Exemplo n.º 1
0
 def run(self):
     rule_model = RuleModel()
     rule_model.nama = 'THT'
     rule_model.deskripsi = 'Model THT untuk pasien THT'
     with open('rules.json', 'r') as f:
         r = json.loads(f.read())
         rule_model.model_ = r
     db.session.add(rule_model)
     db.session.commit()
Exemplo n.º 2
0
def add():
    if request.method == 'GET':
        penyakit = penyakit_schema.dumps(Penyakit.query.all())
        gejala = gejala_schema.dumps(Gejala.query.all())
        param = request.args.get("id")
        model = None
        model_data = {'publish': False, 'id': -1}
        if param:
            model_data = RuleModel.query.get_or_404(param)
            model = rule_model_schema.dumps(model_data).data
        return render_template('auth/model/add.html',
                               penyakit=penyakit.data,
                               gejala=gejala.data,
                               model=model,
                               data=model_data)
    rule_model = RuleModel.query.get(request.form.get('id'))
    tmp = rule_model
    if tmp is None:
        rule_model = RuleModel()
    rule_model.publish = bool(int(request.form.get('publish')))
    rule_model.nama = request.form.get('nama')
    rule_model.deskripsi = request.form.get('deskripsi')
    rule_model.model_ = json.loads(request.form.get('model'))
    try:
        if request.method == 'POST' and tmp is None:
            db.session.add(rule_model)
        db.session.commit()
        return jsonify(message='Model telah disimpan',
                       result=json.loads(
                           rule_model_schema.dumps(rule_model).data))
    except Exception as e:
        abort(make_response(jsonify(message='Ada kesalahan! %s' % e), 400))
Exemplo n.º 3
0
def rule_detail(type):
    rule = RuleModel.find_one_by('type', type)

    if request.method == 'POST':
        edited_rule = request.form['rule_input']

        rule.rule = edited_rule

        rule.save_to_db()
        flash(f'{rule.type} rule Updated', 'success')
        return redirect(url_for('alert.rule_index'))

    return render_template('alert/rule_detail.html', rule=rule, title='Rule')
Exemplo n.º 4
0
def rule_index():
    rules = RuleModel.all()
    if not rules:
        pass_rule_format = {
            'rule': "Empty",
            'type': 'pass'
        }

        raise_rule_format = {
            'rule': "Empty",
            'type': 'raise'
        }
        print(pass_rule_format)
        pass_rule = RuleModel(*pass_rule_format)
        pass_rule.replace_or_create_to_db({'type': pass_rule_format['type']}, pass_rule_format)
        raise_rule = RuleModel(*raise_rule_format)
        raise_rule.replace_or_create_to_db({'type': raise_rule_format['type']}, raise_rule_format)

    return render_template('alert/rule_index.html', rules=rules, title='Rules')
def file_parser():
    # Retrieving the pass and raise rules for preliminary alerting
    pass_rule_object = RuleModel.find_one_by('type', 'pass')
    raise_rule_object = RuleModel.find_one_by('type', 'raise')
    pass_rule = str(pass_rule_object.rule)
    raise_rule = str(raise_rule_object.rule)

