atomicshop 2.12.16__py3-none-any.whl → 2.12.17__py3-none-any.whl

atomicshop/monitor/checks/dns.py

@@ -1,108 +1,126 @@
+from pathlib import Path
+
 from ...etw.dns_trace import DnsTrace
 from ...print_api import print_api
-
-
-def _execute_cycle(change_monitor_instance, print_kwargs: dict = None):
+from ...diff_check import DiffChecker
+
+
+INPUT_FILE_DEFAULT_NAME: str = 'known_domains.json'
+INPUT_STATISTICS_FILE_DEFAULT_NAME: str = 'dns_statistics.json'
+FETCH_ENGINE: DnsTrace = DnsTrace(enable_process_poller=True, attrs=['name', 'cmdline', 'domain', 'query_type'])
+SETTINGS = {}
+DIFF_CHECKER_AGGREGATION = DiffChecker(
+    check_object=list(),                            # DNS events will be appended to this list.
+    return_first_cycle=True,
+    operation_type='new_objects'
+)
+DIFF_CHECKER_STATISTICS = DiffChecker(
+    check_object=list(),                            # DNS events will be appended to this list.
+    return_first_cycle=True,
+    operation_type='hit_statistics',
+    hit_statistics_enable_queue=True
+)
+
+
+def setup_check(change_monitor_instance):
+    global SETTINGS
+    SETTINGS = change_monitor_instance.object_type_settings
+
+    if SETTINGS['alert_always'] and SETTINGS['alert_about_missing_entries_after_learning']:
+        raise ValueError(
+            "ERROR: [alert_always] and [alert_about_missing_entries_after_learning] cannot be True at the same time.")
+
+    if not change_monitor_instance.input_file_name:
+        change_monitor_instance.input_file_name = INPUT_FILE_DEFAULT_NAME
+    input_file_path = (
+        str(Path(change_monitor_instance.input_directory, change_monitor_instance.input_file_name)))
+
+    if not change_monitor_instance.input_statistics_file_name:
+        change_monitor_instance.input_statistics_file_name = INPUT_STATISTICS_FILE_DEFAULT_NAME
+    input_statistic_file_path = (
+        str(Path(change_monitor_instance.input_directory, change_monitor_instance.input_statistics_file_name)))
+
+    if SETTINGS['learning_mode_create_unique_entries_list']:
+        DIFF_CHECKER_AGGREGATION.input_file_write_only = change_monitor_instance.input_file_write_only
+        DIFF_CHECKER_AGGREGATION.check_object_display_name = \
+            f'{change_monitor_instance.input_file_name}|{change_monitor_instance.object_type}'
+        DIFF_CHECKER_AGGREGATION.input_file_path = input_file_path
+        DIFF_CHECKER_AGGREGATION.new_objects_hours_then_difference = SETTINGS['learning_hours']
+
+    if SETTINGS['create_alert_statistics']:
+        DIFF_CHECKER_STATISTICS.input_file_write_only = change_monitor_instance.input_file_write_only
+        DIFF_CHECKER_STATISTICS.check_object_display_name = \
+            f'{change_monitor_instance.input_statistics_file_name}|{change_monitor_instance.object_type}'
+        DIFF_CHECKER_STATISTICS.input_file_path = input_statistic_file_path
+        DIFF_CHECKER_STATISTICS.hit_statistics_input_file_rotation_cycle_hours = SETTINGS['statistics_rotation_hours']
+
+    # Start DNS monitoring.
+    FETCH_ENGINE.start()
+
+
+def execute_cycle(print_kwargs: dict = None) -> list:
     """
     This function executes the cycle of the change monitor: dns.
+    The function is blocking so while using it, the script will wait for the next DNS event.
+    No need to use 'time.sleep()'.
 
