def login_Attempt(self):
self.__init__()
filename = "Login_Attempt"
self.regular_type.append(re.compile(r'http.status_code=4(.*?);'))
self.regular_type.append(re.compile(r'http.status_code=;'))
_xlxs_csv.Csv2Xlxs(self.time, filename)
wb_source = openpyxl.load_workbook("inputFile/" + self.time + "/" +
filename + ".xlsx")
ws_source = wb_source.get_sheet_by_name("Sheet")
ws_filter_all = DO().get_Sheet(self.wb_filter, u"登录(全)", self.title)
ws_chart_loginall = DO().get_Sheet(self.wb_chart, u"登录(全)",
[u"系统", u"次数"])
ws_top_all = DO().get_Sheet(self.wb_top, u"登录(全)", [u"IP", u"次数"])
for rows_source in list(ws_source.rows):
rows_source = list(rows_source)
if DO().data_Regular(rows_source[7].value, self.regular_type):
sys_all = DO().system_Belong(rows_source[4].value,
self.assetall)
if sys_all != None:
data = DO().get_Data(rows_source)
data.append(sys_all)
ws_filter_all.append(data)
self.top = DO().count_Dict(self.top, data[2])
self.charts = DO().count_Dict(self.charts, data[-1])
ws_top_all = DO().get_Dict_data(ws_top_all, self.top)
ws_chart_loginall = DO().get_Dict_data(ws_chart_loginall, self.charts)
self.wb_filter.save("outputFile/" + self.time + "/" + u"数据筛选" +
".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
self.wb_top.save("outputFile/" + self.time + "/" + u"Top5" + ".xlsx")
wb_source.close()
print u"======登录筛选完成======"
def virus_Operat(self):
dict_host = {}
dict_U = {}
dict_virus = {}
dict_operat = {}
ws_virus_source = self.wb_virus_source.get_sheet_by_name("Sheet")
ws_virus_daily = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"日志",
title=[
u"结构", u"IP地址", u"主机类型", u"MAC地址",
u"计算机名", u"病毒名称", u"病毒类型",
u"受感染文件", u"感染路径", u"攻击类型",
u"处理措施", u"感染类型", u"时间", u"扫描类型",
u"组件版本", u"操作系统"
])
ws_virus_host = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"主机类型",
title=[u"主机类型", u"受攻击次数", u"所占比例"])
ws_virus_virus = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"病毒类型",
title=[u"病毒类型", u"所占次数", u"所占比例"])
ws_virus_U = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"攻击类型",
title=[u"攻击类型", u"所占次数", u"所占比例"])
ws_virus_operat = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"感染类型",
title=[u"感染类型", u"所占次数", u"所占比例"])
for source in list(ws_virus_source.rows):
if u"IP地址" == source[1].value:
continue
data = DO().get_Data(source)
host = DO().system_Belong(ip=source[1].value,
asset=self.asset_branch,
defaulthost=u"未知设备")
data.insert(2, host)
dict_host = DO().dict_Count(dict=dict_host, key=host)
virus = DO().virus_Belong(virus=source[4].value,
asset=self.asset_virus,
defaultvirus=u"未知病毒")
data.insert(6, virus)
dict_virus = DO().dict_Count(dict=dict_virus, key=virus)
U = DO().U_Belong(U=source[6].value)
data.insert(9, U)
dict_U = DO().dict_Count(dict=dict_U, key=U)
operat = DO().operat_Belong(operat=source[7].value)
data.insert(11, operat)
dict_operat = DO().dict_Count(dict=dict_operat, key=operat)
ws_virus_daily.append(data)
print u"======日志统计完毕======"
ws_virus_host = DO().dict_Getdata(ws=ws_virus_host, dict=dict_host)
