Esempio n. 1
0
    def post(self):
        wazuhlogin()
        agentName = request.json.get("agent")
        result = []
        agentid = ""
        for r in callWazuhApi("/agents")["data"]["affected_items"]:
            if r["name"] == agentName:
                agentid = r["id"]
                break
        apiResult = callWazuhApi("/syscollector/" + agentid +
                                 "/packages")["data"]["affected_items"]

        for r in apiResult:
            dic = {}
            dic["Program"] = r["name"]
            if "vendor" in r:
                dic["Company"] = r["vendor"]
            else:
                dic["Company"] = "..."
            if "location" in r:
                dic["Path"] = r["location"]
            else:
                dic["Path"] = "Unknown"
            if "install_time" in r:
                dic["Install_time"] = r["install_time"]
            else:
                dic["Install_time"] = "Unknown"
            result.append(dic)
        return result
Esempio n. 2
0
    def get(self):
        wazuhlogin()
        agents = []
        result = []
        for r in callWazuhApi("/agents")["data"]["affected_items"]:
            if r["id"] == '000' or r["status"] == "never_connected":
                continue
            agents.append({"id": r["id"], "name": r["name"]})

        cnt = 1  # for id
        for a in agents:
            apiResult = callWazuhApi("/syscollector/" + a["id"] +
                                     "/packages")["data"]["affected_items"]
            group = pd.DataFrame(apiResult).groupby(
                "vendor").count()["agent_id"]
            vendorCount = []
            for v in list(group.index):
                vendorCount.append({"Company": v, "count": int(group[v])})

            result.append({
                "id": cnt,
                "agent": a["name"],
                "count": len(apiResult),
                "companyCount": vendorCount
            })
            cnt += 1
        return result
Esempio n. 3
0
 def get(self):
     """get Agent info => ip,name,status!"""
     wazuhlogin()
     agents = []
     for r in callWazuhApi("/agents")["data"]["affected_items"]:
         # Manage PC는 제외
         if r["id"] == '000' or r["status"] == "never_connected":
             continue
         agents.append(
             {"name": r["name"], "ip": r["ip"], "status": r["status"]})
     return agents
Esempio n. 4
0
 def post(self):
     """Agent의 이름을 받아서 사용중인 PortData를 가져옵니다!"""
     wazuhlogin()
     agentName = request.json.get("agent")
     result = []
     agentid = ""
     for r in callWazuhApi("/agents")["data"]["affected_items"]:
         if r["name"] == agentName:
             agentid = r["id"]
             break
     apiResult = callWazuhApi("/syscollector/" + agentid +
                              "/ports")["data"]["affected_items"]
     for r in apiResult:
         if "state" in r:
             result.append({
                 "InnerIP": r["local"]["ip"],
                 "InnerPort": r["local"]["port"],
                 "OutIP": r["remote"]["ip"],
                 "OutPort": r["remote"]["port"],
                 "status": r["state"],
                 "protocol": r["protocol"],
                 "process": r["process"]
             })
     return result
Esempio n. 5
0
 def post(self):
     """Agent의 이름을 받아서 사용중인 ProcessData를 가져옵니다!"""
     wazuhlogin()
     agentName = request.json.get("agent")
     result = []
     agentid = ""
     for r in callWazuhApi("/agents")["data"]["affected_items"]:
         if r["name"] == agentName:
             agentid = r["id"]
             break
     apiResult = callWazuhApi("/syscollector/" + agentid +
                              "/processes")["data"]["affected_items"]
     t = apiResult[0]["scan"]["time"].replace("Z", "").replace("T", " ")
     for r in apiResult:
         if "cmd" in r:
             result.append({
                 "process": r["name"],
                 "PID": r["pid"],
                 "PPID": r["ppid"],
                 "session": r["session"],
                 "InThreads": r["nlwp"],
                 "priority": r["priority"],
                 "Command": r["cmd"]
             })
         else:
             result.append({
                 "process": r["name"],
                 "PID": r["pid"],
                 "PPID": r["ppid"],
                 "session": r["session"],
                 "InThreads": r["nlwp"],
                 "priority": r["priority"],
                 "Command": "..."
             })
     data = {"result": result, "time": t}
     return data
Esempio n. 6
0
    def post(self):
        """agent-날짜 로 count해서 chart에 뿌릴 데이터를 로드합니다"""
        agents = []
        daysago = request.json.get("date")
        # get agentlist from wazuh
        wazuhlogin()
        for r in callWazuhApi("/agents")["data"]["affected_items"]:
            agents.append(r["name"])
        print(agents)
        result = []  # query result
        chartdata = []
        for a in agents:
            body = {
                "size": 10000,
                "query": {
                    "bool": {
                        "must": [{
                            "match": {
                                "data.win.system.eventID": 6
                            }
                        }, {
                            "match": {
                                "agent.name": a
                            }
                        }, {
                            "range": {
                                "@timestamp": {
                                    "gte": "now-" + str(daysago) + "d/d",
                                    "lt": "now"
                                }
                            }
                        }]
                    }
                },
                "aggs": {
                    "date_his": {
                        "date_histogram": {
                            "field": "timestamp",
                            "interval": "day"
                        }
                    }
                }
            }

            for r in es.search(
                    index="wazuh-alerts*",
                    body=body)["aggregations"]["date_his"]["buckets"]:
                time = r["key_as_string"][0:10]
                count = r["doc_count"]
                result.append({"agent": a, "time": time, "count": count})

        # panda로LineChart형태로 array를 바꿔줌
        dates = pd.date_range(datetime.date.today() -
                              datetime.timedelta(days=daysago),
                              periods=daysago + 1)
        # pandas로 만들어진 df에 정보입력
        df = pd.DataFrame(np.zeros((daysago + 1, len(agents)), int),
                          index=dates,
                          columns=agents)
        for r in result:
            df.at[r["time"], r["agent"]] += r["count"]

        # 반환해줄 chartdata array에 column값 넣기
        column = ["Date"]
        for a in df.columns:
            column.append(a)
        chartdata.append(column)

        # 반환해줄 chartdata에 날짜랑 해서 데이터 넣기
        for i, r in enumerate(np.array(df).tolist()):
            r.insert(0, df.index[i].strftime("%Y-%m-%d"))
            chartdata.append(r)
        return chartdata