Skip to content

Commit

Permalink
CYBEREASON:: Tiny fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@NLAdvens
NLAdvens committed Sep 2, 2024
1 parent 73d64c3 commit 97dd5ad
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 10 deletions.
3 changes: 0 additions & 3 deletions vulture_os/services/frontend/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -748,9 +748,6 @@ class Frontend(models.Model):
default="",
verbose_name=_("Cybereason password for authentication")
)
cybereason_timestamp = models.JSONField(
default={}
)
# Cisco-Meraki attributes
cisco_meraki_apikey = models.TextField(
verbose_name=_("Cisco Meraki API key"),
Expand Down
12 changes: 5 additions & 7 deletions vulture_os/toolkit/api_parser/cybereason/cybereason.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,13 @@
__doc__ = 'Cybereason API Parser toolkit'
__parser__ = 'CYBEREASON'

import sys

from django.conf import settings
from toolkit.api_parser.api_parser import ApiParser
from django.utils import timezone

import json
import logging
from datetime import timedelta, datetime
from datetime import timedelta
import requests
import time

Expand Down Expand Up @@ -525,7 +523,7 @@ def execute(self):

for kind in ["malops", "malwares"]:
# Get last api call or 30 days ago
since = self.frontend.cybereason_timestamp.get(kind) or (timezone.now() - timedelta(days=30))
since = self.last_collected_timestamps.get(f"cybereason_{kind}") or (timezone.now() - timedelta(days=30))
# 24h max per request
to = min(timezone.now(), since + timedelta(hours=24))

Expand Down Expand Up @@ -554,11 +552,11 @@ def execute(self):

if len(logs) > 0:
# update last_api_call only if logs are retrieved
self.frontend.cybereason_timestamp[kind] = to
elif self.frontend.cybereason_timestamp.get(kind, timezone.now()) < timezone.now() - timedelta(hours=24):
self.last_collected_timestamps[f"cybereason_{kind}"] = to
elif since < timezone.now() - timedelta(hours=24):
# If no logs where retrieved during the last 24hours,
# move forward 1h to prevent stagnate ad vitam eternam
self.frontend.cybereason_timestamp[kind] += timedelta(hours=1)
self.last_collected_timestamps[f"cybereason_{kind}"] = since + timedelta(hours=1)
self.frontend.save()

logger.info(f"[{__parser__}]:execute: Parsing done.", extra={'frontend': str(self.frontend)})

0 comments on commit 97dd5ad

Please sign in to comment.