-    :param change_monitor_instance: Instance of the ChangeMonitor class.
-
+    :param print_kwargs: print_api kwargs.
     :return: List of dictionaries with the results of the cycle.
     """
 
-    if print_kwargs is None:
-        print_kwargs = dict()
+    # 'emit()' method is blocking (it uses 'get' of queue instance)
+    # will return a dict with current DNS trace event.
+    event_dict = FETCH_ENGINE.emit()
 
-    if change_monitor_instance.first_cycle:
-        original_name: str = str()
+    return_list = list()
+    if SETTINGS['learning_mode_create_unique_entries_list']:
+        _aggregation_process(event_dict, return_list, print_kwargs)
 
-        # Initialize objects for DNS monitoring.
-        change_monitor_instance.fetch_engine = DnsTrace(
-            enable_process_poller=True, attrs=['name', 'cmdline', 'domain', 'query_type'])
+    if SETTINGS['create_alert_statistics'] and SETTINGS['alert_always']:
+        _statistics_process(event_dict, return_list, print_kwargs)
 
-        # Start DNS monitoring.
-        change_monitor_instance.fetch_engine.start()
+    return return_list
 
-        # Change settings for the DiffChecker object.
-        change_monitor_instance.diff_check_list[0].return_first_cycle = True
-        # 'operation_type' is None.
-        if not change_monitor_instance.operation_type:
-            change_monitor_instance.diff_check_list[0].operation_type = 'new_objects'
 
-        # Since the 'operation_type' is 'hit_statistics', we'll set the 'statistics_queue' to the 'statistics_queue' of
-        # the 'diff_check_list[0]'.
-        # if change_monitor_instance.diff_check_list[0].operation_type == 'hit_statistics':
-        #     change_monitor_instance.statistics_queue = change_monitor_instance.diff_check_list[0].statistics_queue
+def _aggregation_process(event_dict: dict, return_list: list, print_kwargs: dict = None):
+    DIFF_CHECKER_AGGREGATION.check_object = [event_dict]
 
-        if change_monitor_instance.generate_input_file_name:
-            original_name = 'known_domains'
-            # Make path for 'input_file_name'.
-            change_monitor_instance.input_file_name = f'{original_name}.json'
+    # Check if 'known_domains' list was updated from previous cycle.
+    result, message = DIFF_CHECKER_AGGREGATION.check_list_of_dicts(
+        sort_by_keys=['cmdline', 'name'], print_kwargs=print_kwargs)
 
-        change_monitor_instance.diff_check_list[0].check_object_display_name = \
-            f'{original_name}|{change_monitor_instance.object_type}'
+    if result:
+        # Check if 'updated' key is in the result. This means that this is a regular cycle.
+        if 'updated' in result:
+            if not result['time_passed']:
+                # Get list of new connections only.
+                # new_connections_only: list = list_of_dicts.get_difference(result['old'], result['updated'])
 
-        # Set the 'check_object' to empty list, since we will append the list of DNS events.
-        change_monitor_instance.diff_check_list[0].check_object = list()
+                for connection in result['updated']:
+                    message = \
+                        f"[Learning] New Domain Added: {connection['name']} | " \
+                        f"{connection['domain']} | {connection['query_type']} | " \
+                        f"{connection['cmdline']}"
+                    print_api(message, color='yellow', **(print_kwargs or {}))
 
-        # Set the input file path.
-        change_monitor_instance._set_input_file_path()
+                    return_list.append(message)
 
-    return_list = list()
+        # Check if learning time passed, so we can alert the new entries.
+        if 'time_passed' in result:
+            if result['time_passed']:
+                _statistics_process(result['updated'], return_list, print_kwargs)
 
-    # 'emit()' method is blocking (it uses 'get' of queue instance)
-    # will return a dict with current DNS trace event.
-    event_dict = change_monitor_instance.fetch_engine.emit()
-
-    # If 'disable_diff_check' is True, we'll return the event_dict as is.
-    # if change_monitor_instance.disable_diff_check:
-    #     return_list.append(event_dict)
-    #
-    #     message = \
-    #         (f"Current domain: {event_dict['name']} | {event_dict['domain']} | {event_dict['query_type']} | "
-    #          f"{event_dict['cmdline']}")
-    #     print_api(message, color='yellow', **print_kwargs)
-    #
-    #     return return_list
-    # else:
-    change_monitor_instance.diff_check_list[0].check_object = [event_dict]
-
-    # if event_dict not in change_monitor_instance.diff_check_list[0].check_object:
-    #     change_monitor_instance.diff_check_list[0].check_object.append(event_dict)
-    #
-    # # Sort list of dicts by process name and then by process cmdline.
-    # change_monitor_instance.diff_check_list[0].check_object = list_of_dicts.sort_by_keys(
-    #     change_monitor_instance.diff_check_list[0].check_object, ['cmdline', 'name'], case_insensitive=True)
+
+def _statistics_process(event_dict: dict, return_list: list, print_kwargs: dict = None):
+    DIFF_CHECKER_STATISTICS.check_object = [event_dict]
 
