def buildService(self, service):
if not service:
return
if service["port"]:
port = text_type(service["port"])
if env.enable_details:
self.newTableEntry(
_("Port"),
self.getUrlLink(
port, "%s?port=%s" % (env.port_details_url, port)))
else:
self.newTableEntry(_("Port"), port)
portlist = service["portlist"]
if portlist:
out = ""
for port in portlist.replace(" ", "").split(","):
if len(out) > 0:
out += ", "
if env.enable_details:
if port.find("-") != -1:
left, right = port.split("-")
out += self.getUrlLink(
left, "%s?port=%s" % (left, env.port_details_url))
out += " - "
out += self.getUrlLink(
right,
"%s?port=%s" % (right, env.port_details_url))
else:
out += self.getUrlLink(
port, "%s?port=%s" % (port, env.port_details_url))
else:
out += port
self.newTableEntry(_("PortList"), out)
if service["ip_version"]:
self.newTableEntry(_("ip_version"), service["ip_version"])
ipn = service["iana_protocol_number"]
if ipn and utils.protocol_number_to_name(ipn) != None:
self.newTableEntry(_("Protocol"),
utils.protocol_number_to_name(ipn))
elif service["iana_protocol_name"]:
self.newTableEntry(_("Protocol"), service["iana_protocol_name"])
elif service["protocol"]:
self.newTableEntry(_("Protocol"), service["protocol"])
def _renderPorts(self, criteria, width=DEFAULT_WIDTH, height=DEFAULT_HEIGHT):
base_url = self._getBaseURL()
title = "Top 10 Targeted Ports"
distribution = Chart.DistributionChart(self.user, width, height)
chart = { "title": title, "value_name": "Port", "chart": distribution }
criteria = criteria[:] + [ "(alert.target.service.iana_protocol_number == 6 ||"
"alert.target.service.iana_protocol_number == 17 ||"
"alert.target.service.iana_protocol_name =* 'tcp' ||"
"alert.target.service.iana_protocol_name =* 'udp' ||"
"alert.target.service.protocol =* 'udp' ||"
"alert.target.service.protocol =* 'tcp')" ]
results = self.env.idmef_db.getValues([ "alert.target.service.port/group_by",
"alert.target.service.iana_protocol_number/group_by",
"alert.target.service.iana_protocol_name/group_by",
"alert.target.service.protocol/group_by",
"count(alert.target.service.port)/order_desc" ],
criteria=criteria, limit=10)
if not results:
return
merge = { _(u"n/a"): { }, u"tcp": { }, u"udp": { } }
for port, iana_protocol_number, iana_protocol_name, protocol, count in results:
if not port:
continue
if iana_protocol_number:
protocol = utils.protocol_number_to_name(iana_protocol_number)
elif iana_protocol_name:
protocol = iana_protocol_name
if not protocol:
protocol = _(u"n/a")
protocol = protocol.lower()
if not merge.has_key(protocol):
protocol = _(u"n/a")
if not merge[protocol].has_key(port):
merge[protocol][port] = 0
merge[protocol][port] += count
results = [ ]
for protocol, values in merge.items():
for port, count in values.items():
results.append((port, protocol, count))
results.sort(lambda x, y: int(y[2] - x[2]))
for port, protocol, count in results:
name = "%d / %s" % (port, protocol)
distribution.addLabelValuePair(name, count, base_url + "&" + "target_object_0=alert.target.service.port&target_value_0=%d" % port)
distribution.render(title)
self.dataset["charts"].append(chart)
def buildService(self, service):
if not service:
return
if service["port"]:
port = str(service["port"])
if env.enable_details:
self.newTableEntry(_("Port"), self.getUrlLink(port, "%s?port=%s" % (env.port_details_url, port)))
else:
self.newTableEntry(_("Port"), port)
portlist = service["portlist"]
if portlist:
out = ""
for port in portlist.replace(" ", "").split(","):
if len(out) > 0:
out += ", "
if env.enable_details:
if port.find("-") != -1:
left, right = port.split("-")
out += self.getUrlLink(left, "%s?port=%s" % (left, env.port_details_url))
out += " - "
out += self.getUrlLink(right, "%s?port=%s" % (right, env.port_details_url))
else:
