnectionSchema, EdgeRelationship.ManyToMany), "network_connections_from", ) }
def default_process_outbound_connection_edges() -> Dict[str, Tuple[EdgeT, str]]: return { "connected_over": ( # The IP + Port that was connected to EdgeT( ProcessOutboundConnectionSchema, IpPortSchema, EdgeRelationship.ManyToOne, ), "process_connections", ), "connected_to": ( # The IP + Port that was connected to EdgeT( ProcessOutboundConnectionSchema, IpPortSchema, EdgeRelationship.ManyToOne, ), "ip_port_connections_from", ), }
def default_process_inbound_connection_edges() -> Dict[str, Tuple[EdgeT, str]]: from grapl_analyzerlib.nodes.ip_address import IpAddressSchema return { "bound_port": ( EdgeT( ProcessInboundConnectionSchema, IpPortSchema, EdgeRelationship.ManyToMany, ), "bound_by", ), "bound_ip": ( EdgeT( ProcessInboundConnectionSchema, IpAddressSchema, EdgeRelationship.ManyToMany, ), "bound_ports", ), }
def default_asset_edges() -> Dict[str, Tuple[EdgeT, str]]: return { "asset_ip": ( EdgeT(AssetSchema, IpAddressSchema, EdgeRelationship.ManyToMany), "ip_assigned_to", ), "asset_processes": ( EdgeT( AssetSchema, ProcessSchema, EdgeRelationship.ManyToOne, ), "process_asset", ), "files_on_asset": ( EdgeT( AssetSchema, FileSchema, EdgeRelationship.ManyToOne, ), "file_asset", ), }
def default_file_edges() -> Dict[str, Tuple[EdgeT, str]]: return { "spawned_from": ( EdgeT(ProcessSchema, FileSchema, EdgeRelationship.ManyToOne), "bin_file", ), "creator": ( EdgeT(ProcessSchema, FileSchema, EdgeRelationship.OneToMany), "created_files", ), "writers": ( EdgeT(ProcessSchema, FileSchema, EdgeRelationship.ManyToMany), "wrote_files", ), "readers": ( EdgeT(ProcessSchema, FileSchema, EdgeRelationship.ManyToMany), "read_files", ), "deleter": ( EdgeT(ProcessSchema, FileSchema, EdgeRelationship.OneToMany), "deleted_files", ), }
def meta_into_edge(schema_table: Table, schema: Schema, f_edge) -> EdgeT: edge_res = schema_table.get_item(Key={"f_edge": f_edge})["Item"] edge_t = schema.edges[f_edge][0] # type: EdgeT return EdgeT(type(schema), edge_t.dest, EdgeRelationship(edge_res["relationship"]))
def meta_into_edge(schema, predicate_meta): if predicate_meta.get("list"): return EdgeT(type(schema), BaseSchema, EdgeRelationship.OneToMany) else: return EdgeT(type(schema), BaseSchema, EdgeRelationship.OneToOne)
def meta_into_edge(dynamodb, schema, f_edge): table = dynamodb.Table(os.environ["BUCKET_PREFIX"] + "-grapl_schema_table") edge_res = table.get_item(Key={"f_edge": f_edge})["Item"] print(edge_res) return EdgeT(type(schema), BaseSchema, EdgeRelationship(edge_res["relationship"]))
def add_edge(self, edge_name: str, edge: EdgeT, reverse_name: str): self.edges[edge_name] = (edge, reverse_name) if not reverse_name: return r_edge = edge.reverse() self.edges[reverse_name] = (r_edge, edge_name)