def test_fix_date(self):
self.assertListEqual(fix_date("02:05:2019"),
['02:05:2019', '02:05:2019 23:59:59'])
self.assertListEqual(fix_date("02:05:2019 | 01:05:2019"),
['02:05:2019 ', ' 01:05:2019'])
self.assertListEqual(fix_date("02/05/2019 | 01/05/2019"),
['02/05/2019 00:00:00', ' 01/05/2019 23:59:59'])
self.assertListEqual(fix_date("02/05/2019"),
['02/05/2019 00:00:00', '02/05/2019 23:59:59'])
def top_honeypot_machine_names():
"""
get top honeypot machine names in honeypot events
Returns:
JSON/Dict top honeypot machine names
"""
date = fix_date(get_value_from_request("date"))
top_machinenames_query = [
top_machine_names_groupby, sort_by_count_and_id, {
"$skip": fix_skip(get_value_from_request("skip"))
}, {
"$limit": fix_limit(get_value_from_request("limit"))
}
]
if date:
match_by_date = {
"$match": {
"date": {
"$gte": date[0],
"$lte": date[1]
}
}
}
top_machinenames_query.insert(0, match_by_date)
try:
return jsonify(
aggregate_function(connector.honeypot_events,
top_machinenames_query)), 200
except Exception as _:
return flask_null_array_response()
def get_network_events():
"""
get network events
Returns:
an array contain network events
"""
date = fix_date(get_value_from_request("date"))
if date:
try:
return jsonify([
i for i in connector.network_events.find(
{
"date": {
"$gte": date[0],
"$lte": date[1]
}
}, {
"_id": 0
}).skip(fix_skip(get_value_from_request("skip"))).limit(
fix_limit(get_value_from_request("limit")))
]), 200
except Exception as _:
return flask_null_array_response()
else:
try:
return jsonify([
i for i in connector.network_events.find({}, {
"_id": 0
}).skip(fix_skip(get_value_from_request("skip"))).limit(
fix_limit(get_value_from_request("limit")))
]), 200
except Exception as _:
return flask_null_array_response()
def count_network_events():
"""
Get total number of network events
Returns:
JSON/Dict number of network events
"""
date = fix_date(get_value_from_request("date"))
if date:
try:
return jsonify({
"count_network_events_by_date":
connector.network_events.count_documents(
{"date": {
"$gte": date[0],
"$lte": date[1]
}}),
"date":
date
}), 200
except Exception as _:
return flask_null_array_response()
else:
try:
return jsonify({
"count_network_events":
connector.network_events.estimated_document_count()
}), 200
except Exception as _:
return flask_null_array_response()
def count_honeypot_events_by_date():
"""
Get total number of honeypot events by date
Returns:
JSON/Dict number of network events
"""
date = fix_date(get_value_from_request("date"))
if date:
return jsonify(
{
"count_honeypot_events_by_date": connector.honeypot_events.count_documents(
{
"date": {
"$gte": date[0],
"$lte": date[1]
}
}
),
"date": date
}
), 200
else:
return jsonify(
{
"count_honeypot_events_by_date": 0,
"date": date
}
), 200
def filter_by_date(date):
date = fix_date(date)
return {
"date": {
"$gte": date[0],
"$lte": date[1]
}
}
def top_ten_countries_in_network_events():
"""
get top ten repeated countries in network events
Returns:
JSON/Dict top ten repeated countries in network events
"""
date = fix_date(
get_value_from_request("date")
)
top_countries_query = [
top_countries_groupby,
sort_by_count,
{
"$skip": fix_skip(
get_value_from_request("skip")
)
},
{
"$limit": fix_limit(
get_value_from_request("limit")
)
}
]
if date:
match_by_date_and_country = {
"$match":
{
"country_ip_dest": {
"$gt": "-"
},
"date":
{
"$gte": date[0],
"$lte": date[1]
}
}
}
top_countries_query.insert(0, match_by_date_and_country)
else:
match_by_country = {
"$match":
{
"country_ip_dest": {
"$gt": "-"
}
}
}
top_countries_query.insert(0, match_by_country)
try:
return jsonify(
aggregate_function(
connector.network_events,
top_countries_query
)
), 200
except Exception as _:
return flask_null_array_response()
def top_ten_ips_in_network_events_by_date():
"""
get top ten repeated ips in network events by date
Returns:
JSON/Dict top ten repeated ips in network events by date
"""
date = fix_date(get_value_from_request("date"))
if date:
try:
return jsonify(
[
i for i in
connector.network_events.aggregate(
[
{
"$match": {
"date": {
"$gte": date[0],
"$lte": date[1]
}
}
},
{
"$group":
{
"_id":
{
"ip": "$ip",
"country": "$country"
},
"count":
{
"$sum": 1
}
}
},
{
"$sort":
SON(
[
("count", -1),
("_id", -1)]
)
},
{
"$skip": fix_skip(get_value_from_request("skip"))
},
{
"$limit": fix_limit(get_value_from_request("limit"))
}
]
)
]
), 200
except Exception as _:
del _
return flask_null_array_response()
def top_ten_ports_in_honeypot_events():
"""
get top ten repeated ports in honeypot events
Returns:
JSON/Dict top ten repeated ports in honeypot events
"""
date = fix_date(get_value_from_request("date"))
country = get_value_from_request("country")
top_ports_query = [
top_ports_groupby, {
"$skip": fix_skip(get_value_from_request("skip"))
}, {
"$limit": fix_limit(get_value_from_request("limit"))
}
]
if country and date:
match_by_country_and_date = {
"$match": {
"country": country,
"date": {
"$gte": date[0],
"$lte": date[1]
}
}
}
top_ports_query.insert(0, match_by_country_and_date)
top_ports_query.insert(2, sort_by_count_and_id)
elif country:
match_by_country = {
"$match": {
"country": country,
}
}
top_ports_query.insert(0, match_by_country)
top_ports_query.insert(2, sort_by_count_and_id)
elif date:
match_by_date = {
"$match": {
"date": {
"$gte": date[0],
"$lte": date[1]
}
}
}
top_ports_query.insert(0, match_by_date)
top_ports_query.insert(2, sort_by_count)
else:
top_ports_query.insert(1, sort_by_count)
try:
return jsonify(
aggregate_function(connector.honeypot_events,
top_ports_query)), 200
except Exception as _:
return flask_null_array_response()
def filter_by_date(date):
date = fix_date(date)
return {
"query": {
"range": {
"date": {
"gte": date[0],
"lte": date[1]
}
}
}
} if date else {
"query": {}
}
def get_honeypot_events_by_date():
"""
get honeypot events by date
Returns:
an array contain honeypot events by date
"""
date = fix_date(get_value_from_request("date"))
if date:
try:
return jsonify(
[
i for i in
connector.honeypot_events.find(
{
"date":
{
"$gte": date[0],
"$lte": date[1]
}
},
{
"_id": 0
}
).skip(
fix_skip(
get_value_from_request("skip")
)
).limit(
fix_limit(
get_value_from_request("limit")
)
)
]
), 200
except Exception as _:
del _
return flask_null_array_response()
