def getGrid():
query = dashboard.gridQuery
results = db_session.execute(query)
results_list = []
for _row in results:
dict_row = dict()
dict_row['date'] = _row[0]
dict_row['cnc'] = _row[1]
dict_row['spread'] = _row[2]
dict_row['bcode'] = _row[3]
dict_row['total'] = _row[1] + _row[2] + _row[3]
results_list.append(dict_row)
return json.dumps(results_list, cls=DecimalEncoder)
def getLineChartData():
query = dashboard.linechartQuery
results = db_session.execute(query)
results_list = []
for _row in results:
results_list.append(_row)
now = datetime.datetime.now()
timetable = []
chartdata = OrderedDict()
series = []
for _dd in range(0, 10):
_now = datetime.datetime.now() - datetime.timedelta(
days=9) + datetime.timedelta(days=_dd)
_series = dict()
_series['xaxis'] = _now.strftime('%Y-%m-%d')
_series['date'] = _now.strftime('%m월%d일')
isCncExists = False
isSpreadExists = False
isCode = False
for row in results_list:
if row['date'] == _series['xaxis']:
if row is not None:
if row['Code'] == '001':
isCncExists = True
_series['CNC'] = row['count']
elif row['Code'] == '003':
isSpreadExists = True
_series['spread'] = row['count']
elif row['Code'] == "-":
isCode = True
_series['bcode'] = row['count']
if isCncExists != True:
_series['CNC'] = 0
if isSpreadExists != True:
_series['spread'] = 0
if isCode != True:
_series['bcode'] = 0
series.append(_series)
chartdata['data'] = series
result = chartdata
return json.dumps(result)
def getBarChartData():
query = dashboard.barchartQuery
results = db_session.execute(query)
results_list = []
for _row in results:
results_list.append(_row)
now = datetime.datetime.now()
timetable = []
chartdata = OrderedDict()
series = []
for _dd in range(0, 10):
_now = datetime.datetime.now() - datetime.timedelta(
days=9) + datetime.timedelta(days=_dd)
_series = dict()
_series['xaxis'] = _now.strftime('%Y-%m-%d')
_series['date'] = _now.strftime('%m월%d일')
isExists = False
for row in results_list:
if row['date'] == _series['xaxis']:
if row is not None:
isExists = True
count = row['count']
_series['value'] = int(count)
if isExists != True:
_series['value'] = 0
series.append(_series)
chartdata['data'] = series
result = chartdata
return json.dumps(result)
def getTopBoard():
query = dashboard.topboardQuery
results = db_session.execute(query)
total = 0
before_total = 0
totalMaliciousCodeCount = 0
totalTodayUriAnalysisCount = 0
totalTodayUriAnalysisCountNPC = 0
totalTodayUriAnalysisCountIMAS = 0
totalTodayMaliciousFileCount = 0
totalTodayMaliciousFileCountIMAS = 0
totalTodayMaliciousFileCountNPC = 0
totalTodayMaliciousFileCountZombieZero = 0
totalMaliciousUrlCount = 0
totalMaliciousUrlCountRDBMS = 0
totalMaliciousFileCountRDBMS = 0
totalYesterdayMaliciousUrlCount = 0
totalYesterdayMaliciousFileCount = 0
#blackList count query to MySQL
blackListQueryResult = Rules_BlackList.query
blackListQueryResult = blackListQueryResult.filter_by(source=750)
blackListQueryResult = blackListQueryResult.count()
totalMaliciousFileCountRDBMS = blackListQueryResult
#CNC url count by RDBMS
cncRuleQueryResult = Rules_CNC.query
cncRuleQueryResult = cncRuleQueryResult.count()
totalMaliciousUrlCountRDBMS = cncRuleQueryResult
es = Elasticsearch([{
'host': app.config['ELASTICSEARCH_URI'],
'port': app.config['ELASTICSEARCH_PORT']
}])
##total Malicious code count
# query_type = ""
# doc = totalMaliciousQuery(request, query_type)
# res = es.search(index="gsp*" + "", doc_type="analysis_results", body=doc)
# totalMaliciousCodeCount = int(res['hits']['total']) #Total malicious code count
##total malicious url count
# MFdoc = totalMaliciousUrlQuery(request, "uri")
# res = es.search(index="gsp*" + "", doc_type="analysis_results", body=MFdoc)
# totalMaliciousUrlCount = int(res['hits']['total'])
##total tody uri analysis count NPC
MUdoc = todayURLFileCount("uri", "NPC")
res = es.count(index="gsp*" + "", doc_type="analysis_results", body=MUdoc)
totalTodayUriAnalySisCountNPC = res['count']
##total tody uri analysis count NPC
MUdoc = todayURLFileCount("uri", "IMAS")
res = es.count(index="gsp*" + "", doc_type="analysis_results", body=MUdoc)
totalTodayUriAnalySisCountIMAS = res['count']
##total today file analysis count NPC
MFdoc = todayURLFileCount("file", "NPC")
res = es.count(index="gsp*" + "", doc_type="analysis_results", body=MFdoc)
totalTodayMaliciousFileCountNPC = res['count']
##total today file analysis count IMAS
MFdoc = todayURLFileCount("file", "IMAS")
res = es.count(index="gsp*" + "", doc_type="analysis_results", body=MFdoc)
totalTodayMaliciousFileCountIMAS = res['count']
##total today file analysis count ZombieZero
MFdoc = todayURLFileCount("file", "zombie zero")
