csle_collector.snort_ids_manager package

Subpackages

Submodules

csle_collector.snort_ids_manager.query_snort_ids_manager module

csle_collector.snort_ids_manager.query_snort_ids_manager.get_snort_ids_alerts(stub: csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc.SnortIdsManagerStub, timestamp: float, log_file_path: str, timeout=60) → snort_ids_manager_pb2.SnortIdsLogDTO[source]

Queries the IDS manager for the data of the IDS log from a given time-step

Parameters

stub – the stub to send the remote gRPC to the server
timestamp – the timtestamp to parse the log from
log_file_path – path to the IDS log file to read
timeout – the GRPC timeout (seconds)

Returns

an IdsLogDTO with data of the IDS log

csle_collector.snort_ids_manager.query_snort_ids_manager.get_snort_ids_monitor_status(stub: csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc.SnortIdsManagerStub, timeout=60) → snort_ids_manager_pb2.SnortIdsMonitorDTO[source]

Queries the IDS manager for the status of the IDS monitor thread

Parameters

stub – the stub to send the remote gRPC to the server
timeout – the GRPC timeout (seconds)

Returns

an IdsMonitorDTO describing the status of the IDS monitor thread

csle_collector.snort_ids_manager.query_snort_ids_manager.start_snort_ids(stub: csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc.SnortIdsManagerStub, ingress_interface: str, egress_interface: str, subnetmask: str, timeout=60) → snort_ids_manager_pb2.SnortIdsMonitorDTO[source]

Sends a request to the IDS manager to start the Snort IDS

Parameters

stub – the stub to send the remote gRPC to the server
timeout – the GRPC timeout (seconds)
ingress_interface – the ingress interface that Snort will listen to
egress_interface – the egress interface that Snort will listen to
subnetmask – the subnetmask that Snort will listen to

Returns

an IdsMonitorDTO describing the status of the IDS and its monitor thread

csle_collector.snort_ids_manager.query_snort_ids_manager.start_snort_ids_monitor(stub: csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc.SnortIdsManagerStub, kafka_ip: str, kafka_port: int, log_file_path: str, time_step_len_seconds: int, timeout=60) → snort_ids_manager_pb2.SnortIdsMonitorDTO[source]

Sends a request to the IDS manager to start the IDS monitor thread

Parameters

kafka_ip – the ip of the Kafka server
kafka_port – the port of the Kafka server
log_file_path – the path top the IDS log
time_step_len_seconds – the length of one time-step
stub – the stub to send the remote gRPC to the server
timeout – the GRPC timeout (seconds)

Returns

an IdsMonitorDTO describing the status of the IDS monitor thread

csle_collector.snort_ids_manager.query_snort_ids_manager.stop_snort_ids(stub: csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc.SnortIdsManagerStub, timeout=60) → snort_ids_manager_pb2.SnortIdsMonitorDTO[source]

Sends a request to the IDS manager to stop the Snort IDS

Parameters

stub – the stub to send the remote gRPC to the server
timeout – the GRPC timeout (seconds)

Returns

an IdsMonitorDTO describing the status of the IDS and its monitor thread

csle_collector.snort_ids_manager.query_snort_ids_manager.stop_snort_ids_monitor(stub: csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc.SnortIdsManagerStub, timeout=60) → snort_ids_manager_pb2.SnortIdsMonitorDTO[source]

Sends a request to the IDS manager to stop the IDS monitor thread

Parameters

stub – the stub to send the remote gRPC to the server
timeout – the GRPC timeout (seconds)

Returns

an IdsMonitorDTO describing the status of the IDS monitor thread

csle_collector.snort_ids_manager.snort_ids_manager module

class csle_collector.snort_ids_manager.snort_ids_manager.SnortIdsManagerServicer[source]

Bases: csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc.SnortIdsManagerServicer

gRPC server for collecting Snort IDS statistics.

getSnortIdsAlerts(request: snort_ids_manager_pb2.GetSnortIdsAlertsMsg, context: grpc.ServicerContext) → snort_ids_manager_pb2.SnortIdsLogDTO[source]