    # Getting today's date to check against ip expiry date
    # todays_date = datetime.datetime.today()

    # Setting up access token list for IP Info
    access_token = ['4b8a2af90147b5', 'd9c112d971b1bd', '4daea41e191295']

    #  Defining all thr columns that may be found in the audit logs for csv export
    csv_columns = [
        'ActorContextId', 'ApplicationDisplayName', 'ApplicationId',
        'InternalLogonType', 'ClientIPAddress', 'LogonUserSid',
        'ExternalAccess', 'DestinationRelativeUrl', 'MailboxOwnerUPN',
        'FileId', 'ActorUserId', 'YammerNetworkId', 'VersionId',
        'ActorYammerUserId', 'FileName', 'AzureActiveDirectoryEventType',
        'ClientIP', 'CorrelationId', 'CreationTime', 'CustomUniqueId',
        'DestinationFileExtension', 'DestinationFileName', 'OriginatingServer',
        'MailboxOwnerSid', 'MailboxOwnerUPN,'
        'DestinationRelativeUrl', 'OrganizationName', 'Port', 'EventData',
        'EventSource', 'ExtendedProperties', 'ClientInfoString', 'LogonType',
        'Item', 'MailboxGuid', 'LogonError', 'MailboxOwnerMasterAccountSid',
        'DoNotDistributeEvent', 'FileSyncBytesCommitted', 'Id',
        'ImplicitShare', 'InterSystemsId', 'IntraSystemId', 'ItemType',
        'ListBaseType', 'ListId', 'ListItemUniqueId', 'ListTitle',
        'ListBaseTemplateType', 'MachineDomainInfo', 'MachineId',
        'ModifiedProperties', 'ObjectId', 'Operation', 'OrganizationId',
        'RecordType', 'ResultStatus', 'SharingType', 'Site', 'SiteUrl',
        'SourceFileExtension', 'SourceFileName', 'SourceRelativeUrl',
        'SupportTicketId', 'Target', 'TargetContextId',
        'TargetUserOrGroupName', 'TargetUserOrGroupType', 'UniqueSharingId',
        'UserAgent', 'UserId', 'UserKey', 'UserType', 'Version', 'WebId',
        'Workload', 'city', 'region', 'country', 'latitude', 'longitude',
        'location', 'postal', 'org'
    ]
    export_file_name = str(datetime.datetime.now()) + '.csv'
    export_file_name = export_file_name.replace(' ', '_')
    #  Opening files with reader
    print(f'Export path {export_path}')
    print(f'Export filename {export_file_name}')
    with open(os.path.join(export_path, export_file_name), 'w') as file_write:
        writer = csv.DictWriter(file_write, fieldnames=csv_columns)
        writer.writeheader()

        # Iterate through files in the import directory
        for file in os.listdir(base_path):
            f = time.perf_counter()
            with open(os.path.join(base_path, file), 'r') as csvfile:
                print(csvfile)
                reader = csv.DictReader(csvfile)
                ips = []
                rows = []

                # Iterate through rows in a file
                for row in reader:
                    try:
                        # Open each row with jason loads
                        audit_data = row['AuditData']
                        row_data = json.loads(audit_data)
                    except:
                        # Try except needed as some rows in data set are malformed
                        pass

                    try:
                        ip = row_data['ClientIP']

                        # If uni IP set it to uni default
                        if '141.163.' in ip and not '.141.163.' in ip:
                            ip = '141.163.1.250'

                        # If no IP set to default
                        elif ip == "" or ip == '<null>':
                            row_data['ClientIP'] = '0.0.0.0'
                            ip = '141.163.1.250'

                        # If ip is followed by a port number handel
                        port = ''
                        if ':' in ip and '.' in ip:
                            ip_address_split = ip.split(":")
                            ip = ip_address_split[0]
                            # over wright row data with new ip
                            row_data['ClientIP'] = ip
                            port = ip_address_split[1]
                        row_data['Port'] = port

                        rows.append(row_data)
                        ips.append(ip)
                    except:
                        # Try except needed as first line does not have client IP
                        pass

                unique_ips = set(ips)

                # Handle the IPs, if it already know use those details, if not then call IpInfo API
                ips_models = []
                for ip in unique_ips:
                    # Search database to see if IP is known
                    try:
                        db_ip = IpModel.find_one_by('ip', ip)

                        # Check if known IP has expired
                        db_expiry_date = db_ip.expiry_date
                        if todays_date > db_expiry_date:
                            print(todays_date)
                            print(db_expiry_date)
                            print('Expired Break')
                            raise Exception

                        ips_models.append(db_ip)
                    except:
                        # If no ip is found except is triggered to create one
                        print('Get new ip')
                        pass
                        # print(ip)
                        bools = True
                        while bools == True:
                            try:
                                api_ip = ip_info_func(ip, access_token)
                                model_ip = IpModel(*api_ip)
                                model_ip.replace_or_create_to_db({'ip': ip},
                                                                 api_ip)
                                db_ip = IpModel.find_one_by('ip', ip)
                                ips_models.append(db_ip)
                                bools = False
                            except ReadTimeout as e:
                                print(e)
                for row in rows:
                    row_attributes = {}
                    # try:
                    ip_address = row['ClientIP']
                    # Check if uni address
                    if '141.163' in ip_address and not '.141.163.' in ip_address:
                        ip_address = '141.163.1.250'
                    for ip in ips_models:
                        if ip_address == ip.ip:
                            client_ip = ip
                            # print('Assign client IP')
                    # except:
                    #     pass

