assemblyline-core 4.7.3.dev10__tar.gz → 4.7.3.dev11__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (80) hide show
  1. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/PKG-INFO +1 -5
  2. assemblyline_core-4.7.3.dev11/assemblyline_core/VERSION +1 -0
  3. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/workflow/run_workflow.py +10 -4
  4. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core.egg-info/PKG-INFO +1 -5
  5. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/setup.py +1 -5
  6. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/test/test_workflow.py +7 -7
  7. assemblyline_core-4.7.3.dev10/assemblyline_core/VERSION +0 -1
  8. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/LICENCE.md +0 -0
  9. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/README.md +0 -0
  10. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/__init__.py +0 -0
  11. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/alerter/__init__.py +0 -0
  12. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/alerter/processing.py +0 -0
  13. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/alerter/run_alerter.py +0 -0
  14. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/archiver/__init__.py +0 -0
  15. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/archiver/run_archiver.py +0 -0
  16. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/badlist_client.py +0 -0
  17. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/dispatching/__init__.py +0 -0
  18. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/dispatching/client.py +0 -0
  19. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/dispatching/dispatcher.py +0 -0
  20. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/dispatching/schedules.py +0 -0
  21. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/expiry/__init__.py +0 -0
  22. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/expiry/run_expiry.py +0 -0
  23. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/ingester/__init__.py +0 -0
  24. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/ingester/constants.py +0 -0
  25. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/ingester/ingester.py +0 -0
  26. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/metrics/__init__.py +0 -0
  27. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/metrics/es_metrics.py +0 -0
  28. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/metrics/heartbeat_formatter.py +0 -0
  29. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/metrics/helper.py +0 -0
  30. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/metrics/metrics_server.py +0 -0
  31. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/metrics/run_heartbeat_manager.py +0 -0
  32. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/metrics/run_metrics_aggregator.py +0 -0
  33. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/metrics/run_statistics_aggregator.py +0 -0
  34. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/replay/__init__.py +0 -0
  35. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/replay/client.py +0 -0
  36. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/replay/creator/__init__.py +0 -0
  37. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/replay/creator/run.py +0 -0
  38. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/replay/creator/run_worker.py +0 -0
  39. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/replay/loader/__init__.py +0 -0
  40. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/replay/loader/run.py +0 -0
  41. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/replay/loader/run_worker.py +0 -0
  42. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/replay/replay.py +0 -0
  43. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/safelist_client.py +0 -0
  44. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/scaler/__init__.py +0 -0
  45. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/scaler/collection.py +0 -0
  46. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/scaler/controllers/__init__.py +0 -0
  47. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/scaler/controllers/docker_ctl.py +0 -0
  48. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/scaler/controllers/interface.py +0 -0
  49. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/scaler/controllers/kubernetes_ctl.py +0 -0
  50. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/scaler/run_scaler.py +0 -0
  51. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/scaler/scaler_server.py +0 -0
  52. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/server_base.py +0 -0
  53. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/signature_client.py +0 -0
  54. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/submission_client.py +0 -0
  55. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/tasking_client.py +0 -0
  56. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/updater/__init__.py +0 -0
  57. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/updater/helper.py +0 -0
  58. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/updater/run_updater.py +0 -0
  59. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/vacuum/__init__.py +0 -0
  60. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/vacuum/crawler.py +0 -0
  61. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/vacuum/department_map.py +0 -0
  62. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/vacuum/safelist.py +0 -0
  63. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/vacuum/stream_map.py +0 -0
  64. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/vacuum/worker.py +0 -0
  65. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/workflow/__init__.py +0 -0
  66. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core.egg-info/SOURCES.txt +0 -0
  67. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core.egg-info/dependency_links.txt +0 -0
  68. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core.egg-info/requires.txt +0 -0
  69. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core.egg-info/top_level.txt +0 -0
  70. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/setup.cfg +0 -0
  71. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/test/test_alerter.py +0 -0
  72. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/test/test_badlist_client.py +0 -0
  73. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/test/test_expiry.py +0 -0
  74. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/test/test_replay.py +0 -0
  75. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/test/test_safelist_client.py +0 -0
  76. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/test/test_scaler.py +0 -0
  77. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/test/test_scheduler.py +0 -0
  78. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/test/test_signature_client.py +0 -0
  79. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/test/test_tasking_client.py +0 -0
  80. {assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/test/test_vacuum.py +0 -0
{assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: assemblyline-core
3
- Version: 4.7.3.dev10
3
+ Version: 4.7.3.dev11
4
4
  Summary: Assemblyline 4 - Core components
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-core/
6
6
  Author: CCCS Assemblyline development team
@@ -11,10 +11,6 @@ Classifier: Development Status :: 5 - Production/Stable
11
11
  Classifier: Intended Audience :: Developers
12
12
  Classifier: Topic :: Software Development :: Libraries
13
13
  Classifier: License :: OSI Approved :: MIT License
14
- Classifier: Programming Language :: Python :: 3.7
15
- Classifier: Programming Language :: Python :: 3.8
16
- Classifier: Programming Language :: Python :: 3.9
17
- Classifier: Programming Language :: Python :: 3.10
18
14
  Classifier: Programming Language :: Python :: 3.11
19
15
  Classifier: Programming Language :: Python :: 3.12
20
16
  Description-Content-Type: text/markdown
assemblyline_core-4.7.3.dev11/assemblyline_core/VERSION ADDED
@@ -0,0 +1 @@
1
+ 4.7.3.dev11
{assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core/workflow/run_workflow.py RENAMED
@@ -1,17 +1,17 @@
1
1
  #!/usr/bin/env python
2
2
 
