def get_user_info(form):
users = UserModel()
sessions = SessionModel()
if not assert_keys_in_form_exist(form, ['sessionID']):
return msg.error_msg("Invalid Session ID.")
session_id = form['sessionID']
session = sessions.get_session(session_id)
if len(session) == 0:
return msg.error_msg("Unable to find the session.")
(sessionid, uid, start_time, end_time) = session[0].values()
user = users.get_user(uid=uid)
if len(user) == 0:
return msg.error_msg("Unable to find the user")
(uid, name, email, phone, password, major, degree,
enable) = user[0].values()
return msg.success_msg({
"uid": uid,
"name": name,
"email": email,
"phone": phone,
"major": major,
"degree": degree
})
def delete_session(form):
if not assert_keys_in_form_exist(form, ['sessionID']):
return msg.error_msg("Please check your request body.")
sessions = SessionModel()
given_session_id = form['sessionID']
session_founded = sessions.get_session(session_id=given_session_id)
if session_founded is None:
return msg.error_msg("Failed to find given session")
if len(session_founded) == 0:
return msg.error_msg("Can't found the session.")
if session_founded[0]['end_time'] is not None:
return msg.error_msg("This session already canceled.")
end_time = datetime.utcnow()
res = sessions.end_session(session_id=given_session_id, end_time=end_time)
if res is None:
return msg.error_msg("Failed to end this session.")
return msg.success_msg({
"sessionID": given_session_id,
"endTime": str(end_time)
})
def add_session(form):
if not assert_keys_in_form_exist(form, ['email', 'password']):
return msg.error_msg("Please check the inputs.")
sessions = SessionModel()
users = UserModel()
(email, password) = (form['email'], form['password'])
users_founded = users.get_user(email=email,
password=encrypt(password),
enable=True)
if users_founded == None:
return msg.error_msg("Failed to validate user information.")
if len(users_founded) == 0:
return msg.error_msg("Invalid email address or password.")
uid = users_founded[0]['user_id']
new_session_id = sessions.create_session_id()
start_time = datetime.utcnow()
res = sessions.start_session(new_session_id, uid, start_time)
if res == None:
return msg.error_msg("Failed to start a new session.")
return msg.success_msg({
"sessionID": new_session_id,
"uid": uid,
"startTime": str(start_time),
"userName": users_founded[0]['name']
})
def add_user(form):
users = UserModel()
if not assert_keys_in_form_exist(
form, ['name', 'email', 'phone', 'password', 'major', 'degree']):
return msg.error_msg("Please check your requests.")
name = form['name']
email = form['email']
phone = form['phone']
password = form['password']
major = form['major']
degree = form['degree']
if name.strip() == "":
return msg.error_msg("Username cannot be empty.")
if password.strip() == "":
return msg.error_msg("Password cannot be empty.")
if len(password) < 6:
return msg.error_msg("Password cannot less than 6 character.")
if len(name) > 255:
return msg.error_msg("Username cannot exceed 255 characters.")
if len(password) > 255:
return msg.error_msg("Password cannot exceed 255 characters.")
findUser = users.get_user(email=email, enable=True)
if findUser is None:
return msg.error_msg("Failed to find user.")
print('findUser', findUser)
print(len(findUser))
if len(findUser) != 0:
return msg.error_msg("User already exists. (Email already in use)")
args = {
"Name": name,
"Email": email,
"Phone": phone,
"Password": encrypt(password),
"Major": major,
"Degree": degree,
"Enable": True
}
res = users.add_user(args)
if res is None:
return msg.error_msg("Failed to add user.")
return msg.success_msg({"msg": "User added successfully."})
def update_user(form):
users = UserModel()
sessions = SessionModel()
if not assert_keys_in_form_exist(form, [
'sessionID', 'name', 'email', 'phone', 'newPassword', 'major',
'degree'
]):
return msg.error_msg("Please check your requests.")
name = form['name']
session_id = form['sessionID']
email = form['email']
phone = form['phone']
new_password = form['newPassword']
major = form['major']
degree = form['degree']
if new_password.strip() == "":
return msg.error_msg("Password cannot be empty.")
if len(name) > 255:
return msg.error_msg("Username cannot exceed 255 characters.")
if len(new_password) > 255:
return msg.error_msg("Password cannot exceed 255 characters.")
# Get User according to sessionID
session = sessions.get_session(session_id)
if len(session) == 0:
return msg.error_msg("Unable to find the session.")
(sessionid, uid, start_time, end_time) = session[0].values()
if end_time is not None:
return msg.error_msg("This session already canceled.")
args = {
"Name": name,
"Email": email,
"Phone": phone,
"Password": encrypt(new_password),
"Major": major,
"Degree": degree,
"UID": uid
}
ret = users.update_user(args)
if ret is None:
return msg.error_msg("Failed to update user profile.")
return msg.success_msg({})
def get_user_info(form):
if not assert_keys_in_form_exist(form, ['sessionID']):
return msg.error_msg("Invalid request.")
session_id = form['sessionID']
session = Session.get_session(session_id)
if len(session) == 0:
return msg.error_msg("Unable to find the session.")
(sessionid, uid, start_time, end_time) = session[0].values()
user = User.get_user(uid=uid)
if len(user) == 0:
return msg.error_msg("Unable to find the user")
(uid, name, email, phone, password, enable) = user[0].values()
return msg.success_msg({"uid": uid, "name": name, "email": email, "phone": phone})
def delete_user(form):
users = UserModel()
sessions = SessionModel()
if not assert_keys_in_form_exist(form, ['sessionID', 'password']):
return msg.error_msg("Please check the inputs.")
password = form['password']
session_id = form['sessionID']
# Get User according to sessionID
session = sessions.get_session(session_id)
if len(session) == 0:
return msg.error_msg("Unable to find the session.")
