def detect(self, data, asset_branch, asset_virus):
wb, ws = self.exists()
flag = False
for d in data:
equipment, branch, qu, class_ = Data_Operat().system_Belong(ip=d[2], asset=asset_branch)
virus_ = Data_Operat().virus_Belong(virus=d[5], asset=asset_virus, defaultvirus=u"未知病毒")
handle_ = Data_Operat().handle_result(code=d[9])
detect_ = Data_Operat().detect_result(code=d[11])
if self.class_(class_) or self.handle(handle_) or self.virus(virus_):
self.clr.print_red_text(u"监测到一个告警,详情如下:")
self.clr.print_red_text(u" 设 备: %s-%s-%s" % (branch, qu, equipment))
self.clr.print_red_text(u" IP地址: %s" % d[2])
self.clr.print_red_text(u" MAC地址: %s" % d[3])
self.clr.print_red_text(u" 主机名: %s" % d[4])
self.clr.print_red_text(u" 病毒名: %s" % d[5])
self.clr.print_red_text(u" 病毒类型: %s" % virus_)
self.clr.print_red_text(u" 感染文件名: %s" % d[6])
self.clr.print_red_text(u" 感染源: %s" % d[7])
self.clr.print_red_text(u" 感染路径: %s" % d[8])
self.clr.print_red_text(u" 处理结果: %s" % handle_)
self.clr.print_red_text(u" 扫描方式: %s" % detect_)
self.clr.print_red_text(u" 病毒码组件: %s" % d[12])
self.clr.print_red_text(u" 操作系统: %s" % d[13])
handle_result = Data_Operat().operat_Belong(handle_)
flag = True
time__ = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
ws.append(time__, d[0], "%s-%s-%s"%(branch, qu, equipment), d[2], d[3], d[4], d[5], virus_, d[6], d[7],
d[8], handle_, handle_result, d[10], detect_, d[12], d[13])
wb.save("logFile/%s.xlsx" % self.date)
wb.close()
return flag
def data_Count(self):
ws_count = DO().get_Sheet(
self.wb_count, u"统计",
[u"种类", u"次数", u"系统个数", u"系统", u"百分比", u"规则"])
ws_count.append([
u"告警总数",
len(list(self.wb_filter.get_sheet_by_name(u'端口(全)').rows)) - 1
])
ws_count.append([
u"IP",
len(list(self.wb_top.get_sheet_by_name(u'IP(全)').rows)) - 1
])
ws_count.append([
u"端口",
len(list(self.wb_chart.get_sheet_by_name(u'端口(全)').rows)) - 1
])
ws_count = self.data_Count_(ws_count, u"URL")
ws_count = self.data_Count_(ws_count, u"漏洞")
ws_count = self.data_Count_(ws_count, u"跨站")
ws_count.append([
u"登录(全)",
len(list(self.wb_filter.get_sheet_by_name(u'登录(全)').rows)) - 1
])
ws_count = self.data_Count_(ws_count, u"探测")
self.wb_count.save("outputFile/" + self.time + "/" + u"统计" + ".xlsx")
print u"======数据统计完成======"
def open_Excel(self):
filtername = [u"URL(分)", u"URL(分)筛", u"内网(分)", u"自助设备", u"网银体验"]
chartname = [u"URL(分)系统", u"URL(分)筛URL", u"内网(分)", u"自助设备", u"网银体验"]
topname = [u"URL(分)", u"内网(分)", u"自助设备", u"网银体验"]
countname = [u"统计"]
self.wb_filter = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"数据筛选" + ".xlsx", filtername)
self.wb_chart = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"图表" + ".xlsx", chartname)
self.wb_top = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"Top" + ".xlsx", topname)
self.wb_count = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"统计" + ".xlsx", countname)
self.wb_rate_internet = DO().create_Newsheet("../IP/Internet.xlsx",
[self.time])
self.wb_rate_lan = DO().create_Newsheet("../IP/Lan.xlsx", [self.time])
def internet_Event(self):
self.__init__()
filename = "Internet_Event"
self.regular_type.append(re.compile(r'http.status_code=4(.*?);'))
self.regular_type.append(re.compile(r'http.status_code=;'))
self.regular_type.append(re.compile(r'http.url=/;'))
self.regular_type.append(re.compile(r'http.url=;'))
_xlxs_csv.Csv2Xlxs(self.time, filename)
wb_source = openpyxl.load_workbook("inputFile/" + self.time + "/" +
filename + ".xlsx")
ws_source = wb_source.get_sheet_by_name("Sheet")
ws_filter_portall = DO().get_Sheet(self.wb_filter, u"端口(全)",
self.title)
ws_filter_urlall = DO().get_Sheet(self.wb_filter, u"URL(全)",
self.title)
ws_chart_portall = DO().get_Sheet(self.wb_chart, u"端口(全)",
[u"端口", u"次数"])
ws_chart_urlall_sys = DO().get_Sheet(self.wb_chart, u"URL(全)系统",
[u"系统", u"次数"])
ws_chart_urlall_rul = DO().get_Sheet(self.wb_chart, u"URL(全)规则",
[u"规则", u"次数"])
ws_top_all = DO().get_Sheet(self.wb_top, u"URL(全)", [u"IP", u"次数"])
for rows_source in list(ws_source.rows):
rows_source = list(rows_source)
sys_all = DO().system_Belong(rows_source[4].value, self.assetall)
if sys_all != None:
data = DO().get_Data(rows_source)
data.append(sys_all)
self.port = DO().count_Dict(self.port, data[5])
ws_filter_portall.append(data)
if data[7] != None:
if "http" in data[7]:
if DO().data_Regular(rows_source[7].value,
self.regular_type):
ws_filter_urlall.append(data)
self.top = DO().count_Dict(self.top, data[2])
self.charts = DO().count_Dict(
self.charts, data[-1])
self.chartr = DO().count_Dict(self.chartr, data[1])
ws_top_all = DO().get_Dict_data(ws_top_all, self.top)
ws_chart_urlall_sys = DO().get_Dict_data(ws_chart_urlall_sys,
self.charts)
ws_chart_urlall_rul = DO().get_Dict_data(ws_chart_urlall_rul,
self.chartr)
ws_chart_portall = DO().get_Dict_data(ws_chart_portall, self.port)
self.wb_filter.save("outputFile/" + self.time + "/" + u"数据筛选" +
".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
self.wb_top.save("outputFile/" + self.time + "/" + u"Top5" + ".xlsx")
wb_source.close()
print u"======原始筛选完成======"
def excel_Open(self):
if not os.path.exists("logFile/" + self.time + ".xlsx"):
self.wb_virus_log = DO().create_Newsheet(excel_name="logFile/" +
self.time + ".xlsx",
sheet_name=[u"日志"])
