Minor model additions from discussion (2024-12-04) (#4023)

vertexproject · Dec 5, 2024 · 122f826 · 122f826
1 parent 8876251
commit 122f826
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 1 deletion.
diff --git a/synapse/models/base.py b/synapse/models/base.py
@@ -99,6 +99,9 @@ def getModelDefs(self):
                     'deprecated': True,
                     'doc': 'A generic digraph time edge to show relationships outside the model.'}),
 
+                ('meta:activity', ('int', {'enums': prioenums, 'enums:strict': False}), {
+                    'doc': 'A generic activity level enumeration.'}),
+
                 ('meta:priority', ('int', {'enums': prioenums, 'enums:strict': False}), {
                     'doc': 'A generic priority enumeration.'}),
 
@@ -182,6 +185,12 @@ def getModelDefs(self):
 
                     ('url', ('inet:url', {}), {
                         'doc': 'A URL which documents the meta source.'}),
+
+                    ('ingest:latest', ('time', {}), {
+                        'doc': 'Used by ingest logic to capture the last time a feed ingest ran.'}),
+
+                    ('ingest:offset', ('int', {}), {
+                        'doc': 'Used by ingest logic to capture the current ingest offset within a feed.'}),
                 )),
 
                 ('meta:seen', {}, (

diff --git a/synapse/models/risk.py b/synapse/models/risk.py
@@ -279,6 +279,9 @@ def getModelDefs(self):
                     ('active', ('ival', {}), {
                         'doc': 'An interval for when the threat cluster is assessed to have been active.'}),
 
+                    ('activity', ('meta:activity', {}), {
+                        'doc': 'The most recently assessed activity level of the threat cluster.'}),
+
                     ('reporter', ('ou:org', {}), {
                         'doc': 'The organization reporting on the threat cluster.'}),
 
@@ -1078,6 +1081,9 @@ def getModelDefs(self):
                         'ex': 'nature.earthquake',
                         'doc': 'The outage cause type.'}),
 
+                    ('attack', ('risk:attack', {}), {
+                        'doc': 'An attack which caused the outage.'}),
+
                     ('provider', ('ou:org', {}), {
                         'doc': 'The organization which experienced the outage event.'}),
 

diff --git a/synapse/tests/test_model_base.py b/synapse/tests/test_model_base.py
@@ -222,13 +222,23 @@ async def test_model_base_source(self):
 
         async with self.getTestCore() as core:
 
-            nodes = await core.nodes('[meta:source="*" :name="FOO Bar" :type=osint :url="https://foo.bar/index.html"]')
+            nodes = await core.nodes('''
+                [meta:source="*"
+                    :name="FOO Bar"
+                    :type=osint
+                    :url="https://foo.bar/index.html"
+                    :ingest:latest=20241205
+                    :ingest:offset=17
+                ]
+            ''')
             self.len(1, nodes)
             sorc = nodes[0]
 
             self.eq(sorc.get('type'), 'osint')
             self.eq(sorc.get('name'), 'foo bar')
             self.eq(sorc.get('url'), 'https://foo.bar/index.html')
+            self.eq(sorc.get('ingest:offset'), 17)
+            self.eq(sorc.get('ingest:latest'), 1733356800000)
 
             valu = (sorc.ndef[1], ('inet:fqdn', 'woot.com'))
             nodes = await core.nodes('[meta:seen=$valu]', opts={'vars': {'valu': valu}})

diff --git a/synapse/tests/test_model_risk.py b/synapse/tests/test_model_risk.py
@@ -379,6 +379,7 @@ async def addNode(text):
                     :desc=VTX-APT1
                     :tag=cno.threat.apt1
                     :active=(2012,2023)
+                    :activity=high
                     :reporter=*
                     :reporter:name=mandiant
                     :reporter:discovered=202202
@@ -400,6 +401,7 @@ async def addNode(text):
             self.len(1, nodes)
             self.eq('vtx-apt1', nodes[0].get('name'))
             self.eq('VTX-APT1', nodes[0].get('desc'))
+            self.eq(40, nodes[0].get('activity'))
             self.eq('apt1', nodes[0].get('org:name'))
             self.eq('ua', nodes[0].get('country:code'))
             self.eq('cn.shanghai', nodes[0].get('org:loc'))
@@ -546,11 +548,13 @@ async def addNode(text):
                     :cause=nature.earthquake
                     :provider={[ ou:org=* :name="desert power" ]}
                     :provider:name="desert power"
+                    :attack={[ risk:attack=* ]}
                     :reporter={ ou:org:name=vertex }
                     :reporter:name=vertex
                 ]
             ''')
             self.len(1, nodes)
+            self.nn(nodes[0].get('attack'))
             self.nn(nodes[0].get('reporter'))
             self.eq('the big one', nodes[0].get('name'))
             self.eq('vertex', nodes[0].get('reporter:name'))
@@ -559,6 +563,7 @@ async def addNode(text):
             self.eq('nature.earthquake.', nodes[0].get('cause'))
             self.eq((1672531200000, 1704067200000), nodes[0].get('period'))
 
+            self.len(1, await core.nodes('risk:outage -> risk:attack'))
             self.len(1, await core.nodes('risk:outage -> risk:outage:cause:taxonomy'))
             self.len(1, await core.nodes('risk:outage :reporter -> ou:org +:name=vertex'))
             self.len(1, await core.nodes('risk:outage :provider -> ou:org +:name="desert power"'))