Gets the statistics of the IDS log from a given timestamp

Parameters

request – the gRPC request
context – the gRPC context

Returns

a DTO with IDS statistics

getSnortIdsMonitorStatus(request: snort_ids_manager_pb2.GetSnortIdsMonitorStatusMsg, context: grpc.ServicerContext) → snort_ids_manager_pb2.SnortIdsMonitorDTO[source]

Gets the status of the Snort IDS Monitor thread

Parameters

request – the gRPC request
context – the gRPC context

Returns

a DTO with the status of the IDS monitor

startSnortIds(request: snort_ids_manager_pb2.StartSnortIdsMsg, context: grpc.ServicerContext) → snort_ids_manager_pb2.SnortIdsMonitorDTO[source]

Starts the Snort IDS

Parameters

request – the gRPC request
context – the gRPC context

Returns

a DTO with the status of the IDS and its monitor thread

startSnortIdsMonitor(request: snort_ids_manager_pb2.StartSnortIdsMonitorMsg, context: grpc.ServicerContext) → snort_ids_manager_pb2.SnortIdsMonitorDTO[source]

Starts the Snort IDS monitor thread

Parameters

request – the gRPC request
context – the gRPC context

Returns

a DTO with the status of the IDS monitor thread

stopSnortIds(request: snort_ids_manager_pb2.StartSnortIdsMsg, context: grpc.ServicerContext) → snort_ids_manager_pb2.SnortIdsMonitorDTO[source]

Stops the Snort IDS

Parameters

request – the gRPC request
context – the gRPC context

Returns

a DTO with the status of the IDS and its monitor thread

stopSnortIdsMonitor(request: snort_ids_manager_pb2.StopSnortIdsMonitorMsg, context: grpc.ServicerContext) → snort_ids_manager_pb2.SnortIdsMonitorDTO[source]

Stops the Snort IDS monitor thread if it is running

Parameters

request – the gRPC request
context – the gRPC context

Returns

a DTO with the status of the IDS monitor thread

csle_collector.snort_ids_manager.snort_ids_manager.serve(port: int = 50048, log_dir: str = '/', max_workers: int = 10, log_file_name: str = 'snort_ids_manager.log') → None[source]

Starts the gRPC server for managing clients

Parameters

port – the port that the server will listen to
log_dir – the directory to write the log file
log_file_name – the file name of the log
max_workers – the maximum number of GRPC workers

Returns

None

csle_collector.snort_ids_manager.snort_ids_manager_pb2 module

Generated protocol buffer code.

csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc module

Client and server classes corresponding to protobuf-defined services.

class csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc.SnortIdsManager[source]

Bases: object

Interface exported by the server

static getSnortIdsAlerts(request, target, options=(), channel_credentials=None, call_credentials=None, insecure=False, compression=None, wait_for_ready=None, timeout=None, metadata=None)[source]

static getSnortIdsMonitorStatus(request, target, options=(), channel_credentials=None, call_credentials=None, insecure=False, compression=None, wait_for_ready=None, timeout=None, metadata=None)[source]

static startSnortIds(request, target, options=(), channel_credentials=None, call_credentials=None, insecure=False, compression=None, wait_for_ready=None, timeout=None, metadata=None)[source]

static startSnortIdsMonitor(request, target, options=(), channel_credentials=None, call_credentials=None, insecure=False, compression=None, wait_for_ready=None, timeout=None, metadata=None)[source]

static stopSnortIds(request, target, options=(), channel_credentials=None, call_credentials=None, insecure=False, compression=None, wait_for_ready=None, timeout=None, metadata=None)[source]

static stopSnortIdsMonitor(request, target, options=(), channel_credentials=None, call_credentials=None, insecure=False, compression=None, wait_for_ready=None, timeout=None, metadata=None)[source]

class csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc.SnortIdsManagerServicer[source]

Bases: object

Interface exported by the server

getSnortIdsAlerts(request, context)[source]: Missing associated documentation comment in .proto file.

