def happy(request):

    result = ''
    final_result = ''
    stat=''
    total='0'
    lat='31.218816'
    lng='121.416603'

    if request.method == 'POST':
        form = DefaultForm(request.POST)
        if form.is_valid():
            keyword = form.cleaned_data['keyword']
            clienttype = form.cleaned_data['clienttype']
            postype = form.cleaned_data['postype']
            sorttype = form.cleaned_data['sorttype']
            lng = form.cleaned_data['lng']
            lat = form.cleaned_data['lat']
            distance = form.cleaned_data['distance']


            if keyword != '' or distance != '':
                url = createQuery(keyword, sorttype, clienttype, postype, lng, lat, distance)
                result = urllib2.urlopen(encoding.smart_str(url)).read()
                if result != '':

                    final_result = simplejson.loads(result)['records']
                    total = simplejson.loads(result)['totalhits']
    else:
        form = DefaultForm()

    return render_to_response('happytimes.html', {'form': form, 'total':total, 'result': final_result, 'lat':lat, 'lng':lng }, context_instance=RequestContext(request))
Exemple #2
0
def defaultconfig(request):
	username = request.session.get('username','')
	if username:
		try:
			if request.method == "POST":
				fw = DefaultForm(request.POST)
				if fw.is_valid():
					fs = request.POST.get('defaultconfig')
					addmd5(fs,'default')
					default = open('/tftpboot/pxelinux.cfg/default','w+')
					default.write(fs)
					default.close()
					# temp = shellshow('service dhcpd start')
					# print temp
					# shellshow('service dhcpd start')
					return render_to_response('defaultconfig.html',{'defaultconfig':fs,'username':username})
			else:
				default = open('/tftpboot/pxelinux.cfg/default','r+')
				str = ''
				for line in default.readlines():
					str = str + line
				default.close()
				# template = loader.get_template("configfile.html")
				# context = Context({'configfile':str,'username':name})
				# return HttpResponse(template.render(context))
				return render_to_response('defaultconfig.html',{'defaultconfig':str,'username':username})
			return render_to_response('defaultconfig.html',{'defaultconfig':fw.cleaned_data['defaultconfig'],'username':username})
		except IOError: 
    			print('IOError') 
    		finally: 
    			default.close() 
	else:
		return HttpResponseRedirect('/user/login/')
def createHiveCase(esid):
    search = get_hits(esid)
    tlp = int(parser.get('hive', 'hive_tlp'))
    severity = 2
    for item in search['hits']['hits']:
        result = item['_source']
        es_id = item['_id']
        try:
            message = result['message']
            description = str(message)
        except:
            description = str(result)
        sourceRef = str(uuid.uuid4())[0:6]
        tags = ["SecurityOnion"]
        artifacts = []
        event = result['event']
        src = srcport = dst = dstport = None
        if event['dataset'] == 'alert':
            title = result['rule']['name']
        else:
            title = f'New {event["module"].capitalize()} {event["dataset"].capitalize()} Event'
        form = DefaultForm()
        #artifact_string = jsonpickle.encode(artifacts)
        return render_template('hive.html',
                               title=title,
                               description=description,
                               severity=severity,
                               form=form)
Exemple #4
0
def eventModifyFields(esid):
    search = get_hits(esid)
    for result in search['hits']['hits']:
        esindex = result['_index']
        result = result['_source']
        tags = result['tags']
        form = DefaultForm()
    return render_template('update_event.html', result=result, esindex=esindex, esid=esid, tags=tags, form=form)
Exemple #5
0
def createHiveAlert(esid):
    search = getHits(esid)
    #Hive Stuff
    #es_url = parser.get('es', 'es_url')
    hive_url = parser.get('hive', 'hive_url')
    api = hiveInit()
    tlp = int(parser.get('hive', 'hive_tlp'))
    for result in search['hits']['hits']:

        # Get initial details
        message = result['_source']['message']
        es_id = result['_id']
        description = str(message)
        sourceRef = str(uuid.uuid4())[0:6]
        tags = ["SecurityOnion"]
        artifacts = []
        id = None
        host = str(result['_index']).split(":")[0]
        index = str(result['_index']).split(":")[1]
        event_type = result['_source']['event_type']

        if 'source_ip' in result['_source']:
            src = str(result['_source']['source_ip'])
        if 'destination_ip' in result['_source']:
            dst = str(result['_source']['destination_ip'])
        if 'source_port' in result['_source']:
            srcport = str(result['_source']['source_port'])
        if 'destination_port' in result['_source']:
            dstport = str(result['_source']['destination_port'])
        # NIDS Alerts
        if 'ids' in event_type:
            alert = result['_source']['alert']
            sid = str(result['_source']['sid'])
            category = result['_source']['category']
            sensor = result['_source']['sensor_name']
            masterip = str(es_url.split("//")[1].split(":")[0])
            tags.append("nids")
            tags.append(category)
            title = alert
            print(alert)
            sys.stdout.flush()
            # Add artifacts
            artifacts.append(AlertArtifact(dataType='ip', data=src))
            artifacts.append(AlertArtifact(dataType='ip', data=dst))
            artifacts.append(AlertArtifact(dataType='other', data=sensor))
            description = "`NIDS Dashboard:` \n\n <https://" + masterip + "/kibana/app/kibana#/dashboard/ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'sid:" + sid + "')),sort:!('@timestamp',desc))> \n\n `IPs: `" + src + ":" + srcport + "-->" + dst + ":" + dstport + "\n\n `Signature:`" + alert + "\n\n `PCAP:` " + "https://" + masterip + "/kibana/app//sensoroni/securityonion/joblookup?redirectUrl=/sensoroni/&esid=" + es_id
        # Bro logs
        elif 'bro' in event_type:
            _map_key_type = {
                "conn": "Connection",
                "dhcp": "DHCP",
                "dnp3": "DNP3",
                "dns": "DNS",
                "files": "Files",
                "ftp": "FTP",
                "http": "HTTP",
                "intel": "Intel",
                "irc": "IRC",
                "kerberos": "Kerberos",
                "modbus": "Modbus",
                "mysql": "MySQL",
                "ntlm": "NTLM",
                "pe": "PE",
                "radius": "RADIUS",
                "rdp": "RDP",
                "rfb": "RFB",
                "sip": "SIP",
                "smb": "SMB",
                "smtp": "SMTP",
                "snmp": "SNMP",
                "ssh": "SSH",
                "ssl": "SSL",
                "syslog": "Syslog",
                "weird": "Weird",
                "x509": "X509"
            }

            def map_key_type(indicator_type):
                '''
                  Maps a key type to use in the request URL.
                  '''

                return _map_key_type.get(indicator_type)

            bro_tag = event_type.strip('bro_')
            bro_tag_title = map_key_type(bro_tag)
            title = str('New Bro ' + bro_tag_title + ' record!')

            if 'source_ip' in result['_source']:
                artifacts.append(AlertArtifact(dataType='ip', data=src))
            if 'destination_ip' in result['_source']:
                artifacts.append(AlertArtifact(dataType='ip', data=dst))
            if 'sensor_name' in result['_source']:
                sensor = str(result['_source']['sensor_name'])
                artifacts.append(AlertArtifact(dataType='other', data=sensor))
            if 'uid' in result['_source']:
                uid = str(result['_source']['uid'])
                title = str('New Bro ' + bro_tag_title + ' record! - ' + uid)
                artifacts.append(AlertArtifact(dataType='other', data=uid))
            if 'fuid' in result['_source']:
                fuid = str(result['_source']['fuid'])
                title = str('New Bro ' + bro_tag_title + ' record! - ' + fuid)
                artifacts.append(AlertArtifact(dataType='other', data=fuid))
            if 'id' in result['_source']:
                fuid = str(result['_source']['id'])
                title = str('New Bro ' + bro_tag_title + ' record! - ' + fuid)
                artifacts.append(AlertArtifact(dataType='other', data=fuid))

            tags.append('bro')
            tags.append(bro_tag)