else:
self.wb_virus_log = openpyxl.load_workbook("logFile/" + self.time +
".xlsx")
def open_Excel(self):
filtername = [
u"端口(全)", u"URL(全)", u"漏洞(全)", u"跨站(全)", u"登录(全)", u"探测(全)"
]
chartname = [
u"IP(全)1", u"IP(全)2", u"端口(全)", u"URL(全)系统", u"URL(全)规则",
u"漏洞(全)系统", u"漏洞(全)规则", u"跨站(全)系统", u"跨站(全)规则", u"登录(全)",
u"探测(全)系统", u"探测(全)规则"
]
topname = [u"IP(全)", u"URL(全)", u"漏洞(全)", u"跨站(全)", u"登录(全)", u"探测(全)"]
countname = [u"统计"]
self.wb_filter = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"数据筛选" + ".xlsx", filtername)
self.wb_chart = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"图表" + ".xlsx", chartname)
self.wb_top = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"Top5" + ".xlsx", topname)
self.wb_count = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"统计" + ".xlsx", countname)
def log_Operat(self):
if not os.path.exists("logFile/" + self.time + ".xlsx"):
ws_virus_log = DO().get_Sheet(wb=self.wb_virus_log,
sheet_name=u"日志",
title=[
u"结构", u"IP地址", u"主机类型",
u"MAC地址", u"计算机名", u"病毒名称",
u"病毒类型", u"受感染文件", u"感染路径",
u"攻击类型", u"处理措施", u"感染类型", u"时间",
u"扫描类型", u"组件版本", u"操作系统"
])
else:
ws_virus_log = self.wb_virus_log.get_sheet_by_name(u"日志")
for log in self.log:
log_end = list(log)
if log_end[7] == "21":
log_end[7] = u"已清除"
if log_end[7] == "121":
log_end[7] = u"已删除"
if log_end[7] == "25":
log_end[7] = u"已忽略"
if log_end[7] == "22":
log_end[7] = u"无法清除文件"
if log_end[7] == "122":
log_end[7] = u"无法删除文件"
if log_end[7] == "81":
log_end[7] = u"已加密"
host = DO().system_Belong(ip=log[1],
asset=self.asset_branch,
defaulthost=u"未知设备")
log_end.insert(2, host)
virus = DO().virus_Belong(virus=log[4],
asset=self.asset_virus,
defaultvirus=u"未知病毒")
log_end.insert(6, virus)
U = DO().U_Belong(U=log[6])
log_end.insert(9, U)
operat = DO().operat_Belong(operat=log[7])
log_end.insert(11, operat)
ws_virus_log.append(log_end)
def login_Attempt(self):
self.__init__()
filename = "Login_Attempt"
self.regular_type.append(re.compile(r'http.status_code=4(.*?);'))
self.regular_type.append(re.compile(r'http.status_code=;'))
_xlxs_csv.Csv2Xlxs(self.time, filename)
wb_source = openpyxl.load_workbook("inputFile/" + self.time + "/" +
filename + ".xlsx")
ws_source = wb_source.get_sheet_by_name("Sheet")
ws_filter_all = DO().get_Sheet(self.wb_filter, u"登录(全)", self.title)
ws_chart_loginall = DO().get_Sheet(self.wb_chart, u"登录(全)",
[u"系统", u"次数"])
ws_top_all = DO().get_Sheet(self.wb_top, u"登录(全)", [u"IP", u"次数"])
for rows_source in list(ws_source.rows):
rows_source = list(rows_source)
if DO().data_Regular(rows_source[7].value, self.regular_type):
sys_all = DO().system_Belong(rows_source[4].value,
self.assetall)
if sys_all != None:
data = DO().get_Data(rows_source)
data.append(sys_all)
ws_filter_all.append(data)
self.top = DO().count_Dict(self.top, data[2])
self.charts = DO().count_Dict(self.charts, data[-1])
ws_top_all = DO().get_Dict_data(ws_top_all, self.top)
ws_chart_loginall = DO().get_Dict_data(ws_chart_loginall, self.charts)
self.wb_filter.save("outputFile/" + self.time + "/" + u"数据筛选" +
".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
self.wb_top.save("outputFile/" + self.time + "/" + u"Top5" + ".xlsx")
wb_source.close()
print u"======登录筛选完成======"
def data_Count(self):
ws_count = DO().get_Sheet(self.wb_count, u"统计", [u"类别", u"次数"])
ws_count.append([
u"互联网告警数",
len(list(self.wb_filter.get_sheet_by_name(u"URL(分)").rows)) - 1
])
ws_count.append([
u"内网告警数",
len(list(self.wb_filter.get_sheet_by_name(u"内网(分)"))) - 1
])
ws_count.append([
u"自助设备数",
len(list(self.wb_filter.get_sheet_by_name(u"自助设备"))) - 1
])
ws_count.append([
u"网银体验数",
len(list(self.wb_filter.get_sheet_by_name(u"网银体验"))) - 1
])
self.wb_count.save("outputFile/" + self.time + "/" + u"统计" + ".xlsx")
def IP(self):
ws_source = self.wb_count.get_sheet_by_name(u"IP(全)")
ws_char_country = DO().get_Sheet(self.wb_chart, u"IP(全)1", [u"国家"])
ws_char_city = DO().get_Sheet(self.wb_chart, u"IP(全)2", [u"城市"])
ws_top = DO().get_Sheet(self.wb_top, u"IP(全)", [u"IP", u"次数"])
count = 0
data = []
data_sort = []
for row in list(ws_source.rows):
data_ = []
row = list(row)
if count < 1:
count += 1
continue
for x in row:
data_.append(x.value)
data.append(data_)
for x in range(len(data)):
if x == 0:
data_sort.append(data[x])
continue
data_sort.append(data[x])
for i in range(1, x + 1):
if int(data_sort[x + 1 - i][1]) > int(data_sort[x - i][1]):
a = data_sort[x - i]
data_sort[x - i] = data_sort[x + 1 - i]
data_sort[x + 1 - i] = a
for data_ in data_sort:
ws_char_country.append([data_[2]])
if u"澳门" not in data_[4] and u"香港" not in data_[
4] and u"台湾" not in data_[4] and u"NULL" not in data_[
4] and u"中国" in data_[2]:
ws_char_city.append([data_[4]])
ws_top.append([data_[0], data_[1]])
self.wb_top.save("outputFile/" + self.time + "/" + u"Top5" + ".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
class Daily_Operat(object):
def __init__(self):
self.top = {}
self.charts = {}
self.chartr = {}
self.port = {}
self.regular_type = []
self.title = [
u'告警时间', u'规则名称', u'源IP', u'源端口', u'目的IP', u'目的端口', u'上报引擎',
u'返回消息', u'网口编号', u'网口别名', u'全行'
]
def internet_Event(self):
self.__init__()
filename = "Internet_Event"
self.regular_type.append(re.compile(r'http.status_code=4(.*?);'))
