def store_process_information(self):
#foreignkey = station for this event
st = stations.objects.get(id=self.station_id)
#foreignkey = binary for this event
bin = binaries.objects.get(id=self.binary_id)
#foreignkey2 = parent_binary for this event (check model's related_name if any problem)
parent_bin = binaries.objects.get(id=self.parent_binary_id)
#check if the process is already in the db
#process = self.checkProcessDup(self.station_id,
# self.binary_id,
# self.process_data['child_pid'],
# self.process_data['user'],
# self.process_data['commandline'])
process = self.checkProcessDup(self.station_id,
self.process_data['child_pid'])
if not process:
process = running_processes()
process.station = st
process.binary = bin
process.parent_binary = parent_bin
process.username = self.process_data["user"]
try:
process.creation_date = self.dateFormat()
except:
process.creation_date = datetime.datetime.now()
#CHECK THIS
try:
if self.process_data["commandline"] != "None":
process.cmdline = self.process_data["commandline"]
else:
process.cmdline = "None"
except:
process.cmdline = ""
#######################
try:
process.flags = self.process_data["flags"]
except:
process.flags = ""
process.ppid = self.process_data['parent_pid']
process.pid = self.process_data['child_pid']
process.creation_class_name = self.process_data['creation_class_name']
process.cs_creation_class_name = self.process_data[
'cs_creation_class_name']
process.cs_name = self.process_data['cs_name']
process.handle = self.process_data['handle']
process.handle_count = self.process_data['handle_count']
process.kernel_mode_time = self.process_data['kernel_mode_time']
process.user_mode_time = self.process_data['user_mode_time']
process.working_set_size = self.process_data['working_set_size']
process.max_working_set_size = self.process_data[
'max_working_set_size']
process.min_working_set_size = self.process_data[
'min_working_set_size']
process.os_creation_class_name = self.process_data[
'os_creation_class_name']
process.os_name = self.process_data['os_name']
process.windows_version = self.process_data['windows_version']
process.other_operation_count = self.process_data[
'other_operation_count']
process.other_transfer_count = self.process_data[
'other_transfer_count']
process.page_faults = self.process_data['page_faults']
process.page_file_usage = self.process_data['page_file_usage']
process.peak_page_file_usage = self.process_data[
'peak_page_file_usage']
process.peak_virtual_size = self.process_data['peak_virtual_size']
process.peak_working_set_size = self.process_data[
'peak_working_set_size']
process.priority = self.process_data['priority']
process.private_page_count = self.process_data['private_page_count']
process.quota_non_paged_pool_usage = self.process_data[
'quota_non_paged_pool_usage']
process.quota_paged_pool_usage = self.process_data[
'quota_paged_pool_usage']
process.quota_peak_non_paged_pool_usage = self.process_data[
'quota_peak_non_paged_pool_usage']
process.quota_peak_paged_pool_usage = self.process_data[
'quota_peak_paged_pool_usage']
process.read_operation_count = self.process_data[
'read_operation_count']
process.read_transfer_count = self.process_data['read_transfer_count']
process.write_operation_count = self.process_data[
'write_operation_count']
process.write_transfer_count = self.process_data[
'write_transfer_count']
process.session_id = self.process_data['session_id']
process.thread_count = self.process_data['thread_count']
process.virtual_size = self.process_data['virtual_size']
process.log_date = self.log_date
process.save()
# add privileges
priv_list = self.process_data["privileges"][:-1].split("|")
for priv in priv_list:
# If the privilege is one of our default privileges
if priv in privilegesdict.keys():
privilege = privileges.objects.get(name=priv)
process.privileges.add(privilege)
else:
# We might have already created the priv object
try:
privilege = privileges.objects.get(name=priv)
process.privileges.add(privilege)
except:
privilege = privileges()
privilege.name = priv
privilege.desc = ""
privilege.save()
process.privileges.add(privilege)
return process
def store_process_information(self):
#foreignkey = station for this event
st = stations.objects.get(id=self.station_id)
#foreignkey = binary for this event
bin = binaries.objects.get(id=self.binary_id)
#foreignkey2 = parent_binary for this event (check model's related_name if any problem)
parent_bin = binaries.objects.get(id=self.parent_binary_id)
#check if the process is already in the db
#process = self.checkProcessDup(self.station_id,
# self.binary_id,
# self.process_data['child_pid'],
# self.process_data['user'],
# self.process_data['commandline'])
process = self.checkProcessDup(self.station_id,
self.process_data['child_pid'])
if not process:
process = running_processes()
process.station = st
process.binary = bin
process.parent_binary = parent_bin
process.username = self.process_data["user"]
try:
process.creation_date = self.dateFormat()
except:
process.creation_date = datetime.datetime.now()
#CHECK THIS
try:
if self.process_data["commandline"] != "None":
process.cmdline = self.process_data["commandline"]
else:
process.cmdline = "None"
except:
process.cmdline = ""
#######################
try:
process.flags = self.process_data["flags"]
except:
process.flags = ""
process.ppid = self.process_data['parent_pid']
process.pid = self.process_data['child_pid']
process.creation_class_name = self.process_data['creation_class_name']
process.cs_creation_class_name = self.process_data['cs_creation_class_name']
process.cs_name = self.process_data['cs_name']
process.handle = self.process_data['handle']
