def dotransform(request, response, config):

    # NW REST API Query and results

    ip_entity = request.value
    diff = nwmodule.nwtime(config['netwitness/days'])
    field_name = 'risk.warning'
    where_clause = '(time=%s) && ip.dst=%s' % (diff, ip_entity)

    json_data = json.loads(nwmodule.nwValue(0, 0, 250, field_name, 'application/json', where_clause))
    threat_list = []

    for d in json_data['results']['fields']:
        if d['value'] not in threat_list:
            response += NWThreat(
                d['value'].decode('ascii'),
                ip=ip_entity,
                metaid1=d['id1'],
                metaid2=d['id2'],
                type_=d['type'],
                count=d['count'],
                weight=d['count']
            )
            threat_list.append(d['value'])

    return response
Ejemplo n.º 2
0
def dotransform(request, response):

    nwmodule.nw_http_auth()

    # NW REST API Query and results

    risk_name = request.value
    diff = nwmodule.nwtime(config['netwitness/days'])

    if 'ip' in request.fields:
        ip_entity = request.fields['ip']
        where_clause = '(time=%s) && risk.warning="%s" && ip.src=%s || ip.dst=%s' % (diff, risk_name, ip_entity, ip_entity)
    else:
        where_clause = '(time=%s) && risk.warning="%s"' % (diff, risk_name)

    field_name = 'client'
    json_data = json.loads(nwmodule.nwValue(0, 0, 10, field_name, 'application/json', where_clause))
    ip_list = []

    for d in json_data['results']['fields']:
        if d['value'] not in ip_list:
            response += NWUserAgent(
                d['value'].decode('ascii'),
                metaid1=d['id1'],
                metaid2=d['id2'],
                type_=d['type'],
                count=d['count']
            )
            ip_list.append(d['value'])

    return response
Ejemplo n.º 3
0
def dotransform(request, response):

    nwmodule.nw_http_auth()

    # NW REST API Query and results

    ip_entity = request.value
    diff = nwmodule.nwtime(config['netwitness/days'])
    field_name = 'filetype'
    where_clause = '(time=%s) && ip.src=%s || ip.dst=%s' % (diff, ip_entity, ip_entity)

    json_data = json.loads(nwmodule.nwValue(0, 0, 25, field_name, 'application/json', where_clause))
    file_list = []

    for d in json_data['results']['fields']:
        if d['value'] not in file_list:
            response += NWFiletype(
                d['value'].decode('ascii'),
                ip=ip_entity,
                metaid1=d['id1'],
                metaid2=d['id2'],
                type_=d['type'],
                count=d['count']
            )
            file_list.append(d['value'])

    return response
def dotransform(request, response, config):

    # NW REST API Query and results

    risk_name = request.value
    diff = nwmodule.nwtime(config['netwitness/days'])

    if 'ip' in request.fields:
        ip = request.fields['ip']
        where_clause = '(time=%s) && risk.warning="%s" && (ip.src=%s || ip.dst=%s)' % (diff, risk_name, ip, ip)
    else:
        where_clause = '(time=%s) && risk.warning="%s"' % (diff, risk_name)

    field_name = 'filename'
    json_data = json.loads(nwmodule.nwValue(0, 0, 250, field_name, 'application/json', where_clause))
    file_list = []

    for d in json_data['results']['fields']:
        if d['value'] not in file_list:
            response += NWFilename(
                d['value'].decode('ascii'),
                riskname = risk_name,
                metaid1=d['id1'],
                metaid2=d['id2'],
                type_=d['type'],
                count=d['count'],
                weight=d['count']
            )
            file_list.append(d['value'])

    return response
def dotransform(request, response, config):
    # NW REST API Query and results

    file_type = request.value
    diff = nwmodule.nwtime(config['netwitness/days'])
    field_name = 'filename'
    where_clause = '(time=%s) && filetype="%s"' % (diff, file_type)

    json_data = json.loads(nwmodule.nwValue(0, 0, 250, field_name, 'application/json', where_clause))
    file_list = []

    for d in json_data['results']['fields']:
        if d['value'] not in file_list:
            response += NWFilename(
                d['value'].decode('ascii'),
                filetype=file_type,
                metaid1=d['id1'],
                metaid2=d['id2'],
                type_=d['type'],
                count=d['count'],
                weight=d['count']
            )
            file_list.append(d['value'])

    return response
def dotransform(request, response, config):

    # NW REST API Query and results

    ip_entity = request.value
    diff = nwmodule.nwtime(config['netwitness/days'])
    field_name = 'alias.host'
    where_clause = '(time=%s) && (ip.src=%s || ip.dst=%s)' % (diff, ip_entity, ip_entity)

    json_data = json.loads(nwmodule.nwValue(0, 0, 250, field_name, 'application/json', where_clause))
    host_list = []

    for d in json_data['results']['fields']:
        if d['value'] not in host_list:
            response += Domain(d['value'].decode('ascii'), weight=d['count'])

    return response