     # Check if 'known_domains' list was updated from previous cycle.
-    result, message = change_monitor_instance.diff_check_list[0].check_list_of_dicts(
+    result, message = DIFF_CHECKER_STATISTICS.check_list_of_dicts(
         sort_by_keys=['cmdline', 'name'], print_kwargs=print_kwargs)
 
     if result:
-        # Check if 'updated' key is in the result. THis means that this is a regular cycle.
-        if 'updated' in result:
-            # Get list of new connections only.
-            # new_connections_only: list = list_of_dicts.get_difference(result['old'], result['updated'])
-
-            for connection in result['updated']:
-                message = \
-                    f"New domain: {connection['name']} | " \
-                    f"{connection['domain']} | {connection['query_type']} | " \
-                    f"{connection['cmdline']}"
-                print_api(message, color='yellow', **print_kwargs)
-
-                return_list.append(message)
-        # Check if 'count' key is in the result. This means that this a statistics cycle.
-        elif 'count' in result:
-            message = f"Current domain: {result['entry']} | Times hit: {result['count']}"
-            print_api(message, color='yellow', **print_kwargs)
-
-            return_list.append(message)
-        elif 'count' not in result and 'entry' in result:
-            message = f"Current domain: {result['entry']}"
-            print_api(message, color='yellow', **print_kwargs)
+        if 'count' in result:
+            message = f"[Alert] DNS Request: {result['entry']} | Times hit: {result['count']}"
+            print_api(message, color='yellow', **(print_kwargs or {}))
 
             return_list.append(message)
-
-    return return_list

atomicshop/monitor/checks/hash.py

@@ -2,11 +2,29 @@ from ...print_api import print_api
 from .hash_checks import file, url
 
 
-def _execute_cycle(change_monitor_instance, print_kwargs: dict = None):
+def setup_check(change_monitor_instance):
+    # if store_original_object and not (input_directory or input_file_path):
+    #     raise ValueError(
+    #         'ERROR: if [store_original_object] is True, either '
+    #         '[input_directory] or [input_file_path] must be specified .')
+
+
+    change_monitor_instance.set_input_file_path()
+
+    change_monitor_instance.diff_checker.operation_type = 'single_object'
+
+    if change_monitor_instance.object_type == 'file':
+        file.setup_check(change_monitor_instance, change_monitor_instance.check_object)
+    elif 'url_' in change_monitor_instance.object_type:
+        url.setup_check(change_monitor_instance, change_monitor_instance.check_object)
+
+
+def execute_cycle(change_monitor_instance, print_kwargs: dict = None):
     """
     This function executes the cycle of the change monitor: hash.
 
     :param change_monitor_instance: Instance of the ChangeMonitor class.
+    :param print_kwargs: print_api kwargs.
 
     :return: List of dictionaries with the results of the cycle.
     """
@@ -15,32 +33,25 @@ def _execute_cycle(change_monitor_instance, print_kwargs: dict = None):
         print_kwargs = dict()
 
