identities module¶

The identities module is part of the nmeta suite

It provides an abstraction for participants (identities), using a MongoDB database for storage and data retention maintenance.

Identities are identified via TBD....

There are methods (see class docstring) that provide harvesting of identity metadata and various retrieval searches

class identities.Identities(config)¶

Bases: baseclass.BaseClass

An object that represents identity metadata

Variables available for Classifiers (assumes class instantiated as an object called ‘ident’):

ident.TBD

TBD

ident.harvest(pkt, flow.packet)

TBD

ident.findbymac(mac_address)

Challenges (not handled - yet):

TBD

class Identity¶

Bases: object

An object that represents an individual Identity Indicator

dbdict()¶: Return a dictionary object of identity metadata parameters for storing in the database

Identities.findbymac(mac_addr)¶: TEST FIND BY MAC ADDR DOC TBD

Identities.findbynode(host_name, harvest_type='any', regex=False)¶

Find by node name Pass it the name of the node to search for. Additionally, can set:

regex=True Treat service_name as a regular expression harvest_type= Specify what type of harvest (i.e. DHCP)

Returns boolean

Identities.findbyservice(service_name, harvest_type='any', regex=False, ip_address='any')¶

Find by service name Pass it the name of the service to search for. Additionally, can set:

regex=True Treat service_name as a regular expression harvest_type= Specify what type of harvest (i.e. DNS_A) ip_address= Look for specific IP address

Returns boolean

Identities.harvest(pkt, flow_pkt)¶: Passed a raw packet and packet metadata from flow object. Check a packet_in event and harvest any relevant identity indicators to metadata

Identities.harvest_arp(pkt, flow_pkt)¶: Harvest ARP identity metadata into database. Passed packet-in metadata from flow object. Check ARP reply and harvest identity indicators to metadata

Identities.harvest_dhcp(flow_pkt)¶: Harvest DHCP identity metadata into database. Passed packet-in metadata from flow object. Check LLDP TLV fields and harvest any relevant identity indicators to metadata

Identities.harvest_dns(flow_pkt)¶: Harvest DNS identity metadata into database. Passed packet-in metadata from flow object. Check DNS answer(s) and harvest any relevant identity indicators to metadata

Identities.harvest_lldp(flow_pkt)¶: Harvest LLDP identity metadata into database. Passed packet-in metadata from flow object. Check LLDP TLV fields and harvest any relevant identity indicators to metadata

identities.mac_addr(address)¶: Convert a MAC address to a readable/printable string