3
- import elasticapm
4
3
  import time
5
4
 
6
- from assemblyline_core.server_base import ServerBase
5
+ import elasticapm
7
6
  from assemblyline.common import forge
8
7
  from assemblyline.common.isotime import now_as_iso
9
8
  from assemblyline.common.str_utils import safe_str
10
-
11
9
  from assemblyline.datastore.exceptions import SearchException
12
10
  from assemblyline.odm.models.alert import Event
13
11
  from assemblyline.odm.models.workflow import Workflow
14
12
 
13
+ from assemblyline_core.server_base import ServerBase
14
+
15
15
 
16
16
  class WorkflowManager(ServerBase):
17
17
  def __init__(self):
@@ -19,7 +19,13 @@ class WorkflowManager(ServerBase):
19
19
 
20
20
  self.config = forge.get_config()
21
21
  self.datastore = forge.get_datastore(self.config)
22
- self.start_ts = f"{self.datastore.ds.now}/{self.datastore.ds.day}-1{self.datastore.ds.day}"
22
+
23
+ # Get the earliest alert that has yet to have been triaged (or default to the last day)
24
+ alert = (self.datastore.alert.search("status:TRIAGE", sort='reporting_ts asc', rows=1,
25
+ fl='reporting_ts', as_obj=False)['items'] \
26
+ or \
27
+ [{'reporting_ts': 'now-1d/d'}])[0]
28
+ self.start_ts = alert['reporting_ts']
23
29
 
24
30
  if self.config.core.metrics.apm_server.server_url is not None:
25
31
  self.log.info(f"Exporting application metrics to: {self.config.core.metrics.apm_server.server_url}")
{assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/assemblyline_core.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: assemblyline-core
3
- Version: 4.7.3.dev10
3
+ Version: 4.7.3.dev11
4
4
  Summary: Assemblyline 4 - Core components
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-core/
6
6
  Author: CCCS Assemblyline development team
@@ -11,10 +11,6 @@ Classifier: Development Status :: 5 - Production/Stable
11
11
  Classifier: Intended Audience :: Developers
12
12
  Classifier: Topic :: Software Development :: Libraries
13
13
  Classifier: License :: OSI Approved :: MIT License
14
- Classifier: Programming Language :: Python :: 3.7
15
- Classifier: Programming Language :: Python :: 3.8
16
- Classifier: Programming Language :: Python :: 3.9
17
- Classifier: Programming Language :: Python :: 3.10
18
14
  Classifier: Programming Language :: Python :: 3.11
19
15
  Classifier: Programming Language :: Python :: 3.12
20
16
  Description-Content-Type: text/markdown
{assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/setup.py RENAMED
@@ -1,7 +1,7 @@
1
1
 
