def _renderPorts(self, criteria, width=DEFAULT_WIDTH, height=DEFAULT_HEIGHT): base_url = self._getBaseURL() title = "Top 10 Targeted Ports" distribution = Chart.DistributionChart(self.user, width, height) chart = { "title": title, "value_name": "Port", "chart": distribution } criteria = criteria[:] + [ "(alert.target.service.iana_protocol_number == 6 ||" "alert.target.service.iana_protocol_number == 17 ||" "alert.target.service.iana_protocol_name =* 'tcp' ||" "alert.target.service.iana_protocol_name =* 'udp' ||" "alert.target.service.protocol =* 'udp' ||" "alert.target.service.protocol =* 'tcp')" ] results = self.env.idmef_db.getValues([ "alert.target.service.port/group_by", "alert.target.service.iana_protocol_number/group_by", "alert.target.service.iana_protocol_name/group_by", "alert.target.service.protocol/group_by", "count(alert.target.service.port)/order_desc" ], criteria=criteria, limit=10) if not results: return merge = { _(u"n/a"): { }, u"tcp": { }, u"udp": { } } for port, iana_protocol_number, iana_protocol_name, protocol, count in results: if not port: continue if iana_protocol_number: protocol = utils.protocol_number_to_name(iana_protocol_number) elif iana_protocol_name: protocol = iana_protocol_name if not protocol: protocol = _(u"n/a") protocol = protocol.lower() if not merge.has_key(protocol): protocol = _(u"n/a") if not merge[protocol].has_key(port): merge[protocol][port] = 0 merge[protocol][port] += count results = [ ] for protocol, values in merge.items(): for port, count in values.items(): results.append((port, protocol, count)) results.sort(lambda x, y: int(y[2] - x[2])) for port, protocol, count in results: name = "%d / %s" % (port, protocol) distribution.addLabelValuePair(name, count, base_url + "&" + "target_object_0=alert.target.service.port&target_value_0=%d" % port) distribution.render(title) self.dataset["charts"].append(chart)
def buildService(self, service): if not service: return if service["port"]: port = str(service["port"]) self.newTableEntry(_("Port"), self.getUrlLink(port, "https://www.requiem-ids.com/port_details.php?port=%s" % port)) portlist = service["portlist"] if portlist: out = "" for port in portlist.replace(" ", "").split(","): if len(out) > 0: out += ", " if port.find("-") != -1: left, right = port.split("-") out += self.getUrlLink(left, "https://www.requiem-ids.com/port_details.php?port=%s" % left) out += " - " out += self.getUrlLink(right, "https://www.requiem-ids.com/port_details.php?port=%s" % right) else: out += self.getUrlLink(port, "https://www.requiem-ids.com/port_details.php?port=%s" % port) self.newTableEntry(_("PortList"), out) if service["ip_version"]: self.newTableEntry(_("ip_version"), service["ip_version"]) ipn = service["iana_protocol_number"] if ipn and utils.protocol_number_to_name(ipn) != None: self.newTableEntry(_("Protocol"), utils.protocol_number_to_name(ipn)) elif service["iana_protocol_name"]: self.newTableEntry(_("Protocol"), service["iana_protocol_name"]) elif service["protocol"]: self.newTableEntry(_("Protocol"), service["protocol"])