        # Wazuh/OSSEC logs
        elif 'ossec' in event_type:
            agent_name = result['_source']['agent']['name']
            if 'description' in result['_source']:
                ossec_desc = result['_source']['description']
            else:
                ossec_desc = result['_source']['full_log']
            if 'ip' in result['_source']['agent']:
                agent_ip = result['_source']['agent']['ip']
                artifacts.append(AlertArtifact(dataType='ip', data=agent_ip))
                artifacts.append(
                    AlertArtifact(dataType='other', data=agent_name))
            else:
                artifacts.append(
                    AlertArtifact(dataType='other', data=agent_name))

            title = ossec_desc
            tags.append("wazuh")

        elif 'sysmon' in event_type:
            if 'ossec' in result['_source']['tags']:
                agent_name = result['_source']['agent']['name']
                agent_ip = result['_source']['agent']['ip']
                ossec_desc = result['_source']['full_log']
                artifacts.append(AlertArtifact(dataType='ip', data=agent_ip))
                artifacts.append(
                    AlertArtifact(dataType='other', data=agent_name))
                tags.append("wazuh")
            elif 'beat' in result['_source']['tags']:
                agent_name = str(result['_source']['beat']['hostname'])
                if 'beat_host' in result['_source']:
                    os_name = str(result['_source']['beat_host']['os']['name'])
                    artifacts.append(
                        AlertArtifact(dataType='other', data=os_name))
                if 'source_hostname' in result['_source']:
                    source_hostname = str(result['_source']['source_hostname'])
                    artifacts.append(
                        AlertArtifact(dataType='fqdn', data=source_hostname))
                if 'source_ip' in result['_source']:
                    source_ip = str(result['_source']['source_ip'])
                    artifacts.append(
                        AlertArtifact(dataType='ip', data=source_ip))
                if 'destination_ip' in result['_source']:
                    destination_ip = str(result['_source']['destination_ip'])
                    artifacts.append(
                        AlertArtifact(dataType='ip', data=destination_ip))
                if 'image_path' in result['_source']:
                    image_path = str(result['_source']['image_path'])
                    artifacts.append(
                        AlertArtifact(dataType='filename', data=image_path))
                if 'Hashes' in result['_source']['event_data']:
                    hashes = result['_source']['event_data']['Hashes']
                    for hash in hashes.split(','):
                        if hash.startswith('MD5') or hash.startswith('SHA256'):
                            artifacts.append(
                                AlertArtifact(dataType='hash',
                                              data=hash.split('=')[1]))
                tags.append("beats")
            else:
                agent_name = ''
            title = "New Sysmon Event! - " + agent_name

        else:
            title = "New " + event_type + " Event From Security Onion"
        form = DefaultForm()
        artifact_string = jsonpickle.encode(artifacts)
        return render_template('hive.html',
                               title=title,
                               tlp=tlp,
                               tags=tags,
                               description=description,
                               artifact_string=artifact_string,
                               sourceRef=sourceRef,
                               form=form)
def createHiveAlert(esid):
    search = get_hits(esid)
    # Hive Stuff
    hive_url = parser.get('hive', 'hive_url')
    hive_api = hiveInit()
    tlp = int(parser.get('hive', 'hive_tlp'))
    for item in search['hits']['hits']:
        # Get initial details
        result = item['_source']
        message = result['message']
        es_id = item['_id']
        description = str(message)
        sourceRef = str(uuid.uuid4())[0:6]
        tags = ["SecurityOnion"]
        artifacts = []
        event = result['event']
        src = srcport = dst = dstport = None

        if 'source' in result:
            if 'ip' in result['source']:
                src = str(result['source']['ip'])
            if 'port' in result['source']:
                srcport = str(result['source']['port'])
        if 'destination' in result:
            if 'ip' in result['destination']:
                dst = str(result['destination']['ip'])
            if 'port' in result['destination']:
                dstport = str(result['destination']['port'])

        # NIDS Alerts
        if event['module'] == 'ids':
            alert = result['rule']['name']
            sid = str(result['rule']['signature_id'])
            category = result['rule']['category']
            sensor = result['observer']['name']
            masterip = str(es_url.split("//")[1].split(":")[0])
            tags.append("nids")
            tags.append(category)
            title = alert
            print(alert)
            sys.stdout.flush()
            # Add artifacts
            artifacts.append(AlertArtifact(dataType='ip', data=src))
            artifacts.append(AlertArtifact(dataType='ip', data=dst))
            artifacts.append(AlertArtifact(dataType='other', data=sensor))
            description = "`NIDS Dashboard:` \n\n <https://" + masterip + f"/kibana/so-soctopus/kibana#/dashboard/ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:{es_index}',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'sid:" + sid + "')),sort:!('@timestamp',desc))> \n\n `IPs: `" + src + ":" + srcport + "-->" + dst + ":" + dstport + "\n\n `Signature:`" + alert + "\n\n `PCAP:` " + "https://" + masterip + "/kibana/so-soctopus//sensoroni/securityonion/joblookup?redirectUrl=/sensoroni/&esid=" + es_id

