def main(): parser = optparse.OptionParser() parser.add_option("-v", "--verbose", dest="verbose", help="Be verbose in output, don't daemonise", default=False, action="store_true") parser.add_option("-c", "--conf", action="store", dest="conffile", default=src_dir + '/conf/bothound.yaml', help="Path to config file") (parsed_options, args) = parser.parse_args() conf_options = { 'verbose': parsed_options.verbose, 'conffile': parsed_options.conffile } stram = open(conf_options['conffile'], "r") conf = yaml.load(stram) conf_options['sniffers'] = conf["sniffers"] if conf_options['verbose']: mainlogger = logging.getLogger() logging.basicConfig(level=logging.DEBUG) log_stream = logging.StreamHandler(sys.stdout) log_stream.setLevel(logging.DEBUG) formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s - %(message)s') log_stream.setFormatter(formatter) mainlogger.addHandler(log_stream) else: for sniffer in conf_options['sniffers']: logger = logging.getLogger('logfetcher') hdlr = logging.FileHandler(sniffer["logfile"]) formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s - %(message)s') hdlr.setFormatter(formatter) logger.addHandler(hdlr) logger.setLevel(logging.DEBUG) tools = BothoundTools(conf) tools.connect_to_db() session_computer = SessionComputer(tools) session_computer.start() lfetcher = BothoundLiveSniffer(conf_options, tools) lfetcher.run()
def main(): parser = optparse.OptionParser() parser.add_option("-v", "--verbose", dest="verbose", help="Be verbose in output, don't daemonise", default=False, action="store_true") parser.add_option("-c", "--conf", action="store", dest="conffile", default=src_dir+'/conf/bothound.yaml', help="Path to config file") (parsed_options, args) = parser.parse_args() conf_options = {'verbose': parsed_options.verbose, 'conffile': parsed_options.conffile} stram = open(conf_options ['conffile'], "r") conf = yaml.load(stram) conf_options['sniffers'] = conf["sniffers"]; if conf_options['verbose']: mainlogger = logging.getLogger() logging.basicConfig(level=logging.DEBUG) log_stream = logging.StreamHandler(sys.stdout) log_stream.setLevel(logging.DEBUG) formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s - %(message)s') log_stream.setFormatter(formatter) mainlogger.addHandler(log_stream) else: for sniffer in conf_options['sniffers']: logger = logging.getLogger('logfetcher') hdlr = logging.FileHandler(sniffer["logfile"]) formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s - %(message)s') hdlr.setFormatter(formatter) logger.addHandler(hdlr) logger.setLevel(logging.DEBUG) tools = BothoundTools(conf) tools.connect_to_db() session_computer = SessionComputer(tools) session_computer.start() lfetcher = BothoundLiveSniffer(conf_options, tools) lfetcher.run()
print "Incident {} processed.".format(incident['id']) return ip_feature_db def extract(self): """ check all incidents which needs to be processed and compute the features on them finally store the sessions in the db """ #this make more sense to happens in the constructor however, for incident in bothound_tools.get_incidents(process = True): cur_session_feature_db = self.process_incident(incident) def store_results(self, session_feature_db): # Add the result to the database for cur_sesion in session_feature_db: db_tools.store(cur_session) if __name__ == "__main__": stram = open("../conf/bothound.yaml", "r") conf = yaml.load(stram) bothound_tools = BothoundTools(conf) bothound_tools.connect_to_db() session_extractor = SessionExtractor(bothound_tools) session_extractor.extract()
