def module_events():
"""
Get total number of credential events according to module
Returns:
JSON/Dict of credential events according to module
"""
module_name = get_value_from_request("module_name")
module_query = [
group_by_ip_dest,
{
"$skip": fix_skip(
get_value_from_request("skip")
)
},
{
"$limit": fix_limit(
get_value_from_request("limit")
)
}
]
if module_name:
module_query.insert(0, {"$match": {'module_name': module_name}})
try:
return jsonify(
aggregate_function(connector.credential_events, module_query)
), 200
except Exception as _:
return flask_null_array_response()
def top_honeypot_machine_names():
"""
get top honeypot machine names in honeypot events
Returns:
JSON/Dict top honeypot machine names
"""
date = fix_date(get_value_from_request("date"))
top_machinenames_query = [
top_machine_names_groupby, sort_by_count_and_id, {
"$skip": fix_skip(get_value_from_request("skip"))
}, {
"$limit": fix_limit(get_value_from_request("limit"))
}
]
if date:
match_by_date = {
"$match": {
"date": {
"$gte": date[0],
"$lte": date[1]
}
}
}
top_machinenames_query.insert(0, match_by_date)
try:
return jsonify(
aggregate_function(connector.honeypot_events,
top_machinenames_query)), 200
except Exception as _:
return flask_null_array_response()
def groupby_element(event_type, element):
"""
get top ten repeated "elements" as defined in database_queries
in "event type".
Eg. <API_URL>/api/events/count/groupby/honeypot/ip?date=2020-08-01
Returns:
JSON/Dict top ten element in event type
"""
abort(404) if (event_type not in event_types
or element not in group_by_elements) else True
date = get_value_from_request("date")
country = get_value_from_request("country")
try:
return jsonify([{
element: data['_id'][element],
"count": data["count"]
} for data in aggregate_function(event_types[event_type], [
filter_by_match({
**filter_by_country_ip_dest(country),
**filter_by_date(date)
}) if country and date else
filter_by_match(filter_by_country_ip_dest(country)) if country else
filter_by_match(filter_by_date(date)) if date else sort_by_count,
group_by_elements[element],
filter_by_skip(get_value_from_request("skip")),
filter_by_limit(get_value_from_request("limit")), sort_by_count
])]), 200
except Exception:
abort(500)
def top_ten_countries_in_network_events():
"""
get top ten repeated countries in network events
Returns:
JSON/Dict top ten repeated countries in network events
"""
date = fix_date(
get_value_from_request("date")
)
top_countries_query = [
top_countries_groupby,
sort_by_count,
{
"$skip": fix_skip(
get_value_from_request("skip")
)
},
{
"$limit": fix_limit(
get_value_from_request("limit")
)
}
]
if date:
match_by_date_and_country = {
"$match":
{
"country_ip_dest": {
"$gt": "-"
},
"date":
{
"$gte": date[0],
"$lte": date[1]
}
}
}
top_countries_query.insert(0, match_by_date_and_country)
else:
match_by_country = {
"$match":
{
"country_ip_dest": {
"$gt": "-"
}
}
}
top_countries_query.insert(0, match_by_country)
try:
return jsonify(
aggregate_function(
connector.network_events,
top_countries_query
)
), 200
except Exception as _:
return flask_null_array_response()
def top_ten_ports_in_honeypot_events():
"""
get top ten repeated ports in honeypot events
Returns:
JSON/Dict top ten repeated ports in honeypot events
"""
date = fix_date(get_value_from_request("date"))
country = get_value_from_request("country")
top_ports_query = [
top_ports_groupby, {
"$skip": fix_skip(get_value_from_request("skip"))
}, {
"$limit": fix_limit(get_value_from_request("limit"))
}
]
if country and date:
match_by_country_and_date = {
"$match": {
"country": country,
"date": {
"$gte": date[0],
"$lte": date[1]
}
}
}
top_ports_query.insert(0, match_by_country_and_date)
top_ports_query.insert(2, sort_by_count_and_id)
elif country:
match_by_country = {
"$match": {
"country": country,
}
}
top_ports_query.insert(0, match_by_country)
top_ports_query.insert(2, sort_by_count_and_id)
elif date:
match_by_date = {
"$match": {
"date": {
"$gte": date[0],
"$lte": date[1]
}
}
}
top_ports_query.insert(0, match_by_date)
top_ports_query.insert(2, sort_by_count)
else:
top_ports_query.insert(1, sort_by_count)
try:
return jsonify(
aggregate_function(connector.honeypot_events,
top_ports_query)), 200
except Exception as _:
return flask_null_array_response()
