def ingestLogFile(self):
if self.validated and not self.ingested:
logEntries = list()
date = datetime.strptime(
time.ctime(os.path.getctime(self.filename)),
"%a %b %d %H:%M:%S %Y")
date = date.strftime("%m/%d/%Y %I:%M %p")
if date[0] == "0":
date = date[1:]
firstHalf = date[:date.index(" ") + 1]
secondHalf = date[date.index(" ") + 1:]
if secondHalf[0] == "0":
secondHalf = secondHalf[1:]
date = firstHalf + secondHalf
lineNumber = 0
for line in self.lines:
logEntry = LogEntry()
logEntry.date = date
logEntry.description = line
logEntry.creator = self.creator
logEntry.eventType = self.eventType
logEntry.artifact = self.filename
logEntry.lineNumber = lineNumber
logEntry.id = logEntry.artifact + "_" + str(
logEntry.lineNumber)
logEntries.append(logEntry)
lineNumber += 1
self.ingested = True
return logEntries
return None
def __init__(self):
self.logEntries = dict()
self.logEntriesInTable = list()
self.searchLogEntryTableWidget = None
self.colNamesInSearchLogsTable = list()
self.vectorManager = None
self.nextAvailableId = 5
ids = [0, 1, 2, 3, 4]
dates = ["1/26/20", "1/26/20", "1/26/20", "1/26/20", "1/26/20"]
teams = [
LogEntry.BLUE_TEAM, LogEntry.WHITE_TEAM, LogEntry.BLUE_TEAM,
LogEntry.RED_TEAM, LogEntry.BLUE_TEAM
]
descriptions = [
"Blue Team Defender Turns on Computer.",
"White Team Analyst Starts Taking Notes.",
"SQL Injection attack from Red Team.",
"Cross-Site Scripting Attack from Red Team.",
"Blue Team Defender turns off computer."
]
artifacts = [
"blue_log.csv", "white_recording.png", "red_attack.txt",
"red_escalation.txt", "blue_response.csv"
]
for i in range(len(descriptions)):
logEntry = LogEntry()
logEntry.date = dates[i]
logEntry.description = descriptions[i]
logEntry.creator = teams[i]
logEntry.id = ids[i]
logEntry.artifact = artifacts[i]
self.logEntries[ids[i]] = logEntry
self.logEntriesInTable = list(self.logEntries.values())
def retrieveLogEntriesDb(self):
self.logEntries.clear()
for entry in self.col.find():
logEntry = LogEntry()
logEntry.id = entry["_id"]
logEntry.associatedVectors = eval(entry["vectors"])
logEntry.location = entry["location"]
logEntry.eventType = entry["eventType"]
logEntry.description = entry["description"]
logEntry.creator = entry["creator"]
logEntry.date = entry["date"]
logEntry.artifact = entry["artifact"]
logEntry.lineNumber = entry["lineNumber"]
self.logEntries[logEntry.id] = logEntry
def retrieveLogEntryDb(self, logEntryId):
query = {"id": str(logEntryId)}
logEntry = None
for entry in self.col.find(query):
logEntry = LogEntry()
logEntry.id = entry["_id"]
logEntry.associatedVectors = eval(entry["vectors"])
logEntry.location = entry["location"]
logEntry.eventType = entry["eventType"]
logEntry.description = entry["description"]
logEntry.creator = entry["creator"]
logEntry.date = entry["date"]
logEntry.artifact = entry["artifact"]
logEntry.lineNumber = entry["lineNumber"]
return logEntry
def ingestLogFile(self):
if self.validated and not self.ingested:
logEntries = list()
lineNumber = 0
for line in self.lines:
logEntry = LogEntry()
timestamp = self.timestamps[lineNumber]
timestampAsDate = datetime.strptime(timestamp,
"%Y-%m-%d %H:%M:%S")
formattedDate = timestampAsDate.strftime("%m/%d/%Y %I:%M %p")
logEntry.date = formattedDate
logEntry.description = line
logEntry.creator = self.creator
logEntry.eventType = self.eventType
logEntry.artifact = self.filename
logEntry.lineNumber = lineNumber
logEntry.id = logEntry.artifact + "_" + str(
logEntry.lineNumber)
logEntries.append(logEntry)
lineNumber += 1
self.ingested = True
return logEntries
return None