(sessionid, uid, start_time, end_time) = session[0].values()
if end_time is not None:
return msg.error_msg("Expired SessionID")
# Verify password
if password.strip() == "":
return msg.error_msg("Password cannot be empty.")
findUser = users.get_user(uid=uid, password=encrypt(password), enable=True)
if findUser is None:
return msg.error_msg("Failed to find user.")
if len(findUser) == 0:
return msg.error_msg("Wrong password.")
# Delete User
ret = users.delete_user(uid)
if ret is None:
return msg.error_msg("Failed to delete user.")
# Revoke all sessions
sessions.end_session(uid=uid)
return msg.success_msg({"uid": uid, "sessionID": session_id})
def add_event(form):
userEvents = UserEvents()
if not assert_keys_in_form_exist(form,
['uid', 'eventID', 'data', 'createdAt']):
return msg.error_msg("Invalid request body.")
uid = form['uid']
event_id = form['eventID']
event_data = form['data']
timestamp = form['createdAt']
res = userEvents.addEvent(uid=uid,
eventID=event_id,
data=str(event_data),
timestamp=timestamp)
if res == None:
return msg.error_msg("Failed to add event.")
return msg.success_msg({"msg": "Event added successfully."})
def update_user(form):
if not assert_keys_in_form_exist(form, ['sessionID', 'name', 'email', 'phone', 'newPassword']):
return msg.error_msg("Invalid request.")
name = form['name']
session_id = form['sessionID']
email = form['email']
phone = form['phone']
new_password = form['newPassword']
if new_password.strip() == "":
return msg.error_msg("Password cannot be empty.")
if len(name) > 255:
return msg.error_msg("Username cannot exceed 255 characters.")
if len(new_password) > 255:
return msg.error_msg("Password cannot exceed 255 characters.")
# Get User according to sessionID
session = Session.get_session(session_id)
if len(session) == 0:
return msg.error_msg("Unable to find the session.")
(sessionid, uid, start_time, end_time) = session[0].values()
args = {
"Name": name,
"Email": email,
"Phone": phone,
"Password": encrypt(new_password),
"UID": uid
}
ret = User.update_user(args)
if ret is None:
return msg.error_msg("Failed to update user profile.")
return msg.success_msg({})
def add_user(form):
if not assert_keys_in_form_exist(form, ['name', 'email', 'phone', 'password']):
return msg.error_msg("Invalid request.")
name = form['name']
email = form['email']
phone = form['phone']
password = form['password']
if password.strip() == "":
return msg.error_msg("Password cannot be empty.")
if len(name) > 255:
return msg.error_msg("Username cannot exceed 255 characters.")
if len(password) > 255:
return msg.error_msg("Password cannot exceed 255 characters.")
findUser = User.get_user(email=email, enable=True)
if findUser is None:
return msg.error_msg("Failed to find user.")
if len(findUser) != 0:
return msg.error_msg("User already exists.")
args = {
"Name": name,
"Email": email,
"Phone": phone,
"Password": encrypt(password),
"Enable": True
}
res = User.add_user(args)
if res is None:
return msg.error_msg("Failed to add user.")
return msg.success_msg({"msg": "User added successfully."})
def add_session(form):
if not assert_keys_in_form_exist(form, ['email', 'password']):
return msg.error_msg("Invalid request.")
(email, password) = (form['email'], form['password'])
users_founded = User.get_user(email=email, password=encrypt(password), enable=True)
if users_founded is None:
return msg.error_msg("Failed to validate user information.")
if len(users_founded) == 0:
return msg.error_msg("Invalid email address or password.")
uid = users_founded[0]['user_id']
new_session_id = Session.create_session_id()
start_time = datetime.utcnow()
res = Session.start_session(new_session_id, uid, start_time)
if res is None:
return msg.error_msg("Failed to start a new session.")
return msg.success_msg({"sessionID": new_session_id, "uid": uid, "startTime": str(start_time)})
def get_abnormal():
abnormal = behavior_controller.get_abnormal(request.json)
return msg.success_msg(abnormal)
def get_behavior():
behavior = behavior_controller.get_behavior(request.json)
return msg.success_msg(behavior)
def load_behavior(form):
if not assert_keys_in_form_exist(form,
['endpointID', 'startDate', 'endDate']):
return msg.error_msg("Invalid request.")
startdate = form['startDate']
enddate = form['endDate']
eid = form['endpointID']
try:
ts_tr = format_daterange((startdate, enddate))
raw_data = ES.load(WINLOGBEAT_INDEX,
'_doc',
args={
'bool': {
'must': {
'match': {
'host.hostname': eid
}
},
'filter': {
'range': {
'@timestamp': {
'gte': ts_tr[0],
'lte': ts_tr[1]
}
}
}
}
})
behavior_list = []
for _, e in raw_data.iterrows():
eid = str(e['winlog']['event_id'])
func = SysmonData.eventid_behavior_mappings(eid)
if func:
try:
props = [
en.split(': ')[1]
for en in e['message'].split('\n')[1:]
]
mid = encode_md5(e['winlog']['computer_name'])
behav = func(eid, mid, props)
behavior_list.append(behav)
except Exception as e:
log_error('Error: {} {}-{}'.format(e, eid, repr(props)))
if behavior_list:
ES.insert_behaviors('raw', behavior_list)
# Detect abnormal behaviors
attck_techs = attck.load_attcks(ATTCK_YAML)
abnormals = rule.filter_abnormal_behaviors(behavior_list, attck_techs)
if abnormals:
ES.insert_behaviors('abnormal', abnormals)
except Exception as e:
log_error(e)
return msg.error_msg("Fail to update bahavior.")
return msg.success_msg({})