print u"======主机统计完毕======"
ws_virus_virus = DO().dict_Getdata(ws=ws_virus_virus, dict=dict_virus)
print u"======病毒统计完毕======"
ws_virus_U = DO().dict_Getdata(ws=ws_virus_U, dict=dict_U)
print u"======攻击统计完毕======"
ws_virus_operat = DO().dict_Getdata(ws=ws_virus_operat,
dict=dict_operat)
print u"======感染统计完毕======"
self.wb_virus.save("outputFile/" + self.time + ".xlsx")
def data_Count(self):
ws_count = DO().get_Sheet(
self.wb_count, u"统计",
[u"种类", u"次数", u"系统个数", u"系统", u"百分比", u"规则"])
ws_count.append([
u"告警总数",
len(list(self.wb_filter.get_sheet_by_name(u'端口(全)').rows)) - 1
])
ws_count.append([
u"IP",
len(list(self.wb_top.get_sheet_by_name(u'IP(全)').rows)) - 1
])
ws_count.append([
u"端口",
len(list(self.wb_chart.get_sheet_by_name(u'端口(全)').rows)) - 1
])
ws_count = self.data_Count_(ws_count, u"URL")
ws_count = self.data_Count_(ws_count, u"漏洞")
ws_count = self.data_Count_(ws_count, u"跨站")
ws_count.append([
u"登录(全)",
len(list(self.wb_filter.get_sheet_by_name(u'登录(全)').rows)) - 1
])
ws_count = self.data_Count_(ws_count, u"探测")
self.wb_count.save("outputFile/" + self.time + "/" + u"统计" + ".xlsx")
print u"======数据统计完成======"
def exists(self):
title = [u"告警时间", u"数据录入时间", u"所属分行", u"IP地址", u"MAC地址",u"感染主机名",
u"病毒名称", u"病毒类型", u"受感染文件", u"感染源", u"感染路径", u"处理结果", u"感染类型",
u"感染机被感染时间", u"扫描方式", u"病毒码组件", u"系统类型"]
self.date = datetime.datetime.now().strftime("%Y%m%d")
if os.path.exists("logFile/%s.xlsx" % self.date):
wb = openpyxl.load_workbook("logFile/%s.xlsx" % self.date)
try:
ws = wb.get_sheet_by_name(u"告警日志")
except:
wb.close()
wb = Data_Operat().create_Newsheet("logFile/%s.xlsx" % self.date, [u"告警日志"])
ws = Data_Operat().get_Sheet(wb, u"告警日志", title)
else:
wb = openpyxl.Workbook()
wb.create_sheet(u"告警日志")
wb.remove_sheet(wb.get_sheet_by_name("Sheet"))
ws = wb.get_sheet_by_name(u"告警日志")
ws.append(title)
return wb, ws
def log_Operat(self):
if not os.path.exists("logFile/" + self.time + ".xlsx"):
ws_virus_log = DO().get_Sheet(wb=self.wb_virus_log,
sheet_name=u"日志",
title=[
u"结构", u"IP地址", u"主机类型",
u"MAC地址", u"计算机名", u"病毒名称",
u"病毒类型", u"受感染文件", u"感染路径",
u"攻击类型", u"处理措施", u"感染类型", u"时间",
u"扫描类型", u"组件版本", u"操作系统"
])
else:
ws_virus_log = self.wb_virus_log.get_sheet_by_name(u"日志")
for log in self.log:
log_end = list(log)
if log_end[7] == "21":
log_end[7] = u"已清除"
if log_end[7] == "121":
log_end[7] = u"已删除"
if log_end[7] == "25":
log_end[7] = u"已忽略"
if log_end[7] == "22":
log_end[7] = u"无法清除文件"
if log_end[7] == "122":
log_end[7] = u"无法删除文件"
if log_end[7] == "81":
log_end[7] = u"已加密"
host = DO().system_Belong(ip=log[1],
asset=self.asset_branch,
defaulthost=u"未知设备")
log_end.insert(2, host)
virus = DO().virus_Belong(virus=log[4],
asset=self.asset_virus,
defaultvirus=u"未知病毒")
log_end.insert(6, virus)
U = DO().U_Belong(U=log[6])
log_end.insert(9, U)
operat = DO().operat_Belong(operat=log[7])
log_end.insert(11, operat)
ws_virus_log.append(log_end)
def data_Count(self):
ws_count = DO().get_Sheet(self.wb_count, u"统计", [u"类别", u"次数"])
