本文整理汇总了Python中beach.actor.Actor类的典型用法代码示例。如果您正苦于以下问题:Python Actor类的具体用法?Python Actor怎么用?Python Actor使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Actor类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: SAMLoadWidgets
def SAMLoadWidgets():
global _widgets
if 0 == len( _widgets ):
_widgets.update( Actor.importLib( 'GenericWidgets', '*' ) )
_widgets.update( Actor.importLib( 'ProcessWidgets', '*' ) )
_widgets.update( Actor.importLib( 'TimeWidgets', '*' ) )
return _widgets示例2: reload
def reload( self ):
class _unnamedSymbolGroup( object ):
pass
tmpTags = json.loads( Actor.readRelativeFile( 'rp_hcp_tags.json' ) )
for group in tmpTags[ 'groups' ]:
gName = group[ 'groupName' ]
for definition in group[ 'definitions' ]:
tName = str( definition[ 'name' ] )
tValue = str( definition[ 'value' ] )
fullName = '%s.%s' % ( gName, tName )
self.lookups[ tValue ] = fullName
self.lookups[ fullName ] = tValue
if not hasattr( self, gName ):
setattr( self, gName, _unnamedSymbolGroup() )
setattr( getattr( self, gName ), tName, tValue )示例3: SensorIssues
# Copyright 2015 refractionPOINT
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from beach.actor import Actor
ProcessDescendant = Actor.importLib( '../../analytics/StateAnalysis/descriptors', 'ProcessDescendant' )
EventBurst = Actor.importLib( '../../analytics/StateAnalysis/descriptors', 'EventBurst' )
StatefulActor = Actor.importLib( '../../Detects', 'StatefulActor' )
class SensorIssues ( StatefulActor ):
def initMachines( self, parameters ):
self.shardingKey = 'agentid'
#TODO: vary the logic for other platforms and ensure it's the right executable name.
hcpProcesses = r'.*(/|\\)((rphcp)|(hcp_.+))\.exe'
anyApps = r'.*'
hcpSpawningProcesses = ProcessDescendant( name = 'hcp_spawns_anything',
parentRegExp = hcpProcesses,
childRegExp = anyApps,
isDirectOnly = True )示例4: WinReconTools
# Copyright 2015 refractionPOINT
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from beach.actor import Actor
ObjectTypes = Actor.importLib( '../../ObjectsDb', 'ObjectTypes' )
StatefulActor = Actor.importLib( '../../Detects', 'StatefulActor' )
class WinReconTools ( StatefulActor ):
def initMachines( self, parameters ):
self.shardingKey = 'agentid'
self.machines = {
'sensor_restarting' :
'''
SAMTimeBurst( parameters = { 'within' : 10, 'min_burst' : 3 } )
.feed_from( SAMSelector( parameters = {
'event/notification.NEW_PROCESS/base.FILE_PATH' : r'.*(/|\\\)((ipconfig)|(arp)|(route)|(ping)|(traceroute)|(nslookup)|(netstat)|(wmic)|(net\d?)|(whoami)|(systeminfo))\.exe' } ) )
'''
}
def processDetects( self, detects ):示例5: BeaconProcessor
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from beach.actor import Actor
import base64
import M2Crypto
import zlib
import time
import struct
import binascii
import traceback
import hashlib
rpcm = Actor.importLib( '../rpcm', 'rpcm' )
rList = Actor.importLib( '../rpcm', 'rList' )
rSequence = Actor.importLib( '../rpcm', 'rSequence' )
AgentId = Actor.importLib( '../hcp_helpers', 'AgentId' )
_xm_ = Actor.importLib( '../hcp_helpers', '_xm_' )
_x_ = Actor.importLib( '../hcp_helpers', '_x_' )
HcpDb = Actor.importLib( '../hcp_databases', 'HcpDb' )
ip_to_tuple = Actor.importLib( '../hcp_helpers', 'ip_to_tuple' )
HcpOperations = Actor.importLib( '../hcp_helpers', 'HcpOperations' )
HcpModuleId = Actor.importLib( '../hcp_helpers', 'HcpModuleId' )
PooledResource = Actor.importLib( '../hcp_helpers', 'PooledResource' )
class BeaconProcessor( Actor ):
def init( self, parameters ):
self.private_key = M2Crypto.RSA.load_key_string( parameters[ '_priv_key' ] )
self.handle( 'beacon', self.processBeacon )示例6: StatsComputer
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from beach.actor import Actor
from sets import Set
ObjectTypes = Actor.importLib( '../utils/ObjectsDb', 'ObjectTypes' )
HostObjects = Actor.importLib( '../utils/ObjectsDb', 'HostObjects' )
BEAdmin = Actor.importLib( '../admin_lib', 'BEAdmin' )
AgentId = Actor.importLib( '../utils/hcp_helpers', 'AgentId' )
chunks = Actor.importLib( '../utils/hcp_helpers', 'chunks' )
class StatsComputer( Actor ):
