Skip to content

araalinetworks/api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

899 Commits
Araali Tools
Araali Tools
 
 
assessment
assessment
 
 
doc
doc
 
 
golang
golang
 
 
proto
proto
 
 
python
python
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Getting Started

mkdir araalinetworks
cd araalinetworks
git clone https://github.com/araalinetworks/api.git
cd api/python

# get rid of lfs (if you had it previously)
git lfs uninstall

# install/upgrade
python araalictl.py

# to authorize your copy (signup link below)
./araalictl config Fog=fog.<your-customer-name-here>.aws.araalinetworks.com
./araalictl config InternalCfgBackend=prod.aws.araalinetworks.com
sudo ./araalictl authorize -local

Links

Install notebook

# if you have python3
pip3 install --upgrade --force-reinstall --no-cache-dir jupyter

# on kali linux
sudo apt-get install jupyter-notebook

jupyter notebook

Accept policies

app = App("zone", "app")
for link in app.iterlinks():
  if something or link.lstate != "DEFINED_POLICY":
    link.accept() # based on some side information
  if something: # based on some side information
    link.snooze()
app.review() # review what will get committed
app.commit()

Relocate Policies

app2 = app.relocate("new_zone", "new_app")
for link in app2.iterlinks():
  # accept is the default thing on relocation for all accepted policies in ap, rest is snoozed by default
  link.snooze() # snooze the ones you dont like
  link.accept() # if you want to accept a snoozed on in original
  # edit/generalize using regex: client or server for the link's that need change
  link.client.change("binary_name", "/snap/amazon-ssm-agent/[0-9]+/ssm-agent-worker")
  link.server.change("binary_name", "/snap/amazon-ssm-agent/[0-9]+/ssm-agent-worker")
app2.review() # reivew what we will be committing
app2.commit()

Navigation and Drilldown - organized by hierarchies

run = Runtime()
run.stats() # dump summary stats
run.to_data() # dump all relevant data

for zone in run.iterzones(): # all the zones
    for app in zone.iterapps(): # all the apps
        for link in app.iterlinks(): # all the links
            print(link)
            break
        break
    break
    
# stats for all apps in a zone
run.iterzones("zone").stats()

# stats for all links in an app
run.iterzones("zone").iterapps("app").stats()

# edit policies for an app
for link in run.iterzones("zone").iterapps("app").iterlinks():
  if something or link.lstate != "DEFINED_POLICY":
    link.accept() # based on some side information
  if something: # based on some side information
    link.snooze()
run.iterzones("zone").iterapps("app").review() # review what will get committed
run.iterzones("zone").iterapps("app").commit()

# accept all open alerts for zone/app
for link in run.iterzones("zone").iterapps("app").iterlinks(afilter=True):
    print(link)
    link.accept()
    
# review changes before commit
run.iterzones("zone").iterapps("app").review()
run.iterzones("zone").iterapps("app").commit()

Table with filters - all the world's a flat filtered table

run = Runtime()

stats = Table(run.stats(all=False))
total_alerts = sum([a["Num Links"] for a in stats.to_data()])

# library of commonly used filters
f = LinkTable.Filter

# all the links in your runtime, arbitrarly chain lambdas as filters)
linkTable = LinkTable(run.iterlinks(),
          #f.endpoint("zone", "prod"),
          #f.endpoint("app", "^bendvm.bend.web"),
          #f.endpoint("dns_pattern", "169"),
          #f.endpoint("dns_pattern", "api.snapcraft.io"),
          #f.neg(f.endpoint("dns_pattern", None, who="server")),
          #f.endpoint("network", None, who="server"),
          #f.endpoint("network", None, who="client"),
          #f.endpoint("network", "169.254.169.254", who="server")
          #f.neg(f.endpoint("process", ansible", re.IGNORECASE)),
          #f.endpoint("binary_name", "/snap/amazon-ssm-agent"), #/2996/ssm-agent-worker")
          #f.neg(f.endpoint("process", "cassandra", re.IGNORECASE)),
          #f.endpoint("process", ["sshd", "haproxy"], who="server"),
          #f.endpoint("network", None, who="server"), # perimeter
          #f.neg(f.endpoint("dns_pattern", None, who="server")),
          #f.neg(f.endpoint("network", None, who="server")), # perimeter          
          #f.ltype("NAE"),
          f.lstate("BASELINE_ALERT"),
          #f.speculative(False),
          #f.lstate("DEFINED_POLICY"),
          #f.neg(f.server_non_ip),
          #f.server_non_ip,
          #f.perimeter,
          #f.neg(f.same_zone),
          #f.same_zone
         )
         
linkTable.snooze() # EITHER, snooze all links that pass the filter
linkTable.accept() # OR, accept all links that pass the filter

# multi-link editing: assuming all links are homogeneous
linkTable.change("client", "binary_name", "/snap/amazon-ssm-agent/[0-9]+/ssm-agent-worker")

# done with all filtering and editing
run.review()
run.commit()

Troubleshooting

Jupyter installation problems

You could try conda to install jupyter. Its sometimes nasty to get hold of it. We are trying to create a virtualenv for it.

Authorization problems

./araalictl authorize -clean # to start over.

Not able to push your branch

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

2 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 14

Languages