ws_count.append([
u"互联网告警数",
len(list(self.wb_filter.get_sheet_by_name(u"URL(分)").rows)) - 1
])
ws_count.append([
u"内网告警数",
len(list(self.wb_filter.get_sheet_by_name(u"内网(分)"))) - 1
])
ws_count.append([
u"自助设备数",
len(list(self.wb_filter.get_sheet_by_name(u"自助设备"))) - 1
])
ws_count.append([
u"网银体验数",
len(list(self.wb_filter.get_sheet_by_name(u"网银体验"))) - 1
])
self.wb_count.save("outputFile/" + self.time + "/" + u"统计" + ".xlsx")
def internet_Event(self):
self.__init__()
filename = "Internet_Event"
self.regular_type.append(re.compile(r'http.status_code=4(.*?);'))
self.regular_type.append(re.compile(r'http.status_code=;'))
self.regular_type.append(re.compile(r'http.url=/;'))
self.regular_type.append(re.compile(r'http.url=;'))
_xlxs_csv.Csv2Xlxs(self.time, filename)
wb_source = openpyxl.load_workbook("inputFile/" + self.time + "/" +
filename + ".xlsx")
ws_source = wb_source.get_sheet_by_name("Sheet")
ws_filter_portall = DO().get_Sheet(self.wb_filter, u"端口(全)",
self.title)
ws_filter_urlall = DO().get_Sheet(self.wb_filter, u"URL(全)",
self.title)
ws_chart_portall = DO().get_Sheet(self.wb_chart, u"端口(全)",
[u"端口", u"次数"])
ws_chart_urlall_sys = DO().get_Sheet(self.wb_chart, u"URL(全)系统",
[u"系统", u"次数"])
ws_chart_urlall_rul = DO().get_Sheet(self.wb_chart, u"URL(全)规则",
[u"规则", u"次数"])
ws_top_all = DO().get_Sheet(self.wb_top, u"URL(全)", [u"IP", u"次数"])
for rows_source in list(ws_source.rows):
rows_source = list(rows_source)
sys_all = DO().system_Belong(rows_source[4].value, self.assetall)
if sys_all != None:
data = DO().get_Data(rows_source)
data.append(sys_all)
self.port = DO().count_Dict(self.port, data[5])
ws_filter_portall.append(data)
if data[7] != None:
if "http" in data[7]:
if DO().data_Regular(rows_source[7].value,
self.regular_type):
ws_filter_urlall.append(data)
self.top = DO().count_Dict(self.top, data[2])
self.charts = DO().count_Dict(
self.charts, data[-1])
self.chartr = DO().count_Dict(self.chartr, data[1])
ws_top_all = DO().get_Dict_data(ws_top_all, self.top)
ws_chart_urlall_sys = DO().get_Dict_data(ws_chart_urlall_sys,
self.charts)
ws_chart_urlall_rul = DO().get_Dict_data(ws_chart_urlall_rul,
self.chartr)
ws_chart_portall = DO().get_Dict_data(ws_chart_portall, self.port)
self.wb_filter.save("outputFile/" + self.time + "/" + u"数据筛选" +
".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
self.wb_top.save("outputFile/" + self.time + "/" + u"Top5" + ".xlsx")
wb_source.close()
print u"======原始筛选完成======"
def IP(self):
ws_source = self.wb_count.get_sheet_by_name(u"IP(全)")
ws_char_country = DO().get_Sheet(self.wb_chart, u"IP(全)1", [u"国家"])
ws_char_city = DO().get_Sheet(self.wb_chart, u"IP(全)2", [u"城市"])
ws_top = DO().get_Sheet(self.wb_top, u"IP(全)", [u"IP", u"次数"])
count = 0
data = []
data_sort = []
for row in list(ws_source.rows):
data_ = []
row = list(row)
if count < 1:
count += 1
continue
for x in row:
data_.append(x.value)
data.append(data_)
for x in range(len(data)):
if x == 0:
data_sort.append(data[x])