     return_list = list()
-    # Loop through all the objects to check.
-    for check_object_index, check_object in enumerate(change_monitor_instance.check_object_list):
-        if change_monitor_instance.object_type == 'file':
-            # Get the hash of the object.
-            file.get_hash(change_monitor_instance, check_object_index, check_object, print_kwargs=print_kwargs)
-        elif 'url_' in change_monitor_instance.object_type:
-            # Get the hash of the object.
-            url.get_hash(change_monitor_instance, check_object_index, check_object, print_kwargs=print_kwargs)
-
-        if change_monitor_instance.first_cycle:
-            # Set the input file path.
-            change_monitor_instance._set_input_file_path(check_object_index=check_object_index)
-
-        change_monitor_instance.diff_check_list[check_object_index].operation_type = 'single_object'
-
-        # Check if the object was updated.
-        result, message = change_monitor_instance.diff_check_list[check_object_index].check_string(
-            print_kwargs=print_kwargs)
-
-        # If the object was updated, print the message in yellow color, otherwise print in green color.
-        if result:
-            print_api(message, color='yellow', **print_kwargs)
-            # create_message_file(message, self.__class__.__name__, logger=self.logger)
-
-            return_list.append(message)
-        else:
-            print_api(message, color='green', **print_kwargs)
+
+    if change_monitor_instance.object_type == 'file':
+        # Get the hash of the object.
+        file.get_hash(change_monitor_instance, change_monitor_instance.check_object, print_kwargs=print_kwargs)
+    elif 'url_' in change_monitor_instance.object_type:
+        # Get the hash of the object.
+        url.get_hash(change_monitor_instance, change_monitor_instance.check_object, print_kwargs=print_kwargs)
+
+    # Check if the object was updated.
+    result, message = change_monitor_instance.diff_checker.check_string(
+        print_kwargs=print_kwargs)
+
+    # If the object was updated, print the message in yellow color, otherwise print in green color.
+    if result:
+        print_api(message, color='yellow', **print_kwargs)
+        # create_message_file(message, self.__class__.__name__, logger=self.logger)
+
+        return_list.append(message)
+    else:
+        print_api(message, color='green', **print_kwargs)
 
     return return_list

atomicshop/monitor/checks/hash_checks/file.py

@@ -1,48 +1,47 @@
 from .... import filesystem, hashing
 
 
-def get_hash(change_monitor_instance, check_object_index: int, check_object: str, print_kwargs: dict = None):
-    """
-    The function will get the hash of the URL content.
+def setup_check(change_monitor_instance, check_object: str):
+    original_name: str = str()
 
-    :param change_monitor_instance: Instance of the ChangeMonitor class.
-    :param check_object_index: integer, index of the object in the 'check_object_list' list.
-    :param check_object: string, full URL to a web page.
-    :param print_kwargs: dict, that contains all the arguments for 'print_api' function.
-    """
+    # If 'generate_input_file_name' is True, or 'store_original_object' is True, we need to create a
+    # filename without extension.
+    if change_monitor_instance.store_original_object or change_monitor_instance.generate_input_file_name:
+        # Get the last directory from the url.
+        original_name = filesystem.get_file_name(check_object)
+        # Make characters lower case.
+        original_name = original_name.lower()
 
-    # If this is the first cycle, we need to set several things.
-    if change_monitor_instance.first_cycle:
-        original_name: str = str()
+    # If 'store_original_object' is True, then we need to create a filepath to store.
+    if change_monitor_instance.original_object_directory:
+        # Add extension to the file name.
+        original_file_name = original_name
 
-        # If 'generate_input_file_name' is True, or 'store_original_object' is True, we need to create a
-        # filename without extension.
-        if change_monitor_instance.store_original_object or change_monitor_instance.generate_input_file_name:
-            # Get the last directory from the url.
-            original_name = filesystem.get_file_name(check_object)
-            # Make characters lower case.
-            original_name = original_name.lower()
+        # Make path for original object.
+        change_monitor_instance.original_object_file_path = filesystem.add_object_to_path(
+            change_monitor_instance.original_object_directory, original_file_name)
 
-        # If 'store_original_object' is True, then we need to create a filepath to store.
-        if change_monitor_instance.original_object_directory:
-            # Add extension to the file name.
-            original_file_name = original_name
+    if change_monitor_instance.generate_input_file_name:
+        # Remove dots from the file name.
+        original_name_no_dots = original_name.replace('.', '-')
+        # Make path for 'input_file_name'.
+        change_monitor_instance.input_file_name = f'{original_name_no_dots}.txt'
 
