def alert_count(self):
pipeline = [{
"$group": {
"_id": "$alert_msg",
"count": {
"$sum": "$number_observed"
}
}
}, {
"$sort": {
"count": -1
}
}]
query = self.collection.aggregate(pipeline)
event_list = list(query)
event_list_limit = []
if len(event_list) >= 10:
for index in range(10):
event_list_limit.append(event_list[index])
else:
for index in range(len(event_list)):
event_list_limit.append(event_list[index])
result = jsonify_stix(event_list_limit)
return result
def get_all(self, limit, offset, sort, filt):
query = self.collection.find().skip(offset).limit(limit)
query_size = self.collection.find()
if filt is not None:
query = self.collection.find({filt['id']: {'$regex': filt['value']}}).skip(offset).limit(limit)
query_size = self.collection.find({filt['id']: {'$regex': filt['value']}})
if sort is not None:
query.sort(sort['id'], -1 if sort['desc'] else 1 )
bundle_list = list(query)
size = query_size.count()
result = jsonify_stix(bundle_list)
return result, size
def find(self, id):
result = jsonify_stix(self.collection.find_one({'id': id}))
return result
def get_all(self, limit, offset, sort, filt):
query = self.collection.find().skip(offset).limit(limit)
query_size = self.collection.find()
if filt is not None:
if filt['id'] != "objects.2.dst_port":
query = self.collection.find({
filt['id']: {
'$regex': filt['value']
}
}).skip(offset).limit(limit)
else:
# Jika filter berdasarkan destination port => INTEGER!
# maka harus pake cara BEGO (REGEX)
regx = Regex("^" + filt['value'] + ".*")
# jika dia disorting maka lakukan sort via aggregate
if sort is not None:
pipeline = [{
"$addFields": {
"stringifyExample": {
"$toLower": "$objects.2.dst_port"
}
}
}, {
"$match": {
"stringifyExample": regx
}
}, {
"$sort":
SON([(sort['id'], -1 if sort['desc'] else 1)])
}]
else:
pipeline = [
{
"$addFields": {
"stringifyExample": {
"$toLower": "$objects.2.dst_port"
}
}
},
{
"$match": {
"stringifyExample": regx
}
},
]
query = self.collection.aggregate(pipeline)
query_size = self.collection.find(
{filt['id']: {
'$regex': filt['value']
}})
if sort is not None:
# Jika ada filter dan dia cari destination port, SKIP
# selain itu sorting!
if filt is not None and filt['id'] == "objects.2.dst_port":
pass
else:
query.sort(sort['id'], -1 if sort['desc'] else 1)
observed_data_list = list(query)
size = query_size.count()
result = jsonify_stix(observed_data_list)
return result, size
