def monthly_create_pie_charts(config): """ Creates the bar charts for the security watch report. Uses the Google Charts API. Arguments: config -- configuration dictionary """ pie_chart_csv = ['DefacementTld', 'ISPDefacement', 'ISPMalware', 'ISPPhishing', 'MalwareTld', 'PhishingTld', 'botnetDailyMax', 'ISPBotnetsPie', 'ISPServerAllPie', 'ISPAllPie'] rutil.google_pie_chart(zip(pie_chart_csv, pie_chart_csv), config['file_paths'][2], config['output_dir'])
def quarterly_create_charts(config): """ Generates charts for the quarterly security watch report using Plotly and Google Charts. """ yyqq, year, qrtr, qrtr_label, data_paths = config['params'] output = config['output'] print('Generating Security Watch Report for ' + qrtr_label[4]) print('Creating charts:') # Lambda function to use qrtr_labels as the labels for the x-axis qrtr_bar = lambda x,y: rutil.plotly_bar_chart(qrtr_label,x,y) # Defacement, Phishing and Malware Trend and URL/IP url_ip_col = [('Defacement', 1, u'網頁塗改',config['defce_color']), ('Phishing', 2, u'釣魚網站',config['phish_color']), ('Malware',3,u'惡意程式寄存',config['malwr_color'])] for type, index, type_c, clr in url_ip_col: url_ip_unique_data, url_ip_ratio_data = config[type + '_url_data'] plot_url = rutil.plotly_bar_chart(qrtr_label, zip(url_ip_unique_data, ['Unique URL', 'Unique IP']), 'Trend of ' + type + ' security events',color=clr) rutil.plotly_download_png(plot_url, output + type + 'UniqueBar.png') plot_url = rutil.plotly_bar_chart(qrtr_label, [(url_ip_ratio_data[0],'URL/IP ratio')], 'URL/IP ratio of ' + type + ' security events',color=clr) rutil.plotly_download_png(plot_url, output + type + 'RatioBar.png') plot_url = rutil.plotly_bar_chart(qrtr_label, zip(url_ip_unique_data, ['唯一網址', '唯一IP']), type_c + u'安全事件趨勢',color=clr) rutil.plotly_download_png(plot_url, output + type + 'UniqueBarChi.png') plot_url = rutil.plotly_bar_chart(qrtr_label, [(url_ip_ratio_data[0],'唯一網址/IP比')], type_c + u'安全事件唯一網址/IP比',color=clr) rutil.plotly_download_png(plot_url, output + type + 'RatioBarChi.png') # Botnet (C&C) Distribution and Trend cc_data = config['cc_data'] plot_url = rutil.plotly_bar_chart(qrtr_label, zip(cc_data[0:2], ['IRC','HTTP']), 'Trend and Distribution of Botnet (C&Cs) security events', 'stack') rutil.plotly_download_png(plot_url, output + 'BotnetCCDisBar.png') plot_url = rutil.plotly_bar_chart(qrtr_label, zip(cc_data[0:2], ['IRC','HTTP']), u'殭屍網絡控制中心安全事件的趨勢和分佈', 'stack') rutil.plotly_download_png(plot_url, output + 'BotnetCCDisBarChi.png') plot_url = qrtr_bar([(cc_data[2], 'Botnet C&Cs')], 'Trend of Botnet (C&C) security events') rutil.plotly_download_png(plot_url, output + 'BotnetCCBar.png') plot_url = qrtr_bar([(cc_data[2], u'殭屍網絡控制中心(C&C)')], u'殭屍網絡控制中心(C&C)安全事件趨勢') rutil.plotly_download_png(plot_url, output + 'BotnetCCBarChi.png') # Unique Botnet (Bots) Trend bn_data = config['bn_data'] plot_url = qrtr_bar([(bn_data,'Botnet (Bots)')], 'Trend of Botnet (Bots) security events') rutil.plotly_download_png(plot_url, output + 'BotnetBotsBar.png') plot_url = qrtr_bar([(bn_data,u'殭屍電腦')], u'殭屍網絡(殭屍電腦)安全事件趨勢') rutil.plotly_download_png(plot_url, output + 'BotnetBotsBarChi.png') # Top 5 Botnets top_bn_data, top_bn_name, top_bn_curr = config['top_bn'] plot_url = rutil.plotly_line_chart(qrtr_label, zip(top_bn_data, top_bn_name), 'Trend of 5 Botnet Families in Hong Kong Network') rutil.plotly_download_png(plot_url, output + 'BotnetFamTopLine.png') plot_url = rutil.plotly_line_chart(qrtr_label, zip(top_bn_data, top_bn_name), u'五大主要殭屍網絡趨勢') rutil.plotly_download_png(plot_url, output + 'BotnetFamTopLineChi.png') # Server-related Events url_data = config['url_data'] plot_url = rutil.plotly_bar_chart(qrtr_label, zip(url_data, ['Defacement','Phishing','Malware hosting']), 'Trend and Distribution of server related security events', 'stack') rutil.plotly_download_png(plot_url, output + 'ServerDisBar.png') plot_url = rutil.plotly_bar_chart(qrtr_label, zip(url_data, [u'網頁塗改',u'釣魚網站',u'惡意程式寄存']), u'與伺服器有關的安全事件的趨勢和分佈', 'stack') rutil.plotly_download_png(plot_url, output + 'ServerDisBarChi.png') # Total Events serv_events = config['serv_events'] plot_url = qrtr_bar([(serv_events, 'Unique security events')], 'Trend of Security events') rutil.plotly_download_png(plot_url, output + 'TotalEventBar.png') plot_url = qrtr_bar([(serv_events, u'唯一安全事件')], u'安全事件趨勢') rutil.plotly_download_png(plot_url, output + 'TotalEventBarChi.png') # Botnet Family Pie Chart (Google Charts) rutil.google_pie_chart([('botnetDailyMax','BotnetFamPie')], data_paths[len(data_paths) - 1], output)