continue
data_sort.append(data[x])
for i in range(1, x + 1):
if int(data_sort[x + 1 - i][1]) > int(data_sort[x - i][1]):
a = data_sort[x - i]
data_sort[x - i] = data_sort[x + 1 - i]
data_sort[x + 1 - i] = a
for data_ in data_sort:
ws_char_country.append([data_[2]])
if u"澳门" not in data_[4] and u"香港" not in data_[
4] and u"台湾" not in data_[4] and u"NULL" not in data_[
4] and u"中国" in data_[2]:
ws_char_city.append([data_[4]])
ws_top.append([data_[0], data_[1]])
self.wb_top.save("outputFile/" + self.time + "/" + u"Top5" + ".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
def internet_Event(self):
self.__init__()
filename = "Internet_Event"
self.regular_type_1.append(re.compile(r'http.status_code=4(.*?);'))
self.regular_type_0.append(re.compile(r'http.status_code=(.*?);'))
self.regular_type_0.append(re.compile(r'http.url=/(.*?);'))
self.regular_type_0.append(re.compile(r'http.url=(.*?);'))
try:
_xlxs_csv.Csv2Xlxs(self.time, filename)
except:
pass
wb_source = openpyxl.load_workbook("inputFile/" + self.time + "/" +
filename + ".xlsx")
ws_source = wb_source.get_sheet_by_name("Sheet")
ws_filter_urlall = DO().get_Sheet(self.wb_filter, u"URL(分)",
self.title)
ws_filter_url_f = DO().get_Sheet(self.wb_filter, u"URL(分)筛",
self.title_f)
ws_chart_urlsys = DO().get_Sheet(self.wb_chart, u"URL(分)系统",
[u"系统", u"次数"])
ws_chart_url = DO().get_Sheet(self.wb_chart, u"URL(分)筛URL",
[u"URL", u"次数"])
ws_top_url = DO().get_Sheet(self.wb_top, u"URL(分)",
[u"URL", u"应用系统", u"源IP", u"告警名称", u"频率"])
for rows_source in list(ws_source.rows):
rows_source = list(rows_source)
sys_other = DO().system_Belong(rows_source[4].value,
self.assetother)
if sys_other != None:
data = DO().get_Data(rows_source)
data.append(sys_other)
ws_filter_urlall.append(data)
self.charts = DO().count_Dict(self.charts, data[-1])
if rows_source[7].value != None:
if "http.host" in rows_source[7].value:
if DO().data_Regular(rows_source[7].value,
self.regular_type_1, 1):
if DO().data_Regular(rows_source[7].value,
self.regular_type_0, 0):
host, url, user_agent, status_code = DO(
).http_Split(data[7])
for x in status_code, user_agent, url, host:
data.insert(7, x)
ws_filter_url_f.append(data)
if host != 'NULL':
self.chartall = DO().count_Dict(
self.chartall, host + data[8])
self.topall = DO().count_Dict(
self.topall, host + data[8],
[data[-1], data[2], data[1]])
else:
self.chartall = DO().count_Dict(
self.chartall, data[4] + data[8])
self.topall = DO().count_Dict(
self.topall, data[4] + data[8],
[data[-1], data[2], data[1]])
ws_chart_url = DO().get_Dict_data(ws=ws_chart_url,
dict=self.chartall,
des=1)
ws_chart_urlsys = DO().get_Dict_data(ws=ws_chart_urlsys,
dict=self.charts,
des=1)
ws_top_url = DO().get_Dict_data(ws=ws_top_url,
dict=self.topall,
des=1,
delet=1)
self.wb_filter.save("outputFile/" + self.time + "/" + u"数据筛选" +
".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
self.wb_top.save("outputFile/" + self.time + "/" + u"Top" + ".xlsx")
wb_source.close()
print u"======分行筛选完成======"
