def module_events(): """ Get total number of credential events according to module Returns: JSON/Dict of credential events according to module """ module_name = get_value_from_request("module_name") module_query = [ group_by_ip_dest, { "$skip": fix_skip( get_value_from_request("skip") ) }, { "$limit": fix_limit( get_value_from_request("limit") ) } ] if module_name: module_query.insert(0, {"$match": {'module_name': module_name}}) try: return jsonify( aggregate_function(connector.credential_events, module_query) ), 200 except Exception as _: return flask_null_array_response()
def top_honeypot_machine_names(): """ get top honeypot machine names in honeypot events Returns: JSON/Dict top honeypot machine names """ date = fix_date(get_value_from_request("date")) top_machinenames_query = [ top_machine_names_groupby, sort_by_count_and_id, { "$skip": fix_skip(get_value_from_request("skip")) }, { "$limit": fix_limit(get_value_from_request("limit")) } ] if date: match_by_date = { "$match": { "date": { "$gte": date[0], "$lte": date[1] } } } top_machinenames_query.insert(0, match_by_date) try: return jsonify( aggregate_function(connector.honeypot_events, top_machinenames_query)), 200 except Exception as _: return flask_null_array_response()
def groupby_element(event_type, element): """ get top ten repeated "elements" as defined in database_queries in "event type". Eg. <API_URL>/api/events/count/groupby/honeypot/ip?date=2020-08-01 Returns: JSON/Dict top ten element in event type """ abort(404) if (event_type not in event_types or element not in group_by_elements) else True date = get_value_from_request("date") country = get_value_from_request("country") try: return jsonify([{ element: data['_id'][element], "count": data["count"] } for data in aggregate_function(event_types[event_type], [ filter_by_match({ **filter_by_country_ip_dest(country), **filter_by_date(date) }) if country and date else filter_by_match(filter_by_country_ip_dest(country)) if country else filter_by_match(filter_by_date(date)) if date else sort_by_count, group_by_elements[element], filter_by_skip(get_value_from_request("skip")), filter_by_limit(get_value_from_request("limit")), sort_by_count ])]), 200 except Exception: abort(500)
def top_ten_countries_in_network_events(): """ get top ten repeated countries in network events Returns: JSON/Dict top ten repeated countries in network events """ date = fix_date( get_value_from_request("date") ) top_countries_query = [ top_countries_groupby, sort_by_count, { "$skip": fix_skip( get_value_from_request("skip") ) }, { "$limit": fix_limit( get_value_from_request("limit") ) } ] if date: match_by_date_and_country = { "$match": { "country_ip_dest": { "$gt": "-" }, "date": { "$gte": date[0], "$lte": date[1] } } } top_countries_query.insert(0, match_by_date_and_country) else: match_by_country = { "$match": { "country_ip_dest": { "$gt": "-" } } } top_countries_query.insert(0, match_by_country) try: return jsonify( aggregate_function( connector.network_events, top_countries_query ) ), 200 except Exception as _: return flask_null_array_response()
def top_ten_ports_in_honeypot_events(): """ get top ten repeated ports in honeypot events Returns: JSON/Dict top ten repeated ports in honeypot events """ date = fix_date(get_value_from_request("date")) country = get_value_from_request("country") top_ports_query = [ top_ports_groupby, { "$skip": fix_skip(get_value_from_request("skip")) }, { "$limit": fix_limit(get_value_from_request("limit")) } ] if country and date: match_by_country_and_date = { "$match": { "country": country, "date": { "$gte": date[0], "$lte": date[1] } } } top_ports_query.insert(0, match_by_country_and_date) top_ports_query.insert(2, sort_by_count_and_id) elif country: match_by_country = { "$match": { "country": country, } } top_ports_query.insert(0, match_by_country) top_ports_query.insert(2, sort_by_count_and_id) elif date: match_by_date = { "$match": { "date": { "$gte": date[0], "$lte": date[1] } } } top_ports_query.insert(0, match_by_date) top_ports_query.insert(2, sort_by_count) else: top_ports_query.insert(1, sort_by_count) try: return jsonify( aggregate_function(connector.honeypot_events, top_ports_query)), 200 except Exception as _: return flask_null_array_response()