Python Database.select Examples, api.database.Database.select Python Examples

Example #1

0

Show file

File: display.py Project: fairyming/Semitic

class Display_Intelligence():
    def __init__(self):
        self.link = Database("Intelligence")
        super().__init__()

    def display_ioc(self, type):
        result = {}
        result["data"] = []
        select_result = self.link.select(type,
                                         query={},
                                         sort="disclosure_time")
        if select_result:
            for alert in select_result:
                alert.pop("_id")
                result["data"].append(alert)
        self.link.close()
        result["data"] = list_dict_duplicate_removal(result["data"])
        return result

    def ioc_count(self):
        result = {}
        count = 0
        for ioc_type in ioc:
            result[ioc_type] = self.link.count(ioc_type)
            count += count + result[ioc_type]
        result["count"] = count
        self.link.close()
        # result["data"] = list_dict_duplicate_removal(result["data"])
        return result

Example #2

0

Show file

File: search.py Project: fairyming/Semitic

class Search():
    def __init__(self, data):
        self.link = Database("Intelligence")
        self.search_type = list(data.keys())[0]
        self.search_value = data[self.search_type]
        self.result = {}
        self.result["data"] = []
        super().__init__()

    def search_local(self):
        result_local = {}
        result_local["from"] = "local"
        result_local["type"] = self.search_type
        result_local["value"] = self.search_value
        try:
            local = self.link.select(
                self.search_type, query={self.search_type:
                                         self.search_value})[0]
            result_local["result"] = "success"
            result_local["tags"] = local["tags"]
            # result_local["time"] = local["disclosure_time"]
        except:
            result_local["result"] = "fail"
        self.link.close()
        return (result_local)

    def search_venuseye(self):
        check_url = {
            "ip": "https://www.venuseye.com.cn/ve/ip/ioc",
            "email": "https://www.venuseye.com.cn/ve/email/ioc",
            "domain": "https://www.venuseye.com.cn/ve/domain/ioc",
            "hash": {
                "sha256": "https://www.venuseye.com.cn/ve/sample/sha256",
                "sha1": "https://www.venuseye.com.cn/ve/sample/sha1",
                "md5": "https://www.venuseye.com.cn/ve/sample/md5"
            }
        }
        venuseye_reslut = {}
        venuseye_reslut["from"] = "venuseye"
        venuseye_reslut["type"] = self.search_type
        venuseye_reslut["value"] = self.search_value
        try:
            if self.search_type == "hash":
                if len(self.search_value) == 32:
                    venuseye = json.loads(
                        requests.post(check_url["hash"]["md5"], {
                            "target": self.search_value
                        }).content)
                elif len(self.search_value) == 40:
                    venuseye = json.loads(
                        requests.post(check_url["hash"]["sha1"], {
                            "target": self.search_value
                        }).content)
                elif len(self.search_value) == 64:
                    venuseye = json.loads(
                        requests.post(check_url["hash"]["sha256"], {
                            "target": self.search_value
                        }).content)

                venuseye_reslut["tags"] = venuseye["data"]["tags"]
            else:
                venuseye = json.loads(
                    requests.post(check_url[self.search_type], {
                        "target": self.search_value
                    }).content)
                venuseye_reslut["result"] = "success"
                venuseye_reslut["tags"] = []
                for ioc in venuseye["data"]["ioc"]:
                    for tag in ioc["categories"]:
                        venuseye_reslut["tags"].append(tag)
                venuseye_reslut["tags"] = [
                    x for x in set(venuseye_reslut["tags"])
                ]
        except:
            venuseye_reslut["result"] = "fail"
        return venuseye_reslut

    def get_reslut(self):
        self.result["data"].append(self.search_local())
        self.result["data"].append(self.search_venuseye())
        return self.result

Example #3

0

Show file

File: display.py Project: fairyming/Semitic

class Display_Semitic():
    def __init__(self):
        self.link = Database("Semitic")
        super().__init__()

    def display_alert_rule(self):
        result = {}
        result["data"] = []
        select_result = self.link.select("alert", query={})
        if select_result:
            for alert in select_result:
                alert.pop("_id")
                result["data"].append(alert)
        result["data"] = list_dict_duplicate_removal(result["data"])
        self.link.close()
        return result

    def display_alert_ioc(self):
        result = {}
        result["data"] = []
        select_result = self.link.select("alert_ioc", query={})
        if select_result:
            for alert in select_result:
                alert.pop("_id")
                result["data"].append(alert)
        self.link.close()
        result["data"] = list_dict_duplicate_removal(result["data"])
        return result

    def display_service(self):
        result = {}
        result["data"] = []
        select_result = self.link.select("service", query={})
        if select_result:
            for service in select_result:
                service.pop("_id")
                result["data"].append(service)
        self.link.close()
        result["data"] = list_dict_duplicate_removal(result["data"])
        return result

