mentat.reports.utils module
Library containing reporting utilities.
- class mentat.reports.utils.NoThresholdingCache[source]
Bases:
ThresholdingCache
Implementation of the
mentat.reports.utils.ThresholdingCache
that does no thresholding at all. It can be used to disable the thresholding feature during reporting, for example for generating some kind of ad-hoc reports.- check(key, ttl)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.check()
method.
- cleanup(ttl)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.cleanup()
method.
- relapses(group_name, severity, ttl)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.relapses()
method.
- save(event_id, key_id, group_name, severity, createtime)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.save()
method.
- set(key, thresholdtime, relapsetime, ttl)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.set()
method.
- class mentat.reports.utils.ReportingSettings(abuse_group, **kwargs)[source]
Bases:
object
Class for custom manipulations with abuse group reporting settings.
- setup_filters(flt_parser, flt_compiler)[source]
Setup and return list of filters in format appropriate for direct filtering by
mentat.reports.event.EventReporter.filter_events()
function.- Parameters
flt_parser (pynspect.gparser.PynspectFilterParser) – Parser object.
flt_compiler (pynspect.compilers.IDEAFilterCompiler) – Compiler object.
- Returns
List of processed and compiled filters.
- Return type
list
- setup_networks()[source]
Setup and return list of network in format appropriate for populating the
mentat.services.whois.WhoisModule
.- Returns
List of processed networks.
- Return type
list
- class mentat.reports.utils.SimpleMemoryThresholdingCache[source]
Bases:
ThresholdingCache
Implementation of the
mentat.reports.utils.ThresholdingCache
that performs thresholding within the memory structures.- check(key, ttl)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.check()
method.
- cleanup(ttl)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.cleanup()
method.
- relapses(group_name, severity, ttl)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.relapses()
method.
- save(event_id, key_id, group_name, severity, createtime)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.save()
method.
- set(key, thresholdtime, relapsetime, ttl)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.set()
method.
- class mentat.reports.utils.SingleSourceThresholdingCache(source)[source]
Bases:
SimpleMemoryThresholdingCache
Implementation of the
mentat.reports.utils.ThresholdingCache
that performs thresholding within the memory structures.
- class mentat.reports.utils.StorageThresholdingCache(logger, eventservice)[source]
Bases:
ThresholdingCache
Implementation of the
mentat.reports.utils.ThresholdingCache
that is usingmentat.services.eventstorage
service for storing thresholding records.- check(key, ttl)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.check()
method.
- cleanup(ttl)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.cleanup()
method.
- relapses(group_name, severity, ttl)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.relapses()
method.
- save(event_id, key_id, group_name, severity, createtime)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.save()
method.
- set(key, thresholdtime, relapsetime, ttl)[source]
Interface implementation: Implementation of
mentat.reports.utils.ThresholdingCache.set()
method.
- class mentat.reports.utils.ThresholdingCache[source]
Bases:
object
Base class for implementing event thresholding caches for periodical event reporting.
- check(key, ttl)[source]
Check event thresholding cache for given key and TTL. This method always returns
False
.- Parameters
key (str) – Thresholding cache key.
ttl (datetime.datetime) – Cache record TTL.
- Returns
True
if given key was found with valid TTL,``False`` othrewise.- Return type
bool
- cleanup(ttl)[source]
Cleanup records from thresholding cache with TTL older than given value.
- Parameters
ttl (datetime.datetime) – Record TTL cleanup threshold.
- event_is_thresholded(event, source, ttl)[source]
Check, that given combination of event and source is thresholded within given TTL.
- Parameters
event (mentat.idea.internal.Idea) – IDEA event to check.
source (str) – Source to check.
ttl (datetime.datetime) – TTL for the thresholding record.
- Returns
True
in case the event is thresholded,False
otherwise.- Return type
bool
- get_source_from_cache_key(key)[source]
Return source from which was key generated.
- Parameters
key (str) – Cache key.
- Returns
Cached source.
- Return type
str
- relapses(group_name, severity, ttl)[source]
Search for list of relapsed events for given group and severity.
- Parameters
group_name (str) – Name of the abuse group.
severity (str) – Event severity.
ttl (datetime.datetime) – Record TTL time.
- Returns
Touple with list of relapsed events as
mentat.idea.internal.Idea
objects and their aggregation by keyid.- Return type
touple
- save(event_id, key_id, group_name, severity, createtime)[source]
Save event into registry of thresholded events.
- Parameters
event_id (str) – Event ID.
key_id (str) – Thresholding cache key.
createtime (datetime.datetime) – Time of the thresholding.
- set(key, thresholdtime, relapsetime, ttl)[source]
Set thresholding cache record with given key and TTL.
- Parameters
key (str) – Thresholding cache key.
thresholdtime (datetime.datetime) – Threshold window start time.
relapsetime (datetime.datetime) – Relapse window start time.
ttl (datetime.datetime) – Record TTL.
- set_threshold(event, source, thresholdtime, relapsetime, ttl)[source]
Threshold given event with given TTL.
- Parameters
event (mentat.idea.internal.Idea) – IDEA event to threshold.
source (str) – Source address because of which to threshold the event.
thresholdtime (datetime.datetime) – Threshold window start time.
relapsetime (datetime.datetime) – Relapse window start time.
ttl (datetime.datetime) – Record TTL.
- threshold_event(event, source, group_name, severity, createtime)[source]
Threshold given event with given TTL.
- Parameters
event (mentat.idea.internal.Idea) – IDEA event to threshold.
source (str) – Source address because of which to threshold the event.
group_name (str) – Name of the group for which to threshold.
severity (str) – Event severity.
createtime (datetime.datetime) – Thresholding timestamp.