def stopMonitor(self):
idx = self.ui.monitorsRunningMonitorsListWidget.currentRow()
if idx == -1:
utils.showMessageBox('No monitor selected', 'Error',
QtWidgets.QMessageBox.Critical)
return
text = self.ui.monitorsRunningMonitorsListWidget.currentItem().text()
self.ui.monitorsRunningMonitorsListWidget.takeItem(idx)
cbIdx = self.ui.alertsChooseMonitorComboBox.findText(text)
self.ui.alertsChooseMonitorComboBox.removeItem(cbIdx)
# Stop plotting if the monitor is plotting
if self.threads[text].isPlotting():
self.stopVisualizingMonitor()
# Stop the sysdig thread
self.threads[text].stop()
self.threads[text].wait()
del self.threads[text]
# Clean user data
self.data.removeMonitor(text)
# Display message
utils.showMessageBox('Monitor stopped!', 'Success',
QtWidgets.QMessageBox.Information)
def editAlert(self):
if self.ui.alertsListListWidget.currentRow() == -1:
utils.showMessageBox('No alert selected', 'Error',
QtWidgets.QMessageBox.Critical)
return
# Get alert by name
alert = self.data.getAlert(
self.ui.alertsListListWidget.currentItem().text())
# Update UI with alert details
self.ui.alertsAlertNameTextEdit.setText(alert.name)
index = self.ui.alertsChooseMonitorComboBox.findText(
alert.monitor, QtCore.Qt.MatchFixedString)
if index >= 0:
self.ui.alertsChooseMonitorComboBox.setCurrentIndex(index)
metrics = alert.metrics.split(' ')
idx = self.ui.alertsMetricOperationComboBox.findText(metrics[0])
self.ui.alertsMetricOperationComboBox.setCurrentIndex(idx)
self.ui.alertsMetricValueSpinBox.setValue(int(metrics[1]))
# If last metric field is set
if len(metrics) == 3:
idx = self.ui.alertsMetricUnitComboBox.findText(metrics[2])
self.ui.alertsMetricUnitComboBox.setCurrentIndex(idx)
if alert.seconds > 0:
self.ui.alertsCaptureGroupBox.setChecked(True)
self.ui.alertsCaptureDurationSpinBox.setValue(alert.seconds)
self.ui.alertsFileNameTextEdit.setText(alert.filename)
else:
self.ui.alertsCaptureGroupBox.setChecked(False)
def startMonitors(self):
monitorsChecked = any([
self.ui.monitorsCpuProcessUsageCheckBox.isChecked(),
self.ui.monitorsProcessIOErrorsCheckBox.isChecked(),
self.ui.monitorsSystemCallErrorsCheckBox.isChecked(),
self.ui.monitorsFileIOErrorsCheckBox.isChecked(),
self.ui.monitorsFilesMostTimeSpentCheckBox.isChecked(),
self.ui.monitorsSystemCallsMostTimeSpentCheckBox.isChecked(),
self.ui.monitorsNetworkConnectionsBWCheckBox.isChecked(),
self.ui.monitorsProcessBWCheckBox.isChecked()
])
if not monitorsChecked:
utils.showMessageBox('Please select at least one monitor', 'Error',
QtWidgets.QMessageBox.Critical)
return
monitors = []
invalidMonitors = []
if self.ui.monitorsCpuProcessUsageCheckBox.isChecked():
text = self.ui.monitorsCpuProcessUsageTextEdit.toPlainText().strip(
)
if text == '':
utils.showMessageBox('No processes entered', 'Error',
QtWidgets.QMessageBox.Critical)
return
mntrs = utils.getValidMonitors(text, 'cpu_top_processes_',
'process')
monitors.extend(mntrs[0])
invalidMonitors.extend(mntrs[1])
if self.ui.monitorsSystemCallErrorsCheckBox.isChecked():
monitors.append('errors_top_system_calls_errors')
if self.ui.monitorsFileIOErrorsCheckBox.isChecked():
monitors.append('errors_top_file_errors')
if self.ui.monitorsProcessIOErrorsCheckBox.isChecked():
monitors.append('errors_top_processes')
if self.ui.monitorsFilesMostTimeSpentCheckBox.isChecked():
monitors.append('errors_files_most_time_spent')
if self.ui.monitorsSystemCallsMostTimeSpentCheckBox.isChecked():
monitors.append('errors_top_system_calls_errors_time')
if self.ui.monitorsNetworkConnectionsBWCheckBox.isChecked():
monitors.append('network_top_connections_bandwidth')
if self.ui.monitorsProcessBWCheckBox.isChecked():
monitors.append('network_top_processes_bandwidth')
# Start sysdig instances
self.startSysdig(monitors, self.ui.monitorsRunningMonitorsListWidget)
self.displayMonitorStatus(monitors, invalidMonitors)
# Reset fields
self.ui.monitorsCpuProcessUsageTextEdit.setPlainText('')
def displayRuleStatus(self, rules, invalidRules):
events_file = self.threads['falco'].get_events_file()
if len(rules) != 0:
message = 'Anomaly Detector Deployed with Custom + Default rules!\n\n--> ' + '\n--> '.join(
rules
) + '\n\nDetector alerts can be found in the Notifications tab\nor in the events file located at ' + events_file + '\n\nPlease consult the documentation for default rule information!'