        # Zeek logs
        elif event['module'] == 'zeek':
            _map_key_type = {
                "conn": "Connection",
                "dhcp": "DHCP",
                "dnp3": "DNP3",
                "dns": "DNS",
                "file": "Files",
                "ftp": "FTP",
                "http": "HTTP",
                "intel": "Intel",
                "irc": "IRC",
                "kerberos": "Kerberos",
                "modbus": "Modbus",
                "mysql": "MySQL",
                "ntlm": "NTLM",
                "pe": "PE",
                "radius": "RADIUS",
                "rdp": "RDP",
                "rfb": "RFB",
                "sip": "SIP",
                "smb": "SMB",
                "smtp": "SMTP",
                "snmp": "SNMP",
                "ssh": "SSH",
                "ssl": "SSL",
                "syslog": "Syslog",
                "weird": "Weird",
                "x509": "X509"
            }

            zeek_tag = event['dataset']
            zeek_tag_title = _map_key_type.get(zeek_tag)
            title = str('New Zeek ' + zeek_tag_title + ' record!')

            if src:
                artifacts.append(AlertArtifact(dataType='ip', data=src))
            if dst:
                artifacts.append(AlertArtifact(dataType='ip', data=dst))
            if result.get('observer', {}).get('name'):
                sensor = str(result['observer']['name'])
                artifacts.append(AlertArtifact(dataType='other', data=sensor))
            if result.get('log', {}).get('id', {}).get('uid'):
                uid = str(result['log']['id']['uid'])
                title = str('New Zeek ' + zeek_tag_title + ' record! - ' + uid)
                artifacts.append(AlertArtifact(dataType='other', data=uid))
            if result.get('log', {}).get('id', {}).get('fuid'):
                fuid = str(result['log']['id']['fuid'])
                title = str('New Zeek ' + zeek_tag_title + ' record! - ' +
                            fuid)
                artifacts.append(AlertArtifact(dataType='other', data=fuid))
            if result.get('log', {}).get('id', {}).get('id'):
                fuid = str(result['log']['id']['id'])
                title = str('New Zeek ' + zeek_tag_title + ' record! - ' +
                            fuid)
                artifacts.append(AlertArtifact(dataType='other', data=fuid))

            tags.append('zeek')
            tags.append(zeek_tag)

        # Wazuh/OSSEC logs
        elif event['module'] == 'ossec':
            agent_name = result['agent']['name']
            if 'description' in result:
                ossec_desc = result['rule']['description']
            else:
                ossec_desc = result['log']['full']
            if 'ip' in result['agent']:
                agent_ip = result['agent']['ip']
                artifacts.append(AlertArtifact(dataType='ip', data=agent_ip))
                artifacts.append(
                    AlertArtifact(dataType='other', data=agent_name))
            else:
                artifacts.append(
                    AlertArtifact(dataType='other', data=agent_name))

            title = ossec_desc
            tags.append("wazuh")

        # Sysmon logs
        elif event['module'] == 'sysmon':
            if 'ossec' in result['tags']:
                agent_name = result['agent']['name']
                agent_ip = result['agent']['ip']
                artifacts.append(AlertArtifact(dataType='ip', data=agent_ip))
                artifacts.append(
                    AlertArtifact(dataType='other', data=agent_name))
                tags.append("wazuh")
            elif 'beat' in result['tags']:
                agent_name = str(result['agent']['hostname'])
                if result.get('agent'):
                    try:
                        os_name = str(result['agent']['os']['name'])
                        artifacts.append(
                            AlertArtifact(dataType='other', data=os_name))
                    except:
                        pass
                    try:
                        beat_name = str(result['agent']['name'])
                        artifacts.append(
                            AlertArtifact(dataType='other', data=beat_name))
                    except:
                        pass
                if result.get('source', {}).get('hostname'):
                    source_hostname = result['source']['hostname']
                    artifacts.append(
                        AlertArtifact(dataType='fqdn', data=source_hostname))
                if result.get('source', {}).get('ip'):
                    source_ip = str(result['source']['ip'])
                    artifacts.append(
                        AlertArtifact(dataType='ip', data=source_ip))
                if result.get('destination', {}).get('ip'):
                    destination_ip = str(result['destination']['ip'])
                    artifacts.append(
                        AlertArtifact(dataType='ip', data=destination_ip))
                # FIXME: find what "image_path" has been changed to
                # if 'image_path' in result:
                #     image_path = str(result['image_path'])
                #     artifacts.append(AlertArtifact(dataType='filename', data=image_path))
                # FIXME: find what "Hashes" has been changed to
                # if 'Hashes' in result['data']['data']:
                #     hashes = result['event']['data']['Hashes']
                #     for hash in hashes.split(','):
                #         if hash.startswith('MD5') or hash.startswith('SHA256'):
                #             artifacts.append(AlertArtifact(dataType='hash', data=hash.split('=')[1]))
                tags.append("agent")
            else:
                agent_name = ''
            title = "New Sysmon Event! - " + agent_name

