def _add_network_context(self):
nc_conf_file = "{0}/components/nc/nc_config.json".format(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
if os.path.isfile(nc_conf_file):
nc_conf = json.loads(open(nc_conf_file).read())["NC"]
dns_nc = NetworkContext(nc_conf,self._logger)
ip_dst_index = self._conf["dns_results_fields"]["ip_dst"]
self._dns_scores = [ conn + [dns_nc.get_nc(conn[ip_dst_index])] for conn in self._dns_scores ]
else:
self._dns_scores = [ conn + [0] for conn in self._dns_scores ]
def _get_dns_details(self, dns_qry_name, year, month, day, hh, dns_iana):
value_string = ""
query_to_load = ("""
SELECT unix_tstamp,frame_len,ip_dst,ip_src,dns_qry_name,dns_qry_class,dns_qry_type,dns_qry_rcode,dns_a,h as hh
FROM {0}.{1} WHERE y={2} AND m={3} AND d={4} AND dns_qry_name LIKE '%{5}%' AND h={6} LIMIT {7};
""").format(self._db, self._table_name, year, month, day, dns_qry_name,
hh, self._details_limit)
try:
dns_details = impala.execute_query(query_to_load)
except:
self._logger.info(
"WARNING. Details couldn't be retreived for {0}, skipping this step"
.format(dns_qry_name))
else:
# add IANA to results.
update_rows = []
if dns_iana:
self._logger.info("Adding IANA translation to details results")
dns_details = [
conn + (dns_iana.get_name(str(conn[5]), "dns_qry_class"),
dns_iana.get_name(str(conn[6]), "dns_qry_type"),
dns_iana.get_name(str(conn[7]), "dns_qry_rcode"))
for conn in dns_details
]
else:
self._logger.info("WARNING: NO IANA configured.")
dns_details = [conn + ("", "", "") for conn in dns_details]
nc_conf_file = "{0}/components/nc/nc_config.json".format(
os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
if os.path.isfile(nc_conf_file):
nc_conf = json.loads(open(nc_conf_file).read())["NC"]
dns_nc = NetworkContext(nc_conf, self._logger)
dns_details = [
conn + (dns_nc.get_nc(conn[2]), ) for conn in dns_details
]
else:
dns_details = [conn + (0, ) for conn in dns_details]
for row in dns_details:
value_string += str(tuple(item for item in row)) + ","
if value_string != "":
query_to_insert = ("""
INSERT INTO {0}.dns_edge PARTITION (y={1}, m={2}, d={3}) VALUES ({4});
""").format(self._db, year, month, day, value_string[:-1])
impala.execute_query(query_to_insert)
def _get_dns_details(self,dns_qry_name,year,month,day,hh,dns_iana):
value_string = ""
query_to_load =("""
SELECT unix_tstamp,frame_len,ip_dst,ip_src,dns_qry_name,dns_qry_class,dns_qry_type,dns_qry_rcode,dns_a,h as hh
FROM {0}.{1} WHERE y={2} AND m={3} AND d={4} AND dns_qry_name LIKE '%{5}%' AND h={6} LIMIT {7};
""").format(self._db,self._table_name,year,month,day,dns_qry_name,hh,self._details_limit)
try:
dns_details = impala.execute_query(query_to_load)
except:
self._logger.info("WARNING. Details couldn't be retreived for {0}, skipping this step".format(dns_qry_name))
else:
# add IANA to results.
update_rows = []
if dns_iana:
self._logger.info("Adding IANA translation to details results")
dns_details = [ conn + (dns_iana.get_name(str(conn[5]),"dns_qry_class"),dns_iana.get_name(str(conn[6]),"dns_qry_type"),dns_iana.get_name(str(conn[7]),"dns_qry_rcode")) for conn in dns_details ]
else:
self._logger.info("WARNING: NO IANA configured.")
dns_details = [ conn + ("","","") for conn in dns_details ]
nc_conf_file = "{0}/components/nc/nc_config.json".format(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
if os.path.isfile(nc_conf_file):
nc_conf = json.loads(open(nc_conf_file).read())["NC"]
dns_nc = NetworkContext(nc_conf,self._logger)
dns_details = [ conn + (dns_nc.get_nc(conn[2]),) for conn in dns_details ]
else:
dns_details = [ conn + (0,) for conn in dns_details ]
for row in dns_details:
value_string += str(tuple(item for item in row)) + ","
if value_string != "":
query_to_insert=("""
INSERT INTO {0}.dns_edge PARTITION (y={1}, m={2}, d={3}) VALUES ({4});
""").format(self._db,year, month, day, value_string[:-1])
impala.execute_query(query_to_insert)