Skip to content

Commit

Permalink
Merge pull request #418 from stratosphereips/alya/handle-unable-to-ge…
Browse files Browse the repository at this point in the history
…t-redis-server-pid

handle unable to get redis server pid
  • Loading branch information
AlyaGomaa authored Nov 23, 2023
2 parents fdde334 + 5233830 commit 026225f
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 8 deletions.
12 changes: 10 additions & 2 deletions managers/redis_manager.py
Original file line number Diff line number Diff line change
Expand Up @@ -255,8 +255,16 @@ def get_open_redis_servers(self) -> Dict[int,int]:
continue

line = line.split(',')
pid, port = int(line[3]), int(line[2])
self.open_servers_pids[pid] = port

try:
pid, port = int(line[3]), int(line[2])
self.open_servers_pids[pid] = port
except ValueError:
# sometimes slips can't get the server pid and logs "False"
# in the lofile instead of the PID
# there's nothing we can do about it
pass


return self.open_servers_pids

Expand Down
8 changes: 3 additions & 5 deletions modules/threat_intelligence/threat_intelligence.py
Original file line number Diff line number Diff line change
Expand Up @@ -650,9 +650,7 @@ def is_ignored_domain(self, domain):



def set_evidence_malicious_hash(self,
file_info: dict
):
def set_evidence_malicious_hash(self,file_info: dict):
"""
:param file_info: dict with flow, profileid, twid, and confidence of file
"""
Expand Down Expand Up @@ -868,7 +866,7 @@ def is_malicious_ip(self, ip, uid, daddr, timestamp, profileid, twid, ip_state)
)
return True

def is_malicious_hash(self, flow_info):
def is_malicious_hash(self, flow_info: dict):
"""
:param flow_info: dict with uid, twid, ts, md5 etc.
"""
Expand Down Expand Up @@ -1030,6 +1028,6 @@ def main(self):
)

if msg:= self.get_msg('new_downloaded_file'):
file_info = json.loads(msg['data'])
file_info: dict = json.loads(msg['data'])
if file_info['type'] == 'zeek':
self.is_malicious_hash(file_info)
5 changes: 4 additions & 1 deletion slips_files/core/helpers/flow_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -315,7 +315,10 @@ def handle_dhcp(self):


def handle_files(self):
""" Send files.log data to new_downloaded_file channel in vt module to see if it's malicious"""
"""
Send files.log data to new_downloaded_file channel in the TI module to see if it's malicious
"""

# files slips sees can be of 2 types: suricata or zeek
to_send = {
'flow': asdict(self.flow),
Expand Down

0 comments on commit 026225f

Please sign in to comment.