-            # Make path for original object.
-            change_monitor_instance.original_object_file_path = filesystem.add_object_to_path(
-                change_monitor_instance.original_object_directory, original_file_name)
+    # Change settings for the DiffChecker object.
+    change_monitor_instance.diff_checker.return_first_cycle = False
 
-        if change_monitor_instance.generate_input_file_name:
-            # Remove dots from the file name.
-            original_name_no_dots = original_name.replace('.', '-')
-            # Make path for 'input_file_name'.
-            change_monitor_instance.input_file_name = f'{original_name_no_dots}.txt'
+    change_monitor_instance.diff_checker.check_object_display_name = \
+        f'{original_name}|{change_monitor_instance.object_type}'
 
-        # Change settings for the DiffChecker object.
-        change_monitor_instance.diff_check_list[check_object_index].return_first_cycle = False
 
-        change_monitor_instance.diff_check_list[check_object_index].check_object_display_name = \
-            f'{original_name}|{change_monitor_instance.object_type}'
+def get_hash(change_monitor_instance, check_object: str, print_kwargs: dict = None):
+    """
+    The function will get the hash of the URL content.
+
+    :param change_monitor_instance: Instance of the ChangeMonitor class.
+    :param check_object: string, full URL to a web page.
+    :param print_kwargs: dict, that contains all the arguments for 'print_api' function.
+    """
 
     # Copy the file to the original object directory.
     if change_monitor_instance.original_object_file_path:
@@ -52,4 +51,4 @@ def get_hash(change_monitor_instance, check_object_index: int, check_object: str
     hash_string = hashing.hash_file(check_object)
 
     # Set the hash string to the 'check_object' variable.
-    change_monitor_instance.diff_check_list[check_object_index].check_object = hash_string
+    change_monitor_instance.diff_checker.check_object = hash_string

atomicshop/monitor/checks/hash_checks/url.py

@@ -1,54 +1,56 @@
 from .... import filesystem, hashing, urls
 
 
-def get_hash(change_monitor_instance, check_object_index: int, check_object: str, print_kwargs: dict = None):
+def setup_check(change_monitor_instance, check_object: str):
+    # Extract the method name from the object type.
+    get_method = change_monitor_instance.object_type.split('_', 1)[1]
+
+    original_name: str = str()
+
+    # If 'generate_input_file_name' is True, or 'store_original_object' is True, we need to create a
+    # filename without extension.
+    if change_monitor_instance.store_original_object or change_monitor_instance.generate_input_file_name:
+        # Get the last directory from the url.
+        original_name = urls.url_parser(check_object)['directories'][-1]
+        # Make characters lower case.
+        original_name = original_name.lower()
+
+    # If 'store_original_object' is True, then we need to create a filepath to store.
+    extension = None
+    if change_monitor_instance.original_object_directory:
+        # Add extension to the file name.
+        if 'playwright' in get_method:
+            extension = get_method.split('_')[1]
+        elif get_method == 'urllib':
+            extension = 'html'
+        original_file_name = f'{original_name}.{extension}'
+
+        # Make path for original object.
+        change_monitor_instance.original_object_file_path = filesystem.add_object_to_path(
+            change_monitor_instance.original_object_directory, original_file_name)
+
+    if change_monitor_instance.generate_input_file_name:
+        # Make path for 'input_file_name'.
+        change_monitor_instance.input_file_name = f'{original_name}.txt'
+
+    # Change settings for the DiffChecker object.
+    change_monitor_instance.diff_checker.return_first_cycle = False
+
+    change_monitor_instance.diff_checker.check_object_display_name = \
+        f'{original_name}|{change_monitor_instance.object_type}'
+
+
+def get_hash(change_monitor_instance, check_object: str, print_kwargs: dict = None):
     """
     The function will get the hash of the URL content.
 