self.regular_type.append(re.compile(r'http.status_code=;'))
self.regular_type.append(re.compile(r'http.url=/;'))
self.regular_type.append(re.compile(r'http.url=;'))
_xlxs_csv.Csv2Xlxs(self.time, filename)
wb_source = openpyxl.load_workbook("inputFile/" + self.time + "/" +
filename + ".xlsx")
ws_source = wb_source.get_sheet_by_name("Sheet")
ws_filter_portall = DO().get_Sheet(self.wb_filter, u"端口(全)",
self.title)
ws_filter_urlall = DO().get_Sheet(self.wb_filter, u"URL(全)",
self.title)
ws_chart_portall = DO().get_Sheet(self.wb_chart, u"端口(全)",
[u"端口", u"次数"])
ws_chart_urlall_sys = DO().get_Sheet(self.wb_chart, u"URL(全)系统",
[u"系统", u"次数"])
ws_chart_urlall_rul = DO().get_Sheet(self.wb_chart, u"URL(全)规则",
[u"规则", u"次数"])
ws_top_all = DO().get_Sheet(self.wb_top, u"URL(全)", [u"IP", u"次数"])
for rows_source in list(ws_source.rows):
rows_source = list(rows_source)
sys_all = DO().system_Belong(rows_source[4].value, self.assetall)
if sys_all != None:
data = DO().get_Data(rows_source)
data.append(sys_all)
self.port = DO().count_Dict(self.port, data[5])
ws_filter_portall.append(data)
if data[7] != None:
if "http" in data[7]:
if DO().data_Regular(rows_source[7].value,
self.regular_type):
ws_filter_urlall.append(data)
self.top = DO().count_Dict(self.top, data[2])
self.charts = DO().count_Dict(
self.charts, data[-1])
self.chartr = DO().count_Dict(self.chartr, data[1])
ws_top_all = DO().get_Dict_data(ws_top_all, self.top)
ws_chart_urlall_sys = DO().get_Dict_data(ws_chart_urlall_sys,
self.charts)
ws_chart_urlall_rul = DO().get_Dict_data(ws_chart_urlall_rul,
self.chartr)
ws_chart_portall = DO().get_Dict_data(ws_chart_portall, self.port)
self.wb_filter.save("outputFile/" + self.time + "/" + u"数据筛选" +
".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
self.wb_top.save("outputFile/" + self.time + "/" + u"Top5" + ".xlsx")
wb_source.close()
print u"======原始筛选完成======"
def vulnerability_Attack(self):
filename = "Vulnerability_Attack"
self.similar(filename, u"漏洞(全)")
print u"======漏洞筛选完成======"
def cross_Site(self):
filename = "Cross_Site_Injection"
self.similar(filename, u"跨站(全)")
print u"======跨站筛选完成======"
def login_Attempt(self):
self.__init__()
filename = "Login_Attempt"
self.regular_type.append(re.compile(r'http.status_code=4(.*?);'))
self.regular_type.append(re.compile(r'http.status_code=;'))
_xlxs_csv.Csv2Xlxs(self.time, filename)
wb_source = openpyxl.load_workbook("inputFile/" + self.time + "/" +
filename + ".xlsx")
ws_source = wb_source.get_sheet_by_name("Sheet")
ws_filter_all = DO().get_Sheet(self.wb_filter, u"登录(全)", self.title)
ws_chart_loginall = DO().get_Sheet(self.wb_chart, u"登录(全)",
[u"系统", u"次数"])
ws_top_all = DO().get_Sheet(self.wb_top, u"登录(全)", [u"IP", u"次数"])
for rows_source in list(ws_source.rows):
rows_source = list(rows_source)
if DO().data_Regular(rows_source[7].value, self.regular_type):
sys_all = DO().system_Belong(rows_source[4].value,
self.assetall)
if sys_all != None:
data = DO().get_Data(rows_source)
data.append(sys_all)
ws_filter_all.append(data)
self.top = DO().count_Dict(self.top, data[2])
self.charts = DO().count_Dict(self.charts, data[-1])
ws_top_all = DO().get_Dict_data(ws_top_all, self.top)
ws_chart_loginall = DO().get_Dict_data(ws_chart_loginall, self.charts)
self.wb_filter.save("outputFile/" + self.time + "/" + u"数据筛选" +
".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
self.wb_top.save("outputFile/" + self.time + "/" + u"Top5" + ".xlsx")
wb_source.close()
print u"======登录筛选完成======"
def information_Detetion(self):
filename = "Information_Detection"
self.similar(filename, u"探测(全)")
print u"======探测筛选完成======"
def similar(self, filename, class_):
self.__init__()
self.regular_type.append(re.compile(r'http.status_code=4(.*?);'))
self.regular_type.append(re.compile(r'http.status_code=;'))
_xlxs_csv.Csv2Xlxs(self.time, filename)
wb_source = openpyxl.load_workbook("inputFile/" + self.time + "/" +
filename + ".xlsx")
ws_source = wb_source.get_sheet_by_name("Sheet")
ws_filter_all = DO().get_Sheet(self.wb_filter, class_, self.title)
ws_chart_all_sys = DO().get_Sheet(self.wb_chart, class_ + u"系统",
[u"系统", u"次数"])
ws_chart_all_rul = DO().get_Sheet(self.wb_chart, class_ + u"规则",
[u"规则", u"次数"])
ws_top_all = DO().get_Sheet(self.wb_top, class_, [u"IP", u"次数"])
for rows_source in list(ws_source.rows):
rows_source = list(rows_source)
if DO().data_Regular(rows_source[7].value, self.regular_type):
sys_all = DO().system_Belong(rows_source[4].value,
self.assetall)
if sys_all != None:
data = DO().get_Data(rows_source)
data.append(sys_all)
ws_filter_all.append(data)
self.top = DO().count_Dict(self.top, data[2])
self.charts = DO().count_Dict(self.charts, data[-1])
self.chartr = DO().count_Dict(self.chartr, data[1])
ws_top_all = DO().get_Dict_data(ws_top_all, self.top)
ws_chart_all_sys = DO().get_Dict_data(ws_chart_all_sys, self.charts)
ws_chart_all_rul = DO().get_Dict_data(ws_chart_all_rul, self.chartr)
self.wb_filter.save("outputFile/" + self.time + "/" + u"数据筛选" +
".xlsx")
self.wb_top.save("outputFile/" + self.time + "/" + u"Top5" + ".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
wb_source.close()
def IP(self):
ws_source = self.wb_count.get_sheet_by_name(u"IP(全)")
