mentat.reports.utils module¶

Library containing reporting utilities.

class mentat.reports.utils.NoThresholdingCache[source]¶

Bases: mentat.reports.utils.ThresholdingCache

Implementation of the mentat.reports.utils.ThresholdingCache that does no thresholding at all. It can be used to disable the thresholding feature during reporting, for example for generating some kind of ad-hoc reports.

check(key, ttl)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.check() method.

cleanup(ttl)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.cleanup() method.

relapses(group_name, severity, ttl)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.relapses() method.

save(event_id, key_id, group_name, severity, createtime)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.save() method.

set(key, thresholdtime, relapsetime, ttl)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.set() method.

class mentat.reports.utils.ReportingSettings(abuse_group, **kwargs)[source]¶

Bases: object

Class for custom manipulations with abuse group reporting settings.

setup_filters(flt_parser, flt_compiler)[source]¶

Setup and return list of filters in format appropriate for direct filtering by mentat.reports.event.EventReporter.filter_events() function.

Parameters

flt_parser (pynspect.gparser.PynspectFilterParser) – Parser object.
flt_compiler (pynspect.compilers.IDEAFilterCompiler) – Compiler object.

Returns

List of processed and compiled filters.

Return type

list

setup_networks()[source]¶

Setup and return list of network in format appropriate for populating the mentat.services.whois.WhoisModule.

Returns: List of processed networks.
Return type: list

class mentat.reports.utils.SimpleMemoryThresholdingCache[source]¶

Bases: mentat.reports.utils.ThresholdingCache

Implementation of the mentat.reports.utils.ThresholdingCache that performs thresholding within the memory structures.

check(key, ttl)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.check() method.

cleanup(ttl)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.cleanup() method.

relapses(group_name, severity, ttl)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.relapses() method.

save(event_id, key_id, group_name, severity, createtime)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.save() method.

set(key, thresholdtime, relapsetime, ttl)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.set() method.

class mentat.reports.utils.SingleSourceThresholdingCache(source)[source]¶

Bases: mentat.reports.utils.SimpleMemoryThresholdingCache

Implementation of the mentat.reports.utils.ThresholdingCache that performs thresholding within the memory structures.

class mentat.reports.utils.StorageThresholdingCache(logger, eventservice)[source]¶

Bases: mentat.reports.utils.ThresholdingCache

Implementation of the mentat.reports.utils.ThresholdingCache that is using mentat.services.eventstorage service for storing thresholding records.

check(key, ttl)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.check() method.

cleanup(ttl)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.cleanup() method.

relapses(group_name, severity, ttl)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.relapses() method.

save(event_id, key_id, group_name, severity, createtime)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.save() method.

set(key, thresholdtime, relapsetime, ttl)[source]¶: Interface implementation: Implementation of mentat.reports.utils.ThresholdingCache.set() method.

class mentat.reports.utils.ThresholdingCache[source]¶

Bases: object

Base class for implementing event thresholding caches for periodical event reporting.

check(key, ttl)[source]¶

Check event thresholding cache for given key and TTL. This method always returns False.

Parameters

key (str) – Thresholding cache key.
ttl (datetime.datetime) – Cache record TTL.

Returns

True if given key was found with valid TTL,``False`` othrewise.

Return type

bool

cleanup(ttl)[source]¶

Cleanup records from thresholding cache with TTL older than given value.

Parameters: ttl (datetime.datetime) – Record TTL cleanup threshold.

event_is_thresholded(event, source, ttl)[source]¶

Check, that given combination of event and source is thresholded within given TTL.

Parameters

event (mentat.idea.internal.Idea) – IDEA event to check.
source (str) – Source to check.
ttl (datetime.datetime) – TTL for the thresholding record.

Returns

True in case the event is thresholded, False otherwise.

Return type

bool

get_source_from_cache_key(key)[source]¶

Return source from which was key generated.

Parameters: key (str) – Cache key.
Returns: Cached source.
Return type: str

relapses(group_name, severity, ttl)[source]¶

Search for list of relapsed events for given group and severity.

Parameters

group_name (str) – Name of the abuse group.
severity (str) – Event severity.
ttl (datetime.datetime) – Record TTL time.

Returns

Touple with list of relapsed events as mentat.idea.internal.Idea objects and their aggregation by keyid.

Return type

touple

save(event_id, key_id, group_name, severity, createtime)[source]¶

Save event into registry of thresholded events.

Parameters

event_id (str) – Event ID.
key_id (str) – Thresholding cache key.
createtime (datetime.datetime) – Time of the thresholding.

set(key, thresholdtime, relapsetime, ttl)[source]¶

Set thresholding cache record with given key and TTL.

Parameters

key (str) – Thresholding cache key.
thresholdtime (datetime.datetime) – Threshold window start time.
relapsetime (datetime.datetime) – Relapse window start time.
ttl (datetime.datetime) – Record TTL.

set_threshold(event, source, thresholdtime, relapsetime, ttl)[source]¶

Threshold given event with given TTL.

Parameters

event (mentat.idea.internal.Idea) – IDEA event to threshold.
source (str) – Source address because of which to threshold the event.
thresholdtime (datetime.datetime) – Threshold window start time.
relapsetime (datetime.datetime) – Relapse window start time.
ttl (datetime.datetime) – Record TTL.

threshold_event(event, source, group_name, severity, createtime)[source]¶

Threshold given event with given TTL.

Parameters

event (mentat.idea.internal.Idea) – IDEA event to threshold.
source (str) – Source address because of which to threshold the event.
group_name (str) – Name of the group for which to threshold.
severity (str) – Event severity.
createtime (datetime.datetime) – Thresholding timestamp.