getSnortIdsMonitorStatus(request, context)[source]: Missing associated documentation comment in .proto file.

startSnortIds(request, context)[source]: Missing associated documentation comment in .proto file.

startSnortIdsMonitor(request, context)[source]: Missing associated documentation comment in .proto file.

stopSnortIds(request, context)[source]: Missing associated documentation comment in .proto file.

stopSnortIdsMonitor(request, context)[source]: Missing associated documentation comment in .proto file.

class csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc.SnortIdsManagerStub(channel)[source]

Bases: object

Interface exported by the server

csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc.add_SnortIdsManagerServicer_to_server(servicer, server)[source]

csle_collector.snort_ids_manager.snort_ids_manager_util module

class csle_collector.snort_ids_manager.snort_ids_manager_util.SnortIdsManagerUtil[source]

Bases: object

Class with utility functions related to the Snort IDS Manager

static check_snort_ids_alerts() → List[csle_collector.snort_ids_manager.dao.snort_ids_alert.SnortIdsAlert][source]

Reads alerts from the Snort IDS alerts log

Returns: a list of alerts

static check_snort_ids_fast_log() → List[csle_collector.snort_ids_manager.dao.snort_ids_fast_log_alert.SnortIdsFastLogAlert][source]

Reads alerts from the Snort IDS fast-log

Parameters: env_config – the environment config
Returns: a list of alerts

static get_latest_snort_alert_ts() → float[source]

Gets the latest timestamp in the snort alerts log

Parameters: env_config – the environment config
Returns: the latest timestamp

static read_snort_ids_data(episode_last_alert_ts: float) → Tuple[csle_collector.snort_ids_manager.dao.snort_ids_alert_counters.SnortIdsAlertCounters, csle_collector.snort_ids_manager.dao.snort_ids_rule_counters.SnortIdsRuleCounters, List[csle_collector.snort_ids_manager.dao.snort_ids_ip_alert_counters.SnortIdsIPAlertCounters]][source]

Measures metrics from the Snort ids

Parameters

env_config – environment configuration
episode_last_alert_ts – timestamp when the episode started

Returns

ids statistics

static snort_ids_log_dto_empty() → snort_ids_manager_pb2.SnortIdsLogDTO[source]

Returns: an empty SnortIdsLogDTO

static snort_ids_log_dto_from_dict(d: Dict[str, Any]) → snort_ids_manager_pb2.SnortIdsLogDTO[source]

Converts a dict representation of a SnortIdsLogDTO to a DTO

Parameters: d – the dict to convert
Returns: the converted DTO

static snort_ids_log_dto_to_dict(snort_ids_log_dto: snort_ids_manager_pb2.SnortIdsLogDTO) → Dict[str, Any][source]

Converts a SnortIdsLogDTO to a dict

Parameters: snort_ids_log_dto – the DTO to convert
Returns: a dict representation of the DTO

static snort_ids_monitor_dto_empty() → snort_ids_manager_pb2.SnortIdsMonitorDTO[source]

Returns: An empty SnortIdsMonitorDTO

static snort_ids_monitor_dto_from_dict(d: Dict[str, Any]) → snort_ids_manager_pb2.SnortIdsMonitorDTO[source]

Converts a dict representation of a SnortIDSMonitorDTO to a DTO

Parameters: d – the dict to convert
Returns: the converted DTO

static snort_ids_monitor_dto_to_dict(snort_ids_monitor_dto: snort_ids_manager_pb2.SnortIdsMonitorDTO) → Dict[str, Any][source]

Converts a SnortIDSMonitorDTO to a dict

Parameters: snort_ids_monitor_dto – the dto to convert
Returns: a dict representation of the DTO

csle_collector.snort_ids_manager package

Subpackages

Submodules

csle_collector.snort_ids_manager.query_snort_ids_manager module

csle_collector.snort_ids_manager.snort_ids_manager module

csle_collector.snort_ids_manager.snort_ids_manager_pb2 module

csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc module

csle_collector.snort_ids_manager.snort_ids_manager_util module

Module contents