def add_canarydrop_hit(canarytoken, input_channel, hit_time=None, **kwargs):
"""Add a hit to a canarydrop
Arguments:
canarytoken -- canarytoken object.
**kwargs -- Additional details about the hit.
"""
triggered_list = get_canarydrop_triggered_list(canarytoken)
triggered_key = hit_time if hit_time else datetime.datetime.utcnow(
).strftime("%s.%f")
triggered_list[triggered_key] = kwargs
triggered_list[triggered_key]['input_channel'] = input_channel
if kwargs.get('src_data',
None) and 'aws_keys_event_source_ip' in kwargs['src_data']:
triggered_list[triggered_key]['geo_info'] = get_geoinfo(
kwargs['src_data']['aws_keys_event_source_ip'])
triggered_list[triggered_key]['is_tor_relay'] = is_tor_relay(
kwargs['src_data']['aws_keys_event_source_ip'])
elif kwargs.get('src_ip', None):
triggered_list[triggered_key]['geo_info'] = get_geoinfo(
kwargs['src_ip'])
triggered_list[triggered_key]['is_tor_relay'] = is_tor_relay(
kwargs['src_ip'])
db.hset(KEY_CANARYDROP + canarytoken.value(), 'triggered_list',
simplejson.dumps(triggered_list))
return triggered_key
def save_kc_hit_for_aggregation(key, hits, update=False):
hit_key = "{}{}".format(KEY_KUBECONFIG_HITS, key)
db.hset(hit_key, 'hits', hits)
if not update:
# typical timeout sent with each kubectl caching discovery request is 32s, and 5 requests are sent as part of each kubectl execution
db.expire(hit_key, 5 * 32)
def add_additional_info_to_hit(canarytoken,hit_time,additional_info):
try:
triggered_list = get_canarydrop_triggered_list(canarytoken)
if 'additional_info' not in triggered_list[hit_time]:
triggered_list[hit_time]['additional_info'] = {}
for k,v in additional_info.iteritems():
if k in triggered_list[hit_time]['additional_info'].keys():
triggered_list[hit_time]['additional_info'][k].update(v)
else:
triggered_list[hit_time]['additional_info'][k] = v
db.hset(KEY_CANARYDROP+canarytoken.value(), 'triggered_list',simplejson.dumps(triggered_list))
except Exception as e:
import pdb; pdb.set_trace()
log.err('Failed adding additional info: {err}'.format(err=e))
def add_additional_info_to_hit(canarytoken,hit_time,additional_info=None):
try:
if not additional_info:
return
triggered_list = get_canarydrop_triggered_list(canarytoken)
if 'additional_info' not in triggered_list[hit_time]:
triggered_list[hit_time]['additional_info'] = {}
for k,v in additional_info.iteritems():
if k in triggered_list[hit_time]['additional_info'].keys():
triggered_list[hit_time]['additional_info'][k].update(v)
else:
triggered_list[hit_time]['additional_info'][k] = v
db.hset(KEY_CANARYDROP+canarytoken.value(), 'triggered_list',simplejson.dumps(triggered_list))
except Exception as e:
log.error('Failed adding additional info: {err}'.format(err=e))
def add_canarydrop_hit(canarytoken,input_channel,hit_time=None,**kwargs):
"""Add a hit to a canarydrop
Arguments:
canarytoken -- canarytoken object.
**kwargs -- Additional details about the hit.
"""
triggered_list = get_canarydrop_triggered_list(canarytoken)
triggered_key = hit_time if hit_time else datetime.datetime.utcnow().strftime("%s.%f")
triggered_list[triggered_key] = kwargs
triggered_list[triggered_key]['input_channel'] = input_channel
if kwargs.get('src_ip', None):
triggered_list[triggered_key]['geo_info'] = get_geoinfo(kwargs['src_ip'])
triggered_list[triggered_key]['is_tor_relay'] = is_tor_relay(kwargs['src_ip'])
db.hset(KEY_CANARYDROP+canarytoken.value(), 'triggered_list',simplejson.dumps(triggered_list))
return triggered_key
def wireguard_keymap_add(public_key, canarytoken):
db.hset(KEY_WIREGUARD_KEYMAP, public_key, canarytoken)