def _add_iana(self): iana_conf_file = "{0}/components/iana/iana_config.json".format( os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) if os.path.isfile(iana_conf_file): iana_config = json.loads(open(iana_conf_file).read()) dns_iana = IanaTransform(iana_config["IANA"]) dns_qry_class_index = self._conf["dns_results_fields"][ "dns_qry_class"] dns_qry_type_index = self._conf["dns_results_fields"][ "dns_qry_type"] dns_qry_rcode_index = self._conf["dns_results_fields"][ "dns_qry_rcode"] self._dns_scores = [ conn + [ dns_iana.get_name(conn[dns_qry_class_index], "dns_qry_class") ] + [dns_iana.get_name(conn[dns_qry_type_index], "dns_qry_type")] + [ dns_iana.get_name(conn[dns_qry_rcode_index], "dns_qry_rcode") ] for conn in self._dns_scores ] else: self._dns_scores = [ conn + ["", "", ""] for conn in self._dns_scores ]
def _add_iana(self): iana_conf_file = "{0}/components/iana/iana_config.json".format(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) if os.path.isfile(iana_conf_file): iana_config = json.loads(open(iana_conf_file).read()) proxy_iana = IanaTransform(iana_config["IANA"]) proxy_rcode_index = self._conf["proxy_score_fields"]["respcode"] self._proxy_scores = [ conn + [ proxy_iana.get_name(conn[proxy_rcode_index],"proxy_http_rcode")] for conn in self._proxy_scores ] else: self._proxy_scores = [ conn + [""] for conn in self._proxy_scores ]
def _add_iana(self): iana_conf_file = "{0}/components/iana/iana_config.json".format(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) if os.path.isfile(iana_conf_file): iana_config = json.loads(open(iana_conf_file).read()) dns_iana = IanaTransform(iana_config["IANA"]) dns_qry_class_index = self._conf["dns_results_fields"]["dns_qry_class"] dns_qry_type_index = self._conf["dns_results_fields"]["dns_qry_type"] dns_qry_rcode_index = self._conf["dns_results_fields"]["dns_qry_rcode"] self._dns_scores = [ conn + [ dns_iana.get_name(conn[dns_qry_class_index],"dns_qry_class")] + [dns_iana.get_name(conn[dns_qry_type_index],"dns_qry_type")] + [dns_iana.get_name(conn[dns_qry_rcode_index],"dns_qry_rcode")] for conn in self._dns_scores ] else: self._dns_scores = [ conn + ["","",""] for conn in self._dns_scores ]
def _get_suspicious_details(self): hash_list = [] iana_conf_file = "{0}/components/iana/iana_config.json".format( os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) if os.path.isfile(iana_conf_file): iana_config = json.loads(open(iana_conf_file).read()) proxy_iana = IanaTransform(iana_config["IANA"]) for conn in self._proxy_scores: conn_hash = conn[self._conf["proxy_score_fields"]["hash"]] if conn_hash not in hash_list: hash_list.append(conn_hash) clientip = conn[self._conf["proxy_score_fields"]["clientip"]] fulluri = conn[self._conf["proxy_score_fields"]["fulluri"]] date = conn[self._conf["proxy_score_fields"]["p_date"]].split( '/') if len(date) == 3: year = date[2] month = date[0].zfill(2) day = date[1].zfill(2) hh = (conn[self._conf["proxy_score_fields"] ["p_time"]].split(":"))[0] # print hh self._get_proxy_details(fulluri, clientip, conn_hash, year, month, day, hh, proxy_iana)
def _get_suspicious_details(self): iana_conf_file = "{0}/components/iana/iana_config.json".format(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) if os.path.isfile(iana_conf_file): iana_config = json.loads(open(iana_conf_file).read()) dns_iana = IanaTransform(iana_config["IANA"]) for conn in self._dns_scores: # get data to query date=conn[self._conf["dns_score_fields"]["frame_time"]].split(" ") date = filter(None,date) if len(date) == 5: year=date[2] month=datetime.datetime.strptime(date[0], '%b').strftime('%m') day=date[1] hh=conn[self._conf["dns_score_fields"]["hh"]] dns_qry_name = conn[self._conf["dns_score_fields"]["dns_qry_name"]] self._get_dns_details(dns_qry_name,year,month,day,hh,dns_iana)
def _get_suspicious_details(self): iana_conf_file = "{0}/components/iana/iana_config.json".format(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) if os.path.isfile(iana_conf_file): iana_config = json.loads(open(iana_conf_file).read()) dns_iana = IanaTransform(iana_config["IANA"]) for conn in self._dns_scores: timestamp = conn[self._conf["dns_score_fields"]["unix_tstamp"]] full_date = datetime.datetime.utcfromtimestamp(int(timestamp)).strftime('%Y-%m-%d %H:%M:%S') date = full_date.split(" ")[0].split("-") # get date parameters. yr = date[0] mn = date[1] dy = date[2] time = full_date.split(" ")[1].split(":") hh = int(time[0]) dns_qry_name = conn[self._conf["dns_score_fields"]["dns_qry_name"]] self._get_dns_details(dns_qry_name,yr,mn,dy,hh,dns_iana)