     :param change_monitor_instance: Instance of the ChangeMonitor class.
-    :param check_object_index: integer, index of the object in the 'check_object_list' list.
     :param check_object: string, full URL to a web page.
     :param print_kwargs: dict, that contains all the arguments for 'print_api' function.
     """
     # Extract the method name from the object type.
     get_method = change_monitor_instance.object_type.split('_', 1)[1]
 
-    # If this is the first cycle, we need to set several things.
-    if change_monitor_instance.first_cycle:
-        original_name: str = str()
-
-        # If 'generate_input_file_name' is True, or 'store_original_object' is True, we need to create a
-        # filename without extension.
-        if change_monitor_instance.store_original_object or change_monitor_instance.generate_input_file_name:
-            # Get the last directory from the url.
-            original_name = urls.url_parser(check_object)['directories'][-1]
-            # Make characters lower case.
-            original_name = original_name.lower()
-
-        # If 'store_original_object' is True, then we need to create a filepath to store.
-        extension = None
-        if change_monitor_instance.original_object_directory:
-            # Add extension to the file name.
-            if 'playwright' in get_method:
-                extension = get_method.split('_')[1]
-            elif get_method == 'urllib':
-                extension = 'html'
-            original_file_name = f'{original_name}.{extension}'
-
-            # Make path for original object.
-            change_monitor_instance.original_object_file_path = filesystem.add_object_to_path(
-                change_monitor_instance.original_object_directory, original_file_name)
-
-        if change_monitor_instance.generate_input_file_name:
-            # Make path for 'input_file_name'.
-            change_monitor_instance.input_file_name = f'{original_name}.txt'
-
-        # Change settings for the DiffChecker object.
-        change_monitor_instance.diff_check_list[check_object_index].return_first_cycle = False
-
-        change_monitor_instance.diff_check_list[check_object_index].check_object_display_name = \
-            f'{original_name}|{change_monitor_instance.object_type}'
-
     # Get hash of the url. The hash will be different between direct hash of the URL content and the
     # hash of the file that was downloaded from the URL. Since the file has headers and other information
     # that is not part of the URL content. The Original downloaded file is for reference only to see
@@ -59,4 +61,4 @@ def get_hash(change_monitor_instance, check_object_index: int, check_object: str
     )
 
     # Set the hash string to the 'check_object' variable.
-    change_monitor_instance.diff_check_list[check_object_index].check_object = hash_string
+    change_monitor_instance.diff_checker.check_object = hash_string

atomicshop/monitor/checks/network.py

@@ -3,11 +3,35 @@ from ...basics import list_of_dicts
 from ...print_api import print_api
 
 
-def _execute_cycle(change_monitor_instance, print_kwargs: dict = None):
+def setup_check(change_monitor_instance):
+    original_name: str = str()
+
+    # Initialize objects for network monitoring.
+    change_monitor_instance.fetch_engine = psutilw.PsutilConnections()
+
+    # Change settings for the DiffChecker object.
+    change_monitor_instance.diff_checker.return_first_cycle = True
+
+    if change_monitor_instance.generate_input_file_name:
+        original_name = 'known_connections'
+        # Make path for 'input_file_name'.
+        change_monitor_instance.input_file_name = f'{original_name}.txt'
+
+    change_monitor_instance.diff_checker.check_object_display_name = \
+        f'{original_name}|{change_monitor_instance.object_type}'
+
+    # Set the 'check_object' to empty list, since we will append the list of DNS events.
+    change_monitor_instance.diff_checker.check_object = list()
+
+    change_monitor_instance.diff_checker.operation_type = 'single_object'
+
+
+def execute_cycle(change_monitor_instance, print_kwargs: dict = None):
     """
     This function executes the cycle of the change monitor: network.
 
     :param change_monitor_instance: Instance of the ChangeMonitor class.
+    :param print_kwargs: print_api kwargs.
 