ws_char_country = DO().get_Sheet(self.wb_chart, u"IP(全)1", [u"国家"])
ws_char_city = DO().get_Sheet(self.wb_chart, u"IP(全)2", [u"城市"])
ws_top = DO().get_Sheet(self.wb_top, u"IP(全)", [u"IP", u"次数"])
count = 0
data = []
data_sort = []
for row in list(ws_source.rows):
data_ = []
row = list(row)
if count < 1:
count += 1
continue
for x in row:
data_.append(x.value)
data.append(data_)
for x in range(len(data)):
if x == 0:
data_sort.append(data[x])
continue
data_sort.append(data[x])
for i in range(1, x + 1):
if int(data_sort[x + 1 - i][1]) > int(data_sort[x - i][1]):
a = data_sort[x - i]
data_sort[x - i] = data_sort[x + 1 - i]
data_sort[x + 1 - i] = a
for data_ in data_sort:
ws_char_country.append([data_[2]])
if u"澳门" not in data_[4] and u"香港" not in data_[
4] and u"台湾" not in data_[4] and u"NULL" not in data_[
4] and u"中国" in data_[2]:
ws_char_city.append([data_[4]])
ws_top.append([data_[0], data_[1]])
self.wb_top.save("outputFile/" + self.time + "/" + u"Top5" + ".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
def rate_Count(self):
filename = 'IP_with_area'
_xlxs_csv.Csv2Xlxs(self.time, filename)
DO().rate_Count(self.time)
print u"======频率统计完成======"
def open_Excel(self):
filtername = [
u"端口(全)", u"URL(全)", u"漏洞(全)", u"跨站(全)", u"登录(全)", u"探测(全)"
]
chartname = [
u"IP(全)1", u"IP(全)2", u"端口(全)", u"URL(全)系统", u"URL(全)规则",
u"漏洞(全)系统", u"漏洞(全)规则", u"跨站(全)系统", u"跨站(全)规则", u"登录(全)",
u"探测(全)系统", u"探测(全)规则"
]
topname = [u"IP(全)", u"URL(全)", u"漏洞(全)", u"跨站(全)", u"登录(全)", u"探测(全)"]
countname = [u"统计"]
self.wb_filter = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"数据筛选" + ".xlsx", filtername)
self.wb_chart = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"图表" + ".xlsx", chartname)
self.wb_top = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"Top5" + ".xlsx", topname)
self.wb_count = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"统计" + ".xlsx", countname)
def get_Asset(self):
wb_asset = openpyxl.load_workbook('inputFile/assets2017-5-26.xlsx')
ws_assetall = wb_asset.get_sheet_by_name(u"全行资产")
self.assetall = []
count = 0
for x in list(ws_assetall.rows):
if count < 1:
count += 1
continue
self.assetall.append([x[1].value, x[2].value])
def data_Count_(self, ws_count, x):
number = len(list(
self.wb_filter.get_sheet_by_name(x + u'(全)').rows)) - 1
number_system = len(
list(self.wb_chart.get_sheet_by_name(x + u'(全)系统').rows)) - 1
if number_system != 0:
system = list(
list(self.wb_chart.get_sheet_by_name(x + u'(全)系统').rows)
[1])[0].value
else:
system = None
if number != 0:
percent_system = float(
list(
list(self.wb_chart.get_sheet_by_name(x + u'(全)系统').rows)
[1])[1].value / float(number))
else:
percent_system = None
if number_system != 0:
rule = list(
list(self.wb_chart.get_sheet_by_name(x + u'(全)规则').rows)
[1])[0].value
else:
rule = None
ws_count.append(
[x, number, number_system, system, percent_system, rule])
return ws_count
def data_Count(self):
ws_count = DO().get_Sheet(
self.wb_count, u"统计",
[u"种类", u"次数", u"系统个数", u"系统", u"百分比", u"规则"])
ws_count.append([
u"告警总数",
len(list(self.wb_filter.get_sheet_by_name(u'端口(全)').rows)) - 1
])
ws_count.append([
u"IP",
len(list(self.wb_top.get_sheet_by_name(u'IP(全)').rows)) - 1
])
ws_count.append([
u"端口",
len(list(self.wb_chart.get_sheet_by_name(u'端口(全)').rows)) - 1
])
ws_count = self.data_Count_(ws_count, u"URL")
ws_count = self.data_Count_(ws_count, u"漏洞")
ws_count = self.data_Count_(ws_count, u"跨站")
ws_count.append([
u"登录(全)",
len(list(self.wb_filter.get_sheet_by_name(u'登录(全)').rows)) - 1
])
ws_count = self.data_Count_(ws_count, u"探测")
self.wb_count.save("outputFile/" + self.time + "/" + u"统计" + ".xlsx")
print u"======数据统计完成======"
def top5_Count(self):
class_ = [
u"IP(全)",
u"URL(全)",
u"漏洞(全)",
u"跨站(全)",
u"登录(全)",
u"探测(全)",
]
for x in class_:
DO().area_Mate(self.time, x)
print u"======Top5统计完成======"
def run(self, time):
self.time = time
self.rate_Count()
self.get_Asset()
self.open_Excel()
self.internet_Event()
self.vulnerability_Attack()
self.cross_Site()
self.login_Attempt()
self.information_Detetion()
self.IP()
self.top5_Count()
self.data_Count()
def lan_Event(self):
self.__init__()
filename = "Lan_Event"
self.regular_type_1.append(re.compile(u"r'http.status_code=4(.*?);'"))
self.regular_type_0.append(re.compile(u"r'http.status_code=(.*?);'"))
try:
_xlxs_csv.Csv2Xlxs(self.time, filename)
except:
pass
wb_source = openpyxl.load_workbook("inputFile/" + self.time + "/" +
filename + ".xlsx")
ws_source = wb_source.get_sheet_by_name("Sheet")
ws_filter_lan = DO().get_Sheet(self.wb_filter, u"内网(分)",
self.title_lan)
ws_filter_zz = DO().get_Sheet(self.wb_filter, u"自助设备", self.title_lan)
ws_filter_wy = DO().get_Sheet(self.wb_filter, u"网银体验", self.title_lan)
ws_chart_lan = DO().get_Sheet(self.wb_chart, u"内网(分)", [u"分行", u"次数"])
ws_chart_zz = DO().get_Sheet(self.wb_chart, u"自助设备", [u"分行", u"次数"])
ws_chart_wy = DO().get_Sheet(self.wb_chart, u"网银体验", [u"分行", u"次数"])
ws_top_lan = DO().get_Sheet(
self.wb_top, u"内网(分)",
[u"源IP", u"源所属分行/设备", u"目IP", u"目所属分行/设备", u"规则", u"次数"])
ws_top_zz = DO().get_Sheet(
self.wb_top, u"自助设备",
[u"源IP", u"源所属分行/设备", u"目IP", u"目所属分行/设备", u"规则", u"次数"])
ws_top_wy = DO().get_Sheet(
self.wb_top, u"网银体验",