        else:
            title = f'New {event["module"]}_{event["dataset"]} Event From Security Onion'
        form = DefaultForm()
        artifact_string = jsonpickle.encode(artifacts)
        return render_template('hive.html',
                               title=title,
                               tlp=tlp,
                               tags=tags,
                               description=description,
                               artifact_string=artifact_string,
                               sourceRef=sourceRef,
                               form=form)
Exemple #7
0
def createHiveAlert(esid):
    search = getHits(esid)
    #Hive Stuff
    #es_url = parser.get('es', 'es_url')
    hive_url = parser.get('hive', 'hive_url')
    hive_key = parser.get('hive', 'hive_key')
    hive_verifycert = parser.get('hive', 'hive_verifycert')
    tlp = int(parser.get('hive', 'hive_tlp'))
    
    # Check if verifying cert
    if 'False' in hive_verifycert:
        api = TheHiveApi(hive_url, hive_key, cert=False)
    else:
        api = TheHiveApi(hive_url, hive_key, cert=True)

    #if hits > 0:
    for result in search['hits']['hits']:

          # Get initial details
          message = result['_source']['message']
          description = str(message)
          sourceRef = str(uuid.uuid4())[0:6]
          tags=["SecurityOnion"]
          artifacts=[]
          id = None
          host = str(result['_index']).split(":")[0]
          index = str(result['_index']).split(":")[1]
          event_type = result['_source']['event_type']

          if 'source_ip' in result['_source']:
              src = str(result['_source']['source_ip'])
          if 'destination_ip' in result['_source']:
              dst = str(result['_source']['destination_ip'])
          #if 'source_port' in result['_source']:
          #    srcport = result['_source']['source_port']
          #if 'destination_port' in result['_source']:
          #    dstport = result['_source']['destination_port']
          # NIDS Alerts
          if 'snort' in event_type:
              alert = result['_source']['alert']
              category = result['_source']['category']
              sensor = result['_source']['interface']
              tags.append("nids")
              tags.append(category)
              title=alert
              # Add artifacts
              artifacts.append(AlertArtifact(dataType='ip', data=src))
              artifacts.append(AlertArtifact(dataType='ip', data=dst))
              artifacts.append(AlertArtifact(dataType='other', data=sensor))
              
          # Bro logs
          elif 'bro' in event_type:
              _map_key_type ={
                  "conn": "Connection",
                  "dhcp": "DHCP",
                  "dnp3": "DNP3",
                  "dns": "DNS",
                  "files": "Files",
                  "ftp": "FTP",
                  "http": "HTTP",
                  "intel": "Intel",
                  "irc": "IRC",
                  "kerberos": "Kerberos",
                  "modbus": "Modbus",
                  "mysql": "MySQL",
                  "ntlm": "NTLM",
                  "pe": "PE",
                  "radius": "RADIUS",
                  "rdp": "RDP",
                  "rfb": "RFB",
                  "sip" : "SIP",
                  "smb": "SMB",
                  "smtp": "SMTP",
                  "snmp": "SNMP",
                  "ssh": "SSH",
                  "ssl": "SSL",
                  "syslog": "Syslog",
                  "weird": "Weird",
                  "x509": "X509"
              }

              def map_key_type(indicator_type):
                  '''
                  Maps a key type to use in the request URL.
                  '''

                  return _map_key_type.get(indicator_type)
              
              bro_tag = event_type.strip('bro_')
              bro_tag_title = map_key_type(bro_tag)
              title= str('New Bro ' + bro_tag_title + ' record!')

