Beispiel #1
0
bool crawl(string databasePrefix, string indicatorFile, unsigned int minGoodPrevalence, string resultsFile)
{
    if (minGoodPrevalence <= 1)
    {
        cout << "Error: minGoodPrevalence is " << minGoodPrevalence
        << ", but must be greater than 1" << endl;
        return false;
    }
    IntelWeb iw;
    if ( ! iw.openExisting(databasePrefix))
    {
        cout << "Error: Cannot open existing database with prefix " << databasePrefix << endl;
        return false;
    }
    
    vector<string> indicators;
    if ( ! getLinesFromFile(indicatorFile, indicators))
    {
        cout << "Error: Cannot open indicators file " << indicatorFile << endl;
        return false;
    }
    if (indicators.empty())
    {
        cout << "Error: Indicators file " << indicatorFile << " is empty." << endl;
        return false;
    }
    
    vector<string> badEntitiesFound;
    vector<InteractionTuple> badInteractions;
    
    iw.crawl(indicators, minGoodPrevalence, badEntitiesFound, badInteractions);
    
    ofstream resultf(resultsFile);
    if ( ! resultf)
    {
        cout << "Error: Cannot write results file " << resultsFile << endl;
        return false;
    }
    
    for (auto bad : badEntitiesFound)
        resultf << bad << endl;
    
    resultf << endl;
    
    for (const auto& i : badInteractions)
        resultf << i.context << ' ' << i.from << ' ' << i.to << endl;
    
    return true;
}
Beispiel #2
0
bool ingest(string databasePrefix, string telemetryLogFile)
{
    IntelWeb iw;
    if ( ! iw.openExisting(databasePrefix))
    {
        cout << "Error: Cannot open existing database with prefix " << databasePrefix << endl;
        return false;
    }
    if ( ! iw.ingest(telemetryLogFile))
    {
        cout << "Error: Ingesting telemetry data from " << telemetryLogFile << " failed." << endl;
        return false;
    }
    return true;
}
Beispiel #3
0
bool purge(string databasePrefix, string purgeFile)
{
    IntelWeb iw;
    if ( ! iw.openExisting(databasePrefix))
    {
        cout << "Error: Cannot open existing database with prefix " << databasePrefix << endl;
        return false;
    }
    
    vector<string> purgeList;
    
    if ( ! getLinesFromFile(purgeFile, purgeList))
    {
        cout << "Error: Cannot open purge file " << purgeFile << endl;
        return false;
    }
    
    for (auto itemToPurge : purgeList)
        iw.purge(itemToPurge);
    return true;
}
Beispiel #4
0
int main() {
	//DiskMultiMap x;
	//
	//x.createNew("myhashtable.dat", 100);

	//x.insert("hmm.exe", "pfft.exe", "m52902");
	//x.insert("hmm.exe", "pfft.exe", "m52902");
	//x.insert("hmm.exe", "pfft.exe", "m10001");
	//x.insert("blah.exe", "bletch.exe", "m0003");

	//DiskMultiMap::Iterator it = x.search("hmm.exe");
	//if (it.isValid()) {
	//	cout << "I found at least 1 item with a key of hmm.exe" << endl;
	//	do
	//	{
	//		MultiMapTuple m = *it;
	//		cout << "The key is: " << m.key << endl;
	//		cout << "The value is: " << m.value << endl;
	//		cout << "The context is: " << m.context << endl;
	//		cout << endl;
	//		++it;
	//	} while (it.isValid());
	//}

	//it = x.search("goober .exe");
	//if (!it.isValid())
	//	cout << "I couldn't find goober.exe" << endl;

	//if (x.erase("hmm.exe", "pfft.exe", "m52902") == 2)
	//	std::cout << "Just erased 2 items from the table!" << std::endl;

	//if (x.erase("hmm.exe", "pfft.exe", "m10001") == 1)
	//	std::cout << "Just erased 1 item from the table!" << std::endl;

	//if (x.erase("blah.exe", "bletch.exe", "m66666") == 0)
	//	std::cout << "I didn't erase this item cause it wasn't there!" << std::endl;

	//x.insert("hmm.exe", "pfft.exe", "m52902");
	//x.insert("hmm.exe", "pfft.exe", "m52902");
	//x.insert("hmm.exe", "pfft.exe", "m10001");
	//x.insert("blah.exe", "bletch.exe", "m0003");

	//x.close();

	//if (x.openExisting("myhashtable.dat"))
	//	std::cout << "Opening my hash table..." << std::endl;

	//if (x.erase("hmm.exe", "pfft.exe", "m52902") == 2)
	//	std::cout << "Just erased 2 items from the table!" << std::endl;

	//if (x.erase("hmm.exe", "pfft.exe", "m10001") == 1)
	//	std::cout << "Just erased 1 item from the table!" << std::endl;

	//if (x.erase("blah.exe", "bletch.exe", "m66666") == 0)
	//	std::cout << "I didn't erase this item cause it wasn't there!" << std::endl;

	//if (x.erase("hmm.exe", "pfft.exe", "m52902") == 0)
	//	std::cout << "I didn't erase this item cause it wasn't there!" << std::endl;


	IntelWeb x;

	if (x.createNew("mydata", 10000))
		cout << "Created mydata" << endl;
	x.ingest("Jan-tel.dat");
	x.ingest("Feb-tel.dat");
	x.close();

	IntelWeb y;

	if (y.openExisting("mydata"))
		cout << "Opened mydata" << endl;
	y.ingest("Mar-tel.dat");
	y.ingest("Apr-tel.dat");
	y.close();

	return 0;
}