Python ThreatIntel.load_from_config示例

编程语言: Python

命名空间/包名称: streamalert.rules_engine.threat_intel

类/类型: ThreatIntel

方法/功能: load_from_config

hotexamples.com的示例: 6

Python ThreatIntel.load_from_config - 已找到6个示例。这些是从开源项目中提取的最受好评的streamalert.rules_engine.threat_intel.ThreatIntel.load_from_config现实Python示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

load_from_config(6)

_insert_ioc_info(2)

_setup_excluded_iocs(2)

_deserialize(1)

_exceptions_to_giveup(1)

_remove_processed_keys(1)

_segment(1)

示例#1

显示文件

    def __init__(self, *rule_paths):
        RulesEngine._config = RulesEngine._config or load_config()
        RulesEngine._threat_intel = (
            RulesEngine._threat_intel or ThreatIntel.load_from_config(self.config)
        )
        # Instantiate the alert forwarder to handle sending alerts to the alert processor
        RulesEngine._alert_forwarder = RulesEngine._alert_forwarder or AlertForwarder()

        # Load the lookup tables
        RulesEngine._lookup_tables = LookupTables.get_instance(config=self.config)

        # If no rule import paths are specified, default to the config
        rule_paths = rule_paths or [
            item for location in {'rule_locations', 'matcher_locations'}
            for item in self.config['global']['general'][location]
        ]

        import_folders(*rule_paths)

        self._rule_stat_tracker = RuleStatisticTracker(
            'STREAMALERT_TRACK_RULE_STATS' in env,
            'LAMBDA_RUNTIME_DIR' in env
        )
        self._required_outputs_set = resources.get_required_outputs()
        self._load_rule_table(self.config)

示例#2

显示文件

 def test_load_from_config_disabled(self):
     """ThreatIntel - Load From Config, Disabled"""
     config = {
         'threat_intel': {
             'enabled': False
         }
     }
     assert_equal(ThreatIntel.load_from_config(config), None)

示例#3

显示文件

 def test_load_from_config_no_clusters(self):
     """ThreatIntel - Load From Config, Clusters Disabled"""
     config = {
         'threat_intel': {
             'enabled': True
         },
         'clusters': {
             'prod': {
                 'enable_threat_intel': False
             }
         }
     }
     assert_equal(ThreatIntel.load_from_config(config), None)

示例#4

显示文件

    def test_load_from_config(self):
        """ThreatIntel - Load From Config"""
        ti_client = ThreatIntel.load_from_config(self._default_config)

        assert_equal(isinstance(ti_client, ThreatIntel), True)
        assert_equal(ti_client._table, 'table_name')
        assert_equal(ti_client._enabled_clusters, {'prod'})
        expected_config = {
            'destinationDomain': 'domain',
            'sourceAddress': 'ip',
            'destinationAddress': 'ip',
            'fileHash': 'md5'
        }
        assert_equal(ti_client._ioc_config, expected_config)
        assert_equal(ti_client._excluded_iocs, {'domain': {'not.evil.com'}})

示例#5

显示文件

 def test_load_from_config_empty(self):
     """ThreatIntel - Load From Config, Empty"""
     assert_equal(ThreatIntel.load_from_config({}), None)

示例#6

显示文件

 def setup(self):
     """ThreatIntel - Setup"""
     with patch('boto3.client'):
         self._threat_intel = ThreatIntel.load_from_config(self._default_config)