Skip to content

Commit

Permalink
Merge pull request #1034 from stratosphereips/alya/fix-evidence-handler
Browse files Browse the repository at this point in the history
Better logging of IDMEF errors and normalize the confidence of all evidence to range from 0 to 1
  • Loading branch information
AlyaGomaa authored Oct 18, 2024
2 parents 53898d0 + 7e0129e commit 2608095
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 10 deletions.
15 changes: 6 additions & 9 deletions slips_files/common/idmefv2.py
Original file line number Diff line number Diff line change
Expand Up @@ -162,12 +162,11 @@ def convert_to_idmef_alert(self, alert: Alert) -> Message:
return msg

except jsonschema.exceptions.ValidationError as e:
# TODO should be logged using a module's print!
print(f"IDMEFv2 Validation failure: {e} {e.message}")
self.print(f"Validation failure: {e} {e}", 0, 1)

except Exception as e:
print(f"Error in convert(): {e}")
print(traceback.format_exc())
self.print(f"Error in convert(): {e}", 0, 1)
self.print(traceback.format_exc(), 0, 1)

def is_icmp_code(self, code) -> bool:
"""checks if the given string is an icmp error code"""
Expand Down Expand Up @@ -308,9 +307,7 @@ def convert_to_idmef_event(self, evidence: Evidence) -> Message:
return msg

except jsonschema.exceptions.ValidationError as e:
# TODO should be logged using a module's print!
print(f"IDMEFv2 Validation failure: {e.message}")

self.print(f"Validation failure: {e}", 0, 1)
except Exception as e:
print(f"Error in convert_to_idmef_event(): {e}")
print(traceback.format_exc())
self.print(f"Error in convert_to_idmef_event(): {e}", 0, 1)
self.print(traceback.format_exc(), 0, 1)
2 changes: 2 additions & 0 deletions slips_files/core/database/redis_db/alert_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,8 @@ def set_evidence(self, evidence: Evidence):
"""
# create the profile if it doesn't exist
self.add_profile(str(evidence.profile), evidence.timestamp)
# normalize confidence, should range from 0 to 1
evidence.confidence = min(evidence.confidence, 1)

# Ignore evidence if it's disabled in the configuration file
if self.is_detection_disabled(evidence.evidence_type):
Expand Down
1 change: 0 additions & 1 deletion slips_files/core/evidencehandler.py
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,6 @@ def clean_file(self, output_dir, file_to_clean):

def handle_unable_to_log(self):
self.print("Error logging evidence/alert.")
self.print(traceback.format_exc(), 0, 1)

def add_alert_to_json_log_file(self, alert: Alert):
"""
Expand Down

0 comments on commit 2608095

Please sign in to comment.