anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(clustering): roll session digraph SimHashes into identity centroid

Browse Source 
The identity clusterer folds an identity's per-session
motor.digraph_simhash observations into one 8-byte bitwise-majority
centroid (denoises per-session jitter) and writes it to
AttackerIdentity.kd_digraph_simhash via update_identity_fingerprints —
the orphaned column is now populated. list_identities_for_clustering
projects it so the campaign clusterer can read it.

Extends the repo abstract + DummyRepo stub/coverage.
This commit is contained in:
anti
2026-06-16 17:05:34 -04:00
parent 66c73ce59d
commit 869d1eabb7
7 changed files with 150 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
decnet/web/db/sqlmodel_repo/identities.py
View File

@@ -173,6 +173,7 @@ class IdentitiesMixin(_MixinBase):
ja3_hashes: Optional[str] = None,
hassh_hashes: Optional[str] = None,
tls_cert_sha256: Optional[str] = None,
kd_digraph_simhash: Optional[bytes] = None,
) -> None:
statement = (
update(AttackerIdentity)
@@ -181,6 +182,7 @@ class IdentitiesMixin(_MixinBase):
ja3_hashes=ja3_hashes,
hassh_hashes=hassh_hashes,
tls_cert_sha256=tls_cert_sha256,
kd_digraph_simhash=kd_digraph_simhash,
updated_at=datetime.now(timezone.utc),
)
)