def getProcesses(self, ips=None, hostId=None): args = [ 'Port_Process.ipaddress as ip', 'Port_Process.port as port', 'Port_Process.Protocol as protocol', 'Port_Process.listen as isListen', 'Processes.pid as pid', 'Processes.name as name', 'cmdline', 'params', 'path', 'owner', 'startuptime', 'Port_Process.hostid as hostId' ] kwargs = {'dataObjectClass': ProcessDetails} portProcessSqlBuilder = SelectSqlBuilder('Port_Process', *args, **kwargs) joinConditions = [ 'Port_Process.hostid=Processes.hostid', 'Port_Process.pid=Processes.pid' ] selectJoinBuilder = SelectLeftJoinSqlBuilder(portProcessSqlBuilder, 'Processes', and_(*joinConditions)) andClauses = [] ips and andClauses.append('Port_Process.ipaddress in (%s)' % ','.join(["'%s'" % ip for ip in ips])) hostId and andClauses.append("hostId='%s'" % hostId) selectJoinBuilder.where(and_(*andClauses)) entries = self._sqlClient.execute(selectJoinBuilder) processes = {} for process in entries: logger.debug('Got process: ', (process.ip, process.port)) processes[(process.ip, process.port)] = process return processes
def getConnections(self, srcIps=None, hostId=None, protocol=6): srcIps = srcIps or [] selectBuilder = SelectSqlBuilder('Agg_V5', 'hostId', 'srcAddr as srcIp', 'srcPort', 'dstAddr as dstIp', 'dstPort', 'prot as protocol', 'dPkts as packetCount', 'dOctets as octetCount', dataObjectClass=ConnectionDetails) andClauses = [] ipsClause = ','.join(["'%s'" % ip for ip in srcIps]) srcIps and andClauses.append('srcAddr in (%s)' % ipsClause) andClauses.append('prot=%d' % protocol) hostId and andClauses.append("hostId='%s'" % hostId) selectBuilder.where(and_(*andClauses)) connectionDetails = self._sqlClient.execute(selectBuilder) return connectionDetails
def getProcesses(self, ips=None, hostId=None): args = ['Port_Process.ipaddress as ip', 'Port_Process.port as port', 'Port_Process.Protocol as protocol', 'Port_Process.listen as isListen', 'Processes.pid as pid', 'Processes.name as name', 'cmdline', 'params', 'path', 'owner', 'startuptime', 'Port_Process.hostid as hostId'] kwargs = {'dataObjectClass':ProcessDetails} portProcessSqlBuilder = SelectSqlBuilder('Port_Process', *args, **kwargs) joinConditions = ['Port_Process.hostid=Processes.hostid', 'Port_Process.pid=Processes.pid'] selectJoinBuilder = SelectLeftJoinSqlBuilder(portProcessSqlBuilder, 'Processes', and_(*joinConditions)) andClauses = [] ips and andClauses.append('Port_Process.ipaddress in (%s)' % ','.join(["'%s'" % ip for ip in ips])) hostId and andClauses.append("hostId='%s'" % hostId) selectJoinBuilder.where(and_(*andClauses)) entries = self._sqlClient.execute(selectJoinBuilder) processes = {} for process in entries: logger.debug('Got process: ', (process.ip, process.port)) processes[(process.ip, process.port)] = process return processes