[u"源IP", u"源所属分行/设备", u"目IP", u"目所属分行/设备", u"规则", u"次数"])
for rows_source in list(ws_source.rows):
rows_source = list(rows_source)
if u"告警时间" not in rows_source[0].value:
if DO().data_Regular(rows_source[7].value, self.regular_type_1,
1):
if DO().data_Regular(rows_source[7].value,
self.regular_type_0, 0):
sbranch, sequ = DO().branch_Belong(
rows_source[2].value, self.assetlan)
obranch, oequ = DO().branch_Belong(
rows_source[4].value, self.assetlan)
data = DO().get_Data(rows_source)
data.append(sbranch)
data.append(sequ)
data.append(obranch)
data.append(oequ)
ws_filter_lan.append(data)
self.chartall = DO().count_Dict(
self.chartall, data[-2])
self.topall = DO().count_Dict(self.topall, data[2], [
data[-4] + '/' + data[-3], data[4],
data[-2] + '/' + data[-1], data[1]
])
if u"自助设备" in sequ or u"自助设备" in oequ:
ws_filter_zz.append(data)
self.chartzz = DO().count_Dict(
self.chartzz, data[-2])
self.topzz = DO().count_Dict(
self.topzz, data[2], [
data[-4] + '/' + data[-3], data[4],
data[-2] + '/' + data[-1], data[1]
])
if u"网银体验" in sequ or u"网银体验" in oequ:
ws_filter_wy.append(data)
self.chartwy = DO().count_Dict(
self.chartwy, data[-2])
self.topwy = DO().count_Dict(
self.topwy, data[2], [
data[-4] + '/' + data[-3], data[4],
data[-2] + '/' + data[-1], data[1]
])
ws_chart_lan = DO().get_Dict_data(ws_chart_lan, self.chartall, 1)
ws_chart_zz = DO().get_Dict_data(ws_chart_zz, self.chartzz, 1)
ws_chart_wy = DO().get_Dict_data(ws_chart_wy, self.chartwy, 1)
ws_top_lan = DO().get_Dict_data(ws_top_lan, self.topall, 1)
ws_top_zz = DO().get_Dict_data(ws_top_zz, self.topzz, 1)
ws_top_wy = DO().get_Dict_data(ws_top_wy, self.topwy, 1)
self.wb_filter.save("outputFile/" + self.time + "/" + u"数据筛选" +
".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
self.wb_top.save("outputFile/" + self.time + "/" + u"Top" + ".xlsx")
wb_source.close()
print u"======内网筛选完成======"
class Virus_Operat(object):
def __init__(self):
self.time = None
self.wb_virus = None
self.wb_virus_source = None
self.asset_branch = []
self.asset_virus = []
def asset_Get(self):
asset_2to1 = []
wb_asset_virus = openpyxl.load_workbook("assetFile/virus_asset.xlsx")
wb_asset_branch = openpyxl.load_workbook("assetFile/branch_asset.xlsx")
wb_asset_2to1 = openpyxl.load_workbook("assetFile/2to1.xlsx")
ws_asset_virus = wb_asset_virus.get_sheet_by_name("Sheet")
ws_asset_branch = wb_asset_branch.get_sheet_by_name("Sheet")
ws_asset_2to1 = wb_asset_2to1.get_sheet_by_name("Sheet")
for virus in list(ws_asset_virus.rows):
self.asset_virus.append([virus[0].value, virus[1].value])
for row in list(ws_asset_2to1.rows):
data = DO().get_Data(row)
asset_2to1.append(data)
for branch in list(ws_asset_branch.rows):
if branch[6].value != None:
result = re.compile(r'\((.*?)\)').findall(branch[1].value)[0]
for branch_ in asset_2to1:
if result in branch_:
result = branch_[0]
self.asset_branch.append([
result, branch[4].value, branch[6].value,
branch[7].value
])
print u"======资产获取完毕======"
def excel_Open(self):
self.wb_virus_source = openpyxl.load_workbook("inputFile/" +
self.time + ".xlsx")
self.wb_virus = DO().create_Newsheet(
excel_name="outputFile/" + self.time + ".xlsx",
sheet_name=[u"日志", u"主机类型", u"病毒类型", u"攻击类型", u"感染类型"])
def virus_Operat(self):
dict_host = {}
dict_U = {}
dict_virus = {}
dict_operat = {}
ws_virus_source = self.wb_virus_source.get_sheet_by_name("Sheet")
ws_virus_daily = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"日志",
title=[
u"结构", u"IP地址", u"主机类型", u"MAC地址",
u"计算机名", u"病毒名称", u"病毒类型",
u"受感染文件", u"感染路径", u"攻击类型",
u"处理措施", u"感染类型", u"时间", u"扫描类型",
u"组件版本", u"操作系统"
])
ws_virus_host = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"主机类型",
title=[u"主机类型", u"受攻击次数", u"所占比例"])
ws_virus_virus = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"病毒类型",
title=[u"病毒类型", u"所占次数", u"所占比例"])
ws_virus_U = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"攻击类型",
title=[u"攻击类型", u"所占次数", u"所占比例"])
ws_virus_operat = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"感染类型",
title=[u"感染类型", u"所占次数", u"所占比例"])
for source in list(ws_virus_source.rows):
if u"IP地址" == source[1].value:
continue
data = DO().get_Data(source)
host = DO().system_Belong(ip=source[1].value,
asset=self.asset_branch,
defaulthost=u"未知设备")
data.insert(2, host)
dict_host = DO().dict_Count(dict=dict_host, key=host)
virus = DO().virus_Belong(virus=source[4].value,
asset=self.asset_virus,
defaultvirus=u"未知病毒")
data.insert(6, virus)
dict_virus = DO().dict_Count(dict=dict_virus, key=virus)
U = DO().U_Belong(U=source[6].value)
data.insert(9, U)
dict_U = DO().dict_Count(dict=dict_U, key=U)
operat = DO().operat_Belong(operat=source[7].value)
data.insert(11, operat)
dict_operat = DO().dict_Count(dict=dict_operat, key=operat)
ws_virus_daily.append(data)
print u"======日志统计完毕======"
ws_virus_host = DO().dict_Getdata(ws=ws_virus_host, dict=dict_host)
print u"======主机统计完毕======"
ws_virus_virus = DO().dict_Getdata(ws=ws_virus_virus, dict=dict_virus)
print u"======病毒统计完毕======"
ws_virus_U = DO().dict_Getdata(ws=ws_virus_U, dict=dict_U)
print u"======攻击统计完毕======"
ws_virus_operat = DO().dict_Getdata(ws=ws_virus_operat,
dict=dict_operat)
print u"======感染统计完毕======"
self.wb_virus.save("outputFile/" + self.time + ".xlsx")
