bool createDB(string databasePrefix, unsigned int expectedMaxNumberOfItems)
{
IntelWeb iw;
if ( ! iw.createNew(databasePrefix, expectedMaxNumberOfItems))
{
cout << "Error: Cannot create database with prefix " << databasePrefix
<< " with " << expectedMaxNumberOfItems << " items expected." << endl;
}
return true;
}
bool crawl(string databasePrefix, string indicatorFile, unsigned int minGoodPrevalence, string resultsFile)
{
if (minGoodPrevalence <= 1)
{
cout << "Error: minGoodPrevalence is " << minGoodPrevalence
<< ", but must be greater than 1" << endl;
return false;
}
IntelWeb iw;
if ( ! iw.openExisting(databasePrefix))
{
cout << "Error: Cannot open existing database with prefix " << databasePrefix << endl;
return false;
}
vector<string> indicators;
if ( ! getLinesFromFile(indicatorFile, indicators))
{
cout << "Error: Cannot open indicators file " << indicatorFile << endl;
return false;
}
if (indicators.empty())
{
cout << "Error: Indicators file " << indicatorFile << " is empty." << endl;
return false;
}
vector<string> badEntitiesFound;
vector<InteractionTuple> badInteractions;
iw.crawl(indicators, minGoodPrevalence, badEntitiesFound, badInteractions);
ofstream resultf(resultsFile);
if ( ! resultf)
{
cout << "Error: Cannot write results file " << resultsFile << endl;
return false;
}
for (auto bad : badEntitiesFound)
resultf << bad << endl;
resultf << endl;
for (const auto& i : badInteractions)
resultf << i.context << ' ' << i.from << ' ' << i.to << endl;
return true;
}
bool ingest(string databasePrefix, string telemetryLogFile)
{
IntelWeb iw;
if ( ! iw.openExisting(databasePrefix))
{
cout << "Error: Cannot open existing database with prefix " << databasePrefix << endl;
return false;
}
if ( ! iw.ingest(telemetryLogFile))
{
cout << "Error: Ingesting telemetry data from " << telemetryLogFile << " failed." << endl;
return false;
}
return true;
}
bool purge(string databasePrefix, string purgeFile)
{
IntelWeb iw;
if ( ! iw.openExisting(databasePrefix))
{
cout << "Error: Cannot open existing database with prefix " << databasePrefix << endl;
return false;
}
vector<string> purgeList;
if ( ! getLinesFromFile(purgeFile, purgeList))
{
cout << "Error: Cannot open purge file " << purgeFile << endl;
return false;
}
for (auto itemToPurge : purgeList)
iw.purge(itemToPurge);
return true;
}
int main() {
//DiskMultiMap x;
//
//x.createNew("myhashtable.dat", 100);
//x.insert("hmm.exe", "pfft.exe", "m52902");
//x.insert("hmm.exe", "pfft.exe", "m52902");
//x.insert("hmm.exe", "pfft.exe", "m10001");
//x.insert("blah.exe", "bletch.exe", "m0003");
//DiskMultiMap::Iterator it = x.search("hmm.exe");
//if (it.isValid()) {
// cout << "I found at least 1 item with a key of hmm.exe" << endl;
// do
// {
// MultiMapTuple m = *it;
// cout << "The key is: " << m.key << endl;
// cout << "The value is: " << m.value << endl;
// cout << "The context is: " << m.context << endl;
// cout << endl;
// ++it;
// } while (it.isValid());
//}
//it = x.search("goober .exe");
//if (!it.isValid())
// cout << "I couldn't find goober.exe" << endl;
//if (x.erase("hmm.exe", "pfft.exe", "m52902") == 2)
// std::cout << "Just erased 2 items from the table!" << std::endl;
//if (x.erase("hmm.exe", "pfft.exe", "m10001") == 1)
// std::cout << "Just erased 1 item from the table!" << std::endl;
//if (x.erase("blah.exe", "bletch.exe", "m66666") == 0)
// std::cout << "I didn't erase this item cause it wasn't there!" << std::endl;
//x.insert("hmm.exe", "pfft.exe", "m52902");
//x.insert("hmm.exe", "pfft.exe", "m52902");
//x.insert("hmm.exe", "pfft.exe", "m10001");
//x.insert("blah.exe", "bletch.exe", "m0003");
//x.close();
//if (x.openExisting("myhashtable.dat"))
// std::cout << "Opening my hash table..." << std::endl;
//if (x.erase("hmm.exe", "pfft.exe", "m52902") == 2)
// std::cout << "Just erased 2 items from the table!" << std::endl;
//if (x.erase("hmm.exe", "pfft.exe", "m10001") == 1)
// std::cout << "Just erased 1 item from the table!" << std::endl;
//if (x.erase("blah.exe", "bletch.exe", "m66666") == 0)
// std::cout << "I didn't erase this item cause it wasn't there!" << std::endl;
//if (x.erase("hmm.exe", "pfft.exe", "m52902") == 0)
// std::cout << "I didn't erase this item cause it wasn't there!" << std::endl;
IntelWeb x;
if (x.createNew("mydata", 10000))
cout << "Created mydata" << endl;
x.ingest("Jan-tel.dat");
x.ingest("Feb-tel.dat");
x.close();
IntelWeb y;
if (y.openExisting("mydata"))
cout << "Opened mydata" << endl;
y.ingest("Mar-tel.dat");
y.ingest("Apr-tel.dat");
y.close();
return 0;
}