From 523383071ac030a87acfd104d80e6c453ce4a95a Mon Sep 17 00:00:00 2001 From: alya Date: Thu, 23 Nov 2023 16:51:35 +0200 Subject: [PATCH] redis_manager: handle unable to get redis pid from running_slips_info.log --- managers/redis_manager.py | 12 ++++++++++-- modules/threat_intelligence/threat_intelligence.py | 8 +++----- slips_files/core/helpers/flow_handler.py | 5 ++++- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/managers/redis_manager.py b/managers/redis_manager.py index 2162eac1c..b01473bde 100644 --- a/managers/redis_manager.py +++ b/managers/redis_manager.py @@ -255,8 +255,16 @@ def get_open_redis_servers(self) -> Dict[int,int]: continue line = line.split(',') - pid, port = int(line[3]), int(line[2]) - self.open_servers_pids[pid] = port + + try: + pid, port = int(line[3]), int(line[2]) + self.open_servers_pids[pid] = port + except ValueError: + # sometimes slips can't get the server pid and logs "False" + # in the lofile instead of the PID + # there's nothing we can do about it + pass + return self.open_servers_pids diff --git a/modules/threat_intelligence/threat_intelligence.py b/modules/threat_intelligence/threat_intelligence.py index 0f2a9d165..b526d4030 100644 --- a/modules/threat_intelligence/threat_intelligence.py +++ b/modules/threat_intelligence/threat_intelligence.py @@ -650,9 +650,7 @@ def is_ignored_domain(self, domain): - def set_evidence_malicious_hash(self, - file_info: dict - ): + def set_evidence_malicious_hash(self,file_info: dict): """ :param file_info: dict with flow, profileid, twid, and confidence of file """ @@ -868,7 +866,7 @@ def is_malicious_ip(self, ip, uid, daddr, timestamp, profileid, twid, ip_state) ) return True - def is_malicious_hash(self, flow_info): + def is_malicious_hash(self, flow_info: dict): """ :param flow_info: dict with uid, twid, ts, md5 etc. """ @@ -1030,6 +1028,6 @@ def main(self): ) if msg:= self.get_msg('new_downloaded_file'): - file_info = json.loads(msg['data']) + file_info: dict = json.loads(msg['data']) if file_info['type'] == 'zeek': self.is_malicious_hash(file_info) diff --git a/slips_files/core/helpers/flow_handler.py b/slips_files/core/helpers/flow_handler.py index bd95aea65..172373099 100644 --- a/slips_files/core/helpers/flow_handler.py +++ b/slips_files/core/helpers/flow_handler.py @@ -315,7 +315,10 @@ def handle_dhcp(self): def handle_files(self): - """ Send files.log data to new_downloaded_file channel in vt module to see if it's malicious""" + """ + Send files.log data to new_downloaded_file channel in the TI module to see if it's malicious + """ + # files slips sees can be of 2 types: suricata or zeek to_send = { 'flow': asdict(self.flow),