def init( self, parameters, resources ):
HostObjects.setDatabase( parameters[ 'scale_db' ] )
self.be = BEAdmin( self._beach_config_path, None )
self.lastStats = {}
self.schedule( 3600, self.computeRelation,
parentType = ObjectTypes.PROCESS_NAME,
childType = ObjectTypes.FILE_PATH,示例7: audited
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from beach.actor import Actor
import traceback
import hashlib
import time
rpcm = Actor.importLib( 'utils/rpcm', 'rpcm' )
rList = Actor.importLib( 'utils/rpcm', 'rList' )
rSequence = Actor.importLib( 'utils/rpcm', 'rSequence' )
AgentId = Actor.importLib( 'utils/hcp_helpers', 'AgentId' )
HbsCollectorId = Actor.importLib( 'utils/hcp_helpers', 'HbsCollectorId' )
CassDb = Actor.importLib( 'utils/hcp_databases', 'CassDb' )
CassPool = Actor.importLib( 'utils/hcp_databases', 'CassPool' )
HcpOperations = Actor.importLib( 'utils/hcp_helpers', 'HcpOperations' )
HcpModuleId = Actor.importLib( 'utils/hcp_helpers', 'HcpModuleId' )
def audited( f ):
def wrapped( self, *args, **kwargs ):
self.auditor.shoot( 'audit', { 'data' : args[ 0 ].data, 'cmd' : args[ 0 ].req } )
r = f( self, *args, **kwargs )
return r
return wrapped示例8: GenerateDetectReport
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from beach.actor import Actor
import hashlib
from sets import Set
import time
SAMLoadWidgets = Actor.importLib( 'analytics/StateAnalysis', 'SAMLoadWidgets' )
def GenerateDetectReport( agentid, msgIds, cat, detect ):
if type( msgIds ) is not tuple and type( msgIds ) is not list:
msgIds = ( msgIds, )
if type( agentid ) is tuple or type( agentid ) is list:
agentid = ' / '.join( agentid )
reportId = hashlib.sha256( str( msgIds ) ).hexdigest()
return { 'source' : agentid, 'msg_ids' : msgIds, 'cat' : cat, 'detect' : detect, 'report_id' : reportId }
class StatelessActor ( Actor ):
def init( self, parameters ):
if not hasattr( self, 'process' ):
raise Exception( 'Stateless Actor has no "process" function' )
self._reporting = self.getActorHandle( 'analytics/report' )
self._tasking = None示例9: ProcessBurst
# Copyright 2015 refractionPOINT
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from beach.actor import Actor
StateMachineDescriptor = Actor.importLib( './', 'StateMachineDescriptor' )
State = Actor.importLib( './', 'State' )
StateTransition = Actor.importLib( './', 'StateTransition' )
NewProcessNamed = Actor.importLib( './transitions', 'NewProcessNamed' )
HistoryOlderThan = Actor.importLib( './transitions', 'HistoryOlderThan' )
RunningPidReset = Actor.importLib( './transitions', 'RunningPidReset' )
AlwaysReturn = Actor.importLib( './transitions', 'AlwaysReturn' )
EventOfType = Actor.importLib( './transitions', 'EventOfType' )
ParentProcessInHistory = Actor.importLib( './transitions', 'ParentProcessInHistory' )
NotParentProcessInHistory = Actor.importLib( './transitions', 'NotParentProcessInHistory' )
def ProcessBurst( name, procRegExp, nPerBurst, withinSeconds ):
states = []
for i in xrange( 0, nPerBurst ):
states.append( State( StateTransition( isRecordOnMatch = True,
isReportOnMatch = False if i < nPerBurst - 1 else True,示例10: GenerateDetectReport
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from beach.actor import Actor
import hashlib
from sets import Set
import time
StateMachine = Actor.importLib( 'analytics/StateAnalysis', 'StateMachine' )
StateEvent = Actor.importLib( 'analytics/StateAnalysis', 'StateEvent' )
CreateOnAccess = Actor.importLib( 'hcp_helpers', 'CreateOnAccess' )
def GenerateDetectReport( agentid, msgIds, cat, detect ):
if type( msgIds ) is not tuple and type( msgIds ) is not list:
msgIds = ( msgIds, )
if type( agentid ) is tuple or type( agentid ) is list:
agentid = ' / '.join( agentid )
reportId = hashlib.sha256( str( msgIds ) ).hexdigest()
return { 'source' : agentid, 'msg_ids' : msgIds, 'cat' : cat, 'detect' : detect, 'report_id' : reportId }
class StatelessActor ( Actor ):
def init( self, parameters ):
if not hasattr( self, 'process' ):
raise Exception( 'Stateless Actor has no "process" function' )示例11: AnalyticsIntake
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from sets import Set
