def run(self): work_queue = self.initialize_queue() self.database_controller = BinaryDatabaseController(work_queue) self.database_controller.start() # Import previous work, if enabled legacy_feed_directory = self.get_config_string("legacy_feed_directory", None) if legacy_feed_directory: self.migrate_legacy_reports(legacy_feed_directory) # Prepare binary analysis ("detonation") provider consumer_threads = [] provider = self.get_provider() for i in range(self.num_quick_scan_threads): database_arbiter = self.database_controller.register( "consumer", quick_scan=True) t = QuickScanThread(database_arbiter, self.cb, provider, dirty_event=self.feed_dirty) consumer_threads.append(t) t.start() for i in range(self.num_deep_scan_threads): database_arbiter = self.database_controller.register( "consumer", quick_scan=False) t = DeepAnalysisThread(database_arbiter, self.cb, provider, dirty_event=self.feed_dirty) consumer_threads.append(t) t.start() # Start feed server metadata = self.get_metadata() self.start_feed_server(metadata) # Start collecting binaries collectors = self.start_binary_collectors(self.filter_spec) # Synchronize feed with Carbon Black self.get_or_create_feed() if cbint.utils.cbserver.is_server_at_least(self.cb, "4.1"): feed_synchronizer = FeedSyncRunner(self.cb, self.name, self.feed_dirty) feed_synchronizer.start() try: while True: sleep(1) except KeyboardInterrupt: print 'stopping...' for t in consumer_threads + collectors: t.stop() for t in consumer_threads + collectors: t.join() print 'stopped %s' % t
def test_lastline(self): CbAPIProducerThread(self.daemon.work_queue, self.daemon.cb, self.daemon.name, rate_limiter=0, stop_when_done=True).run() dirty_flag = threading.Event() t = DeepAnalysisThread(self.daemon.work_queue, self.daemon.cb, self.daemon.get_provider(), dirty_event=dirty_flag) t.start() unanalyzed = self.daemon.work_queue.number_unanalyzed() while unanalyzed: print unanalyzed sleep(.1) unanalyzed = self.daemon.work_queue.number_unanalyzed() t.stop() t.join()
def test_bluecoat(self): CbAPIProducerThread(self.daemon.work_queue, self.daemon.cb, self.daemon.name, rate_limiter=0, stop_when_done=True).run() dirty_flag = threading.Event() t = DeepAnalysisThread(self.daemon.work_queue, self.daemon.cb, self.daemon.get_provider(), dirty_event=dirty_flag) t.start() unanalyzed = self.daemon.work_queue.number_unanalyzed() while unanalyzed: print unanalyzed sleep(.1) unanalyzed = self.daemon.work_queue.number_unanalyzed() t.stop() t.join()
def test_yara(self): CbAPIProducerThread(self.daemon.work_queue, self.daemon.cb, self.daemon.name, rate_limiter=0, stop_when_done=True).run() yara_provider = YaraProvider('yara-test', os.path.join(test_dir, 'data', 'yara_rules')) dirty_flag = threading.Event() t = DeepAnalysisThread(self.daemon.work_queue, self.daemon.cb, yara_provider, dirty_event=dirty_flag) t.start() unanalyzed = self.daemon.work_queue.number_unanalyzed() while unanalyzed: print unanalyzed sleep(.1) unanalyzed = self.daemon.work_queue.number_unanalyzed() t.stop() t.join()
def test_yara(self): CbAPIProducerThread(self.daemon.work_queue, self.daemon.cb, self.daemon.name, rate_limiter=0, stop_when_done=True).run() yara_provider = YaraProvider( 'yara-test', os.path.join(test_dir, 'data', 'yara_rules')) dirty_flag = threading.Event() t = DeepAnalysisThread(self.daemon.work_queue, self.daemon.cb, yara_provider, dirty_event=dirty_flag) t.start() unanalyzed = self.daemon.work_queue.number_unanalyzed() while unanalyzed: print unanalyzed sleep(.1) unanalyzed = self.daemon.work_queue.number_unanalyzed() t.stop() t.join()