mirror of https://github.com/CIRCL/AIL-framework
chg: [pgpdump] check trackers on extracted metadata
parent
1372b1ef68
commit
f8f785970f
|
@ -24,6 +24,10 @@ from packages import Paste
|
|||
|
||||
from packages import Pgp
|
||||
|
||||
from trackers.Tracker_Term import Tracker_Term
|
||||
from trackers.Tracker_Regex import Tracker_Regex
|
||||
from trackers.Tracker_Yara import Tracker_Yara
|
||||
|
||||
class TimeoutException(Exception):
|
||||
pass
|
||||
|
||||
|
@ -152,6 +156,10 @@ if __name__ == '__main__':
|
|||
#config_section = 'PgpDump'
|
||||
config_section = 'PgpDump'
|
||||
|
||||
tracker_module_term = Tracker_Term()
|
||||
tracker_module_regex = Tracker_Regex()
|
||||
tracker_module_yara = Tracker_Yara()
|
||||
|
||||
# Setup the I/O queues
|
||||
p = Process(config_section)
|
||||
|
||||
|
@ -245,7 +253,13 @@ if __name__ == '__main__':
|
|||
for name_id in set_name:
|
||||
print(name_id)
|
||||
Pgp.pgp.save_item_correlation('name', name_id, message, item_date)
|
||||
tracker_module_term.compute(message, item_content=name_id)
|
||||
tracker_module_regex.compute(message, item_content=name_id)
|
||||
tracker_module_yara.compute(message, item_content=name_id)
|
||||
|
||||
for mail_id in set_mail:
|
||||
print(mail_id)
|
||||
Pgp.pgp.save_item_correlation('mail', mail_id, message, item_date)
|
||||
tracker_module_term.compute(message, item_content=name_id)
|
||||
tracker_module_regex.compute(message, item_content=name_id)
|
||||
tracker_module_yara.compute(message, item_content=name_id)
|
||||
|
|
|
@ -50,7 +50,7 @@ class Tracker_Regex(AbstractModule):
|
|||
|
||||
self.redis_logger.info(f"Module: {self.module_name} Launched")
|
||||
|
||||
def compute(self, item_id):
|
||||
def compute(self, item_id, item_content=None):
|
||||
# refresh Tracked regex
|
||||
if self.last_refresh < Tracker.get_tracker_last_updated_by_type('regex'):
|
||||
self.dict_regex_tracked = Term.get_regex_tracked_words_dict()
|
||||
|
@ -60,7 +60,8 @@ class Tracker_Regex(AbstractModule):
|
|||
|
||||
item = Item(item_id)
|
||||
item_id = item.get_id()
|
||||
item_content = item.get_content()
|
||||
if not item_content:
|
||||
item_content = item.get_content()
|
||||
|
||||
for regex in self.dict_regex_tracked:
|
||||
matched = regex_helper.regex_search(self.module_name, self.redis_cache_key, self.dict_regex_tracked[regex], item_id, item_content, max_time=self.max_execution_time)
|
||||
|
|
|
@ -61,7 +61,7 @@ class Tracker_Term(AbstractModule):
|
|||
|
||||
self.redis_logger.info(f"Module: {self.module_name} Launched")
|
||||
|
||||
def compute(self, item_id):
|
||||
def compute(self, item_id, item_content=None):
|
||||
# refresh Tracked term
|
||||
if self.last_refresh_word < Term.get_tracked_term_last_updated_by_type('word'):
|
||||
self.list_tracked_words = Term.get_tracked_words_list()
|
||||
|
@ -78,7 +78,8 @@ class Tracker_Term(AbstractModule):
|
|||
# Cast message as Item
|
||||
item = Item(item_id)
|
||||
item_date = item.get_date()
|
||||
item_content = item.get_content()
|
||||
if not item_content:
|
||||
item_content = item.get_content()
|
||||
|
||||
signal.alarm(self.max_execution_time)
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ class Tracker_Yara(AbstractModule):
|
|||
self.redis_logger.info(f"Module: {self.module_name} Launched")
|
||||
|
||||
|
||||
def compute(self, item_id):
|
||||
def compute(self, item_id, item_content=None):
|
||||
# refresh YARA list
|
||||
if self.last_refresh < Tracker.get_tracker_last_updated_by_type('yara'):
|
||||
self.rules = Tracker.reload_yara_rules()
|
||||
|
@ -56,7 +56,11 @@ class Tracker_Yara(AbstractModule):
|
|||
print('Tracked set refreshed')
|
||||
|
||||
self.item = Item(item_id)
|
||||
item_content = self.item.get_content()
|
||||
if not item_content:
|
||||
item_content = self.item.get_content()
|
||||
|
||||
|
||||
|
||||
try:
|
||||
yara_match = self.rules.match(data=item_content, callback=self.yara_rules_match, which_callbacks=yara.CALLBACK_MATCHES, timeout=60)
|
||||
if yara_match:
|
||||
|
|
Loading…
Reference in New Issue