     :return: List of dictionaries with the results of the cycle.
     """
@@ -22,7 +46,7 @@ def _execute_cycle(change_monitor_instance, print_kwargs: dict = None):
     change_monitor_instance._set_input_file_path()
 
     # Check if 'known_domains' list was updated from previous cycle.
-    result, message = change_monitor_instance.diff_check_list[0].check_list_of_dicts(print_kwargs=print_kwargs)
+    result, message = change_monitor_instance.diff_checker.check_list_of_dicts(print_kwargs=print_kwargs)
 
     if result:
         # Get list of new connections only.
@@ -50,28 +74,6 @@ def _get_list(change_monitor_instance):
     :return: list of dicts, of new network sockets.
     """
 
-    if change_monitor_instance.first_cycle:
-        original_name: str = str()
-
-        # Initialize objects for network monitoring.
-        change_monitor_instance.fetch_engine = psutilw.PsutilConnections()
-
-        # Change settings for the DiffChecker object.
-        change_monitor_instance.diff_check_list[0].return_first_cycle = True
-
-        if change_monitor_instance.generate_input_file_name:
-            original_name = 'known_connections'
-            # Make path for 'input_file_name'.
-            change_monitor_instance.input_file_name = f'{original_name}.txt'
-
-        change_monitor_instance.diff_check_list[0].check_object_display_name = \
-            f'{original_name}|{change_monitor_instance.object_type}'
-
-        # Set the 'check_object' to empty list, since we will append the list of DNS events.
-        change_monitor_instance.diff_check_list[0].check_object = list()
-
-        change_monitor_instance.diff_check_list[0].operation_type = 'single_object'
-
     # Get all connections (list of dicts), including process name and cmdline.
     connections_list_of_dicts: list = \
         change_monitor_instance.fetch_engine.get_connections_with_process_as_list_of_dicts(
@@ -80,10 +82,10 @@ def _get_list(change_monitor_instance):
 
     # Get list of connections that are not in 'known_connections' list.
     missing_connections_from_cycle: list = list_of_dicts.get_difference(
-        change_monitor_instance.diff_check_list[0].check_object, connections_list_of_dicts)
+        change_monitor_instance.diff_checker.check_object, connections_list_of_dicts)
     # Add missing new connections to 'known_connections' list.
-    change_monitor_instance.diff_check_list[0].check_object.extend(missing_connections_from_cycle)
+    change_monitor_instance.diff_checker.check_object.extend(missing_connections_from_cycle)
 
     # Sort list of dicts by process name and then by process cmdline.
-    change_monitor_instance.diff_check_list[0].check_object = list_of_dicts.sort_by_keys(
-        change_monitor_instance.diff_check_list[0].check_object, key_list=['cmdline', 'name'], case_insensitive=True)
+    change_monitor_instance.diff_checker.check_object = list_of_dicts.sort_by_keys(
+        change_monitor_instance.diff_checker.check_object, key_list=['cmdline', 'name'], case_insensitive=True)

atomicshop/monitor/checks/process_running.py

@@ -3,12 +3,16 @@ from ...basics import list_of_dicts
 from ...print_api import print_api
 
 
-def _execute_cycle(change_monitor_instance, print_kwargs: dict = None):
+def setup_check(change_monitor_instance):
+    change_monitor_instance.fetch_engine = psutilw.PsutilProcesses()
+
+
+def execute_cycle(change_monitor_instance, print_kwargs: dict = None):
     """
     This function executes the cycle of the change monitor: process_running.
 
     :param change_monitor_instance: Instance of the ChangeMonitor class.
-
+    :param print_kwargs: Dictionary with the print arguments.
     :return: List of dictionaries with the results of the cycle.
     """
 
@@ -19,7 +23,7 @@ def _execute_cycle(change_monitor_instance, print_kwargs: dict = None):
 
     processes = _get_list(change_monitor_instance)
 
-    for process_name in change_monitor_instance.check_object_list:
+    for process_name in change_monitor_instance.check_object:
         result = list_of_dicts.is_value_exist_in_key(processes, 'cmdline', process_name, value_case_insensitive=True)
 
         # If the process name was found in the list of currently running processes.
@@ -45,9 +49,5 @@ def _get_list(change_monitor_instance):
     :return: list of dicts, of new network sockets.
     """
 
-    if change_monitor_instance.first_cycle:
-        # Initialize objects for network monitoring.
-        change_monitor_instance.fetch_engine = psutilw.PsutilProcesses()
-
     return change_monitor_instance.fetch_engine.get_processes_as_list_of_dicts(
         default_keys=True, cmdline_to_string=True)