process.handle_count = self.process_data['handle_count']
process.kernel_mode_time = self.process_data['kernel_mode_time']
process.user_mode_time = self.process_data['user_mode_time']
process.working_set_size = self.process_data['working_set_size']
process.max_working_set_size = self.process_data['max_working_set_size']
process.min_working_set_size = self.process_data['min_working_set_size']
process.os_creation_class_name = self.process_data['os_creation_class_name']
process.os_name = self.process_data['os_name']
process.windows_version = self.process_data['windows_version']
process.other_operation_count = self.process_data['other_operation_count']
process.other_transfer_count = self.process_data['other_transfer_count']
process.page_faults = self.process_data['page_faults']
process.page_file_usage = self.process_data['page_file_usage']
process.peak_page_file_usage = self.process_data['peak_page_file_usage']
process.peak_virtual_size = self.process_data['peak_virtual_size']
process.peak_working_set_size = self.process_data['peak_working_set_size']
process.priority = self.process_data['priority']
process.private_page_count = self.process_data['private_page_count']
process.quota_non_paged_pool_usage = self.process_data['quota_non_paged_pool_usage']
process.quota_paged_pool_usage = self.process_data['quota_paged_pool_usage']
process.quota_peak_non_paged_pool_usage = self.process_data['quota_peak_non_paged_pool_usage']
process.quota_peak_paged_pool_usage = self.process_data['quota_peak_paged_pool_usage']
process.read_operation_count = self.process_data['read_operation_count']
process.read_transfer_count = self.process_data['read_transfer_count']
process.write_operation_count = self.process_data['write_operation_count']
process.write_transfer_count = self.process_data['write_transfer_count']
process.session_id = self.process_data['session_id']
process.thread_count = self.process_data['thread_count']
process.virtual_size = self.process_data['virtual_size']
process.log_date = self.log_date
process.save()
# add privileges
priv_list = self.process_data["privileges"][:-1].split("|")
for priv in priv_list:
# If the privilege is one of our default privileges
if priv in privilegesdict.keys():
privilege = privileges.objects.get(name=priv)
process.privileges.add(privilege)
else:
# We might have already created the priv object
try:
privilege = privileges.objects.get(name=priv)
process.privileges.add(privilege)
except:
privilege = privileges()
privilege.name = priv
privilege.desc = ""
privilege.save()
process.privileges.add(privilege)
return process
def store_event_information(self):
#foreignkey = station for this event
st = stations.objects.get(id=self.station_id)
#foreignkey = binary for this event
bin = binaries.objects.get(id=self.binary_id)
#foreignkey2 = parent_binary for this event (check model's related_name if any problem)
parent_bin = binaries.objects.get(id=self.parent_binary_id)
ev = events()
ev.station = st
ev.binary = bin
ev.parent_binary = parent_bin
#ev.username=base64.b64decode(self.xml_dict["USER"][0])
#ev.username=base64.b64decode(self.process_data["user"])
ev.username = self.process_data["user"]
try:
ev.event_timestamp = self.dateFormat()
except:
ev.event_timestamp = datetime.datetime.now()
try:
if self.process_data["commandline"] != "None":
#ev.cmdline = base64.b64decode(self.xml_dict["CmdLine"][0])
ev.cmdline = self.process_data["commandline"]
else:
ev.cmdline = "None"
except:
# pass
ev.cmdline = ""
try:
ev.flags = self.process_data["flags"]
except:
ev.flags = ""
ev.creation_class_name = self.process_data['creation_class_name']
ev.cs_creation_class_name = self.process_data['cs_creation_class_name']
ev.cs_name = self.process_data['cs_name']
ev.handle = self.process_data['handle']
ev.handle_count = self.process_data['handle_count']
ev.kernel_mode_time = self.process_data['kernel_mode_time']
ev.user_mode_time = self.process_data['user_mode_time']
ev.working_set_size = self.process_data['working_set_size']
ev.max_working_set_size = self.process_data['max_working_set_size']
ev.min_working_set_size = self.process_data['min_working_set_size']
ev.os_creation_class_name = self.process_data['os_creation_class_name']
ev.os_name = self.process_data['os_name']
ev.windows_version = self.process_data['windows_version']
ev.other_operation_count = self.process_data['other_operation_count']
ev.other_transfer_count = self.process_data['other_transfer_count']
ev.page_faults = self.process_data['page_faults']
ev.page_file_usage = self.process_data['page_file_usage']
ev.peak_page_file_usage = self.process_data['peak_page_file_usage']
ev.peak_virtual_size = self.process_data['peak_virtual_size']
ev.peak_working_set_size = self.process_data['peak_working_set_size']
ev.priority = self.process_data['priority']
ev.private_page_count = self.process_data['private_page_count']
ev.quota_non_paged_pool_usage = self.process_data[
'quota_non_paged_pool_usage']
ev.quota_paged_pool_usage = self.process_data['quota_paged_pool_usage']
ev.quota_peak_non_paged_pool_usage = self.process_data[
'quota_peak_non_paged_pool_usage']
ev.quota_peak_paged_pool_usage = self.process_data[
'quota_peak_paged_pool_usage']
ev.read_operation_count = self.process_data['read_operation_count']
ev.read_transfer_count = self.process_data['read_transfer_count']
ev.write_operation_count = self.process_data['write_operation_count']
ev.write_transfer_count = self.process_data['write_transfer_count']
ev.session_id = self.process_data['session_id']
ev.thread_count = self.process_data['thread_count']
ev.virtual_size = self.process_data['virtual_size']
ev.save()
