Changes between Version 15 and Version 16 of RubotSoftware


Ignore:
Timestamp:
Jul 9, 2010 3:12:36 PM (14 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • RubotSoftware

    v15 v16  
    3434== SEER Integration Details ==
    3535
    36 In order to create a SEER Agent you have to create an agent file.  The name of the file follows the format agentNameOfTheAgent.py where the !NameOfTheAgent is in caps.  For example agentWORM.py or agentBOTNET.py.  The file has some specific requirements.  The agent is defined in a class 'class wormAgent(Agent)'.  Inside of the class there are seven class variables which need to be defined: DEPENDS, SOFTWARE, AGENTGROUP, AGENTTYPE, NICENAME, COMMANDS, and VARIABLES.  DEPENDS specifies additional modules to load during startup.  SOFTWARE specifies any binary software which needs to be loaded onto the nodes.  Both of these can be empty lists.  AGENTGROUP specifies which menu the agent will be under in SEER (Traffic, Attack, Malware, Defense, or Analysis).  The AGENTTYPE is the type of Traffic, Attack, ect. the agent is (HTTP, TCP, worm, botnet...).  The NICENAME is what is displayed under the AGENTGROUP (Worm, Botnet, Ping...).  The COMMANDS class variable is where the commands available to the user are placed.  The commands are just listed here to be defined later and need to be in all caps.  For the VARIABLES you need to define five parts for each variable.  The format is !TypeOfVariable('!NameOfVariable', !DefaultValue, 'GUIDisplayName', '!ExpinationOfTheVariable').  For example !NodeVar('IRCHost', None,g 'IRC Host', 'Select the node to run the IRC server').  A list of variable types can be found on the [http://seer.isi.deterlab.net/v1.6/devel/agents.html SEER Agents page].  To extend the basic agent class you need to call the 'Agent!__init!__' method.  This will enable you to implement the commands you created.  For each command you need to create a definition 'def handleCOMMAND(self):'  where command is the name of your command.  To have code run on a node if the code is already installed you can use 'self.pids.append(spawn('!CommandLineCode'))'  If you want to only run code on a node the user selects as a variable then you can use the function 'self.!VariableName.myNodeMemberOf()' which will return True if the node is in !VariableName. 
     36In order to create a SEER Agent you have to create an agent file.  The name of the file follows the format {{{agent}}}''!NameOfTheAgent''{{{.py}}} where the !NameOfTheAgent is in caps.  For example {{{agentWORM.py}}} or {{{agentBOTNET.py}}}.
     37
     38The file has some specific requirements.  The agent is defined in a class 'class wormAgent(Agent)'.  Inside of the class there are seven class variables which need to be defined: DEPENDS, SOFTWARE, AGENTGROUP, AGENTTYPE, NICENAME, COMMANDS, and VARIABLES.  DEPENDS specifies additional modules to load during startup.  SOFTWARE specifies any binary software which needs to be loaded onto the nodes.  Both of these can be empty lists.  AGENTGROUP specifies which menu the agent will be under in SEER (Traffic, Attack, Malware, Defense, or Analysis).  The AGENTTYPE is the type of Traffic, Attack, ect. the agent is (HTTP, TCP, worm, botnet...).  The NICENAME is what is displayed under the AGENTGROUP (Worm, Botnet, Ping...).  The COMMANDS class variable is where the commands available to the user are placed.  The commands are just listed here to be defined later and need to be in all caps.  For the VARIABLES you need to define five parts for each variable.  The format is !TypeOfVariable('!NameOfVariable', !DefaultValue, 'GUIDisplayName', '!ExpinationOfTheVariable').  For example !NodeVar('IRCHost', None,g 'IRC Host', 'Select the node to run the IRC server').  A list of variable types can be found on the [http://seer.isi.deterlab.net/v1.6/devel/agents.html SEER Agents page].  To extend the basic agent class you need to call the 'Agent!__init!__' method.  This will enable you to implement the commands you created.  For each command you need to create a definition 'def handleCOMMAND(self):'  where command is the name of your command.  To have code run on a node if the code is already installed you can use 'self.pids.append(spawn('!CommandLineCode'))'  If you want to only run code on a node the user selects as a variable then you can use the function 'self.!VariableName.myNodeMemberOf()' which will return True if the node is in !VariableName. 
    3739
    3840== Next Steps ==