Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
HORSE
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Iulisloi Zacarias
HORSE
Commits
2a4c7085
Commit
2a4c7085
authored
1 year ago
by
Chukwuemeka Michael Muonagor
Browse files
Options
Downloads
Patches
Plain Diff
Upload New File
parent
0622123c
Loading
Loading
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
app/whatif_loop.py
+103
-0
103 additions, 0 deletions
app/whatif_loop.py
with
103 additions
and
0 deletions
app/whatif_loop.py
0 → 100644
+
103
−
0
View file @
2a4c7085
from
elasticsearch
import
Elasticsearch
import
send_workflows
import
time
import
random
import
string
import
pandas
as
pd
import
delete_intents_elasticsearch
import
yaml
def
whatif_send_fun
(
policy_dict
,
whatif_send_url
):
sent_whatif
=
[]
# empty dict containing the elements of the what-if question which are the matched policy attributes
whatif_question
=
{}
id_digits
=
9
whatif_id
=
''
.
join
(
random
.
choices
(
string
.
ascii_uppercase
+
string
.
digits
,
k
=
id_digits
))
print
(
'
intent type is prevention, sending what-if question
'
)
whatif_question
[
'
command
'
]
=
'
send_what_if
'
whatif_question
[
'
intent_type
'
]
=
policy_dict
[
'
intent_type
'
]
whatif_question
[
'
threat
'
]
=
policy_dict
[
'
threat
'
]
whatif_question
[
'
host
'
]
=
policy_dict
[
'
host
'
]
whatif_question
[
'
action
'
]
=
policy_dict
[
'
action
'
]
whatif_question
[
'
duration
'
]
=
str
(
policy_dict
[
'
duration
'
])
whatif_question
[
'
id
'
]
=
whatif_id
#print('what if question: ', whatif_question)
l
=
len
(
sent_whatif
)
if
l
!=
0
and
whatif_question
!=
sent_whatif
[
l
-
1
]:
sent_whatif
.
append
(
whatif_question
)
# send what-if question to the what_if_send_url
send_workflows
.
send_workflow_fun
(
whatif_send_url
,
whatif_question
)
elif
l
==
0
:
sent_whatif
.
append
(
whatif_question
)
# send what-if question to the what_if_send_url
send_workflows
.
send_workflow_fun
(
whatif_send_url
,
whatif_question
)
return
whatif_question
#the function runs through the awaiting intents elasticsearch index every 60 secs
#and sends what-if questions to the SAN for the hosts in the awaiting intents index
def
whatif_loop_fun
(
es
,
whatif_send_url
):
print
(
'
entered whatif loop
'
)
while
True
:
intent_index
=
es
.
exists
(
index
=
"
awaiting_intents
"
,
id
=
1
)
if
intent_index
==
True
:
resp1
=
es
.
search
(
index
=
"
awaiting_intents
"
,
size
=
100
,
query
=
{
"
match_all
"
:
{}})
id_arr
=
[]
source_arr
=
[]
for
hit
in
resp1
[
'
hits
'
][
'
hits
'
]:
id_arr
.
append
(
hit
[
"
_id
"
])
source_arr
.
append
(
hit
[
"
_source
"
])
for
source
,
id
in
zip
(
source_arr
,
id_arr
):
whatif_question
=
source
whatif_question
[
'
command
'
]
=
'
send_what_if
'
send_workflows
.
send_workflow_fun
(
whatif_send_url
,
whatif_question
)
time
.
sleep
(
60
)
#when a what-if answer is received from the SAN
#the IBI proceed with the intent if the response from the SAN is not acceptable
def
whatif_receive_fun
(
whatif_receive
,
ip
):
import
policy_configurator
with
open
(
'
/code/app/config.yml
'
)
as
f
:
parameters
=
yaml
.
safe_load
(
f
)
port
=
parameters
[
'
port
'
]
elastic_host
=
parameters
[
'
elasticsearch_ip
'
]
elastic_port
=
parameters
[
'
elasticsearch_port
'
]
#workflow_url = "http://" + ip + ":" + port + parameters['to_send_workflow']
workflow_url
=
parameters
[
'
rtr_api_url
'
]
stored_intents_url
=
"
http://
"
+
ip
+
"
:
"
+
port
+
parameters
[
'
to_view_or_delete_intents
'
]
elasticsearch_url
=
"
http://
"
+
elastic_host
+
"
:
"
+
elastic_port
es
=
Elasticsearch
(
elasticsearch_url
)
whatif_answer
=
{}
if
whatif_receive
.
what_if_response
==
'
ok
'
:
print
(
'
proceeding with intent
'
)
whatif_answer
[
'
command
'
]
=
'
add
'
whatif_answer
[
'
intent_type
'
]
=
whatif_receive
.
intent_type
whatif_answer
[
'
threat
'
]
=
whatif_receive
.
threat
whatif_answer
[
'
host
'
]
=
whatif_receive
.
host
whatif_answer
[
'
action
'
]
=
whatif_receive
.
action
whatif_answer
[
'
duration
'
]
=
whatif_receive
.
duration
whatif_answer
[
'
id
'
]
=
whatif_receive
.
id
whatif_answer
[
'
what_if_response
'
]
=
whatif_receive
.
what_if_response
df_policy
=
pd
.
read_csv
(
'
/code/app/policy_store.csv
'
)
for
ind
in
df_policy
.
index
:
if
df_policy
[
'
action
'
][
ind
]
==
whatif_answer
[
'
action
'
]:
whatif_answer
[
'
priority
'
]
=
df_policy
[
'
priority
'
][
ind
]
policy_configurator
.
policy_configurator_fun_2
(
workflow_url
,
stored_intents_url
,
elasticsearch_url
,
whatif_answer
)
else
:
print
(
'
not proceeding with intent
'
)
resp
=
es
.
search
(
index
=
"
awaiting_intents
"
,
size
=
100
,
query
=
{
"
match_all
"
:
{}})
for
ind
in
range
(
len
(
resp
[
'
hits
'
][
'
hits
'
])):
hit1
=
resp
[
'
hits
'
][
'
hits
'
][
ind
][
'
_source
'
]
#print('hit1 for awaiting intents: ', hit1)
if
hit1
[
'
intent_type
'
]
==
whatif_answer
[
'
intent_type
'
]
and
hit1
[
'
threat
'
]
==
whatif_answer
[
'
threat
'
]
and
\
str
(
hit1
[
'
host
'
])
==
str
(
whatif_answer
[
'
host
'
])
and
hit1
[
'
action
'
]
==
whatif_answer
[
'
action
'
]
and
\
str
(
hit1
[
'
duration
'
])
==
str
(
whatif_answer
[
'
duration
'
])
and
hit1
[
'
id
'
]
==
whatif_answer
[
'
id
'
]:
delete_intents_elasticsearch
.
delete_intents_elasticsearch_fun
(
elasticsearch_url
,
resp
[
'
hits
'
][
'
hits
'
][
ind
][
'
_id
'
],
"
awaiting_intents
"
)
#es.delete(index="awaiting_intents", id=hit1['id'])
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment