def post(self): wazuhlogin() agentName = request.json.get("agent") result = [] agentid = "" for r in callWazuhApi("/agents")["data"]["affected_items"]: if r["name"] == agentName: agentid = r["id"] break apiResult = callWazuhApi("/syscollector/" + agentid + "/packages")["data"]["affected_items"] for r in apiResult: dic = {} dic["Program"] = r["name"] if "vendor" in r: dic["Company"] = r["vendor"] else: dic["Company"] = "..." if "location" in r: dic["Path"] = r["location"] else: dic["Path"] = "Unknown" if "install_time" in r: dic["Install_time"] = r["install_time"] else: dic["Install_time"] = "Unknown" result.append(dic) return result
def get(self): wazuhlogin() agents = [] result = [] for r in callWazuhApi("/agents")["data"]["affected_items"]: if r["id"] == '000' or r["status"] == "never_connected": continue agents.append({"id": r["id"], "name": r["name"]}) cnt = 1 # for id for a in agents: apiResult = callWazuhApi("/syscollector/" + a["id"] + "/packages")["data"]["affected_items"] group = pd.DataFrame(apiResult).groupby( "vendor").count()["agent_id"] vendorCount = [] for v in list(group.index): vendorCount.append({"Company": v, "count": int(group[v])}) result.append({ "id": cnt, "agent": a["name"], "count": len(apiResult), "companyCount": vendorCount }) cnt += 1 return result
def get(self): """get Agent info => ip,name,status!""" wazuhlogin() agents = [] for r in callWazuhApi("/agents")["data"]["affected_items"]: # Manage PC는 제외 if r["id"] == '000' or r["status"] == "never_connected": continue agents.append( {"name": r["name"], "ip": r["ip"], "status": r["status"]}) return agents
def post(self): """Agent의 이름을 받아서 사용중인 PortData를 가져옵니다!""" wazuhlogin() agentName = request.json.get("agent") result = [] agentid = "" for r in callWazuhApi("/agents")["data"]["affected_items"]: if r["name"] == agentName: agentid = r["id"] break apiResult = callWazuhApi("/syscollector/" + agentid + "/ports")["data"]["affected_items"] for r in apiResult: if "state" in r: result.append({ "InnerIP": r["local"]["ip"], "InnerPort": r["local"]["port"], "OutIP": r["remote"]["ip"], "OutPort": r["remote"]["port"], "status": r["state"], "protocol": r["protocol"], "process": r["process"] }) return result
def post(self): """Agent의 이름을 받아서 사용중인 ProcessData를 가져옵니다!""" wazuhlogin() agentName = request.json.get("agent") result = [] agentid = "" for r in callWazuhApi("/agents")["data"]["affected_items"]: if r["name"] == agentName: agentid = r["id"] break apiResult = callWazuhApi("/syscollector/" + agentid + "/processes")["data"]["affected_items"] t = apiResult[0]["scan"]["time"].replace("Z", "").replace("T", " ") for r in apiResult: if "cmd" in r: result.append({ "process": r["name"], "PID": r["pid"], "PPID": r["ppid"], "session": r["session"], "InThreads": r["nlwp"], "priority": r["priority"], "Command": r["cmd"] }) else: result.append({ "process": r["name"], "PID": r["pid"], "PPID": r["ppid"], "session": r["session"], "InThreads": r["nlwp"], "priority": r["priority"], "Command": "..." }) data = {"result": result, "time": t} return data
def post(self): """agent-날짜 로 count해서 chart에 뿌릴 데이터를 로드합니다""" agents = [] daysago = request.json.get("date") # get agentlist from wazuh wazuhlogin() for r in callWazuhApi("/agents")["data"]["affected_items"]: agents.append(r["name"]) print(agents) result = [] # query result chartdata = [] for a in agents: body = { "size": 10000, "query": { "bool": { "must": [{ "match": { "data.win.system.eventID": 6 } }, { "match": { "agent.name": a } }, { "range": { "@timestamp": { "gte": "now-" + str(daysago) + "d/d", "lt": "now" } } }] } }, "aggs": { "date_his": { "date_histogram": { "field": "timestamp", "interval": "day" } } } } for r in es.search( index="wazuh-alerts*", body=body)["aggregations"]["date_his"]["buckets"]: time = r["key_as_string"][0:10] count = r["doc_count"] result.append({"agent": a, "time": time, "count": count}) # panda로LineChart형태로 array를 바꿔줌 dates = pd.date_range(datetime.date.today() - datetime.timedelta(days=daysago), periods=daysago + 1) # pandas로 만들어진 df에 정보입력 df = pd.DataFrame(np.zeros((daysago + 1, len(agents)), int), index=dates, columns=agents) for r in result: df.at[r["time"], r["agent"]] += r["count"] # 반환해줄 chartdata array에 column값 넣기 column = ["Date"] for a in df.columns: column.append(a) chartdata.append(column) # 반환해줄 chartdata에 날짜랑 해서 데이터 넣기 for i, r in enumerate(np.array(df).tolist()): r.insert(0, df.index[i].strftime("%Y-%m-%d")) chartdata.append(r) return chartdata