def _add_iana(self):
iana_conf_file = "{0}/components/iana/iana_config.json".format(
os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
if os.path.isfile(iana_conf_file):
iana_config = json.loads(open(iana_conf_file).read())
dns_iana = IanaTransform(iana_config["IANA"])
dns_qry_class_index = self._conf["dns_results_fields"][
"dns_qry_class"]
dns_qry_type_index = self._conf["dns_results_fields"][
"dns_qry_type"]
dns_qry_rcode_index = self._conf["dns_results_fields"][
"dns_qry_rcode"]
self._dns_scores = [
conn + [
dns_iana.get_name(conn[dns_qry_class_index],
"dns_qry_class")
] +
[dns_iana.get_name(conn[dns_qry_type_index], "dns_qry_type")] +
[
dns_iana.get_name(conn[dns_qry_rcode_index],
"dns_qry_rcode")
] for conn in self._dns_scores
]
else:
self._dns_scores = [
conn + ["", "", ""] for conn in self._dns_scores
]
def _get_suspicious_details(self):
hash_list = []
iana_conf_file = "{0}/components/iana/iana_config.json".format(
os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
if os.path.isfile(iana_conf_file):
iana_config = json.loads(open(iana_conf_file).read())
proxy_iana = IanaTransform(iana_config["IANA"])
for conn in self._proxy_scores:
conn_hash = conn[self._conf["proxy_score_fields"]["hash"]]
if conn_hash not in hash_list:
hash_list.append(conn_hash)
clientip = conn[self._conf["proxy_score_fields"]["clientip"]]
fulluri = conn[self._conf["proxy_score_fields"]["fulluri"]]
date = conn[self._conf["proxy_score_fields"]["p_date"]].split(
'/')
if len(date) == 3:
year = date[2]
month = date[0].zfill(2)
day = date[1].zfill(2)
hh = (conn[self._conf["proxy_score_fields"]
["p_time"]].split(":"))[0]
# print hh
self._get_proxy_details(fulluri, clientip, conn_hash, year,
month, day, hh, proxy_iana)
def _add_iana(self):
iana_conf_file = "{0}/components/iana/iana_config.json".format(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
if os.path.isfile(iana_conf_file):
iana_config = json.loads(open(iana_conf_file).read())
proxy_iana = IanaTransform(iana_config["IANA"])
proxy_rcode_index = self._conf["proxy_score_fields"]["respcode"]
self._proxy_scores = [ conn + [ proxy_iana.get_name(conn[proxy_rcode_index],"proxy_http_rcode")] for conn in self._proxy_scores ]
else:
self._proxy_scores = [ conn + [""] for conn in self._proxy_scores ]
def _get_suspicious_details(self):
iana_conf_file = "{0}/components/iana/iana_config.json".format(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
if os.path.isfile(iana_conf_file):
iana_config = json.loads(open(iana_conf_file).read())
dns_iana = IanaTransform(iana_config["IANA"])
for conn in self._dns_scores:
# get data to query
date=conn[self._conf["dns_score_fields"]["frame_time"]].split(" ")
date = filter(None,date)
if len(date) == 5:
year=date[2]
month=datetime.datetime.strptime(date[0], '%b').strftime('%m')
day=date[1]
hh=conn[self._conf["dns_score_fields"]["hh"]]
dns_qry_name = conn[self._conf["dns_score_fields"]["dns_qry_name"]]
self._get_dns_details(dns_qry_name,year,month,day,hh,dns_iana)
def _get_suspicious_details(self):
iana_conf_file = "{0}/components/iana/iana_config.json".format(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
if os.path.isfile(iana_conf_file):
iana_config = json.loads(open(iana_conf_file).read())
dns_iana = IanaTransform(iana_config["IANA"])
for conn in self._dns_scores:
timestamp = conn[self._conf["dns_score_fields"]["unix_tstamp"]]
full_date = datetime.datetime.utcfromtimestamp(int(timestamp)).strftime('%Y-%m-%d %H:%M:%S')
date = full_date.split(" ")[0].split("-")
# get date parameters.
yr = date[0]
mn = date[1]
dy = date[2]
time = full_date.split(" ")[1].split(":")
hh = int(time[0])
dns_qry_name = conn[self._conf["dns_score_fields"]["dns_qry_name"]]
self._get_dns_details(dns_qry_name,yr,mn,dy,hh,dns_iana)