Changes in skipping & default configuration

Malcom/analytics/analytics.py

@@ -154,8 +154,8 @@ def bulk_asn(self, items=1000):
                                 ]
                          }
 
-        if self.setup['SKIP_WHITELISTED']:
-            last_analysis['tags'] = {"$nin": ['whitelist']}
+        if self.setup['SKIP_TAGS']:
+            last_analysis['tags'] = {"$nin": self.setup['SKIP_TAGS']}
 
         nobgp = {"$or": [{'bgp': None}, last_analysis]}
 
@@ -292,8 +292,8 @@ def process(self, batch_size=2000):
         self.work_done = False
 
         query = {'next_analysis': {'$lt': datetime.datetime.utcnow()}}
-        if self.setup['SKIP_WHITELISTED']:
-            query['tags'] = {"$nin": ['whitelist']}
+        if self.setup['SKIP_TAGS']:
+            query['tags'] = {"$nin": self.setup['SKIP_TAGS']}
 
         results = [r for r in self.data.elements.find(query)[:batch_size]]
         total_elts = 0

Malcom/config/malconf.py

@@ -60,9 +60,12 @@ def parse_config_file(self, filename):
             self['AUTH'] = config.getboolean('web', 'auth')
 
         if config.has_section('analytics'):
-            self['ANALYTICS'] = config.getboolean('analytics', 'activated')
-            self['MAX_WORKERS'] = config.getint('analytics', 'max_workers')
-            self['SKIP_WHITELISTED'] = config.getboolean('analytics', 'skip_whitelisted')
+            analytics_params = {key.upper(): val for key, val in config.items('analytics')}
+            self.update(analytics_params)
+            self['ANALYTICS'] = bool(analytics_params['ACTIVATED'])
+            self['MAX_WORKERS'] = int(analytics_params['MAX_WORKERS'])
+            self['SKIP_TAGS'] = analytics_params['SKIP_TAGS'].split(',') if analytics_params['SKIP_TAGS'] else []
+            print self
 
         if config.has_section('feeds'):
             self['FEEDS'] = config.getboolean('feeds', 'activated')
@@ -71,12 +74,12 @@ def parse_config_file(self, filename):
             self['EXPORTS_DIR'] = config.get('feeds', 'exports_dir')
 
         if config.has_section('sniffer'):
-            self['SNIFFER'] = config.getboolean('sniffer', 'activated')
-            self['SNIFFER_DIR'] = config.get('sniffer', 'sniffer_dir')
-            self['MODULES_DIR'] = config.get('sniffer', 'modules_dir')
-            self['TLS_PROXY_PORT'] = config.getint('sniffer', 'tls_proxy_port')
-            self['YARA_PATH'] = config.get('sniffer', 'yara_path')
-            self['SNIFFER_NETWORK'] = config.getboolean('sniffer', 'network')
+            sniffer_params = {key.upper(): val for key, val in config.items('sniffer')}
+            self.update(sniffer_params)
+            self['SNIFFER'] = bool(sniffer_params['ACTIVATED'])
+            self['TLS_PROXY_PORT'] = int(sniffer_params['TLS_PROXY_PORT'])
+            self['SNIFFER_NETWORK'] = bool(sniffer_params['NETWORK'])
+
 
         if config.has_section('database'):
             self['DATABASE'] = {}

malcom.conf.example

@@ -16,14 +16,26 @@ exports_dir = exports
 [analytics]
 activated = true
 max_workers = 12
+skip_tags = whitelisted
 
 [sniffer]
+stealth = true
 activated = true
 network = true
 sniffer_dir = sniffer/captures
 modules_dir = sniffer/modules
 tls_proxy_port = 9000
 yara_path = yara
+hide_tags = whitelisted
+
+[modules]
+# You can comment / uncomment modules
+# according to if you want to use
+# them or not
+
+passive_dns
+#yarascan
+#suricata
 
 # databases can be configured here
 
@@ -62,31 +74,4 @@ host = localhost
 # default: None
 #authentication_database = malcom
 
-[feeds]
-# You can comment / uncomment feeds
-# according to if you want to use
-# them or not
-
-AsproxTracker
-CybercrimeTracker
-FeodoTracker
-MalcodeBinaries
-MalwaredRu
-MalwareTrafficAnalysis
-MalwareDomainList
-PalevoTracker
-TorExitNodes
-ZeusTrackerBinaries
-ZeusTrackerConfigs
-ZeusTrackerDropzones
-
-
-[modules]
-# You can comment / uncomment modules
-# according to if you want to use
-# them or not
-
-passive_dns
-#yarascan
-#suricata