Beispiel #1
0
    def GetReportData(self, get_report_args, token):
        """Filter the last week of user actions."""
        ret = rdf_report_plugins.ApiReportData(
            representation_type=rdf_report_plugins.ApiReportData.
            RepresentationType.PIE_CHART)

        try:
            timerange_offset = get_report_args.duration
            timerange_end = get_report_args.start_time + timerange_offset

            counts = {}
            try:
                for event in report_utils.GetAuditLogEntries(
                        timerange_offset, timerange_end, token):
                    counts.setdefault(event.user, 0)
                    counts[event.user] += 1
            except ValueError:  # Couldn't find any logs..
                pass

            ret.pie_chart.data = sorted(
                (rdf_report_plugins.ApiReportDataPoint1D(x=count, label=user)
                 for user, count in counts.iteritems()
                 if user not in aff4_users.GRRUser.SYSTEM_USERS),
                key=lambda series: series.label)

        except IOError:
            pass

        return ret
Beispiel #2
0
    def GetReportData(self, get_report_args, token):
        """Filter the cron job approvals in the given timerange."""
        ret = rdf_report_plugins.ApiReportData(
            representation_type=rdf_report_plugins.ApiReportData.
            RepresentationType.AUDIT_CHART,
            audit_chart=rdf_report_plugins.ApiAuditChartReportData(
                used_fields=self.__class__.USED_FIELDS))

        try:
            timerange_offset = get_report_args.duration
            timerange_end = get_report_args.start_time + timerange_offset

            rows = []
            try:
                for event in report_utils.GetAuditLogEntries(
                        timerange_offset, timerange_end, token):
                    if event.action in self.__class__.TYPES:
                        rows.append(event)

            except ValueError:  # Couldn't find any logs..
                pass

        except IOError:
            pass

        rows.sort(key=lambda row: row.timestamp, reverse=True)
        ret.audit_chart.rows = rows

        return ret
Beispiel #3
0
def _LoadAuditEvents(handlers,
                     get_report_args,
                     actions=None,
                     token=None,
                     transformers=None):
    """Returns AuditEvents for given handlers, actions, and timerange."""
    if transformers is None:
        transformers = {}

    if data_store.RelationalDBReadEnabled():
        entries = data_store.REL_DB.ReadAPIAuditEntries(
            min_timestamp=get_report_args.start_time,
            max_timestamp=get_report_args.start_time +
            get_report_args.duration,
            router_method_names=list(handlers.keys()))
        rows = [
            _EntryToEvent(entry, handlers, transformers) for entry in entries
        ]
    else:
        entries = report_utils.GetAuditLogEntries(
            offset=get_report_args.duration,
            now=get_report_args.start_time + get_report_args.duration,
            token=token)
        if actions is None:
            actions = set(handlers.values())
        rows = [entry for entry in entries if entry.action in actions]
    rows.sort(key=lambda row: row.timestamp, reverse=True)
    return rows
Beispiel #4
0
    def GetReportData(self, get_report_args, token):
        ret = rdf_report_plugins.ApiReportData(
            representation_type=rdf_report_plugins.ApiReportData.
            RepresentationType.STACK_CHART,
            stack_chart=rdf_report_plugins.ApiStackChartReportData(x_ticks=[]))

        # TODO(user): move the calculation to a cronjob and store results in
        # AFF4.
        try:
            timerange_offset = get_report_args.duration
            timerange_end = get_report_args.start_time + timerange_offset

            # Store run count total and per-user
            counts = {}
            try:
                for event in report_utils.GetAuditLogEntries(
                        timerange_offset, timerange_end, token):
                    if (event.action == rdf_events.AuditEvent.Action.RUN_FLOW
                            and self.UserFilter(event.user)):
                        counts.setdefault(event.flow_name, {
                            "total": 0,
                            event.user: 0
                        })
                        counts[event.flow_name]["total"] += 1
                        counts[event.flow_name].setdefault(event.user, 0)
                        counts[event.flow_name][event.user] += 1
            except ValueError:  # Couldn't find any logs..
                pass

            for i, (flow, countdict) in enumerate(
                    sorted(counts.iteritems(),
                           key=lambda x: x[1]["total"],
                           reverse=True)):
                total_count = countdict["total"]
                countdict.pop("total")
                topusercounts = sorted(countdict.iteritems(),
                                       key=operator.itemgetter(1),
                                       reverse=True)[:3]
                topusers = ", ".join("%s (%s)" % (user, count)
                                     for user, count in topusercounts)

                ret.stack_chart.data.append(
                    rdf_report_plugins.ApiReportDataSeries2D(
                        # \u2003 is an emspace, a long whitespace character.
                        label=u"%s\u2003Run By: %s" % (flow, topusers),
                        points=[
                            rdf_report_plugins.ApiReportDataPoint2D(
                                x=i, y=total_count)
                        ]))

        except IOError:
            pass

        return ret
Beispiel #5
0
 def _GetUserCounts(self, get_report_args, token=None):
     if data_store.RelationalDBReadEnabled():
         entries = data_store.REL_DB.ReadAPIAuditEntries(
             min_timestamp=get_report_args.start_time,
             max_timestamp=get_report_args.start_time +
             get_report_args.duration)
         return collections.Counter(entry.username for entry in entries)
     else:
         events = report_utils.GetAuditLogEntries(
             offset=get_report_args.duration,
             now=get_report_args.start_time + get_report_args.duration,
             token=token)
         return collections.Counter(event.user for event in events)
Beispiel #6
0
 def _GetUserCounts(self, get_report_args, token=None):
     if data_store.RelationalDBReadEnabled():
         counter = collections.Counter()
         entries = data_store.REL_DB.CountAPIAuditEntriesByUserAndDay(
             min_timestamp=get_report_args.start_time,
             max_timestamp=get_report_args.start_time +
             get_report_args.duration)
         for (username, _), count in iteritems(entries):
             counter[username] += count
         return counter
     else:
         events = report_utils.GetAuditLogEntries(
             offset=get_report_args.duration,
             now=get_report_args.start_time + get_report_args.duration,
             token=token)
         return collections.Counter(event.user for event in events)
Beispiel #7
0
    def _GetFlows(self, get_report_args, token):
        counts = collections.defaultdict(collections.Counter)

        if data_store.RelationalDBReadEnabled():
            flows = data_store.REL_DB.ReadAllFlowObjects(
                min_create_time=get_report_args.start_time,
                max_create_time=get_report_args.start_time +
                get_report_args.duration,
                include_child_flows=False)

            for flow in flows:
                if self.IncludeUser(flow.creator):
                    counts[flow.flow_class_name][flow.creator] += 1
        else:
            counts = collections.defaultdict(collections.Counter)
            for event in report_utils.GetAuditLogEntries(
                    offset=get_report_args.duration,
                    now=get_report_args.start_time + get_report_args.duration,
                    token=token):
                if (event.action == rdf_events.AuditEvent.Action.RUN_FLOW
                        and self.IncludeUser(event.user)):
                    counts[event.flow_name][event.user] += 1

        return counts