def _parse_machine_ip(machine): machine_ip_data = {} for ip_field, fields in MACHINE_IP_FIELDS.items(): try: raw_field = machine.get(ip_field, None) machine_ip = ipaddress.ip_address(raw_field) machine_subnet = ipaddress.ip_network(machine_ip).supernet( new_prefix=MACHINE_IP_PREFIXES[ip_field]) except ValueError: machine_ip = None machine_subnet = None machine_ip_data[ip_field] = '' if machine_ip: machine_ip_data.update({ ip_field: str(machine_ip), '_'.join((ip_field, 'rdns')): get_rdns_lookup(str(machine_ip)), '_'.join((ip_field, 'subnet')): str(machine_subnet) }) for field in fields: if field not in machine_ip_data: machine_ip_data[field] = NO_DATA return machine_ip_data
def find_new_machines(self, machines): '''parse switch structure to find new machines added to network since last call''' for machine in machines: machine['ether_vendor'] = get_ether_vendor( machine['mac'], '/poseidon/poseidon/metadata/nmap-mac-prefixes.txt') if 'ipv4' in machine and machine['ipv4'] and machine[ 'ipv4'] is not 'None' and machine['ipv4'] is not '0': machine['ipv4_rdns'] = get_rdns_lookup(machine['ipv4']) machine['ipv4_subnet'] = '.'.join( machine['ipv4'].split('.')[:-1]) + '.0/24' else: machine['ipv4_rdns'] = 'NO DATA' machine['ipv4_subnet'] = 'NO DATA' if 'ipv6' in machine and machine['ipv6'] and machine[ 'ipv6'] is not 'None' and machine['ipv6'] is not '0': machine['ipv6_rdns'] = get_rdns_lookup(machine['ipv6']) machine['ipv6_subnet'] = '.'.join( machine['ipv6'].split(':')[0:4]) + '::0/64' else: machine['ipv6_rdns'] = 'NO DATA' machine['ipv6_subnet'] = 'NO DATA' if not 'controller_type' in machine: machine['controller_type'] = 'none' machine['controller'] = '' trunk = False for sw in self.trunk_ports: if sw == machine['segment'] and self.trunk_ports[sw].split( ',')[1] == str( machine['port']) and self.trunk_ports[sw].split( ',')[0] == machine['mac']: trunk = True h = Endpoint.make_hash(machine, trunk=trunk) ep = None for endpoint in self.endpoints: if h == endpoint.name: ep = endpoint if ep is not None and ep.endpoint_data != machine and not ep.ignore: self.logger.info('Endpoint changed: {0}:{1}'.format( h, machine)) ep.endpoint_data = deepcopy(machine) if ep.state == 'inactive' and machine['active'] == 1: if ep.p_next_state in ['known', 'abnormal']: ep.trigger(ep.p_next_state) else: ep.unknown() ep.p_prev_states.append((ep.state, int(time.time()))) elif ep.state != 'inactive' and machine['active'] == 0: if ep.state in ['mirroring', 'reinvestigating']: status = Actions(ep, self.sdnc).unmirror_endpoint() if not status: self.logger.warning( 'Unable to unmirror the endpoint: {0}'.format( ep.name)) self.investigations -= 1 if ep.state == 'mirroring': ep.p_next_state = 'mirror' elif ep.state == 'reinvestigating': ep.p_next_state = 'reinvestigate' if ep.state in ['known', 'abnormal']: ep.p_next_state = ep.state ep.inactive() ep.p_prev_states.append((ep.state, int(time.time()))) elif ep is None: self.logger.info('Detected new endpoint: {0}:{1}'.format( h, machine)) m = Endpoint(h) m.p_prev_states.append((m.state, int(time.time()))) m.endpoint_data = deepcopy(machine) self.endpoints.append(m) self.store_endpoints() return