def get(self, request): tenant_id = get_tenant_id_from_token(request) topcount, basis = get_topcount_basis(request) if topcount == 0: topcount = None query = get_query_from_request(request) # Get all the tenant logs objects = get_objects_from_query(query).filter( firewall_rule__tenant__id=tenant_id) country = request.data.get('country', None) if (country is not None) and (country != 'undefined'): ips = Country.objects.filter(iso_code=country).values('ip_address') objects = objects.filter(source_ip__in=ips) # Group by minute objects = groupby_date(objects, 'logged_datetime', 'hour', ['bytes_sent', 'bytes_received'], output_fields=['application__name']) top_apps = {} response = defaultdict(list) for data in objects: date = data['date'].timestamp() application = data['application__name'] bytes_total = data['bytes_sent'] + data['bytes_received'] top_apps[application] = top_apps.get(application, 0) + bytes_total response[application].append([date, bytes_total]) final_response = {} for key, _ in sorted(top_apps.items(), key=operator.itemgetter(1), reverse=True)[:topcount]: final_response[key] = get_sorted(response[key]) return Response({"data": final_response})
def get(self, request): tenant_id = get_tenant_id_from_token(request) topcount, basis = get_topcount_basis(request) query = get_query_from_request(request) objects = get_objects_from_query(query).filter( firewall_rule__tenant__id=tenant_id, ).values( 'destination_port').annotate(data=Sum(basis)).order_by('-data') response = [] for data in objects[:topcount]: response.append([data['destination_port'], data['data']]) return Response({"data": response})
def edit_rule(request): def handle_empty_regex(string): if string == '*': return '.*' return string tenant_id = get_tenant_id_from_token(request) serializer = RuleEditSerializer(data=request.data) if not serializer.is_valid(): return Response(serializer.errors, status=HTTP_400_BAD_REQUEST) source_address = handle_empty_regex(serializer.data['source_address']) destination_address = handle_empty_regex( serializer.data['destination_address']) application = handle_empty_regex(serializer.data['application']) description = serializer.data.get('description', '') query = { 'firewall_rule__tenant__id': tenant_id, 'source_address__regex': source_address, 'destination_address__regex': destination_address, 'application__regex': application, 'is_anomalous_rule': False, 'parent__isnull': True } results = TrafficRule.objects.filter(**query) if not results.count(): return Response({ "error": "Input does not match any rules" }) # lock_rule_table() # unlock_rule_table() firewall_rule = FirewallRule.objects.filter(tenant__id=tenant_id)[0] rule_name = f'{source_address}--{destination_address}--{application}' user = get_user_from_token(request) parent_rule = TrafficRule( firewall_rule=firewall_rule, name=rule_name, source_address=source_address, destination_address=destination_address, application=application, description=description, is_verified_rule=True, is_anomalous_rule=False, verified_by_user=user, is_generic=True, parent=None ) parent_rule.save() results.update(parent=parent_rule) parent_rule.parent = None parent_rule.save() return Response(serializer.data)
def flag_rule(request, id): try: tenant_id = get_tenant_id_from_token(request) rule = TrafficRule.objects.get( id=id, firewall_rule__tenant__id=tenant_id) except Exception as e: return Response({ "traceback": str(traceback.format_exc()), "exception": str(e) }, status=HTTP_400_BAD_REQUEST) rule.is_anomalous_rule = True rule.is_verified_rule = False rule.verified_by_user = get_user_from_token(request) rule.description = request.data.get('description', '') rule.save() return Response({ "status": "Rule marked as an anomaly" })
def delete_rule(request, id): try: tenant_id = get_tenant_id_from_token(request) rule = TrafficRule.objects.get( id=id, firewall_rule__tenant__id=tenant_id) except Exception as e: return Response({ "traceback": str(traceback.format_exc()), "exception": str(e) }, status=HTTP_400_BAD_REQUEST) if rule.is_generic: rule.delete() else: rule.is_verified_rule = False rule.is_anomalous_rule = False rule.verified_by_user = None rule.description = None rule.save() return Response({ "status": "Rule deleted" })