The Assimilation Project  based on Assimilation version 1.1.7.1474836767
cma.bestpractices.BestPractices Class Reference
Inheritance diagram for cma.bestpractices.BestPractices:
Collaboration diagram for cma.bestpractices.BestPractices:

Public Member Functions

def __init__ (self, config, packetio, store, log, debug)
 
def url (self, drone, ruleid, ruleobj, html=True, port=5000)
 
def processpkt (self, drone, srcaddr, jsonobj, discoverychanged)
 
def basic_rule_score_algorithm (self, _drone, rule, status)
 
def log_rule_results (self, results, drone, _srcaddr, discoveryobj, discovertype, rulesobj)
 
def compute_scores (self, drone, rulesobj, statuses)
 
def compute_score_updates (self, discovery_json, drone, rulesobj, newstats, oldstats)
 
def fetch_rules (self, _drone, _unusedsrcaddr, _discovertype)
 

Static Public Member Functions

def register (pkttypes)
 
def register_sensitivity (bpcls, pkttype)
 
def load_json (store, json, bp_class, rulesetname, basedon=None)
 
def load_from_file (store, filename, bp_class, rulesetname, basedon=None)
 
def load_directory (store, directoryname, rulesetname, basedon=None)
 
def gen_bp_rules_by_ruleset (store, rulesetname)
 
def send_rule_event (oldstat, newstat, drone, ruleid, ruleobj, url)
 
def evaluate (_unused_drone, _unusedsrcaddr, wholejsonobj, ruleobj, description)
 

Static Public Attributes

 prio = DiscoveryListener.PRI_OPTION
 
list wantedpackets = []
 
dictionary eval_objects = {}
 
dictionary eval_classes = {}
 
dictionary evaled_classes = {}
 
 application = None
 
 discovery_name = None
 
string application = 'os'
 
string BASEURL = 'http://db.ITBestPractices.info:%d'
 

Detailed Description

Definition at line 46 of file bestpractices.py.

Constructor & Destructor Documentation

def cma.bestpractices.BestPractices.__init__ (   self,
  config,
  packetio,
  store,
  log,
  debug 
)

Definition at line 59 of file bestpractices.py.

Member Function Documentation

def cma.bestpractices.BestPractices.compute_score_updates (   self,
  discovery_json,
  drone,
  rulesobj,
  newstats,
  oldstats 
)
We compute the score updates for the rules and results we've been given.
The drone is a Drone (or host), the 'rulesobj' contains the rules and their categories.
Statuses contains the results of evaluating the rules.
Our job is to compute the scores for each of the categories of rules in the
statuses, issue events for score changes, and update the category scores in the host.

We're storing the successes, failures, etc, for this discovery object for this drone.

Note that this can fail if we change our algorithm - because we don't know the values
    the old algorithm gave us, only what the current algorithm gives us on the old results.

@TODO: We eventually want to update the scores for the domain to which this drone
belongs.

Definition at line 318 of file bestpractices.py.

References cma.bestpractices.BestPractices.compute_scores().

Referenced by cma.bestpractices.BestPractices.log_rule_results().

Here is the call graph for this function:

Here is the caller graph for this function:

def cma.bestpractices.BestPractices.compute_scores (   self,
  drone,
  rulesobj,
  statuses 
)
Compute the scores from this set of statuses - organized by category
We return the total score, scores organized by category
and the scoring detailed on a rule-by-rule basis.

Definition at line 290 of file bestpractices.py.

References cma.bestpractices.BestPractices.basic_rule_score_algorithm().

Referenced by cma.bestpractices.BestPractices.compute_score_updates().

Here is the call graph for this function:

Here is the caller graph for this function:

def cma.bestpractices.BestPractices.evaluate (   _unused_drone,
  _unusedsrcaddr,
  wholejsonobj,
  ruleobj,
  description 
)
static
Evaluate our rules given the current/changed data.

Definition at line 383 of file bestpractices.py.

References cma.drawwithdot.type.

def cma.bestpractices.BestPractices.fetch_rules (   self,
  _drone,
  _unusedsrcaddr,
  _discovertype 
)
Evaluate our rules given the current/changed data.
Note that fetch_rules is separate from rule evaluation to simplify
testing.

Definition at line 375 of file bestpractices.py.

def cma.bestpractices.BestPractices.gen_bp_rules_by_ruleset (   store,
  rulesetname 
)
static
Return generator providing all BP rules for the given ruleset

Definition at line 156 of file bestpractices.py.

def cma.bestpractices.BestPractices.load_directory (   store,
  directoryname,
  rulesetname,
  basedon = None 
)
static
Load all the rules in the 'directoryname' directory into our database
as 'rulesetname' and link them up as being based on the given rule
set name.