def lan_Event(self):
self.__init__()
filename = "Lan_Event"
self.regular_type_1.append(re.compile(u"r'http.status_code=4(.*?);'"))
self.regular_type_0.append(re.compile(u"r'http.status_code=(.*?);'"))
try:
_xlxs_csv.Csv2Xlxs(self.time, filename)
except:
pass
wb_source = openpyxl.load_workbook("inputFile/" + self.time + "/" +
filename + ".xlsx")
ws_source = wb_source.get_sheet_by_name("Sheet")
ws_filter_lan = DO().get_Sheet(self.wb_filter, u"内网(分)",
self.title_lan)
ws_filter_zz = DO().get_Sheet(self.wb_filter, u"自助设备", self.title_lan)
ws_filter_wy = DO().get_Sheet(self.wb_filter, u"网银体验", self.title_lan)
ws_chart_lan = DO().get_Sheet(self.wb_chart, u"内网(分)", [u"分行", u"次数"])
ws_chart_zz = DO().get_Sheet(self.wb_chart, u"自助设备", [u"分行", u"次数"])
ws_chart_wy = DO().get_Sheet(self.wb_chart, u"网银体验", [u"分行", u"次数"])
ws_top_lan = DO().get_Sheet(
self.wb_top, u"内网(分)",
[u"源IP", u"源所属分行/设备", u"目IP", u"目所属分行/设备", u"规则", u"次数"])
ws_top_zz = DO().get_Sheet(
self.wb_top, u"自助设备",
[u"源IP", u"源所属分行/设备", u"目IP", u"目所属分行/设备", u"规则", u"次数"])
ws_top_wy = DO().get_Sheet(
self.wb_top, u"网银体验",
[u"源IP", u"源所属分行/设备", u"目IP", u"目所属分行/设备", u"规则", u"次数"])
for rows_source in list(ws_source.rows):
rows_source = list(rows_source)
if u"告警时间" not in rows_source[0].value:
if DO().data_Regular(rows_source[7].value, self.regular_type_1,
1):
if DO().data_Regular(rows_source[7].value,
self.regular_type_0, 0):
sbranch, sequ = DO().branch_Belong(
rows_source[2].value, self.assetlan)
obranch, oequ = DO().branch_Belong(
rows_source[4].value, self.assetlan)
data = DO().get_Data(rows_source)
data.append(sbranch)
data.append(sequ)
data.append(obranch)
data.append(oequ)
ws_filter_lan.append(data)
self.chartall = DO().count_Dict(
self.chartall, data[-2])
self.topall = DO().count_Dict(self.topall, data[2], [
data[-4] + '/' + data[-3], data[4],
data[-2] + '/' + data[-1], data[1]
])
if u"自助设备" in sequ or u"自助设备" in oequ:
ws_filter_zz.append(data)
self.chartzz = DO().count_Dict(
self.chartzz, data[-2])
self.topzz = DO().count_Dict(
self.topzz, data[2], [
data[-4] + '/' + data[-3], data[4],
data[-2] + '/' + data[-1], data[1]
])
if u"网银体验" in sequ or u"网银体验" in oequ:
ws_filter_wy.append(data)
self.chartwy = DO().count_Dict(
self.chartwy, data[-2])
self.topwy = DO().count_Dict(
self.topwy, data[2], [
data[-4] + '/' + data[-3], data[4],
data[-2] + '/' + data[-1], data[1]
])
ws_chart_lan = DO().get_Dict_data(ws_chart_lan, self.chartall, 1)
ws_chart_zz = DO().get_Dict_data(ws_chart_zz, self.chartzz, 1)
ws_chart_wy = DO().get_Dict_data(ws_chart_wy, self.chartwy, 1)
ws_top_lan = DO().get_Dict_data(ws_top_lan, self.topall, 1)
ws_top_zz = DO().get_Dict_data(ws_top_zz, self.topzz, 1)
ws_top_wy = DO().get_Dict_data(ws_top_wy, self.topwy, 1)
self.wb_filter.save("outputFile/" + self.time + "/" + u"数据筛选" +
".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
self.wb_top.save("outputFile/" + self.time + "/" + u"Top" + ".xlsx")
wb_source.close()
print u"======内网筛选完成======"