mirror of https://github.com/CIRCL/AIL-framework
fix: [tracker] delete yara rule, fix filter by object type
parent
68c17c3fbc
commit
fee3332edb
|
@ -2,6 +2,8 @@
|
||||||
# -*-coding:UTF-8 -*
|
# -*-coding:UTF-8 -*
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
|
import logging
|
||||||
|
import logging.config
|
||||||
import re
|
import re
|
||||||
import sys
|
import sys
|
||||||
import time
|
import time
|
||||||
|
@ -24,11 +26,16 @@ sys.path.append(os.environ['AIL_BIN'])
|
||||||
##################################
|
##################################
|
||||||
from packages import Date
|
from packages import Date
|
||||||
from lib.ail_core import get_objects_tracked, get_object_all_subtypes, get_objects_retro_hunted
|
from lib.ail_core import get_objects_tracked, get_object_all_subtypes, get_objects_retro_hunted
|
||||||
|
from lib import ail_logger
|
||||||
from lib import ConfigLoader
|
from lib import ConfigLoader
|
||||||
from lib import item_basic
|
from lib import item_basic
|
||||||
from lib import Tag
|
from lib import Tag
|
||||||
from lib.Users import User
|
from lib.Users import User
|
||||||
|
|
||||||
|
# LOGS
|
||||||
|
logging.config.dictConfig(ail_logger.get_config(name='modules'))
|
||||||
|
logger = logging.getLogger()
|
||||||
|
|
||||||
config_loader = ConfigLoader.ConfigLoader()
|
config_loader = ConfigLoader.ConfigLoader()
|
||||||
r_cache = config_loader.get_redis_conn("Redis_Cache")
|
r_cache = config_loader.get_redis_conn("Redis_Cache")
|
||||||
|
|
||||||
|
@ -561,9 +568,7 @@ class Tracker:
|
||||||
os.remove(filepath)
|
os.remove(filepath)
|
||||||
|
|
||||||
# Filters
|
# Filters
|
||||||
filters = self.get_filters()
|
filters = get_objects_tracked()
|
||||||
if not filters:
|
|
||||||
filters = get_objects_tracked()
|
|
||||||
for obj_type in filters:
|
for obj_type in filters:
|
||||||
r_tracker.srem(f'trackers:objs:{tracker_type}:{obj_type}', tracked)
|
r_tracker.srem(f'trackers:objs:{tracker_type}:{obj_type}', tracked)
|
||||||
r_tracker.srem(f'trackers:uuid:{tracker_type}:{tracked}', f'{self.uuid}:{obj_type}')
|
r_tracker.srem(f'trackers:uuid:{tracker_type}:{tracked}', f'{self.uuid}:{obj_type}')
|
||||||
|
@ -1152,7 +1157,11 @@ def get_tracked_yara_rules():
|
||||||
for obj_type in get_objects_tracked():
|
for obj_type in get_objects_tracked():
|
||||||
rules = {}
|
rules = {}
|
||||||
for tracked in _get_tracked_by_obj_type('yara', obj_type):
|
for tracked in _get_tracked_by_obj_type('yara', obj_type):
|
||||||
rules[tracked] = os.path.join(get_yara_rules_dir(), tracked)
|
rule = os.path.join(get_yara_rules_dir(), tracked)
|
||||||
|
if not os.path.exists(rule):
|
||||||
|
logger.critical(f"Yara rule don't exists {tracked} : {obj_type}")
|
||||||
|
else:
|
||||||
|
rules[tracked] = rule
|
||||||
to_track[obj_type] = yara.compile(filepaths=rules)
|
to_track[obj_type] = yara.compile(filepaths=rules)
|
||||||
print(to_track)
|
print(to_track)
|
||||||
return to_track
|
return to_track
|
||||||
|
|
Loading…
Reference in New Issue