def vul_asset_rate(self, cell, threshold):
"""漏洞资产占比
"""
vul_ips = es_common.get_business_es(key='vul-vul_ip_count',
field='data.vul_ip',
start_time=self.start_time,
end_time=self.end_time)
vul_asset_rate = 0
vul_asset = {"未知": 0}
vul_ips_distinct = set([vul_ip["name"] for vul_ip in vul_ips])
for vul_ip in vul_ips_distinct:
for location, ips in self.locations_ip.items():
# 从 locations_ip里查询ip位置 如果没查到,归为未知IP
if location not in vul_asset:
vul_asset[location] = 0
if vul_ip in ips:
vul_asset[location] += 1
break
# else:
# vul_asset["未知"] += 1
total_asset = sum(self.locations.values())
vul_asset_rate = sum(vul_asset.values()) / \
float(total_asset) * 100 if total_asset else 0
logger_it("总资产", total_asset)
logger_it("漏洞资产占比", vul_asset_rate)
yes, msg = self.check_single_value(vul_asset_rate, cell, threshold)
return yes, msg
def vul_localtion_count(self, cell, threshold):
"""
"""
# 单位漏洞数
vul_ips = es_common.get_business_es(key='vul-vul_ip_count',
field='data.vul_ip',
start_time=self.start_time,
end_time=self.end_time)
vul_loc = {"未知": 0} # 一直保持未知是0
for vul_ip in vul_ips:
for location, ips in self.locations_ip.items():
# 从 locations_ip里查询ip位置 如果没查到,归为未知IP
if location not in vul_loc:
vul_loc[location] = 0
if vul_ip["name"] in ips:
vul_loc[location] += vul_ip["count"]
break
# else:
# vul_loc["未知"] += 1
logger_it("单位漏洞数", vul_loc)
items = []
for n, v in vul_loc.items():
if n != "未知":
items.append({"name": n, "value": v})
yes, msgs = self.check_multi_values(items, cell, threshold)
return yes, msgs
def vul_single_ip_count(self, cell, threshold):
"""单IP漏洞数
"""
vul_ips = es_common.get_business_es(key='vul-vul_ip_count',
field='data.vul_ip',
start_time=self.start_time,
end_time=self.end_time)
logger_it("单IP漏洞数", vul_ips)
yes, msgs = self.check_multi_values(vul_ips, cell, threshold)
return yes, msgs
def attack_single_ip_count(self, cell, threshold):
"""
"""
# 单IP攻击事件数
sec_ips = es_common.get_business_es(key='security-dst_ip_count',
field='data.security_dst_ip',
start_time=self.start_time,
end_time=self.end_time)
logger_it("单IP攻击事件数", sec_ips)
yes, msgs = self.check_multi_values(sec_ips, cell, threshold)
return yes, msgs
def virus_single_ip_count(self, cell, threshold):
"""单IP感染数
"""
virus_asset = es_common.get_business_es(
key='virus-asset_top',
field='data.virus_host_ip',
start_time=self.start_time,
end_time=self.end_time,
count_field="data.virus_btw_count")
logger_it("单IP感染数", virus_asset)
# print(virus_asset)
yes, msgs = self.check_multi_values(virus_asset, cell, threshold)
return yes, msgs
def virus_asset_count(self, cell, threshold):
"""感染资产数
"""
virus_asset = es_common.get_business_es(
key='vul-asset_top',
field='data.virus_host_ip',
start_time=self.start_time,
end_time=self.end_time,
count_field="data.virus_btw_count")
virus_asset_count = 0
for ip_count in virus_asset:
for location, ips in self.locations_ip.items():
if ip_count["name"] in ips:
virus_asset_count += 1
break
logger_it("感染资产数", virus_asset_count)
yes, msg = self.check_single_value(virus_asset_count, cell, threshold)
return yes, msg
def attack_level_high_rate(self, cell, threshold):
"""严重事件占比
"""
sec_level = es_common.get_business_es(key='security-level_count',
field='data.security_level',
start_time=self.start_time,
end_time=self.end_time)
level_high = 0
level_total = 0
for level in sec_level:
level_total += level["value"]
if level["name"] in ['严重']:
level_high += level["value"]
sec_high_rate = 0 if level_total == 0 else level_high / \
float(level_total) * 100
# logger_it("严重事件数", level_high)
logger_it("严重事件占比", sec_high_rate)
yes, msg = self.check_single_value(sec_high_rate, cell, threshold)
return yes, msg
def vul_level_high_rate(self, cell, threshold):
"""
"""
# 高危漏洞占比
vul_level = es_common.get_business_es(key='vul-vul_level_count',
field='data.vul_level',
start_time=self.start_time,
end_time=self.end_time)
vul_level_high = 0
vul_level_total = 0
for level in vul_level:
vul_level_total += level["value"]
if level["name"] in ['严重', "高"]:
vul_level_high += level["value"]
vul_high_rate = 0 if vul_level_total == 0 else vul_level_high / \
float(vul_level_total) * 100
logger_it("高危漏洞", vul_level_high)
logger_it("总漏洞", vul_level_total)
logger_it("高危漏洞占比", vul_high_rate)
yes, msg = self.check_single_value(vul_high_rate, cell, threshold)
return yes, msg
def virus_location_count(self):
"""单位感染数
"""
virus_asset = es_common.get_business_es(
key='vul-asset_top',
field='data.virus_host_ip',
start_time=self.start_time,
end_time=self.end_time,
count_field="data.virus_btw_count")
# 单位感染数
virus_loc = {"未知": 0} # 一直保持未知是0
for ip_count in virus_asset:
for location, ips in self.locations_ip.items():
# 从 locations_ip里查询ip位置 如果没查到,归为未知IP
if location not in virus_loc:
virus_loc[location] = 0
if ip_count["name"] in ips:
virus_loc[location] += ip_count["count"]
break
# else:
# virus_loc["未知"] += 1
logger_it("单位感染数", virus_loc)