If 'basedon' is not None, then we derive a set of basis ordering
which we use to compute the precedence of rule sets.

For the moment, all rule sets must contain all the different rule sets
that their predecessor is based on. They can have empty rule sets if
there is nothing to override, but they have to all be there.
Dependent rule sets can have new rule sets not present in their basis,
but the reverse cannot be true.

It's perfectly normal for a rule set to not contain all the rules that
a basis rule set specifies, which means they aren't overridden.

It's also perfectly OK for a dependent rule set to have rules not
present in the basis rule set.

Definition at line 124 of file bestpractices.py.

def cma.bestpractices.BestPractices.load_from_file (   store,
  filename,
  bp_class,
  rulesetname,
  basedon = None 
)
static
Load JSON from a single ruleset file into the database.

Definition at line 117 of file bestpractices.py.

def cma.bestpractices.BestPractices.load_json (   store,
  json,
  bp_class,
  rulesetname,
  basedon = None 
)
static
Load JSON for a single JSON ruleset into the database.

Definition at line 105 of file bestpractices.py.

def cma.bestpractices.BestPractices.log_rule_results (   self,
  results,
  drone,
  _srcaddr,
  discoveryobj,
  discovertype,
  rulesobj 
)
Log the results of this set of rule evaluations

Definition at line 262 of file bestpractices.py.

References cma.bestpractices.BestPractices.compute_score_updates(), and cma.bestpractices.BestPractices.url().

Referenced by cma.bestpractices.BestPractices.processpkt().

Here is the call graph for this function:

Here is the caller graph for this function:

def cma.bestpractices.BestPractices.processpkt (   self,
  drone,
  srcaddr,
  jsonobj,
  discoverychanged 
)
Inform interested rule objects about this change

Definition at line 197 of file bestpractices.py.

References cma.bestpractices.BestPractices._processpkt_by_type(), and cma.bestpractices.BestPractices.log_rule_results().

Here is the call graph for this function:

def cma.bestpractices.BestPractices.register (   pkttypes)
static
Register a BestPractices subclass interested in the given discovery types.
Return value: our decorator function

Definition at line 80 of file bestpractices.py.

def cma.bestpractices.BestPractices.register_sensitivity (   bpcls,
  pkttype 
)
static

Definition at line 93 of file bestpractices.py.

def cma.bestpractices.BestPractices.send_rule_event (   oldstat,
  newstat,
  drone,
  ruleid,
  ruleobj,
  url 
)
static
Newstat, ruleid, and ruleobj can never be None. 

Definition at line 226 of file bestpractices.py.

def cma.bestpractices.BestPractices.url (   self,
  drone,
  ruleid,
  ruleobj,
  html = True,
  port = 5000 
)
Return the URL in the IT Best Practices project that goes with this
particular rule.

Emily Ratliff <ejratl@gmail.com> defines the API this way:

.../v1.0/doquery?app=os&domain=security&class=posix
    &os=linux&osname=redhat&release=6&tipname=nist_V-58901

Definition at line 163 of file bestpractices.py.

References cma.bestpractices.BestPractices.BASEURL.

Referenced by cma.bestpractices.BestPractices.log_rule_results().

Here is the caller graph for this function:

Field Documentation

cma.bestpractices.BestPractices.application = None
static

Definition at line 54 of file bestpractices.py.

string cma.bestpractices.BestPractices.application = 'os'
static

Definition at line 56 of file bestpractices.py.

string cma.bestpractices.BestPractices.BASEURL = 'http://db.ITBestPractices.info:%d'
static

Definition at line 57 of file bestpractices.py.

Referenced by cma.bestpractices.BestPractices.url().

cma.bestpractices.BestPractices.discovery_name = None
static

Definition at line 55 of file bestpractices.py.

dictionary cma.bestpractices.BestPractices.eval_classes = {}
static

Definition at line 52 of file bestpractices.py.

dictionary cma.bestpractices.BestPractices.eval_objects = {}
static

Definition at line 51 of file bestpractices.py.

dictionary cma.bestpractices.BestPractices.evaled_classes = {}
static

Definition at line 53 of file bestpractices.py.

cma.bestpractices.BestPractices.prio = DiscoveryListener.PRI_OPTION
static
list cma.bestpractices.BestPractices.wantedpackets = []
static

The documentation for this class was generated from the following file: