csle_collector.snort_ids_manager package
Subpackages
- csle_collector.snort_ids_manager.dao package
- Submodules
- csle_collector.snort_ids_manager.dao.snort_ids_alert module
- csle_collector.snort_ids_manager.dao.snort_ids_alert_counters module
SnortIdsAlertCountersSnortIdsAlertCounters.add()SnortIdsAlertCounters.copy()SnortIdsAlertCounters.count()SnortIdsAlertCounters.from_dict()SnortIdsAlertCounters.from_json_file()SnortIdsAlertCounters.from_kafka_record()SnortIdsAlertCounters.get_deltas()SnortIdsAlertCounters.num_attributes()SnortIdsAlertCounters.schema()SnortIdsAlertCounters.to_dict()SnortIdsAlertCounters.to_dto()SnortIdsAlertCounters.to_kafka_record()SnortIdsAlertCounters.update_with_kafka_record()
- csle_collector.snort_ids_manager.dao.snort_ids_fast_log_alert module
- csle_collector.snort_ids_manager.dao.snort_ids_ip_alert_counters module
SnortIdsIPAlertCountersSnortIdsIPAlertCounters.add()SnortIdsIPAlertCounters.copy()SnortIdsIPAlertCounters.count()SnortIdsIPAlertCounters.from_dict()SnortIdsIPAlertCounters.from_json_file()SnortIdsIPAlertCounters.from_kafka_record()SnortIdsIPAlertCounters.get_deltas()SnortIdsIPAlertCounters.num_attributes()SnortIdsIPAlertCounters.schema()SnortIdsIPAlertCounters.to_dict()SnortIdsIPAlertCounters.to_kafka_record()SnortIdsIPAlertCounters.update_with_kafka_record()
- csle_collector.snort_ids_manager.dao.snort_ids_rule_counters module
SnortIdsRuleCountersSnortIdsRuleCounters.add()SnortIdsRuleCounters.copy()SnortIdsRuleCounters.count()SnortIdsRuleCounters.from_dict()SnortIdsRuleCounters.from_json_file()SnortIdsRuleCounters.from_kafka_record()SnortIdsRuleCounters.schema()SnortIdsRuleCounters.to_dict()SnortIdsRuleCounters.to_kafka_record()SnortIdsRuleCounters.update_with_kafka_record()
- Module contents
- csle_collector.snort_ids_manager.threads package
Submodules
csle_collector.snort_ids_manager.query_snort_ids_manager module
- csle_collector.snort_ids_manager.query_snort_ids_manager.get_snort_ids_alerts(stub: SnortIdsManagerStub, timestamp: float, log_file_path: str, timeout=60) SnortIdsLogDTO[source]
Queries the IDS manager for the data of the IDS log from a given time-step
- Parameters
stub – the stub to send the remote gRPC to the server
timestamp – the timtestamp to parse the log from
log_file_path – path to the IDS log file to read
timeout – the GRPC timeout (seconds)
- Returns
an IdsLogDTO with data of the IDS log
- csle_collector.snort_ids_manager.query_snort_ids_manager.get_snort_ids_monitor_status(stub: SnortIdsManagerStub, timeout=60) SnortIdsMonitorDTO[source]
Queries the IDS manager for the status of the IDS monitor thread
- Parameters
stub – the stub to send the remote gRPC to the server
timeout – the GRPC timeout (seconds)
- Returns
an IdsMonitorDTO describing the status of the IDS monitor thread
- csle_collector.snort_ids_manager.query_snort_ids_manager.start_snort_ids(stub: SnortIdsManagerStub, ingress_interface: str, egress_interface: str, subnetmask: str, timeout=60) SnortIdsMonitorDTO[source]
Sends a request to the IDS manager to start the Snort IDS
- Parameters
stub – the stub to send the remote gRPC to the server
timeout – the GRPC timeout (seconds)
ingress_interface – the ingress interface that Snort will listen to
egress_interface – the egress interface that Snort will listen to
subnetmask – the subnetmask that Snort will listen to
- Returns
an IdsMonitorDTO describing the status of the IDS and its monitor thread
- csle_collector.snort_ids_manager.query_snort_ids_manager.start_snort_ids_monitor(stub: SnortIdsManagerStub, kafka_ip: str, kafka_port: int, log_file_path: str, time_step_len_seconds: int, timeout=60) SnortIdsMonitorDTO[source]
Sends a request to the IDS manager to start the IDS monitor thread
- Parameters
kafka_ip – the ip of the Kafka server
kafka_port – the port of the Kafka server
log_file_path – the path top the IDS log
time_step_len_seconds – the length of one time-step
stub – the stub to send the remote gRPC to the server
timeout – the GRPC timeout (seconds)
- Returns
an IdsMonitorDTO describing the status of the IDS monitor thread
- csle_collector.snort_ids_manager.query_snort_ids_manager.stop_snort_ids(stub: SnortIdsManagerStub, timeout=60) SnortIdsMonitorDTO[source]
Sends a request to the IDS manager to stop the Snort IDS
- Parameters
stub – the stub to send the remote gRPC to the server
timeout – the GRPC timeout (seconds)
- Returns
an IdsMonitorDTO describing the status of the IDS and its monitor thread
- csle_collector.snort_ids_manager.query_snort_ids_manager.stop_snort_ids_monitor(stub: SnortIdsManagerStub, timeout=60) SnortIdsMonitorDTO[source]
Sends a request to the IDS manager to stop the IDS monitor thread
- Parameters
stub – the stub to send the remote gRPC to the server
timeout – the GRPC timeout (seconds)
- Returns
an IdsMonitorDTO describing the status of the IDS monitor thread
csle_collector.snort_ids_manager.snort_ids_manager module
- class csle_collector.snort_ids_manager.snort_ids_manager.SnortIdsManagerServicer[source]
Bases:
SnortIdsManagerServicergRPC server for collecting Snort IDS statistics.