def run(self, time_):
self.time = time_
self.asset_Get()
self.excel_Open()
self.virus_Operat()
self.wb_virus.close()
self.wb_virus_source.close()
def virus_Operat(self):
dict_host = {}
dict_U = {}
dict_virus = {}
dict_operat = {}
ws_virus_source = self.wb_virus_source.get_sheet_by_name("Sheet")
ws_virus_daily = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"日志",
title=[
u"结构", u"IP地址", u"主机类型", u"MAC地址",
u"计算机名", u"病毒名称", u"病毒类型",
u"受感染文件", u"感染路径", u"攻击类型",
u"处理措施", u"感染类型", u"时间", u"扫描类型",
u"组件版本", u"操作系统"
])
ws_virus_host = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"主机类型",
title=[u"主机类型", u"受攻击次数", u"所占比例"])
ws_virus_virus = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"病毒类型",
title=[u"病毒类型", u"所占次数", u"所占比例"])
ws_virus_U = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"攻击类型",
title=[u"攻击类型", u"所占次数", u"所占比例"])
ws_virus_operat = DO().get_Sheet(wb=self.wb_virus,
sheet_name=u"感染类型",
title=[u"感染类型", u"所占次数", u"所占比例"])
for source in list(ws_virus_source.rows):
if u"IP地址" == source[1].value:
continue
data = DO().get_Data(source)
host = DO().system_Belong(ip=source[1].value,
asset=self.asset_branch,
defaulthost=u"未知设备")
data.insert(2, host)
dict_host = DO().dict_Count(dict=dict_host, key=host)
virus = DO().virus_Belong(virus=source[4].value,
asset=self.asset_virus,
defaultvirus=u"未知病毒")
data.insert(6, virus)
dict_virus = DO().dict_Count(dict=dict_virus, key=virus)
U = DO().U_Belong(U=source[6].value)
data.insert(9, U)
dict_U = DO().dict_Count(dict=dict_U, key=U)
operat = DO().operat_Belong(operat=source[7].value)
data.insert(11, operat)
dict_operat = DO().dict_Count(dict=dict_operat, key=operat)
ws_virus_daily.append(data)
print u"======日志统计完毕======"
ws_virus_host = DO().dict_Getdata(ws=ws_virus_host, dict=dict_host)
print u"======主机统计完毕======"
ws_virus_virus = DO().dict_Getdata(ws=ws_virus_virus, dict=dict_virus)
print u"======病毒统计完毕======"
ws_virus_U = DO().dict_Getdata(ws=ws_virus_U, dict=dict_U)
print u"======攻击统计完毕======"
ws_virus_operat = DO().dict_Getdata(ws=ws_virus_operat,
dict=dict_operat)
print u"======感染统计完毕======"
self.wb_virus.save("outputFile/" + self.time + ".xlsx")
def excel_Open(self):
self.wb_virus_source = openpyxl.load_workbook("inputFile/" +
self.time + ".xlsx")
self.wb_virus = DO().create_Newsheet(
excel_name="outputFile/" + self.time + ".xlsx",
sheet_name=[u"日志", u"主机类型", u"病毒类型", u"攻击类型", u"感染类型"])
def internet_Event(self):
self.__init__()
filename = "Internet_Event"
self.regular_type_1.append(re.compile(r'http.status_code=4(.*?);'))
self.regular_type_0.append(re.compile(r'http.status_code=(.*?);'))
self.regular_type_0.append(re.compile(r'http.url=/(.*?);'))
self.regular_type_0.append(re.compile(r'http.url=(.*?);'))
try:
_xlxs_csv.Csv2Xlxs(self.time, filename)
except:
pass
wb_source = openpyxl.load_workbook("inputFile/" + self.time + "/" +
filename + ".xlsx")
ws_source = wb_source.get_sheet_by_name("Sheet")
ws_filter_urlall = DO().get_Sheet(self.wb_filter, u"URL(分)",
self.title)
ws_filter_url_f = DO().get_Sheet(self.wb_filter, u"URL(分)筛",
self.title_f)
ws_chart_urlsys = DO().get_Sheet(self.wb_chart, u"URL(分)系统",
[u"系统", u"次数"])
ws_chart_url = DO().get_Sheet(self.wb_chart, u"URL(分)筛URL",
[u"URL", u"次数"])
ws_top_url = DO().get_Sheet(self.wb_top, u"URL(分)",
[u"URL", u"应用系统", u"源IP", u"告警名称", u"频率"])
for rows_source in list(ws_source.rows):
rows_source = list(rows_source)
sys_other = DO().system_Belong(rows_source[4].value,
self.assetother)
if sys_other != None:
data = DO().get_Data(rows_source)
data.append(sys_other)
ws_filter_urlall.append(data)
self.charts = DO().count_Dict(self.charts, data[-1])
if rows_source[7].value != None:
if "http.host" in rows_source[7].value:
if DO().data_Regular(rows_source[7].value,
self.regular_type_1, 1):
if DO().data_Regular(rows_source[7].value,
self.regular_type_0, 0):
host, url, user_agent, status_code = DO(
).http_Split(data[7])
for x in status_code, user_agent, url, host:
data.insert(7, x)
ws_filter_url_f.append(data)
if host != 'NULL':
self.chartall = DO().count_Dict(
self.chartall, host + data[8])
self.topall = DO().count_Dict(
self.topall, host + data[8],
[data[-1], data[2], data[1]])
else:
self.chartall = DO().count_Dict(
self.chartall, data[4] + data[8])
self.topall = DO().count_Dict(
self.topall, data[4] + data[8],
[data[-1], data[2], data[1]])
ws_chart_url = DO().get_Dict_data(ws=ws_chart_url,
dict=self.chartall,
des=1)
ws_chart_urlsys = DO().get_Dict_data(ws=ws_chart_urlsys,
dict=self.charts,
des=1)
ws_top_url = DO().get_Dict_data(ws=ws_top_url,
dict=self.topall,
des=1,
delet=1)
self.wb_filter.save("outputFile/" + self.time + "/" + u"数据筛选" +
".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
self.wb_top.save("outputFile/" + self.time + "/" + u"Top" + ".xlsx")
wb_source.close()
print u"======分行筛选完成======"
class Daily_Operat(object):
def __init__(self):
self.topall = {}
self.topzz = {}
self.topwy = {}
self.chartall = {}
self.chartzz = {}
self.charts = {}
self.chartwy = {}
self.regular_type_1 = []
self.regular_type_0 = []
self.title = [
u'告警时间', u'规则名称', u'源IP', u'源端口', u'目的IP', u'目的端口', u'上报引擎',
u'返回消息', u'网口编号', u'网口别名', u'分行'
]
self.title_f = [
