pyoaev.signatures.signature_type

Module Contents

class pyoaev.signatures.signature_type.SignatureType(label: pyoaev.signatures.types.SignatureTypes, match_type: pyoaev.signatures.types.MatchTypes = MatchTypes.MATCH_TYPE_SIMPLE, match_score: int = None)

Describes a signature of some time and a matching policy

Parameters:

• label (SignatureTypes) – Type specifier

• match_type – the matching policy to use when trying

to match this signature type, e.g. fuzzy, simple… :type match_type: MatchTypes :param match_score: if the matching type is fuzzy, this is the score to use as threshold, defaults to None :type match_score: int, optional

label

match_policy

make_struct_for_matching(data)

Provided some data, formats a dictionary specifying the matching policy to use by the helper to match expected signatures (from expectations) with actual, alert signatures (from the security software)

Parameters:

data – arbitrary data, but most often string or a number primitive

Type:

Any

Returns:

dictionary of matching specifiers:: {

”type”: str, “data”: any, “score”: (optional) int

}

Return type:

dict