- getSnortIdsAlerts(request: GetSnortIdsAlertsMsg, context: ServicerContext) SnortIdsLogDTO[source]
Gets the statistics of the IDS log from a given timestamp
- Parameters
request – the gRPC request
context – the gRPC context
- Returns
a DTO with IDS statistics
- getSnortIdsMonitorStatus(request: GetSnortIdsMonitorStatusMsg, context: ServicerContext) SnortIdsMonitorDTO[source]
Gets the status of the Snort IDS Monitor thread
- Parameters
request – the gRPC request
context – the gRPC context
- Returns
a DTO with the status of the IDS monitor
- startSnortIds(request: StartSnortIdsMsg, context: ServicerContext) SnortIdsMonitorDTO[source]
Starts the Snort IDS
- Parameters
request – the gRPC request
context – the gRPC context
- Returns
a DTO with the status of the IDS and its monitor thread
- startSnortIdsMonitor(request: StartSnortIdsMonitorMsg, context: ServicerContext) SnortIdsMonitorDTO[source]
Starts the Snort IDS monitor thread
- Parameters
request – the gRPC request
context – the gRPC context
- Returns
a DTO with the status of the IDS monitor thread
- csle_collector.snort_ids_manager.snort_ids_manager.serve(port: int = 50048, log_dir: str = '/', max_workers: int = 10, log_file_name: str = 'snort_ids_manager.log') None[source]
Starts the gRPC server for managing clients
- Parameters
port – the port that the server will listen to
log_dir – the directory to write the log file
log_file_name – the file name of the log
max_workers – the maximum number of GRPC workers
- Returns
None
csle_collector.snort_ids_manager.snort_ids_manager_pb2 module
Generated protocol buffer code.
csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc module
Client and server classes corresponding to protobuf-defined services.
- class csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc.SnortIdsManager[source]
Bases:
objectInterface exported by the server
- static getSnortIdsAlerts(request, target, options=(), channel_credentials=None, call_credentials=None, insecure=False, compression=None, wait_for_ready=None, timeout=None, metadata=None)[source]
- static getSnortIdsMonitorStatus(request, target, options=(), channel_credentials=None, call_credentials=None, insecure=False, compression=None, wait_for_ready=None, timeout=None, metadata=None)[source]
- static startSnortIds(request, target, options=(), channel_credentials=None, call_credentials=None, insecure=False, compression=None, wait_for_ready=None, timeout=None, metadata=None)[source]
- static startSnortIdsMonitor(request, target, options=(), channel_credentials=None, call_credentials=None, insecure=False, compression=None, wait_for_ready=None, timeout=None, metadata=None)[source]
- class csle_collector.snort_ids_manager.snort_ids_manager_pb2_grpc.SnortIdsManagerServicer[source]
Bases:
objectInterface exported by the server
- getSnortIdsAlerts(request, context)[source]
Missing associated documentation comment in .proto file.
- getSnortIdsMonitorStatus(request, context)[source]
Missing associated documentation comment in .proto file.
csle_collector.snort_ids_manager.snort_ids_manager_util module
- class csle_collector.snort_ids_manager.snort_ids_manager_util.SnortIdsManagerUtil[source]
Bases:
objectClass with utility functions related to the Snort IDS Manager
- static check_snort_ids_alerts() List[SnortIdsAlert][source]
Reads alerts from the Snort IDS alerts log
- Returns
a list of alerts
- static check_snort_ids_fast_log() List[SnortIdsFastLogAlert][source]
Reads alerts from the Snort IDS fast-log
- Parameters
env_config – the environment config
- Returns
a list of alerts
- static get_latest_snort_alert_ts() float[source]
Gets the latest timestamp in the snort alerts log
- Parameters
env_config – the environment config
- Returns
the latest timestamp
- static read_snort_ids_data(episode_last_alert_ts: float) Tuple[SnortIdsAlertCounters, SnortIdsRuleCounters, List[SnortIdsIPAlertCounters]][source]
Measures metrics from the Snort ids
- Parameters
env_config – environment configuration
episode_last_alert_ts – timestamp when the episode started
- Returns
ids statistics
- static snort_ids_log_dto_from_dict(d: Dict[str, Any]) SnortIdsLogDTO[source]
Converts a dict representation of a SnortIdsLogDTO to a DTO
- Parameters
d – the dict to convert
- Returns
the converted DTO
- static snort_ids_log_dto_to_dict(snort_ids_log_dto: SnortIdsLogDTO) Dict[str, Any][source]
Converts a SnortIdsLogDTO to a dict
- Parameters
snort_ids_log_dto – the DTO to convert
- Returns
a dict representation of the DTO
- static snort_ids_monitor_dto_empty() SnortIdsMonitorDTO[source]
- Returns
An empty SnortIdsMonitorDTO