def passive_record_to_view(rec, category=None):
"""Return a passive entry in the View format.
Note that this entry is likely to have no sense in itself. This
function is intended to be used to format results for the merge
function.
"""
rec = dict(rec)
if not rec.get("addr"):
return None
outrec = {
"addr": rec["addr"],
"state_reason": "passive",
"schema_version": ACTIVE_SCHEMA_VERSION,
}
# a DNS_ANSWER record is not enough to mark a host as up
if rec["recontype"] != "DNS_ANSWER":
outrec["state"] = "up"
sensor = rec.get("sensor")
if sensor:
outrec["source"] = [sensor]
# This (using "lastseen" from the passive record as both "starttime" and
# "endtime" in the view record) might be surprising **but** it makes sense
# when you think about it: it avoids having a scan record with
# exceptionally long "scan durations"
try:
outrec["starttime"] = outrec["endtime"] = datetime.fromtimestamp(
rec["lastseen"]
)
except TypeError:
outrec["starttime"] = outrec["endtime"] = rec["lastseen"]
function = _EXTRACTORS.get(rec["recontype"], lambda _: {})
if isinstance(function, dict):
function = function.get(rec["source"], lambda _: {})
outrec.update(function(rec))
set_auto_tags(outrec, update_openports=False)
set_openports_attribute(outrec)
if category is not None:
outrec["categories"] = [category]
return outrec
def passive_record_to_view(rec, category=None):
"""Return a passive entry in the View format.
Note that this entry is likely to have no sense in itself. This
function is intended to be used to format results for the merge
function.
"""
rec = dict(rec)
if not rec.get("addr"):
return None
outrec = {
"addr": rec["addr"],
"state_reason": "passive",
"schema_version": ACTIVE_SCHEMA_VERSION,
}
# a DNS_ANSWER record is not enough to mark a host as up
if rec["recontype"] != "DNS_ANSWER":
outrec["state"] = "up"
sensor = rec.get("sensor")
if sensor:
outrec["source"] = [sensor]
try:
outrec["starttime"] = datetime.fromtimestamp(rec["firstseen"])
outrec["endtime"] = datetime.fromtimestamp(rec["lastseen"])
except TypeError:
outrec["starttime"] = rec["firstseen"]
outrec["endtime"] = rec["lastseen"]
function = _EXTRACTORS.get(rec["recontype"], lambda _: {})
if isinstance(function, dict):
function = function.get(rec["source"], lambda _: {})
outrec.update(function(rec))
set_openports_attribute(outrec)
if category is not None:
outrec["categories"] = [category]
return outrec
def passive_record_to_view(rec, category=None):
"""Return a passive entry in the View format.
Note that this entry is likely to have no sense in itself. This
function is intended to be used to format results for the merge
function.
"""
rec = dict(rec)
if not rec.get('addr'):
return None
outrec = {
'addr': rec["addr"],
'state_reason': 'passive',
'schema_version': ACTIVE_SCHEMA_VERSION,
}
# a DNS_ANSWER record is not enough to mark a host as up
if rec['recontype'] != 'DNS_ANSWER':
outrec['state'] = 'up'
sensor = rec.get('sensor')
if sensor:
outrec['source'] = [sensor]
try:
outrec['starttime'] = datetime.fromtimestamp(rec["firstseen"])
outrec['endtime'] = datetime.fromtimestamp(rec["lastseen"])
except TypeError:
outrec['starttime'] = rec['firstseen']
outrec['endtime'] = rec['lastseen']
function = _EXTRACTORS.get(rec['recontype'], lambda _: {})
if isinstance(function, dict):
function = function.get(rec['source'], lambda _: {})
outrec.update(function(rec))
set_openports_attribute(outrec)
if category is not None:
outrec['categories'] = [category]
return outrec