                    # Iterate through key value pairs in json
                    for key, value in row.items():
                        if key in csv_columns:
                            # Write pairs to row_attributes
                            row_attributes[key] = value

                    # Try to add ip location data to row_attriputes
                    try:
                        row_attributes['city'] = client_ip.city
                        row_attributes['region'] = client_ip.region
                        row_attributes['country'] = client_ip.country
                        row_attributes['latitude'] = client_ip.latitude
                        row_attributes['longitude'] = client_ip.longitude
                        row_attributes['location'] = str(
                            client_ip.latitude) + ', ' + str(
                                client_ip.longitude)
                        row_attributes['postal'] = client_ip.postal
                        row_attributes['org'] = client_ip.org
                    except Exception as e:
                        print(e)
                        print(row)
                        print('fail')
                        sys.exit(0)

                    # Checking the row against rules, if a pass condition is met it wont check raise
                    try:
                        pass_condition = eval(pass_rule)
                        if pass_condition:
                            # print(pass_condition)
                            pass
                        else:
                            raise_condition = eval(raise_rule)
                            if raise_condition:
                                alert_format = {
                                    'CreationTime': row['CreationTime'],
                                    'Id': row['Id'],
                                    'Operation': row['Operation'],
                                    'RecordType': row['RecordType'],
                                    'UserKey': row['UserKey'],
                                    'UserType': row['UserType'],
                                    'Version': row['Version'],
                                    'Workload': row['Workload'],
                                    'ClientIP': row['ClientIP'],
                                    'ObjectId': row['ObjectId'],
                                    'UserId': row['UserId'],
                                    'city': row_attributes['city'],
                                    'region': row_attributes['region'],
                                    'country': row_attributes['country'],
                                    'location': row_attributes['location'],
                                    'postal': row_attributes['postal'],
                                    'org': row_attributes['org']
                                }
                                try:
                                    alert_format[
                                        'SourceFileName'] = row_attributes[
                                            'SourceFileName']
                                except:
                                    alert_format['SourceFileName'] = 'N/A'

                                # Create alert object and save to DB
                                alert = AlertModel(*alert_format)
                                alert.replace_or_create_to_db(
                                    {'Id': row['Id']}, alert_format)
                            else:
                                pass
                                # print(raise_condition)
                    except:
                        pass

                    # Output to csv file
                    writer.writerow(row_attributes)
                elapsed = time.perf_counter() - f
                print(f"File execute in {elapsed:0.2f} seconds.")
from models.rule_model import RuleModel
from datetime import datetime, date, timedelta
import datetime

row_attributes = {
    'city': 'London',
    'country': 'NG',
    'Operation': 'UserLoggedOut'
}

pass_rule = "'Mannamead' in row_attributes['city'] or 'Plymouth' in row_attributes['city']"
raise_rule = "('GB' not in row_attributes['country'] and 'UserLoggedIn' in row_attributes['Operation']) or ('NG' in row_attributes['country'])"

pass_rule_object = RuleModel.find_one_by('type', 'pass')
raise_rule_object = RuleModel.find_one_by('type', 'raise')

pass_rule = str(pass_rule_object.rule)
raise_rule = str(raise_rule_object.rule)


def logic():
    condition = eval_func()
    if condition:
        print('Nothing to see here')
    else:
        print('Raise Alert')


def eval_func():
    condition = True
    x = eval(pass_rule)
Exemplo n.º 7
0
from views.alert import alert_blueprint

from models.rule_model import RuleModel
from data_handlers import o365_handler

app = Flask(__name__)
app.secret_key = os.urandom(64)
app.config.update(ADMIN=os.environ.get('ADMIN'))


@app.route('/')
def home():
    return render_template('home.html')


rules = RuleModel.all()
if not rules:
    pass_rule_format = {'rule': "Empty", 'type': 'pass'}

    raise_rule_format = {'rule': "Empty", 'type': 'raise'}

    pass_rule = RuleModel(*pass_rule_format)
    pass_rule.replace_or_create_to_db({'type': pass_rule_format['type']},
                                      pass_rule_format)
    raise_rule = RuleModel(*raise_rule_format)
    raise_rule.replace_or_create_to_db({'type': raise_rule_format['type']},
                                       raise_rule_format)

temp = o365_handler.o365()
temp.file_parser()