from beach.actor import Actor
_xm_ = Actor.importLib( '../utils/hcp_helpers', '_xm_' )
_x_ = Actor.importLib( '../utils/hcp_helpers', '_x_' )
exeFromPath = Actor.importLib( '../utils/hcp_helpers', 'exeFromPath' )
ObjectTypes = Actor.importLib( '../utils/ObjectsDb', 'ObjectTypes' )
ObjectNormalForm = Actor.importLib( '../utils/ObjectsDb', 'ObjectNormalForm' )
AgentId = Actor.importLib( '../utils/hcp_helpers', 'AgentId' )
class AnalyticsIntake( Actor ):
def init( self, parameters, resources ):
self.handle( 'analyze', self.analyze )
self.analytics_stateless = self.getActorHandle( resources[ 'stateless' ], timeout = 30, nRetries = 3 )
self.analytics_stateful = self.getActorHandle( resources[ 'stateful' ], timeout = 30, nRetries = 3 )
self.analytics_modeling = self.getActorHandle( resources[ 'modeling' ], timeout = 120, nRetries = 3 )
self.async_builder = self.getActorHandle( resources[ 'relation_builder' ], timeout = 120, nRetries = 3 )
self.analytics_investigation = self.getActorHandle( resources[ 'investigation' ], timeout = 120, nRetries = 3 )
示例12: NewProcessNamed
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from beach.actor import Actor
import re
_x_ = Actor.importLib( '../../utils/hcp_helpers', '_x_' )
_xm_ = Actor.importLib( '../../utils/hcp_helpers', '_xm_' )
def NewProcessNamed( regexp ):
try:
regexp.match( '' )
except:
regexp = re.compile( regexp )
def _processNamed( history, event ):
newProcName = _x_( event.event, 'notification.NEW_PROCESS/base.FILE_PATH' )
if newProcName is not None and regexp.match( newProcName ):
return True
else:
return False
return _processNamed
示例13: TaskingProxy
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from beach.actor import Actor
import traceback
import hashlib
import time
import ipaddress
rpcm = Actor.importLib( 'utils/rpcm', 'rpcm' )
rList = Actor.importLib( 'utils/rpcm', 'rList' )
rSequence = Actor.importLib( 'utils/rpcm', 'rSequence' )
AgentId = Actor.importLib( 'utils/hcp_helpers', 'AgentId' )
RingCache = Actor.importLib( 'utils/hcp_helpers', 'RingCache' )
HcpModuleId = Actor.importLib( 'utils/hcp_helpers', 'HcpModuleId' )
Symbols = Actor.importLib( 'Symbols', 'Symbols' )()
class TaskingProxy( Actor ):
def init( self, parameters, resources ):
self.cachedEndpoints = RingCache( maxEntries = 1000 )
self.sensorDir = self.getActorHandle( resources[ 'sensor_dir' ] )
self.handle( 'task', self.task )
def deinit( self ):
pass示例14: ExecNotOnDisk
# Copyright 2015 refractionPOINT
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from beach.actor import Actor
ObjectTypes = Actor.importLib( '../../ObjectsDb', 'ObjectTypes' )
StatelessActor = Actor.importLib( '../../Detects', 'StatelessActor' )
_x_ = Actor.importLib( '../../hcp_helpers', '_x_' )
class ExecNotOnDisk ( StatelessActor ):
def init( self, parameters ):
super( ExecNotOnDisk, self ).init( parameters )
def process( self, msg ):
routing, event, mtd = msg.data
detects = []
if _x_( event, '?/base.HASH' ) is None:
detects.append( ( event, None ) )
return detects示例15: AnalyticsReporting
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from beach.actor import Actor
import msgpack
import base64
import random
import json
import time_uuid
CassDb = Actor.importLib( '../utils/hcp_databases', 'CassDb' )
CassPool = Actor.importLib( '../utils/hcp_databases', 'CassPool' )
CreateOnAccess = Actor.importLib( '../utils/hcp_helpers', 'CreateOnAccess' )
class AnalyticsReporting( Actor ):
def init( self, parameters, resources ):
self.ttl = parameters.get( 'ttl', ( 60 * 60 * 24 * 365 ) )
self._db = CassDb( parameters[ 'db' ], 'hcp_analytics', consistencyOne = True )
self.db = CassPool( self._db,
rate_limit_per_sec = parameters[ 'rate_limit_per_sec' ],
maxConcurrent = parameters[ 'max_concurrent' ],
blockOnQueueSize = parameters[ 'block_on_queue_size' ] )
self.report_stmt_rep = self.db.prepare( 'INSERT INTO detects ( did, gen, source, dtype, events, detect, why ) VALUES ( ?, dateOf( now() ), ?, ?, ?, ?, ? ) USING TTL %d' % self.ttl )
self.report_stmt_rep.consistency_level = CassDb.CL_Ingest