def insert_to_events_data_collection(event_data: EventData):
"""
Insert data collected from module processors of modules such as-
ICS module
Args:
event_data: contain ip, module_name, machine_name, date, data
Returns:
inserted_id
"""
event_data.machine_name = network_config["real_machine_identifier_name"]
event_data.country = byte_to_str(
IP2Location.get_country_short(
event_data.ip
)
)
if is_verbose_mode():
verbose_info(
"Received honeypot data event, ip_dest:{0}, module_name:{1}, "
"machine_name:{2}, data:{3}".format(
event_data.ip,
event_data.module_name,
event_data.machine_name,
event_data.data
)
)
return data_events.insert_one(event_data.__dict__).inserted_id
def insert_to_events_data_collection(event_data: EventData):
"""
Insert data collected from module processors of modules such as-
ICS module
Args:
ip : client ip used for putting the data
module_name : on which module client accessed
date : datetime of the events
data : Data which is obtained from the client
Returns:
inserted_id
"""
event_data.machine_name = \
network_config["real_machine_identifier_name"]
event_data.country = byte_to_str(
IP2Location.get_country_short(event_data.ip))
if is_verbose_mode():
verbose_info(
"Received honeypot data event, ip_dest:{0}, module_name:{1}, "
"machine_name:{2}, data:{3}".format(event_data.ip,
event_data.module_name,
event_data.machine_name,
event_data.data))
return events_data.insert_one(event_data.__dict__).inserted_id
def test_insert_events_data(self):
"""
Test the data insertion to the events_data collection
"""
event_data = EventData(
ip="55.66.77.88",
module_name="ics/veeder_root_guardian_ast",
date=datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
data={"content": "Test Data"}
)
insert_to_events_data_collection(event_data)
# wait for insert
time.sleep(1)
# Find the records in the DB
event_records = connector.elasticsearch_events.search(
index='data_events',
body=filter_by_fields('55.66.77.88', ['ip_src'])
)['hits']['hits']
self.assertGreater(len(event_records), 0)
event_record_data = event_records[0]['_source']
# Compare the record found in the DB with the one pushed
self.assertEqual(event_record_data["ip_src"], event_data.ip_src)
self.assertEqual(
event_record_data["data"],
event_data.data
)
connector.elasticsearch_events.delete(
index='data_events',
id=event_records[0]["_id"]
)
def processor(self):
"""
processor function will be called as a new thread and will
be die when kill_flag is True
"""
while not self.kill_flag:
if os.path.exists(LOGFILE) and os.path.getsize(LOGFILE) > 0:
data_dump = open(LOGFILE).readlines()
open(LOGFILE, 'w').write('')
for data in data_dump:
data_json = json.loads(data)
ip = data_json["ip"]
time_of_insertion = data_json["date"]
recorded_data = {
"content": data_json["content"],
"valid_command": data_json["valid_command"]
}
insert_to_events_data_collection(
EventData(
ip=ip,
module_name="ics/veeder_root_guardian_ast",
date=time_of_insertion,
data=recorded_data
)
)
time.sleep(0.1)
def insert_to_events_data_collection(event_data: EventData):
"""
Insert data collected from module processors of modules such as-
ICS module
Args:
event_data: contain ip, module_name, machine_name, date, data
Returns:
inserted_id
"""
event_data.machine_name = network_config["real_machine_identifier_name"]
event_data.country_ip_src = byte_to_str(
IP2Location.get_country_short(event_data.ip_src))
verbose_info(messages["received_honeypot_data_event"].format(
event_data.ip_src, event_data.module_name, event_data.machine_name,
event_data.data))
return elasticsearch_events.index(index='data_events',
body=event_data.__dict__)
def test_insert_eventss_data(self):
"""
Test the data insertion to the events_data collection
"""
event_data = EventData(ip="55.66.77.88",
module_name="ics/veeder_root_guardian_ast",
date=datetime.now(),
data="Test Data")
insert_to_events_data_collection(event_data)
# Find the record in the DB
event_record_data = events_data.find_one(event_data.__dict__)
# Compare the record found in the DB with the one pushed
self.assertEqual(event_record_data["ip"], event_data.ip)
self.assertEqual(event_record_data["data"], event_data.data)
events_data.delete_one(event_data.__dict__)