# add privileges
# self.process_data["privileges"] have an extra | at the end.
priv_list = self.process_data["privileges"][:-1].split("|")
for priv in priv_list:
# If the privilege is one of our default privileges
if priv in privilegesdict.keys():
privilege = privileges.objects.get(name=priv)
ev.privileges.add(privilege)
else:
# We might have already created the priv object
try:
privilege = privileges.objects.get(name=priv)
ev.privileges.add(privilege)
except:
privilege = privileges()
privilege.name = priv
privilege.desc = ""
privilege.save()
ev.privileges.add(privilege)
return ev
def store_event_information(self):
#foreignkey = station for this event
st = stations.objects.get(id=self.station_id)
#foreignkey = binary for this event
bin = binaries.objects.get(id=self.binary_id)
#foreignkey2 = parent_binary for this event (check model's related_name if any problem)
parent_bin = binaries.objects.get(id=self.parent_binary_id)
ev = events()
ev.station = st
ev.binary = bin
ev.parent_binary = parent_bin
#ev.username=base64.b64decode(self.xml_dict["USER"][0])
#ev.username=base64.b64decode(self.process_data["user"])
ev.username = self.process_data["user"]
try:
ev.event_timestamp = self.dateFormat()
except:
ev.event_timestamp = datetime.datetime.now()
try:
if self.process_data["commandline"] != "None":
#ev.cmdline = base64.b64decode(self.xml_dict["CmdLine"][0])
ev.cmdline = self.process_data["commandline"]
else:
ev.cmdline = "None"
except:
# pass
ev.cmdline = ""
try:
ev.flags = self.process_data["flags"]
except:
ev.flags = ""
ev.creation_class_name = self.process_data['creation_class_name']
ev.cs_creation_class_name = self.process_data['cs_creation_class_name']
ev.cs_name = self.process_data['cs_name']
ev.handle = self.process_data['handle']
ev.handle_count = self.process_data['handle_count']
ev.kernel_mode_time = self.process_data['kernel_mode_time']
ev.user_mode_time = self.process_data['user_mode_time']
ev.working_set_size = self.process_data['working_set_size']
ev.max_working_set_size = self.process_data['max_working_set_size']
ev.min_working_set_size = self.process_data['min_working_set_size']
ev.os_creation_class_name = self.process_data['os_creation_class_name']
ev.os_name = self.process_data['os_name']
ev.windows_version = self.process_data['windows_version']
ev.other_operation_count = self.process_data['other_operation_count']
ev.other_transfer_count = self.process_data['other_transfer_count']
ev.page_faults = self.process_data['page_faults']
ev.page_file_usage = self.process_data['page_file_usage']
ev.peak_page_file_usage = self.process_data['peak_page_file_usage']
ev.peak_virtual_size = self.process_data['peak_virtual_size']
ev.peak_working_set_size = self.process_data['peak_working_set_size']
ev.priority = self.process_data['priority']
ev.private_page_count = self.process_data['private_page_count']
ev.quota_non_paged_pool_usage = self.process_data['quota_non_paged_pool_usage']
ev.quota_paged_pool_usage = self.process_data['quota_paged_pool_usage']
ev.quota_peak_non_paged_pool_usage = self.process_data['quota_peak_non_paged_pool_usage']
ev.quota_peak_paged_pool_usage = self.process_data['quota_peak_paged_pool_usage']
ev.read_operation_count = self.process_data['read_operation_count']
ev.read_transfer_count = self.process_data['read_transfer_count']
ev.write_operation_count = self.process_data['write_operation_count']
ev.write_transfer_count = self.process_data['write_transfer_count']
ev.session_id = self.process_data['session_id']
ev.thread_count = self.process_data['thread_count']
ev.virtual_size = self.process_data['virtual_size']
ev.save()
# add privileges
# self.process_data["privileges"] have an extra | at the end.
priv_list = self.process_data["privileges"][:-1].split("|")
for priv in priv_list:
# If the privilege is one of our default privileges
if priv in privilegesdict.keys():
privilege = privileges.objects.get(name=priv)
ev.privileges.add(privilege)
else:
# We might have already created the priv object
try:
privilege = privileges.objects.get(name=priv)
ev.privileges.add(privilege)
except:
privilege = privileges()
privilege.name = priv
privilege.desc = ""
privilege.save()
ev.privileges.add(privilege)
return ev