u'告警时间', u'规则名称', u'源IP', u'源端口', u'目的IP', u'目的端口', u'上报引擎',
u'Host', u"Url", u"User-Agent", u"Status_Code", u'网口编号', u'网口别名',
u'分行'
]
self.title_lan = [
u'告警时间', u'规则名称', u'源IP', u'源端口', u'目的IP', u'目的端口', u'上报引擎',
u'返回消息', u'网口编号', u'网口别名', u'源所属分行', u"源设备", u"目所属分行", u"目设备"
]
def internet_Event(self):
self.__init__()
filename = "Internet_Event"
self.regular_type_1.append(re.compile(r'http.status_code=4(.*?);'))
self.regular_type_0.append(re.compile(r'http.status_code=(.*?);'))
self.regular_type_0.append(re.compile(r'http.url=/(.*?);'))
self.regular_type_0.append(re.compile(r'http.url=(.*?);'))
try:
_xlxs_csv.Csv2Xlxs(self.time, filename)
except:
pass
wb_source = openpyxl.load_workbook("inputFile/" + self.time + "/" +
filename + ".xlsx")
ws_source = wb_source.get_sheet_by_name("Sheet")
ws_filter_urlall = DO().get_Sheet(self.wb_filter, u"URL(分)",
self.title)
ws_filter_url_f = DO().get_Sheet(self.wb_filter, u"URL(分)筛",
self.title_f)
ws_chart_urlsys = DO().get_Sheet(self.wb_chart, u"URL(分)系统",
[u"系统", u"次数"])
ws_chart_url = DO().get_Sheet(self.wb_chart, u"URL(分)筛URL",
[u"URL", u"次数"])
ws_top_url = DO().get_Sheet(self.wb_top, u"URL(分)",
[u"URL", u"应用系统", u"源IP", u"告警名称", u"频率"])
for rows_source in list(ws_source.rows):
rows_source = list(rows_source)
sys_other = DO().system_Belong(rows_source[4].value,
self.assetother)
if sys_other != None:
data = DO().get_Data(rows_source)
data.append(sys_other)
ws_filter_urlall.append(data)
self.charts = DO().count_Dict(self.charts, data[-1])
if rows_source[7].value != None:
if "http.host" in rows_source[7].value:
if DO().data_Regular(rows_source[7].value,
self.regular_type_1, 1):
if DO().data_Regular(rows_source[7].value,
self.regular_type_0, 0):
host, url, user_agent, status_code = DO(
).http_Split(data[7])
for x in status_code, user_agent, url, host:
data.insert(7, x)
ws_filter_url_f.append(data)
if host != 'NULL':
self.chartall = DO().count_Dict(
self.chartall, host + data[8])
self.topall = DO().count_Dict(
self.topall, host + data[8],
[data[-1], data[2], data[1]])
else:
self.chartall = DO().count_Dict(
self.chartall, data[4] + data[8])
self.topall = DO().count_Dict(
self.topall, data[4] + data[8],
[data[-1], data[2], data[1]])
ws_chart_url = DO().get_Dict_data(ws=ws_chart_url,
dict=self.chartall,
des=1)
ws_chart_urlsys = DO().get_Dict_data(ws=ws_chart_urlsys,
dict=self.charts,
des=1)
ws_top_url = DO().get_Dict_data(ws=ws_top_url,
dict=self.topall,
des=1,
delet=1)
self.wb_filter.save("outputFile/" + self.time + "/" + u"数据筛选" +
".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
self.wb_top.save("outputFile/" + self.time + "/" + u"Top" + ".xlsx")
wb_source.close()
print u"======分行筛选完成======"
def lan_Event(self):
self.__init__()
filename = "Lan_Event"
self.regular_type_1.append(re.compile(u"r'http.status_code=4(.*?);'"))
self.regular_type_0.append(re.compile(u"r'http.status_code=(.*?);'"))
try:
_xlxs_csv.Csv2Xlxs(self.time, filename)
except:
pass
wb_source = openpyxl.load_workbook("inputFile/" + self.time + "/" +
filename + ".xlsx")
ws_source = wb_source.get_sheet_by_name("Sheet")
ws_filter_lan = DO().get_Sheet(self.wb_filter, u"内网(分)",
self.title_lan)
ws_filter_zz = DO().get_Sheet(self.wb_filter, u"自助设备", self.title_lan)
ws_filter_wy = DO().get_Sheet(self.wb_filter, u"网银体验", self.title_lan)
ws_chart_lan = DO().get_Sheet(self.wb_chart, u"内网(分)", [u"分行", u"次数"])
ws_chart_zz = DO().get_Sheet(self.wb_chart, u"自助设备", [u"分行", u"次数"])
ws_chart_wy = DO().get_Sheet(self.wb_chart, u"网银体验", [u"分行", u"次数"])
ws_top_lan = DO().get_Sheet(
self.wb_top, u"内网(分)",
[u"源IP", u"源所属分行/设备", u"目IP", u"目所属分行/设备", u"规则", u"次数"])
ws_top_zz = DO().get_Sheet(
self.wb_top, u"自助设备",
[u"源IP", u"源所属分行/设备", u"目IP", u"目所属分行/设备", u"规则", u"次数"])
ws_top_wy = DO().get_Sheet(
self.wb_top, u"网银体验",
[u"源IP", u"源所属分行/设备", u"目IP", u"目所属分行/设备", u"规则", u"次数"])
for rows_source in list(ws_source.rows):
rows_source = list(rows_source)
if u"告警时间" not in rows_source[0].value:
if DO().data_Regular(rows_source[7].value, self.regular_type_1,
1):
if DO().data_Regular(rows_source[7].value,
self.regular_type_0, 0):
sbranch, sequ = DO().branch_Belong(
rows_source[2].value, self.assetlan)
obranch, oequ = DO().branch_Belong(
rows_source[4].value, self.assetlan)
data = DO().get_Data(rows_source)
data.append(sbranch)
data.append(sequ)
data.append(obranch)
data.append(oequ)
ws_filter_lan.append(data)
self.chartall = DO().count_Dict(
self.chartall, data[-2])
self.topall = DO().count_Dict(self.topall, data[2], [
data[-4] + '/' + data[-3], data[4],
data[-2] + '/' + data[-1], data[1]
])
if u"自助设备" in sequ or u"自助设备" in oequ:
ws_filter_zz.append(data)
self.chartzz = DO().count_Dict(
self.chartzz, data[-2])
self.topzz = DO().count_Dict(
self.topzz, data[2], [
data[-4] + '/' + data[-3], data[4],
data[-2] + '/' + data[-1], data[1]
])
if u"网银体验" in sequ or u"网银体验" in oequ:
ws_filter_wy.append(data)
self.chartwy = DO().count_Dict(
self.chartwy, data[-2])
self.topwy = DO().count_Dict(
self.topwy, data[2], [
data[-4] + '/' + data[-3], data[4],
data[-2] + '/' + data[-1], data[1]
])
ws_chart_lan = DO().get_Dict_data(ws_chart_lan, self.chartall, 1)
ws_chart_zz = DO().get_Dict_data(ws_chart_zz, self.chartzz, 1)
