Site Monitoring - Core Algorithm

Watcher.site_monitoring.core.check_content(site, alert, ua)

Monitor Website Content.

Parameters

site – Site Object.
alert – Alert Integer.
ua – User Agent.

Returns

alert, score

Return type

int, int

Watcher.site_monitoring.core.check_ip(site, alert)

Monitor IP Address.

Parameters

site – Site Object.
alert – Alert Integer.

Returns

alert, new_ip, new_ip_second

Return type

int, str, str

Watcher.site_monitoring.core.check_mail(site, alert)

Monitor Mail (MX Records + mail.example.com).

Parameters

site – Site Object.
alert – Alert Integer.

Returns

alert

Return type

int

Watcher.site_monitoring.core.create_alert(alert, site, new_ip, new_ip_second, score)

Create Alerts & Emails.

Parameters

alert – Alert Integer.
site – Site Object.
new_ip – New IP.
new_ip_second – New Second IP.
score – TLSH Score.

Returns

Watcher.site_monitoring.core.monitoring_check(): Main monitoring function.

Watcher.site_monitoring.core.monitoring_init(site)

Init the monitoring for a specific website.

Parameters: site – Site Object.
Returns

Watcher.site_monitoring.core.previous_alert(site, alert_type, alert_pk)

Check if there was a previous Alert created for the same website in the last hour.

Parameters

alert_pk – Bypass Alert ID.
site – Site Object.
alert_type – Alert type.

Returns

True if there is a previous Alert.

Return type

bool

Watcher.site_monitoring.core.send_email(message, rtir, alert_id)

Send Email alert.

Parameters

alert_id – Alert ID.
message – Subject email end message.
rtir – Identification number of RTIR.

Returns

Watcher.site_monitoring.core.start_scheduler()

Launch multiple planning tasks in background:

Fire monitoring_check from Monday to Sunday : minute=’*/6’

Watcher.site_monitoring.core.tlsh_score(response, site, alert)

Caculate TLSH Score.

Parameters

response – Http response.
site – Site Object.
alert – Alert Integer.

Returns

alert, score

Return type

int, int