def ingestLogFile(self): if self.validated and not self.ingested: logEntries = list() date = datetime.strptime( time.ctime(os.path.getctime(self.filename)), "%a %b %d %H:%M:%S %Y") date = date.strftime("%m/%d/%Y %I:%M %p") if date[0] == "0": date = date[1:] firstHalf = date[:date.index(" ") + 1] secondHalf = date[date.index(" ") + 1:] if secondHalf[0] == "0": secondHalf = secondHalf[1:] date = firstHalf + secondHalf lineNumber = 0 for line in self.lines: logEntry = LogEntry() logEntry.date = date logEntry.description = line logEntry.creator = self.creator logEntry.eventType = self.eventType logEntry.artifact = self.filename logEntry.lineNumber = lineNumber logEntry.id = logEntry.artifact + "_" + str( logEntry.lineNumber) logEntries.append(logEntry) lineNumber += 1 self.ingested = True return logEntries return None
def __init__(self): self.logEntries = dict() self.logEntriesInTable = list() self.searchLogEntryTableWidget = None self.colNamesInSearchLogsTable = list() self.vectorManager = None self.nextAvailableId = 5 ids = [0, 1, 2, 3, 4] dates = ["1/26/20", "1/26/20", "1/26/20", "1/26/20", "1/26/20"] teams = [ LogEntry.BLUE_TEAM, LogEntry.WHITE_TEAM, LogEntry.BLUE_TEAM, LogEntry.RED_TEAM, LogEntry.BLUE_TEAM ] descriptions = [ "Blue Team Defender Turns on Computer.", "White Team Analyst Starts Taking Notes.", "SQL Injection attack from Red Team.", "Cross-Site Scripting Attack from Red Team.", "Blue Team Defender turns off computer." ] artifacts = [ "blue_log.csv", "white_recording.png", "red_attack.txt", "red_escalation.txt", "blue_response.csv" ] for i in range(len(descriptions)): logEntry = LogEntry() logEntry.date = dates[i] logEntry.description = descriptions[i] logEntry.creator = teams[i] logEntry.id = ids[i] logEntry.artifact = artifacts[i] self.logEntries[ids[i]] = logEntry self.logEntriesInTable = list(self.logEntries.values())
def retrieveLogEntriesDb(self): self.logEntries.clear() for entry in self.col.find(): logEntry = LogEntry() logEntry.id = entry["_id"] logEntry.associatedVectors = eval(entry["vectors"]) logEntry.location = entry["location"] logEntry.eventType = entry["eventType"] logEntry.description = entry["description"] logEntry.creator = entry["creator"] logEntry.date = entry["date"] logEntry.artifact = entry["artifact"] logEntry.lineNumber = entry["lineNumber"] self.logEntries[logEntry.id] = logEntry
def retrieveLogEntryDb(self, logEntryId): query = {"id": str(logEntryId)} logEntry = None for entry in self.col.find(query): logEntry = LogEntry() logEntry.id = entry["_id"] logEntry.associatedVectors = eval(entry["vectors"]) logEntry.location = entry["location"] logEntry.eventType = entry["eventType"] logEntry.description = entry["description"] logEntry.creator = entry["creator"] logEntry.date = entry["date"] logEntry.artifact = entry["artifact"] logEntry.lineNumber = entry["lineNumber"] return logEntry
def ingestLogFile(self): if self.validated and not self.ingested: logEntries = list() lineNumber = 0 for line in self.lines: logEntry = LogEntry() timestamp = self.timestamps[lineNumber] timestampAsDate = datetime.strptime(timestamp, "%Y-%m-%d %H:%M:%S") formattedDate = timestampAsDate.strftime("%m/%d/%Y %I:%M %p") logEntry.date = formattedDate logEntry.description = line logEntry.creator = self.creator logEntry.eventType = self.eventType logEntry.artifact = self.filename logEntry.lineNumber = lineNumber logEntry.id = logEntry.artifact + "_" + str( logEntry.lineNumber) logEntries.append(logEntry) lineNumber += 1 self.ingested = True return logEntries return None