ws_chart_wy = DO().get_Dict_data(ws_chart_wy, self.chartwy, 1)
ws_top_lan = DO().get_Dict_data(ws_top_lan, self.topall, 1)
ws_top_zz = DO().get_Dict_data(ws_top_zz, self.topzz, 1)
ws_top_wy = DO().get_Dict_data(ws_top_wy, self.topwy, 1)
self.wb_filter.save("outputFile/" + self.time + "/" + u"数据筛选" +
".xlsx")
self.wb_chart.save("outputFile/" + self.time + "/" + u"图表" + ".xlsx")
self.wb_top.save("outputFile/" + self.time + "/" + u"Top" + ".xlsx")
wb_source.close()
print u"======内网筛选完成======"
def open_Excel(self):
filtername = [u"URL(分)", u"URL(分)筛", u"内网(分)", u"自助设备", u"网银体验"]
chartname = [u"URL(分)系统", u"URL(分)筛URL", u"内网(分)", u"自助设备", u"网银体验"]
topname = [u"URL(分)", u"内网(分)", u"自助设备", u"网银体验"]
countname = [u"统计"]
self.wb_filter = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"数据筛选" + ".xlsx", filtername)
self.wb_chart = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"图表" + ".xlsx", chartname)
self.wb_top = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"Top" + ".xlsx", topname)
self.wb_count = DO().create_Newsheet(
"outputFile/" + self.time + "/" + u"统计" + ".xlsx", countname)
self.wb_rate_internet = DO().create_Newsheet("../IP/Internet.xlsx",
[self.time])
self.wb_rate_lan = DO().create_Newsheet("../IP/Lan.xlsx", [self.time])
def data_Count(self):
ws_count = DO().get_Sheet(self.wb_count, u"统计", [u"类别", u"次数"])
ws_count.append([
u"互联网告警数",
len(list(self.wb_filter.get_sheet_by_name(u"URL(分)").rows)) - 1
])
ws_count.append([
u"内网告警数",
len(list(self.wb_filter.get_sheet_by_name(u"内网(分)"))) - 1
])
ws_count.append([
u"自助设备数",
len(list(self.wb_filter.get_sheet_by_name(u"自助设备"))) - 1
])
ws_count.append([
u"网银体验数",
len(list(self.wb_filter.get_sheet_by_name(u"网银体验"))) - 1
])
self.wb_count.save("outputFile/" + self.time + "/" + u"统计" + ".xlsx")
def get_Asset(self):
wb_asset = openpyxl.load_workbook('inputFile/assets2017-5-26.xlsx')
wb_asset_lan = openpyxl.load_workbook('inputFile/all.xlsx')
wb_asset_2to1 = openpyxl.load_workbook('inputFile/2to1.xlsx')
ws_assetother = wb_asset.get_sheet_by_name(u"分行资产")
ws_asset_lan = wb_asset_lan.get_sheet_by_name(u"Sheet")
ws_asset_2to1 = wb_asset_2to1.get_sheet_by_name(u"Sheet")
self.assetother = []
self.assetlan = []
self.asset2to1 = []
count = 0
for x in list(ws_assetother.rows):
if count < 1:
count += 1
continue
self.assetother.append([x[1].value, x[2].value])
for x in list(ws_asset_2to1.rows):
data = DO().get_Data(x)
self.asset2to1.append(data)
for x in list(ws_asset_lan.rows):
if x[6].value != None:
result = re.compile(r'\((.*?)\)').findall(x[1].value)[0]
for y in self.asset2to1:
if result in y:
branch = y[0]
self.assetlan.append(
[branch, x[4].value, x[6].value, x[7].value])
def run(self, time):
self.time = time
self.get_Asset()
self.open_Excel()
self.internet_Event()
self.lan_Event()
self.data_Count()
self.wb_count.close()
self.wb_filter.close()
self.wb_top.close()
self.wb_chart.close()
class Log_Virus(object):
def __init__(self, time_, asset_virus, asset_branch, log):
self.time = time_
self.asset_virus = asset_virus
self.asset_branch = asset_branch
self.log = log
def excel_Open(self):
if not os.path.exists("logFile/" + self.time + ".xlsx"):
self.wb_virus_log = DO().create_Newsheet(excel_name="logFile/" +
self.time + ".xlsx",
sheet_name=[u"日志"])
else:
self.wb_virus_log = openpyxl.load_workbook("logFile/" + self.time +
".xlsx")
def log_Operat(self):
if not os.path.exists("logFile/" + self.time + ".xlsx"):
ws_virus_log = DO().get_Sheet(wb=self.wb_virus_log,
sheet_name=u"日志",
title=[
u"结构", u"IP地址", u"主机类型",
u"MAC地址", u"计算机名", u"病毒名称",
u"病毒类型", u"受感染文件", u"感染路径",
u"攻击类型", u"处理措施", u"感染类型", u"时间",
u"扫描类型", u"组件版本", u"操作系统"
])
else:
ws_virus_log = self.wb_virus_log.get_sheet_by_name(u"日志")
for log in self.log:
log_end = list(log)
if log_end[7] == "21":
log_end[7] = u"已清除"
if log_end[7] == "121":
log_end[7] = u"已删除"
if log_end[7] == "25":
log_end[7] = u"已忽略"
if log_end[7] == "22":
log_end[7] = u"无法清除文件"
if log_end[7] == "122":
log_end[7] = u"无法删除文件"
if log_end[7] == "81":
log_end[7] = u"已加密"
host = DO().system_Belong(ip=log[1],
asset=self.asset_branch,
defaulthost=u"未知设备")
log_end.insert(2, host)
virus = DO().virus_Belong(virus=log[4],
asset=self.asset_virus,
defaultvirus=u"未知病毒")
log_end.insert(6, virus)
U = DO().U_Belong(U=log[6])
log_end.insert(9, U)
operat = DO().operat_Belong(operat=log[7])
log_end.insert(11, operat)
ws_virus_log.append(log_end)
def run(self):
self.excel_Open()
self.log_Operat()
self.wb_virus_log.save("logFile/" + self.time + ".xlsx")
self.wb_virus_log.close()
def exists(self):
title = [u"告警时间", u"数据录入时间", u"所属分行", u"IP地址", u"MAC地址",u"感染主机名",
u"病毒名称", u"病毒类型", u"受感染文件", u"感染源", u"感染路径", u"处理结果", u"感染类型",
u"感染机被感染时间", u"扫描方式", u"病毒码组件", u"系统类型"]
self.date = datetime.datetime.now().strftime("%Y%m%d")
if os.path.exists("logFile/%s.xlsx" % self.date):
wb = openpyxl.load_workbook("logFile/%s.xlsx" % self.date)
try:
ws = wb.get_sheet_by_name(u"告警日志")
except:
wb.close()
wb = Data_Operat().create_Newsheet("logFile/%s.xlsx" % self.date, [u"告警日志"])
ws = Data_Operat().get_Sheet(wb, u"告警日志", title)
else:
wb = openpyxl.Workbook()
wb.create_sheet(u"告警日志")
wb.remove_sheet(wb.get_sheet_by_name("Sheet"))
ws = wb.get_sheet_by_name(u"告警日志")
ws.append(title)
return wb, ws
