assemblyline-core 4.4.0.27__tar.gz → 4.4.0.29__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of assemblyline-core might be problematic. Click here for more details.

Files changed (83) hide show
  1. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/PKG-INFO +1 -1
  2. assemblyline-core-4.4.0.29/assemblyline_core/VERSION +1 -0
  3. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/workflow/run_workflow.py +14 -3
  4. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core.egg-info/PKG-INFO +1 -1
  5. assemblyline-core-4.4.0.27/assemblyline_core/VERSION +0 -1
  6. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/LICENCE.md +0 -0
  7. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/README.md +0 -0
  8. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/__init__.py +0 -0
  9. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/alerter/__init__.py +0 -0
  10. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/alerter/processing.py +0 -0
  11. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/alerter/run_alerter.py +0 -0
  12. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/archiver/__init__.py +0 -0
  13. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/archiver/run_archiver.py +0 -0
  14. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/dispatching/__init__.py +0 -0
  15. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/dispatching/__main__.py +0 -0
  16. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/dispatching/client.py +0 -0
  17. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/dispatching/dispatcher.py +0 -0
  18. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/dispatching/schedules.py +0 -0
  19. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/dispatching/timeout.py +0 -0
  20. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/expiry/__init__.py +0 -0
  21. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/expiry/run_expiry.py +0 -0
  22. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/ingester/__init__.py +0 -0
  23. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/ingester/__main__.py +0 -0
  24. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/ingester/constants.py +0 -0
  25. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/ingester/ingester.py +0 -0
  26. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/metrics/__init__.py +0 -0
  27. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/metrics/es_metrics.py +0 -0
  28. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/metrics/heartbeat_formatter.py +0 -0
  29. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/metrics/helper.py +0 -0
  30. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/metrics/metrics_server.py +0 -0
  31. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/metrics/run_heartbeat_manager.py +0 -0
  32. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/metrics/run_metrics_aggregator.py +0 -0
  33. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/metrics/run_statistics_aggregator.py +0 -0
  34. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/plumber/__init__.py +0 -0
  35. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/plumber/run_plumber.py +0 -0
  36. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/replay/__init__.py +0 -0
  37. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/replay/client.py +0 -0
  38. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/replay/creator/__init__.py +0 -0
  39. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/replay/creator/run.py +0 -0
  40. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/replay/creator/run_worker.py +0 -0
  41. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/replay/loader/__init__.py +0 -0
  42. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/replay/loader/run.py +0 -0
  43. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/replay/loader/run_worker.py +0 -0
  44. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/replay/replay.py +0 -0
  45. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/safelist_client.py +0 -0
  46. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/scaler/__init__.py +0 -0
  47. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/scaler/collection.py +0 -0
  48. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/scaler/controllers/__init__.py +0 -0
  49. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/scaler/controllers/docker_ctl.py +0 -0
  50. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/scaler/controllers/interface.py +0 -0
  51. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/scaler/controllers/kubernetes_ctl.py +0 -0
  52. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/scaler/run_scaler.py +0 -0
  53. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/scaler/scaler_server.py +0 -0
  54. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/server_base.py +0 -0
  55. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/submission_client.py +0 -0
  56. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/tasking_client.py +0 -0
  57. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/updater/__init__.py +0 -0
  58. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/updater/helper.py +0 -0
  59. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/updater/run_updater.py +0 -0
  60. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/vacuum/__init__.py +0 -0
  61. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/vacuum/crawler.py +0 -0
  62. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/vacuum/department_map.py +0 -0
  63. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/vacuum/safelist.py +0 -0
  64. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/vacuum/stream_map.py +0 -0
  65. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/vacuum/worker.py +0 -0
  66. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/workflow/__init__.py +0 -0
  67. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core.egg-info/SOURCES.txt +0 -0
  68. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core.egg-info/dependency_links.txt +0 -0
  69. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core.egg-info/requires.txt +0 -0
  70. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core.egg-info/top_level.txt +0 -0
  71. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/setup.cfg +0 -0
  72. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/setup.py +0 -0
  73. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/test/test_alerter.py +0 -0
  74. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/test/test_dispatcher.py +0 -0
  75. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/test/test_expiry.py +0 -0
  76. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/test/test_plumber.py +0 -0
  77. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/test/test_replay.py +0 -0
  78. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/test/test_scaler.py +0 -0
  79. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/test/test_scheduler.py +0 -0
  80. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/test/test_simulation.py +0 -0
  81. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/test/test_vacuum.py +0 -0
  82. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/test/test_worker_ingest.py +0 -0
  83. {assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/test/test_worker_submit.py +0 -0
{assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: assemblyline-core
3
- Version: 4.4.0.27
3
+ Version: 4.4.0.29
4
4
  Summary: Assemblyline 4 - Core components
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-core/
6
6
  Author: CCCS Assemblyline development team
assemblyline-core-4.4.0.29/assemblyline_core/VERSION ADDED
@@ -0,0 +1 @@
1
+ 4.4.0.29
{assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core/workflow/run_workflow.py RENAMED
@@ -9,6 +9,7 @@ from assemblyline.common.isotime import now_as_iso
9
9
  from assemblyline.common.str_utils import safe_str
10
10
 