    def display_proto(self, type):
        result = {}
        result["data"] = []
        select_result = self.link.select(type, query={})
        for proto in select_result:
            proto.pop("_id")
            if type == "http":
                if proto["uri"] == "/api/upload_eve":
                    continue
            result["data"].append(proto)
        self.link.close
        result["data"] = list_dict_duplicate_removal(result["data"])
        return result

    def alert_count(self):
        result = {}
        result["rule_count"] = self.link.count("alert")
        result["ioc_count"] = self.link.count("alert_ioc")
        result["count"] = result["rule_count"] + result["ioc_count"]
        self.link.close()
        return result

    def proto_count(self):
        result = {}
        count = 0
        for proto_type in proto:
            result[proto_type] = self.link.count(proto_type)
            count += self.link.count(proto_type)
        result["count"] = result["tcp"] + result['udp']
        self.link.close()
        return result

    def eve_count(self):
        result = {"count": self.link.count("eve")}
        return result

Example #4

0

Show file

File: ioc.py Project: fairyming/Semitic

class IoC():
    def __init__(self):
        self.key_list = [
            "flow_id", "time", "src_ip", "src_port", "dest_ip", "dest_port"
        ]
        self.link_mongo = Database("Intelligence")

    def deal_tcp(self, tcp_list):
        ioc_result = []
        for tcp_dict in tcp_list:
            ip_list = [tcp_dict["src_ip"], tcp_dict["dest_ip"]]
            for ip in ip_list:
                if not private_ip(ip):
                    try:
                        result = self.link_mongo.select("ip", {"ip": ip})[0]
                        if result["tags"]:
                            ioc_alert = {}
                            for key in self.key_list:
                                ioc_alert[key] = tcp_dict[key]
                            ioc_alert["ioc"] = result["ip"]
                            ioc_alert["tags"] = result["tags"]
                            ioc_result.append(ioc_alert)
                    except:
                        pass
        return ioc_result

    # {'flow_id': 980766215639499, 'time': '2020-04-20T09:39:48.628757+0000', 'src_ip': '192.168.1.100', 'src_port': 60932, 'dest_ip': '36.152.44.96', 'dest_port': 443, 'sni': 'www.baidu.com', '_id': ObjectId('5ea18add65f32300fca3c016')}
    def deal_tls(self, tls_list):
        ioc_result = []
        for tls_dict in tls_list:
            try:
                result = self.link_mongo.select("domain",
                                                {"domain": tls_dict["sni"]})[0]
                if result["tags"]:
                    ioc_alert = {}
                    for key in self.key_list:
                        ioc_alert[key] = tls_dict[key]
                    ioc_alert["ioc"] = result["domain"]
                    ioc_alert["tags"] = result["tags"]
                    ioc_result.append(ioc_alert)
            except:
                pass
        return ioc_result

        # {'flow_id': 1210501935253800, 'time': '2019-12-16T12:00:26.080135+0000', 'src_ip': '192.168.63.20', 'src_port': 62419, 'dest_ip': '101.231.64.109', 'dest_port': 81, 'hostname': '101.231.64.109', 'uri': '/mobile/browser/WorkflowCenterTreeData.jsp?node=wftype_1&scope=2333', 'method': 'POST', '_id': ObjectId('5ea194764eeb0d1f8cb7a959')}

    def deal_http(self, http_list):
        ioc_result = []
        for http_dict in http_list:
            try:
                result = self.link_mongo.select(
                    "url", {"url": {
                        "$regex": http_dict["hostname"]
                    }})[0]
                if result["tags"]:
                    ioc_alert = {}
                    for key in self.key_list:
                        ioc_alert[key] = http_dict[key]
                    ioc_alert["ioc"] = result["url"]
                    ioc_alert["tags"] = result["tags"]
                    ioc_result.append(ioc_alert)
            except:
                pass
        return ioc_result

    # {'flow_id': 2206433917676972, 'time': '2020-04-20T09:39:46.011692+0000', 'src_ip': '192.168.1.100', 'src_port': 3143, 'dest_ip': '211.138.180.3', 'dest_port': 53, 'rrname': ['www.bing.com'], '_id': ObjectId('5ea19ded9dae6710b5616387')}
    def deal_dns(self, dns_list):
        ioc_result = []
        for dns_dict in dns_list:
            try:
                for rrname in dns_dict["rrname"]:
                    try:
                        result = self.link_mongo.select(
                            "domain", {"domain": rrname})[0]
                    except:
                        result = self.link_mongo.select(
                            "url", {"url": {
                                "$regex": rrname
                            }})[0]
                    finally:
                        pass
                    if result["tags"]:
                        ioc_alert = {}
                        for key in self.key_list:
                            ioc_alert[key] = dns_dict[key]
                        try:
                            ioc_alert["ioc"] = result["domain"]
                        except:
                            ioc_alert["ioc"] = result["url"]
                        ioc_alert["tags"] = result["tags"]
                        ioc_result.append(ioc_alert)
            except:
                pass
        return ioc_result