lines = set(lines) f1=open(file_name_output, 'w+') for l in lines: print >> f1, l f1.close() return len(lines) if __name__ == "__main__": stram = open("../conf/bothound.yaml", "r") conf = yaml.load(stram) bothound_tools = BothoundTools(conf) bothound_tools.connect_to_db() analytics = Analytics(bothound_tools) #print analytics.get_unique_lines("botnets/ips_botnet_1.txt", "botnets1/ips_botnet_1.txt") #print analytics.get_unique_lines("botnets/ips_botnet_2.txt", "botnets1/ips_botnet_2.txt") #print analytics.get_unique_lines("botnets/ips_botnet_4.txt", "botnets1/ips_botnet_4.txt") #print analytics.get_unique_lines("botnets/ips_botnet_5.txt", "botnets1/ips_botnet_5.txt") #print analytics.get_unique_lines("botnets/ips_botnet_6.txt", "botnets1/ips_botnet_6.txt") #print analytics.get_unique_lines("botnets/ips_botnet_7.txt", "botnets1/ips_botnet_7.txt") #id_incidents = [24,25,26,19,27] #id_incidents = [29,30,31,32,33,34]
lines = set(lines) f1 = open(file_name_output, 'w+') for l in lines: print >> f1, l f1.close() return len(lines) if __name__ == "__main__": stram = open("../conf/bothound.yaml", "r") conf = yaml.load(stram) bothound_tools = BothoundTools(conf) bothound_tools.connect_to_db() analytics = Analytics(bothound_tools) #print analytics.get_unique_lines("botnets/ips_botnet_1.txt", "botnets1/ips_botnet_1.txt") #print analytics.get_unique_lines("botnets/ips_botnet_2.txt", "botnets1/ips_botnet_2.txt") #print analytics.get_unique_lines("botnets/ips_botnet_4.txt", "botnets1/ips_botnet_4.txt") #print analytics.get_unique_lines("botnets/ips_botnet_5.txt", "botnets1/ips_botnet_5.txt") #print analytics.get_unique_lines("botnets/ips_botnet_6.txt", "botnets1/ips_botnet_6.txt") #print analytics.get_unique_lines("botnets/ips_botnet_7.txt", "botnets1/ips_botnet_7.txt") #id_incidents = [24,25,26,19,27] #id_incidents = [29,30,31,32,33,34] id_incidents = [50, 51, 52, 53, 54]
for incident in self.bothound_tools.get_incidents(process=True): cur_session_feature_db = self.process_incident(incident) def store_results(self, session_feature_db): # Add the result to the database for cur_sesion in session_feature_db: db_tools.store(cur_session) def run(self): print "Running SessionComputer..." while True: self.compute_incidents() time.sleep(10) print "Exit session computer." if __name__ == "__main__": stram = open("../conf/bothound.yaml", "r") conf = yaml.load(stram) bothound_tools = BothoundTools(conf) bothound_tools.connect_to_db() session_computer = SessionComputer(bothound_tools) session_computer.start() while True: pass
def main(): parser = optparse.OptionParser() parser.add_option("-v", "--verbose", dest="verbose", help="Be verbose in output, don't daemonise", default=False, action="store_true") parser.add_option("-c", "--conf", action="store", dest="conffile", default=src_dir+'/conf/bothound.yaml', help="Path to config file") (parsed_options, args) = parser.parse_args() conf_options = {'verbose': parsed_options.verbose, 'conffile': parsed_options.conffile} stram = open(conf_options ['conffile'], "r") conf = yaml.load(stram) conf_options['sniffers'] = conf["sniffers"]; if conf_options['verbose']: mainlogger = logging.getLogger() logging.basicConfig(level=logging.DEBUG) log_stream = logging.StreamHandler(sys.stdout) log_stream.setLevel(logging.DEBUG) formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s - %(message)s') log_stream.setFormatter(formatter) mainlogger.addHandler(log_stream) else: for sniffer in conf_options['sniffers']: logger = logging.getLogger('logfetcher') hdlr = logging.FileHandler(sniffer["logfile"]) formatter = logging.Formatter( '%(asctime)s - %(name)s - %(levelname)s - %(message)s') hdlr.setFormatter(formatter) logger.addHandler(hdlr) logger.setLevel(logging.DEBUG) tools = BothoundTools(conf) tools.connect_to_db() # #print "Processed incidents:" #print tools.get_processed_incidents() # Cluster test incident #tools.cluster(tools.get_test_incident()) # Update geo #tools.update_geo(tools.get_test_incident()) #sessions = tools.get_sessions(tools.get_test_incident()) #print "test session length:", len(sessions) #tools.calculate_all_intersections(19) #print "Deflectees:" #print tools.get_deflectees() # Testing factorize_deflectees #feature_db = {111:{15:"www.google.com"}, 222:{15:"www.apple.com"}, 333:{15:"www.yahoo.com"}} #feature_db = tools.factorize_deflectees(feature_db) #print feature_db lfetcher = BothoundLiveSniffer(conf_options) lfetcher.run()