csle_collector.snort_ids_manager.dao package

Submodules

csle_collector.snort_ids_manager.dao.snort_ids_alert module

class csle_collector.snort_ids_manager.dao.snort_ids_alert.SnortIdsAlert

Bases: JSONSerializable

Object representing an IDS Alert

static fast_log_parse(fast_log_str: str, year: int) → SnortIdsFastLogAlert

Parses the IDS Alert from a given string from the fast-log of Snort

Parameters

• fast_log_str – the fast log string to parse

• year – the year

Returns

the priority, the class, and the time-stamp

static from_dict(parsed_stats_dict: Dict[str, Any]) → SnortIdsAlert

Parses a SnortIdsAlert object from a dict

Parameters

parsed_stats_dict – the dict to parse

Returns

the parsed SnortIdsAlert object

static from_json_file(json_file_path: str) → SnortIdsAlert

Reads a json file and converts it to a DTO

Parameters

json_file_path – the json file path

Returns

the converted DTO

static parse_from_str(csv_str_record: str, year: int) → SnortIdsAlert

Parses the IDS alert from a string

Parameters

• csv_str_record – the string to parse

• year – the year of the entry

Returns

the parsed IDS Alert

set_priority(priority: int) → None

Sets the priority of the alert DTO

Parameters

priority – the priority to set

Returns

None

to_dict() → Dict[str, Any]

Converts the object to a dict representation

Returns

a dict representation of the object

csle_collector.snort_ids_manager.dao.snort_ids_alert_counters module

class csle_collector.snort_ids_manager.dao.snort_ids_alert_counters.SnortIdsAlertCounters

Bases: JSONSerializable

DTO containing statistics from the Snort IDS log

add(alert_counters: SnortIdsAlertCounters) → None

Adds another alert counters object to this one

Parameters

alert_counters – the counters to add

Returns

None

copy() → SnortIdsAlertCounters

Returns

a copy of the object

count(alerts: List[SnortIdsFastLogAlert]) → None

Counts the list of alerts

Parameters

alerts – list of alerts from the log

Returns

None

static from_dict(d: Dict[str, Any]) → SnortIdsAlertCounters

Converts a dict representaion of the object into an instance

Parameters

d – the dict to convert

Returns

the DTO

static from_json_file(json_file_path: str) → SnortIdsAlertCounters

Reads a json file and converts it to a DTO

Parameters

json_file_path – the json file path

Returns

the converted DTO

static from_kafka_record(record: str) → SnortIdsAlertCounters

Converts a kafka record to a DTO

Parameters

record – the kafka record to convert

Returns

the DTO

get_deltas(counters_prime: SnortIdsAlertCounters) → Tuple[List[int], List[str]]

Get the deltas between two counters objects

Parameters

counters_prime – the counters object to compare with

Returns

the deltas and the labels

num_attributes() → int

Returns

The number of attributes of the DTO

static schema() → SnortIdsAlertCounters

Returns

get the schema of the DTO

to_dict() → Dict[str, Any]

Converts the object to a dict representation

Returns

a dict representation of the object

to_dto(ip: str) → SnortIdsLogDTO

Converts the object into a gRPC DTO for serialization

Parameters

ip – the ip to add to the DTO in addition to the statistics

Returns

A csle_collector.snort_ids_manager.snort_ids_manager_pb2.IdsLogDTOb

to_kafka_record(ip: str) → str

Converts the DTO into a kafka record

Parameters

ip – the ip to add to the record in addition to the IDS statistics

Returns

a comma-separated string representing the kafka record

update_with_kafka_record(record: str) → None

Updates the DTO with a kafka record

Parameters

record – the kafka record to use for updating

Returns

None

csle_collector.snort_ids_manager.dao.snort_ids_fast_log_alert module

class csle_collector.snort_ids_manager.dao.snort_ids_fast_log_alert.SnortIdsFastLogAlert(timestamp: float, priority: int, class_id: int, source_ip: str, target_ip: str, rule_id: str)

