def PopulateAmCacheTemporalCollaterals(fileName, sqlTweak, DB, collateralDBTableName, reconWindow=3):
countHostsProcessed = 0
# Process each occurrence of the FileName
if sqlTweak is "":
data = DB.Query("SELECT RowID, HostID, FileName, FirstRun from Entries WHERE EntryType = %s AND FileName = '%s'" % (settings.__AMCACHE__, fileName))
else: data = DB.Query("SELECT RowID, HostID, FileName, FirstRun from Entries_FilePaths WHERE EntryType = %s AND FileName = '%s' AND %s" % (settings.__AMCACHE__, fileName, sqlTweak))
rowList = []
countRowsToProcess = len(data)
countRowsProcessed = 0
# Executed before
for row in data:
rowID = row[0]
hostID = row[1]
fileName = row[2]
firstRun = row[3]
# Insert entry into DB
DB.Execute("INSERT INTO " + collateralDBTableName + " VALUES (NULL,%s, 0, 0, 0, 0)" % (rowID))
# Check recon window
countRowsProcessed += 1
update_progress(float(countRowsProcessed) / float(countRowsToProcess), fileName)
minFirstRun = firstRun - datetime.timedelta(0,60 * reconWindow)
maxFirstRun = firstRun + datetime.timedelta(0,60 * reconWindow)
reconEntries = DB.Query("SELECT RowID, HostID, FileName, FirstRun FROM Entries WHERE EntryType = %s AND (FirstRun >= '%s' AND FirstRun <= '%s')" % (settings.__AMCACHE__, minFirstRun, maxFirstRun))
# Filter out incorrect correlations when RowID jumps from one host to the next
# Weight correlation value according to temporal execution distance
for entry in reconEntries:
if entry[1] == hostID and entry[2] != fileName:
weight = (1.0 / (math.pow(abs(rowID -entry[0]),2))*10)
if entry[3] < firstRun:
rowList.append(tuple((int(entry[0]), 1, 0, weight)))
else:
rowList.append(tuple((int(entry[0]), 0, 1, weight)))
DB.ExecuteMany("INSERT INTO " + collateralDBTableName + " VALUES (NULL,?, ?, ?, ?, 0)", rowList)
AppCompatProcessor.py 文件源码
python
阅读 14
收藏 0
点赞 0
评论 0
评论列表
文章目录