res = es.count(index="gsp*" + "", doc_type="analysis_results", body=MFdoc)
totalTodayMaliciousFileCountZombieZero = res['count']
# MFdoc = todayFileAnalysis(request, "file")
# res = es.search(index="gsp*" + "", doc_type="analysis_results", body=MFdoc)
# totalTodayMaliciousFileCount = int(res['hits']['total'])
##total yesterday malicious url count
MFdoc = dashboard.yesterdayUrlFileAnalysis(request, "uri")
res = es.search(index="gsp*" + "", doc_type="analysis_results", body=MFdoc)
totalYesterdayMaliciousUrlCount = int(res['hits']['total'])
##total yesterday malicious file count
MFdoc = dashboard.yesterdayUrlFileAnalysis(request, "file")
res = es.search(index="gsp*" + "", doc_type="analysis_results", body=MFdoc)
totalYesterdayMaliciousFileCount = int(res['hits']['total'])
result = dict()
result['spread'] = 0
result['cnc'] = 0
result['bcode'] = 0
result['before_spread'] = 0
result['before_cnc'] = 0
result['before_bcode'] = 0
result['link'] = 0
result['before_link'] = 0
result['uri'] = 0
result['before_uri'] = 0
result['file'] = 0
result['before_file'] = 0
result['totalTodayUriAnalysisCount'] = 0
result['totalTodayUriAnalysisCountNPC'] = 0
result['totalTodayUriAnalysisCountIMAS'] = 0
result['totalTodayMaliciousFileCount'] = 0
result['totalTodayMaliciousFileCountNPC'] = 0
result['totalTodayMaliciousFileCountIMAS'] = 0
result['totalTodayMaliciousFileCountZombieZero'] = 0
result['totalMaliciousUrlQuery'] = 0
result['totalYesterdayMaliciousUrlCount'] = 0
result['totalYesterdayMaliciousFileCount'] = 0
#region db 쿼리
for _row in results:
if _row['date'] == datetime.datetime.now().strftime("%Y-%m-%d"):
if _row['Code'] == "003":
result['spread'] = _row['count']
elif _row['Code'] == "001":
result['cnc'] = _row['count']
elif _row['Code'] == "-":
result['bcode'] = _row['count']
total += _row['count']
else:
if _row['Code'] == "003":
result['before_spread'] = _row['count']
elif _row['Code'] == "001":
result['before_cnc'] = _row['count']
elif _row['Code'] == "-":
result['before_bcode'] = _row['count']
before_total += _row['count']
#endregion eb 쿼리
index = app.config['ELASTICSEARCH_INDEX_HEAD'] + datetime.datetime.now(
).strftime('%Y.%m.%d')
#region es 쿼리
query = dashboard.topboardEsQuery("now-1d/d", "now/d")
es = Elasticsearch([{
'host': app.config['ELASTICSEARCH_URI'],
'port': int(app.config['ELASTICSEARCH_PORT'])
}])
res = es.search(index="gsp*", body=query,
request_timeout=30) #url_crawlds 인덱스 문제로 임시 해결책 18-03-06
for _row in res['aggregations']['types']['buckets']:
if _row['key'] == "link_dna_tuple5":
result['link'] = _row['doc_count']
total += _row['doc_count']
elif _row['key'] == "url_jobs":
result['uri'] = _row['doc_count']
total += _row['doc_count']
elif _row['key'] == "url_crawleds":
result['file'] = _row['doc_count']
total += _row['doc_count']
index = app.config['ELASTICSEARCH_INDEX_HEAD'] + datetime.datetime.now(
).strftime('%Y.%m.%d')
query = dashboard.topboardEsQuery("now-2d/d", "now-1d/d")
es = Elasticsearch([{
'host': app.config['ELASTICSEARCH_URI'],
'port': int(app.config['ELASTICSEARCH_PORT'])
}])
res = es.search(index="gsp*", body=query,
request_timeout=30) #url_crawlds 인덱스 문제로 임시 해결책 18-03-06
for _row in res['aggregations']['types']['buckets']:
if _row['key'] == "link_dna_tuple5":
result['before_link'] = _row['doc_count']
before_total += _row['doc_count']
elif _row['key'] == "url_jobs":
result['before_uri'] = _row['doc_count']
before_total += _row['doc_count']
elif _row['key'] == "url_crawleds":
result['before_file'] = _row['doc_count']
before_total += _row['doc_count']
#endregion es 쿼리
# result['bcode'] = 34
# result['before_bcode'] = 11
# result['spread'] = 35
# result['before_spread'] = 21
# result['before_cnc'] = 7
# result['file'] = 1752
# result['before_file'] = 1127
result['totalTodayUriAnalysisCount'] = totalTodayUriAnalysisCount
result['totalTodayMaliciousFileCount'] = totalTodayMaliciousFileCount
result['totalMaliciousUrlCount'] = totalMaliciousUrlCountRDBMS
result['totalYesterdayMaliciousUrlCount'] = totalYesterdayMaliciousUrlCount
result[
'totalYesterdayMaliciousFileCount'] = totalYesterdayMaliciousFileCount
result['totalTodayUriAnalysisCountNPC'] = totalTodayUriAnalySisCountNPC
result['totalTodayUriAnalysisCountIMAS'] = totalTodayUriAnalySisCountIMAS
result['totalTodayMaliciousFileCountNPC'] = totalTodayMaliciousFileCountNPC
result[
'totalTodayMaliciousFileCountIMAS'] = totalTodayMaliciousFileCountIMAS
result[
'totalTodayMaliciousFileCountZombieZero'] = totalTodayMaliciousFileCountZombieZero
result['cnc'] = totalMaliciousFileCountRDBMS
result['cnc_before'] = 13
result['total'] = total
result['before_total'] = before_total
return json.dumps(result)