out += self.getUrlLink(port, "%s?port=%s" % (port, env.port_details_url))
else:
out += port
self.newTableEntry(_("PortList"), out)
if service["ip_version"]:
self.newTableEntry(_("ip_version"), service["ip_version"])
ipn = service["iana_protocol_number"]
if ipn and utils.protocol_number_to_name(ipn) != None:
self.newTableEntry(_("Protocol"), utils.protocol_number_to_name(ipn))
elif service["iana_protocol_name"]:
self.newTableEntry(_("Protocol"), service["iana_protocol_name"])
elif service["protocol"]:
self.newTableEntry(_("Protocol"), service["protocol"])
def buildService(self, service):
if not service:
return
if service["port"]:
port = str(service["port"])
self.newTableEntry(_("Port"), self.getUrlLink(port, "https://www.prelude-ids.com/port_details.php?port=%s" % port))
portlist = service["portlist"]
if portlist:
out = ""
for port in portlist.replace(" ", "").split(","):
if len(out) > 0:
out += ", "
if port.find("-") != -1:
left, right = port.split("-")
out += self.getUrlLink(left, "https://www.prelude-ids.com/port_details.php?port=%s" % left)
out += " - "
out += self.getUrlLink(right, "https://www.prelude-ids.com/port_details.php?port=%s" % right)
else:
out += self.getUrlLink(port, "https://www.prelude-ids.com/port_details.php?port=%s" % port)
self.newTableEntry(_("PortList"), out)
if service["ip_version"]:
self.newTableEntry(_("ip_version"), service["ip_version"])
ipn = service["iana_protocol_number"]
if ipn and utils.protocol_number_to_name(ipn) != None:
self.newTableEntry(_("Protocol"), utils.protocol_number_to_name(ipn))
elif service["iana_protocol_name"]:
self.newTableEntry(_("Protocol"), service["iana_protocol_name"])
elif service["protocol"]:
self.newTableEntry(_("Protocol"), service["protocol"])
def _get_data(self):
criteria = env.request.menu.get_criteria() + (
Criterion("alert.target.service.iana_protocol_number", "==", 6)
| Criterion("alert.target.service.iana_protocol_number", "==", 17)
| Criterion("alert.target.service.iana_protocol_name", "=*", "tcp")
| Criterion("alert.target.service.iana_protocol_name", "=*", "udp")
| Criterion("alert.target.service.protocol", "=*", "udp")
| Criterion("alert.target.service.protocol", "=*", "tcp"))
try:
results = env.dataprovider.query([
"alert.target.service.port/group_by",
"alert.target.service.iana_protocol_number/group_by",
"alert.target.service.iana_protocol_name/group_by",
"alert.target.service.protocol/group_by",
"alert.target.service.name/group_by", "count(1)/order_desc"
],
criteria=criteria,
limit=self.query[0].limit)
except usergroup.PermissionDeniedError:
results = []
if not results:
return
merge = {_("n/a"): {}, "tcp": {}, "udp": {}}
for port, iana_protocol_number, iana_protocol_name, protocol, service_name, count in results:
if not port:
continue
if iana_protocol_number:
protocol = utils.protocol_number_to_name(iana_protocol_number)
elif iana_protocol_name:
protocol = iana_protocol_name
if protocol:
protocol = protocol.lower()
if protocol not in merge:
protocol = _("n/a")
if not service_name:
service_name = _("Unknown service")
port_info = (port, service_name)
if port_info not in merge[protocol]:
merge[protocol][port_info] = 0
merge[protocol][port_info] += count
results = []
for protocol, values in merge.items():
for port_info, count in values.items():
results.append((port_info[0], port_info[1], protocol, count))
for port, service, protocol, count in sorted(
results, key=operator.itemgetter(3), reverse=True):
criteria = Criterion("alert.target.service.port", "=", port)
link = None
linkview = env.viewmanager.get(datatype="alert",
keywords=["listing"])
if linkview:
link = linkview[-1].make_url(
criteria=criteria, **env.request.menu.get_parameters())
yield RendererItem(count,
("%d (%s) / %s" % (port, service, protocol), ),
link)
