def _renderPorts(self, criteria, width=DEFAULT_WIDTH, height=DEFAULT_HEIGHT):
base_url = self._getBaseURL()
title = "Top 10 Targeted Ports"
distribution = Chart.DistributionChart(self.user, width, height)
chart = { "title": title, "value_name": "Port", "chart": distribution }
criteria = criteria[:] + [ "(alert.target.service.iana_protocol_number == 6 ||"
"alert.target.service.iana_protocol_number == 17 ||"
"alert.target.service.iana_protocol_name =* 'tcp' ||"
"alert.target.service.iana_protocol_name =* 'udp' ||"
"alert.target.service.protocol =* 'udp' ||"
"alert.target.service.protocol =* 'tcp')" ]
results = self.env.idmef_db.getValues([ "alert.target.service.port/group_by",
"alert.target.service.iana_protocol_number/group_by",
"alert.target.service.iana_protocol_name/group_by",
"alert.target.service.protocol/group_by",
"count(alert.target.service.port)/order_desc" ],
criteria=criteria, limit=10)
if not results:
return
merge = { _(u"n/a"): { }, u"tcp": { }, u"udp": { } }
for port, iana_protocol_number, iana_protocol_name, protocol, count in results:
if not port:
continue
if iana_protocol_number:
protocol = utils.protocol_number_to_name(iana_protocol_number)
elif iana_protocol_name:
protocol = iana_protocol_name
if not protocol:
protocol = _(u"n/a")
protocol = protocol.lower()
if not merge.has_key(protocol):
protocol = _(u"n/a")
if not merge[protocol].has_key(port):
merge[protocol][port] = 0
merge[protocol][port] += count
results = [ ]
for protocol, values in merge.items():
for port, count in values.items():
results.append((port, protocol, count))
results.sort(lambda x, y: int(y[2] - x[2]))
for port, protocol, count in results:
name = "%d / %s" % (port, protocol)
distribution.addLabelValuePair(name, count, base_url + "&" + "target_object_0=alert.target.service.port&target_value_0=%d" % port)
distribution.render(title)
self.dataset["charts"].append(chart)
def buildService(self, service):
if not service:
return
if service["port"]:
port = str(service["port"])
self.newTableEntry(_("Port"), self.getUrlLink(port, "https://www.requiem-ids.com/port_details.php?port=%s" % port))
portlist = service["portlist"]
if portlist:
out = ""
for port in portlist.replace(" ", "").split(","):
if len(out) > 0:
out += ", "
if port.find("-") != -1:
left, right = port.split("-")
out += self.getUrlLink(left, "https://www.requiem-ids.com/port_details.php?port=%s" % left)
out += " - "
out += self.getUrlLink(right, "https://www.requiem-ids.com/port_details.php?port=%s" % right)
else:
out += self.getUrlLink(port, "https://www.requiem-ids.com/port_details.php?port=%s" % port)
self.newTableEntry(_("PortList"), out)
if service["ip_version"]:
self.newTableEntry(_("ip_version"), service["ip_version"])
ipn = service["iana_protocol_number"]
if ipn and utils.protocol_number_to_name(ipn) != None:
self.newTableEntry(_("Protocol"), utils.protocol_number_to_name(ipn))
elif service["iana_protocol_name"]:
self.newTableEntry(_("Protocol"), service["iana_protocol_name"])
elif service["protocol"]:
self.newTableEntry(_("Protocol"), service["protocol"])
