class Display_Intelligence(): def __init__(self): self.link = Database("Intelligence") super().__init__() def display_ioc(self, type): result = {} result["data"] = [] select_result = self.link.select(type, query={}, sort="disclosure_time") if select_result: for alert in select_result: alert.pop("_id") result["data"].append(alert) self.link.close() result["data"] = list_dict_duplicate_removal(result["data"]) return result def ioc_count(self): result = {} count = 0 for ioc_type in ioc: result[ioc_type] = self.link.count(ioc_type) count += count + result[ioc_type] result["count"] = count self.link.close() # result["data"] = list_dict_duplicate_removal(result["data"]) return result
class Display_Semitic(): def __init__(self): self.link = Database("Semitic") super().__init__() def display_alert_rule(self): result = {} result["data"] = [] select_result = self.link.select("alert", query={}) if select_result: for alert in select_result: alert.pop("_id") result["data"].append(alert) result["data"] = list_dict_duplicate_removal(result["data"]) self.link.close() return result def display_alert_ioc(self): result = {} result["data"] = [] select_result = self.link.select("alert_ioc", query={}) if select_result: for alert in select_result: alert.pop("_id") result["data"].append(alert) self.link.close() result["data"] = list_dict_duplicate_removal(result["data"]) return result def display_service(self): result = {} result["data"] = [] select_result = self.link.select("service", query={}) if select_result: for service in select_result: service.pop("_id") result["data"].append(service) self.link.close() result["data"] = list_dict_duplicate_removal(result["data"]) return result def display_proto(self, type): result = {} result["data"] = [] select_result = self.link.select(type, query={}) for proto in select_result: proto.pop("_id") if type == "http": if proto["uri"] == "/api/upload_eve": continue result["data"].append(proto) self.link.close result["data"] = list_dict_duplicate_removal(result["data"]) return result def alert_count(self): result = {} result["rule_count"] = self.link.count("alert") result["ioc_count"] = self.link.count("alert_ioc") result["count"] = result["rule_count"] + result["ioc_count"] self.link.close() return result def proto_count(self): result = {} count = 0 for proto_type in proto: result[proto_type] = self.link.count(proto_type) count += self.link.count(proto_type) result["count"] = result["tcp"] + result['udp'] self.link.close() return result def eve_count(self): result = {"count": self.link.count("eve")} return result