This section describes the functionality of the current reputation service modules and how you can implement your own.
It's possible to add new reputation services by implementing a new sub-module, to do that developers should follow these steps:
Map the responses of the new reputation service, according to this reputation table.
Key | Value |
---|---|
UNVERIFIED | -1 |
NONE | 0 |
LOW | 1 |
MEDIUM | 2 |
HIGH | 3 |
Add a new key for the new reputation service in gti_config.json.
{ "gti" : { … }, "fb" : {… }, "mynewreputationservice":{ "server" : "rep.server.com", "user" : "user-name" } }
Create file structure for new sub-module.
[solution-user@edge-server]$ cd ~/spot-oa/components/reputation/ [solution-user@edge-server]$ mkdir mynewreputationservice [solution-user@edge-server]$ cd mynewreputationservice
Create an empty _ init _.py file.
Add a new file reputation.py. Each sub-module should contain a reputation.py file.
Write your code in reputation.py. The code should contain the follow structure:
6.1 Constructor:
Constructor should receive one config parameter. This parameter correspond to the specific configuration of the service in gti_config.json. When running, dns_oa.py will iterate through each service in the configuration file and create a new instance of each sub-module sending the corresponding configuration for each new instance.
def __init__(sel,conf): #TODO: read configuration. # i.e. # self._server = configuration['sever'] # self._user = configuration['user']
6.2 Implement check method:
Check method should receive a list of urls or IPs to be evaluated and return a dictionary with each element's reputation in the following format {“url”:“reputation”}. Reputation should be a string with 3 elements separated by colon “:” where the first part is the reputation service name, second the reputation label and third the reputation value already defined in step 1.
def check(self,url_list): # connect to service # call service for each url in list or bulk query # translate results to service:label:value format # create new entry to result dictionary {"url":"service:label:value"} # return a dictionary with each url from url_list and the corresponding reputation
Results example:
{ "dns.somethin.com" : "mynewreputationservice:MEDIUM:2", "other.dns.test.org" : "mynewreputationservice:LOW:1", "someother.test.com" : "mynewreputationservice:HIGH:3" }