utils.showMessageBox(message, 'Success',
QtWidgets.QMessageBox.Information)
else:
message = 'Anomaly Detector Deployed with Default rules!\n\n' + 'Detector alerts can be found in the Notifications tab\nor in the events file located at ' + events_file + '\n\nPlease consult the documentation for default rule information!'
utils.showMessageBox(message, 'Success',
QtWidgets.QMessageBox.Information)
def deleteAlert(self):
idx = self.ui.alertsListListWidget.currentRow()
if idx == -1:
utils.showMessageBox('No alert selected', 'Error',
QtWidgets.QMessageBox.Critical)
return
self.data.removeAlert(
self.ui.alertsListListWidget.currentItem().text())
self.ui.alertsListListWidget.takeItem(idx)
utils.showMessageBox('Alert removed!', 'Success',
QtWidgets.QMessageBox.Information)
def visualizeMonitor(self):
if self.ui.monitorsRunningMonitorsListWidget.currentRow() == -1:
utils.showMessageBox('No monitor selected', 'Error',
QtWidgets.QMessageBox.Critical)
return
text = self.ui.monitorsRunningMonitorsListWidget.currentItem().text()
# Reset plotting widget and stop already plotting monitors
self.stopVisualizingMonitor()
# Start plotting
self.ui.plots = {}
self.ui.plotsData = {}
self.threads[text].startPlot()
def saveAlert(self):
# Get alert name, monitor and metrics
alertName = self.ui.alertsAlertNameTextEdit.toPlainText().strip()
if len(alertName) == 0:
utils.showMessageBox('Alert name field must not be empty', 'Error',
QtWidgets.QMessageBox.Critical)
return
monitor = self.ui.alertsChooseMonitorComboBox.currentText()
metrics = ''
if self.ui.alertsSetMetricWidget.isEnabled():
metrics += self.ui.alertsMetricOperationComboBox.currentText(
) + ' '
metrics += str(self.ui.alertsMetricValueSpinBox.value()) + ' '
metrics += self.ui.alertsMetricUnitComboBox.currentText()
# Get capture details
captureTime = 0
captureFilename = ''
if self.ui.alertsCaptureGroupBox.isChecked():
captureTime = self.ui.alertsCaptureDurationSpinBox.value()
captureFilename = self.ui.alertsFileNameTextEdit.toPlainText(
).strip()
if captureFilename == '':
utils.showMessageBox(
'Capture filename field must not be empty', 'Error',
QtWidgets.QMessageBox.Critical)
return
if self.ui.alertsListListWidget.findItems(alertName,
QtCore.Qt.MatchExactly):
self.data.editAlert(alertName, monitor, metrics, captureTime,
captureFilename)
utils.showMessageBox('Alert has been edited!', 'Success',
QtWidgets.QMessageBox.Information)
else:
self.ui.alertsListListWidget.addItem(alertName)
self.data.addAlert(alertName, monitor, metrics, captureTime,
captureFilename)
utils.showMessageBox('Alert has been added!', 'Success',
QtWidgets.QMessageBox.Information)
# Reset UI
self.ui.alertsAlertNameTextEdit.setText('')
self.ui.alertsFileNameTextEdit.setText('')
def displayMonitorStatus(self, monitors, invalidMonitors):
if len(invalidMonitors) != 0:
utils.showMessageBox(
'These monitors contain errors:\n\n--> ' +
'\n--> '.join(invalidMonitors) +
'\n\nConsult the docs for further info.', 'Warning',
QtWidgets.QMessageBox.Warning)
if len(monitors) != 0:
utils.showMessageBox(
'Monitors started:\n\n--> ' + '\n--> '.join(monitors),
'Success', QtWidgets.QMessageBox.Information)
else:
utils.showMessageBox('No monitors started!', 'Error',
QtWidgets.QMessageBox.Critical)