11
11
  from assemblyline.datastore.exceptions import SearchException
12
+ from assemblyline.odm.models.alert import Event
12
13
  from assemblyline.odm.models.workflow import Workflow
13
14
 
14
15
 
@@ -126,6 +127,7 @@ class WorkflowManager(ServerBase):
126
127
 
127
128
  fq = ["reporting_ts:[{start_ts} TO {end_ts}]".format(start_ts=self.start_ts, end_ts=end_ts)]
128
129
 
130
+ event_data = Event({'entity_type': 'workflow', 'entity_id': workflow.workflow_id, 'entity_name': workflow.name})
129
131
  operations = []
130
132
  fq_items = []
131
133
  if labels:
@@ -133,14 +135,19 @@ class WorkflowManager(ServerBase):
133
135
  for lbl in labels])
134
136
  for label in labels:
135
137
  fq_items.append("label:\"{label}\"".format(label=label))
138
+ event_data.labels = labels
136
139
  if priority:
137
140
  operations.append((self.datastore.alert.UPDATE_SET, 'priority', priority))
138
141
  fq_items.append("priority:*")
142
+ event_data.priority = priority
139
143
  if status:
140
144
  operations.append((self.datastore.alert.UPDATE_SET, 'status', status))
141
145
  fq_items.append("(status:MALICIOUS OR status:NON-MALICIOUS OR status:ASSESS)")
146
+ event_data.status = status
142
147
 
143
148
  fq.append("NOT ({exclusion})".format(exclusion=" AND ".join(fq_items)))
149
+ # Add event to alert's audit history
150
+ operations.append((self.datastore.alert.UPDATE_APPEND, 'events', event_data))
144
151
 
145
152
  try:
146
153
  count = self.datastore.alert.update_by_query(workflow.query, operations, filters=fq)
@@ -150,11 +157,15 @@ class WorkflowManager(ServerBase):
150
157
  if count:
151
158
  self.log.info("{count} Alert(s) were affected by this filter.".format(count=count))
152
159
  if workflow.workflow_id != "DEFAULT":
160
+ seen = now_as_iso()
153
161
  operations = [
154
- (self.datastore.alert.UPDATE_INC, 'hit_count', count),
155
- (self.datastore.alert.UPDATE_SET, 'last_seen', now_as_iso()),
162
+ (self.datastore.workflow.UPDATE_INC, 'hit_count', count),
163
+ (self.datastore.workflow.UPDATE_SET, 'last_seen', seen),
156
164
  ]
157
- self.datastore.workflow.update(workflow.id, operations)
165
+ if not workflow.first_seen:
166
+ # Set first seen for workflow if not set
167
+ operations.append((self.datastore.workflow.UPDATE_SET, 'first_seen', seen))
168
+ self.datastore.workflow.update(workflow.workflow_id, operations)
158
169
 
159
170
  except SearchException:
160
171
  self.log.warning(f"Invalid query '{safe_str(workflow.query or '')}' in workflow "
{assemblyline-core-4.4.0.27 → assemblyline-core-4.4.0.29}/assemblyline_core.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: assemblyline-core
3
- Version: 4.4.0.27
3
+ Version: 4.4.0.29
4
4
  Summary: Assemblyline 4 - Core components
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-core/
6
6
  Author: CCCS Assemblyline development team
assemblyline-core-4.4.0.27/assemblyline_core/VERSION DELETED
@@ -1 +0,0 @@
1
- 4.4.0.27