def count_network_events():
"""
Get total number of network events
Returns:
JSON/Dict number of network events
"""
date = fix_date(get_value_from_request("date"))
if date:
try:
return jsonify({
"count_network_events_by_date":
connector.network_events.count_documents(
{"date": {
"$gte": date[0],
"$lte": date[1]
}}),
"date":
date
}), 200
except Exception as _:
return flask_null_array_response()
else:
try:
return jsonify({
"count_network_events":
connector.network_events.estimated_document_count()
}), 200
except Exception as _:
return flask_null_array_response()
def get_network_events():
"""
get network events
Returns:
an array contain network events
"""
date = fix_date(get_value_from_request("date"))
if date:
try:
return jsonify([
i for i in connector.network_events.find(
{
"date": {
"$gte": date[0],
"$lte": date[1]
}
}, {
"_id": 0
}).skip(fix_skip(get_value_from_request("skip"))).limit(
fix_limit(get_value_from_request("limit")))
]), 200
except Exception as _:
return flask_null_array_response()
else:
try:
return jsonify([
i for i in connector.network_events.find({}, {
"_id": 0
}).skip(fix_skip(get_value_from_request("skip"))).limit(
fix_limit(get_value_from_request("limit")))
]), 200
except Exception as _:
return flask_null_array_response()
def module_events():
"""
Get total number of credential events according to module
Returns:
JSON/Dict of credential events according to module
"""
module_name = get_value_from_request("module_name")
module_query = [
group_by_ip_dest,
{
"$skip": fix_skip(
get_value_from_request("skip")
)
},
{
"$limit": fix_limit(
get_value_from_request("limit")
)
}
]
if module_name:
module_query.insert(0, {"$match": {'module_name': module_name}})
try:
return jsonify(
aggregate_function(connector.credential_events, module_query)
), 200
except Exception as _:
return flask_null_array_response()
def top_honeypot_machine_names():
"""
get top honeypot machine names in honeypot events
Returns:
JSON/Dict top honeypot machine names
"""
date = fix_date(get_value_from_request("date"))
top_machinenames_query = [
top_machine_names_groupby, sort_by_count_and_id, {
"$skip": fix_skip(get_value_from_request("skip"))
}, {
"$limit": fix_limit(get_value_from_request("limit"))
}
]
if date:
match_by_date = {
"$match": {
"date": {
"$gte": date[0],
"$lte": date[1]
}
}
}
top_machinenames_query.insert(0, match_by_date)
try:
return jsonify(
aggregate_function(connector.honeypot_events,
top_machinenames_query)), 200
except Exception as _:
return flask_null_array_response()
def get_network_events():
"""
get network events
Returns:
an array contain network events
"""
try:
return jsonify(
[
i for i in
connector.network_events.find(
{},
{
"_id": 0
}
).skip(
fix_skip(
get_value_from_request("skip")
)
).limit(
fix_limit(
get_value_from_request("limit")
)
)
]
), 200
except Exception as _:
del _
return flask_null_array_response()
def top_ten_countries_in_network_events():
"""
get top ten repeated countries in network events
Returns:
JSON/Dict top ten repeated countries in network events
"""
date = fix_date(
get_value_from_request("date")
)
top_countries_query = [
top_countries_groupby,
sort_by_count,
{
"$skip": fix_skip(
get_value_from_request("skip")
)
},
{
"$limit": fix_limit(
get_value_from_request("limit")
)
}
]
if date:
match_by_date_and_country = {
"$match":
{
"country_ip_dest": {
"$gt": "-"
},
"date":
{
"$gte": date[0],
"$lte": date[1]
}
}
}
top_countries_query.insert(0, match_by_date_and_country)
else:
match_by_country = {
"$match":
{
"country_ip_dest": {
"$gt": "-"
}
}
}
top_countries_query.insert(0, match_by_country)
try:
return jsonify(
aggregate_function(
connector.network_events,
top_countries_query
)
), 200
except Exception as _:
return flask_null_array_response()
def top_ten_ips_in_network_events_by_date():
"""
get top ten repeated ips in network events by date
Returns:
JSON/Dict top ten repeated ips in network events by date
"""
date = fix_date(get_value_from_request("date"))
if date:
try:
return jsonify(
[
i for i in
connector.network_events.aggregate(
[
{
"$match": {
"date": {
"$gte": date[0],
"$lte": date[1]
}
}
},
{
"$group":
{
"_id":
{
"ip": "$ip",
"country": "$country"
},
"count":
{
"$sum": 1
}
}
},
{
"$sort":
SON(
[
("count", -1),
("_id", -1)]
)
},
{
"$skip": fix_skip(get_value_from_request("skip"))
},
{
"$limit": fix_limit(get_value_from_request("limit"))
}
]
)
]
), 200
except Exception as _:
del _
return flask_null_array_response()
def top_ten_ports_in_honeypot_events():
"""
get top ten repeated ports in honeypot events
Returns:
JSON/Dict top ten repeated ports in honeypot events
"""
date = fix_date(get_value_from_request("date"))
country = get_value_from_request("country")
top_ports_query = [
top_ports_groupby, {
"$skip": fix_skip(get_value_from_request("skip"))
}, {
"$limit": fix_limit(get_value_from_request("limit"))
}
]
if country and date:
match_by_country_and_date = {
"$match": {
"country": country,
"date": {
"$gte": date[0],
"$lte": date[1]
}
}
}
top_ports_query.insert(0, match_by_country_and_date)
top_ports_query.insert(2, sort_by_count_and_id)
elif country:
match_by_country = {
"$match": {
"country": country,
}
}
top_ports_query.insert(0, match_by_country)
top_ports_query.insert(2, sort_by_count_and_id)
elif date:
match_by_date = {
"$match": {
"date": {
"$gte": date[0],
"$lte": date[1]
}
}
}
top_ports_query.insert(0, match_by_date)
top_ports_query.insert(2, sort_by_count)
else:
top_ports_query.insert(1, sort_by_count)
try:
return jsonify(
aggregate_function(connector.honeypot_events,
top_ports_query)), 200
except Exception as _:
return flask_null_array_response()
def all_module_names():
"""
Get top passwords used according to module
Returns:
JSON/Dict of top passwords used
"""
module_names = load_all_modules()
try:
return jsonify({"module_names": module_names}), 200
except Exception as _:
return flask_null_array_response()
def top_ten_ports_in_network_events():
"""
get top ten repeated ports in network events
Returns:
JSON/Dict top ten repeated ports in network events
"""
try:
return jsonify(
[
i for i in
connector.network_events.aggregate(
[
{
"$group":
{
"_id": "$port",
"count":
{
"$sum": 1
}
}
},
{
"$sort":
SON(
[
("count", -1),
("_id", -1)
]
)
},
{
"$skip": fix_skip(get_value_from_request("skip"))
},
{
"$limit": fix_limit(get_value_from_request("limit"))
}
]
)
]
), 200
except Exception as _:
del _
return flask_null_array_response()
def get_honeypot_events_by_date():
"""
get honeypot events by date
Returns:
an array contain honeypot events by date
"""
date = fix_date(get_value_from_request("date"))
if date:
try:
return jsonify(
[
i for i in
connector.honeypot_events.find(
{
"date":
{
"$gte": date[0],
"$lte": date[1]
}
},
{
"_id": 0
}
).skip(
fix_skip(
get_value_from_request("skip")
)
).limit(
fix_limit(
get_value_from_request("limit")
)
)
]
), 200
except Exception as _:
del _
return flask_null_array_response()