def ignore(): post_data = request.get_json() ignore_type = post_data["ignore_type"] activity = Activity() activity.ignore(post_data["id"]) if ignore_type == "add_rule": i = Ignore(post_data["alert_code"]) result = i.add_ignore_rule(post_data["rules"]) if not result: return output_json({"errno": 1, "error": "规则格式或内容有误"}) return output_json({"errno": 0, "data": ""})
def group(domain, name): entry = Entry(domain) result = entry.group_entry_data(name) return output_json({ "errno": 0, "data": result })
def statistic(): result = {} activity = Activity() data = activity.statistic_status_level() result["total"] = activity.count() result["data"] = data return output_json({"errno": 0, "data": result})
def detail_user(domain, name): entry = Entry(domain) result = entry.detail_user_data(name) return output_json({ "errno": 0, "data": result })
def computer(domain, name): entry = Entry(domain) result = entry.computer_entry_data(name) return output_json({ "errno": 0, "data": result })
def access_entries(): post_data = request.get_json() record = Record() result = record.access_entries(data=post_data) return output_json({ "errno": 0, "data": result })
def logon_users(): post_data = request.get_json() record = Record() result = record.logon_users(data=post_data) return output_json({ "errno": 0, "data": result })
def used_computers(): post_data = request.get_json() record = Record() result = record.used_computers(data=post_data) return output_json({ "errno": 0, "data": result })
def mistake(): post_data = request.get_json() # 将某个活动标记为误报 activity = Activity() activity.mistake(post_data["id"]) # 设置规则,之后自动排除该类误报 # m = Mistake(post_data["alert_code"]) # m.exclude(**post_data) return output_json({"errno": 0, "data": ""})
def fuzz_search(): post_data = request.get_json() result = [] for domain in main_config.domain_list: entry = Entry(domain) entries = entry.fuzz_search(**post_data) result.extend(entries) return output_json({ "errno": 0, "data": result })
def get_list(): result = [] for classify_name, value in alert_map.items(): children = [] for code, name in value.items(): children.append({"label": name, "value": code}) result.append({ "label": classify_name, "value": classify_name, "children": children }) return output_json({"errno": 0, "data": result})
def get_list(): """ 所有相关的活动 """ post_data = request.get_json() record = Record() result = record.list(data=post_data) return output_json({ "errno": 0, "data": result })
def get_list(): post_data = request.get_json() invasion = Invasion() result = invasion.list(data=post_data) return output_json({"errno": 0, "data": result})
def close(): post_data = request.get_json() activity = Activity() activity.close(post_data["id"]) return output_json({"errno": 0, "data": ""})
def delete(activity_id): activity = Activity() result = activity.delete(activity_id) return output_json({"errno": 0, "data": result})
def related_list(): post_data = request.get_json() activity = Activity() result = activity.related_list(data=post_data) return output_json({"errno": 0, "data": result})