Bases: JSONSerializable

DTO representing an alert entry in the fast log of Snort

static from_dict(parsed_stats_dict: Dict[str, Any]) → SnortIdsFastLogAlert

Parses a SnortIdsFastLogAlert object from a dict

Parameters

parsed_stats_dict – the dict to parse

Returns

the parsed SnortIdsFastLogAlert object

static from_json_file(json_file_path: str) → SnortIdsFastLogAlert

Reads a json file and converts it to a DTO

Parameters

json_file_path – the json file path

Returns

the converted DTO

to_dict() → Dict[str, Any]

Converts the object to a dict representation

Returns

a dict representation of the object

csle_collector.snort_ids_manager.dao.snort_ids_ip_alert_counters module

class csle_collector.snort_ids_manager.dao.snort_ids_ip_alert_counters.SnortIdsIPAlertCounters

Bases: JSONSerializable

DTO containing statistics from the Snort IDS log

add(alert_counters: SnortIdsIPAlertCounters) → None

Adds another alert counters object to this one

Parameters

alert_counters – the counters to add

Returns

None

copy() → SnortIdsIPAlertCounters

Returns

a copy of the object

count(alerts: List[SnortIdsFastLogAlert]) → None

Counts the list of alerts

Parameters

alerts – list of alerts from the log

Returns

None

static from_dict(d: Dict[str, Any]) → SnortIdsIPAlertCounters

Converts a dict representaion of the object into an instance

Parameters

d – the dict to convert

Returns

the DTO

static from_json_file(json_file_path: str) → SnortIdsIPAlertCounters

Reads a json file and converts it to a DTO

Parameters

json_file_path – the json file path

Returns

the converted DTO

static from_kafka_record(record: str) → SnortIdsIPAlertCounters

Converts a kafka record to a DTO

Parameters

record – the kafka record to convert

Returns

the DTO

get_deltas(counters_prime: SnortIdsIPAlertCounters) → Tuple[List[int], List[str]]

Get the deltas between two counters objects

Parameters

counters_prime – the counters object to compare with

Returns

the deltas and the labels

num_attributes() → int

Returns

The number of attributes of the DTO

static schema() → SnortIdsIPAlertCounters

Returns

get the schema of the DTO

to_dict() → Dict[str, Any]

Converts the object to a dict representation

Returns

a dict representation of the object

to_kafka_record(ip: str) → str

Converts the DTO into a kafka record

Parameters

ip – the ip to add to the record in addition to the IDS statistics

Returns

a comma-separated string representing the kafka record

update_with_kafka_record(record: str, ip: str) → None

Updates the DTO with a kafka record

Parameters

record – the kafka record to use for updating

Returns

None

csle_collector.snort_ids_manager.dao.snort_ids_rule_counters module

class csle_collector.snort_ids_manager.dao.snort_ids_rule_counters.SnortIdsRuleCounters

Bases: JSONSerializable

DTO containing rule-statistics from the Snort IDS log

add(alert_counters: SnortIdsRuleCounters) → None

Adds another alert counters object to this one

Parameters

alert_counters – the counters to add

Returns

None

copy() → SnortIdsRuleCounters

Returns

a copy of the object

count(alerts: List[SnortIdsFastLogAlert]) → None

Counts the list of alerts

Parameters

alerts – list of alerts from the log

Returns

None

static from_dict(d: Dict[str, Any]) → SnortIdsRuleCounters

Converts a dict representaion of the object into an instance

Parameters

d – the dict to convert

Returns

the DTO

static from_json_file(json_file_path: str) → SnortIdsRuleCounters

Reads a json file and converts it to a DTO

Parameters

json_file_path – the json file path

Returns

the converted DTO

static from_kafka_record(record: str) → SnortIdsRuleCounters

Converts a kafka record to a DTO

Parameters

record – the kafka record to convert

Returns

the DTO

static schema() → SnortIdsRuleCounters

Returns

get the schema of the DTO

to_dict() → Dict[str, Any]

Converts the object to a dict representation

Returns

a dict representation of the object

to_kafka_record(ip: str) → str

Converts the DTO into a kafka record

Parameters

ip – the ip to add to the record in addition to the IDS statistics

Returns

a comma-separated string representing the kafka record

update_with_kafka_record(record: str) → None

Updates the DTO with a kafka record

Parameters

record – the kafka record to use for updating

Returns

None

Module contents