              
              if 'source_ip' in result['_source']:
                  artifacts.append(AlertArtifact(dataType='ip', data=src))
              if 'destination_ip' in result['_source']:
                  artifacts.append(AlertArtifact(dataType='ip', data=dst))
              if 'sensor_name' in result['_source']:
                  sensor = str(result['_source']['sensor_name'])
                  artifacts.append(AlertArtifact(dataType='other', data=sensor))
              if 'uid' in result['_source']:
                  uid = str(result['_source']['uid'])
                  title= str('New Bro ' + bro_tag_title + ' record! - ' + uid)
                  artifacts.append(AlertArtifact(dataType='other', data=uid))
              if 'fuid' in result['_source']:
                  fuid = str(result['_source']['fuid'])
                  title= str('New Bro ' + bro_tag_title + ' record! - ' + fuid)
                  artifacts.append(AlertArtifact(dataType='other', data=fuid))
              if 'id' in result['_source']:
                  fuid = str(result['_source']['id'])
                  title= str('New Bro ' + bro_tag_title + ' record! - ' + fuid)
                  artifacts.append(AlertArtifact(dataType='other', data=fuid))
              
              tags.append('bro')
              tags.append(bro_tag)

          # Wazuh/OSSEC logs
          elif 'ossec' in event_type:
              agent_name = result['_source']['agent']['name']
              if 'description' in result['_source']:
                  ossec_desc = result['_source']['description']
              else:
                  ossec_desc = result['_source']['full_log']
              if 'ip' in result['_source']['agent']:
                  agent_ip = result['_source']['agent']['ip']
                  artifacts.append(AlertArtifact(dataType='ip', data=agent_ip))
                  artifacts.append(AlertArtifact(dataType='other', data=agent_name))
              else:
                  artifacts.append(AlertArtifact(dataType='other', data=agent_name))
              
              title= ossec_desc
              tags.append("wazuh")
          
          elif 'sysmon' in event_type:
              if 'ossec' in result['_source']['tags']:
                  agent_name = result['_source']['agent']['name']
                  agent_ip = result['_source']['agent']['ip']
                  ossec_desc = result['_source']['full_log']
                  artifacts.append(AlertArtifact(dataType='ip', data=agent_ip))
                  artifacts.append(AlertArtifact(dataType='other', data=agent_name))
                  tags.append("wazuh")
              elif 'beat' in result['_source']['tags']:
                  agent_name = str(result['_source']['beat']['hostname'])
                  if 'beat_host' in result['_source']:
                      os_name = str(result['_source']['beat_host']['os']['name'])
                      artifacts.append(AlertArtifact(dataType='other', data=os_name))
                  if 'source_hostname' in result['_source']:
                      source_hostname = str(result['_source']['source_hostname'])
                      artifacts.append(AlertArtifact(dataType='fqdn', data=source_hostname))
                  if 'source_ip' in result['_source']:
                      source_ip = str(result['_source']['source_ip'])
                      artifacts.append(AlertArtifact(dataType='ip', data=source_ip))
                  if 'destination_ip' in result['_source']:
                      destination_ip = str(result['_source']['destination_ip'])
                      artifacts.append(AlertArtifact(dataType='ip', data=destination_ip))
                  if 'image_path' in result['_source']:
                      image_path = str(result['_source']['image_path'])
                      artifacts.append(AlertArtifact(dataType='filename', data=image_path))
                  if 'Hashes' in result['_source']['event_data']:
                      hashes = result['_source']['event_data']['Hashes']
                      for hash in hashes.split(','):
                          if hash.startswith('MD5') or hash.startswith('SHA256'):
                              artifacts.append(AlertArtifact(dataType='hash', data=hash.split('=')[1]))
                  tags.append("beats")
              else:
                  agent_name = ''
              title= "New Sysmon Event! - " + agent_name
           
          else:
              title = "New " + event_type + " Event From Security Onion"
          form = DefaultForm()
          artifact_string = jsonpickle.encode(artifacts)
          return render_template('hive.html', title=title, tlp=tlp,tags=tags, description=description, artifact_string=artifact_string, sourceRef=sourceRef, form=form)