2
2
  import os
3
3
 
4
- from setuptools import setup, find_packages
4
+ from setuptools import find_packages, setup
5
5
 
6
6
  # Try to load the version from a datafile in the package
7
7
  package_version = "4.0.0.dev0"
@@ -30,10 +30,6 @@ setup(
30
30
  'Intended Audience :: Developers',
31
31
  'Topic :: Software Development :: Libraries',
32
32
  'License :: OSI Approved :: MIT License',
33
- 'Programming Language :: Python :: 3.7',
34
- 'Programming Language :: Python :: 3.8',
35
- 'Programming Language :: Python :: 3.9',
36
- 'Programming Language :: Python :: 3.10',
37
33
  'Programming Language :: Python :: 3.11',
38
34
  'Programming Language :: Python :: 3.12',
39
35
  ],
{assemblyline_core-4.7.3.dev10 → assemblyline_core-4.7.3.dev11}/test/test_workflow.py RENAMED
@@ -1,11 +1,11 @@
1
- import pytest
2
1
  import random
3
- from assemblyline_core.workflow.run_workflow import WorkflowManager
4
2
 
5
- from assemblyline.common.isotime import now_as_iso
3
+ import pytest
4
+ from assemblyline.common.isotime import epoch_to_iso
6
5
  from assemblyline.odm.models.workflow import Workflow
7
6
  from assemblyline.odm.random_data import create_alerts, wipe_alerts, wipe_workflows
8
7
  from assemblyline.odm.randomizer import random_minimal_obj
8
+ from assemblyline_core.workflow.run_workflow import WorkflowManager
9
9
 
10
10
 
11
11
  @pytest.fixture(scope="module")
@@ -13,7 +13,7 @@ def manager(datastore_connection):
13
13
  try:
14
14
  create_alerts(datastore_connection)
15
15
  wipe_workflows(datastore_connection)
16
- datastore_connection.alert.update_by_query("*", [(datastore_connection.alert.UPDATE_SET, 'reporting_ts', now_as_iso())])
16
+ datastore_connection.alert.update_by_query("*", [(datastore_connection.alert.UPDATE_SET, 'reporting_ts', epoch_to_iso(0))])
17
17
  datastore_connection.alert.commit()
18
18
  yield WorkflowManager()
19
19
  finally:
@@ -23,12 +23,12 @@ def test_workflow(manager, datastore_connection):
23
23
  # Create workflow that targets alerts based on YARA rule association
24
24
  workflow = random_minimal_obj(Workflow)
25
25
 
26
- yara_rule = random.choice(list(datastore_connection.alert.facet("al.yara").keys()))
26
+ yara_rule = random.choice(list(datastore_connection.alert.facet("al.yara").keys()))
27
27
  workflow.query = f'al.yara:"{yara_rule}"'
28
28
  workflow.workflow_id = "AL_TEST"
29
29
  workflow.labels = ["AL_TEST"]
30
30
  workflow.priority = "LOW"
31
- workflow.status = "MALICIOUS"
31
+ workflow.status = "MALICIOUS"
32
32
  datastore_connection.workflow.save(workflow.workflow_id, workflow)
33
33
  datastore_connection.workflow.commit()
34
34
 
@@ -37,7 +37,7 @@ def test_workflow(manager, datastore_connection):
37
37
  manager.get_last_reporting_ts = lambda x: "now/d+1d"
38
38
  manager.try_run(run_once=True)
39
39
  datastore_connection.alert.commit()
40
-
40
+
41
41
  # Assert that custom labels were applied to alerts
42
42
  assert datastore_connection.alert.search("label:AL_TEST", track_total_hits=True)['total']
43
43
 
assemblyline_core-4.7.3.dev10/assemblyline_core/VERSION DELETED
@@ -1 +0,0 @@
1
- 4.7.3.dev10