def _set_agents_summary(self): results = env.dataprovider.query(["max(heartbeat.create_time)", "heartbeat.analyzer(-1).analyzerid/group_by"]) if not results: return c = Criterion() for create_time, analyzerid in results: c |= Criterion("heartbeat.create_time", "==", create_time) & Criterion("heartbeat.analyzer(-1).analyzerid", "==", analyzerid) agents = { "up": utils.AttrObj(count=0, title=_("Online"), label="label-success", status=["online"]), "down": utils.AttrObj(count=0, title=_("Offline"), label="label-danger", status=["offline", "missing", "unknown"]) } heartbeat_error_margin = env.config.general.get_int("heartbeat_error_margin", 3) for heartbeat in env.dataprovider.get(c): heartbeat = heartbeat["heartbeat"] analyzer = heartbeat["analyzer"][-1] analyzer.status = utils.get_analyzer_status_from_latest_heartbeat(heartbeat, heartbeat_error_margin)[0] for key, values in agents.items(): if analyzer.status in values.status: values.count += 1 parameters = env.request.menu_parameters val = agents["down"] if agents["down"].count else agents["up"] data = resource.HTMLNode("a", localization.format_number(val.count), title=val.title, _class="label " + val.label, href=url_for("Agents.agents", status=val.status, **parameters)) return utils.AttrObj( name="agents", title=resource.HTMLNode("a", _("Agents"), href=url_for("Agents.agents", **parameters)), data=[data] )
def _get_plugin_infos(self): # FIXME: for some reason, the cache gets desynchronized at initialization. # This is a temporary fix. env.db.modinfos_cache.clear() data = utils.AttrObj(installed={}, maintenance={}, maintenance_total=0) for catname, plugin in self._iter_plugin(): self._add_plugin_info(data, catname, plugin) return data
def create(self, user, form): return utils.AttrObj(content=self.get_queries(user, form), url={ "save": url_for('BaseView.history_save', form=form), "delete": url_for('BaseView.history_delete', form=form), "get": url_for('BaseView.history_get', form=form) })
def _setup_template(self, template, ajax_error): dataset = template.dataset() for i in ("name", "message", "details", "code", "traceback", "errno"): dataset[i] = getattr(self, i) dataset["is_ajax_error"] = ajax_error dataset["document"] = utils.AttrObj() dataset["document"].base_url = utils.iri2uri( env.request.web.get_baseurl()) dataset["is_error_template"] = True return dataset
def _set_logs_summary(self): count = localization.format_number(env.dataprovider.query( ["count(1)"], env.request.menu.get_criteria(), type="log")[0][0], short=True) data = resource.HTMLNode("a", count, title=_("Log"), _class="label label-info", href=url_for("LogDataSearch.dashboard", **env.request.menu_parameters)) return utils.AttrObj(name="archive", title=resource.HTMLNode("span", _("Archive")), data=[data])
def _set_alerts_summary(self): severities = ["info", "low", "medium", "high"] alerts = dict( env.dataprovider.query([ "alert.assessment.impact.severity/group_by", "count(alert.messageid)" ], env.request.menu.get_criteria())) labels = { "info": utils.AttrObj(title=_("Minimal severity"), label="label-info"), "low": utils.AttrObj(title=_("Low severity"), label="label-success"), "medium": utils.AttrObj(title=_("Medium severity"), label="label-warning"), "high": utils.AttrObj(title=_("High severity"), label="label-danger") } data = [] for i in reversed(severities): data.append( resource.HTMLNode( "a", localization.format_number(alerts.get(i, 0), short=True), title=labels[i].title, _class="label " + labels[i].label, href=url_for("AlertDataSearch.forensic", criteria=Criterion( "alert.assessment.impact.severity", "==", i)))) return utils.AttrObj(name="alerts", title=resource.HTMLNode( "a", _("Alerts"), href=url_for("AlertDataSearch.forensic")), data=data)
def ajax_infos(self): infos = collections.OrderedDict() infos["general"] = utils.AttrObj(label=_("General"), info=self._get_common_infos()) extra_infos = filter( None, hookmanager.trigger("HOOK_DATASEARCH_INFO", env.request.parameters)) for category, data in itertools.chain(extra_infos, self._get_extra_infos()): infos[category] = data return response.PrewikkaResponse({"infos": infos})
def _get_table_info(self, table): out = {} typemap = { "bigint": "integer", "smallint": "integer", "character varying": "text" } for field, _type, defval in self.query( "SELECT column_name, data_type, column_default FROM information_schema.columns WHERE table_name = %s", table.lower()): out[field] = utils.AttrObj(type=_type, generic_type=typemap.get(_type, _type), default=defval, auto_increment="nextval" in (defval or "")) return out
def __init__(self, criteria_type=_SENTINEL, parameters=None, **kwargs): if criteria_type is not _SENTINEL: self._criteria_type = criteria_type else: self._criteria_type = env.request.view.view_datatype self._parameters = parameters or env.request.menu_parameters self.dataset = _MAINMENU_TEMPLATE.dataset(inline=True, period=True, refresh=True, period_optional=False, label_width=2, input_size="sm", update=False) self.dataset.update(kwargs) self.dataset["timeline"] = utils.AttrObj() self.dataset["timeline"].quick = collections.OrderedDict( (((1, "day", True, 0), _("Today")), ((1, "day", True, -1), _("Yesterday")), ((1, "week", True, 0), _("This week")), ((1, "week", True, -1), _("Last week")), ((1, "month", True, 0), _("This month")), ((1, "month", True, -1), _("Last month")), ((1, "hour", False, 0), ngettext("%d hour", "%d hours", 1) % 1), ((2, "hour", False, 0), ngettext("%d hour", "%d hours", 2) % 2), ((1, "day", False, 0), ngettext("%d day", "%d days", 1) % 1), ((2, "day", False, 0), ngettext("%d day", "%d days", 2) % 2), ((1, "week", False, 0), ngettext("%d week", "%d weeks", 1) % 1), ((1, "month", False, 0), ngettext("%d month", "%d months", 1) % 1), ((3, "month", False, 0), ngettext("%d month", "%d months", 3) % 3), ((1, "year", False, 0), ngettext("%d year", "%d years", 1) % 1))) self.dataset["timeline"].refresh = collections.OrderedDict( ((30, ngettext("%d second", "%d seconds", 30) % 30), (60, ngettext("%d minute", "%d minutes", 1) % 1), (60 * 5, ngettext("%d minute", "%d minutes", 5) % 5), (60 * 10, ngettext("%d minute", "%d minutes", 10) % 10))) self._render()
def _get_extra_infos(self): builders = { "classification": self._build_classification, "assessment": self._build_classification } field = env.request.parameters["field"] parent_field = field.split('.', 1)[0] criteria = utils.json.loads(env.request.parameters["_criteria"]) alert = env.dataprovider.get(criteria)[0]["alert"] builder = next((v for k, v in builders.items() if k in field), None) if builder: html = builder(alert) else: try: html = self._generic_builder(alert, parent_field) except RuntimeError: return [] return [("idmef", utils.AttrObj(label=_("IDMEF"), info=html))]
def __init__(self): env.request.menu = self self.dataset = _MAINMENU_TEMPLATE.dataset() self.dataset["timeline"] = utils.AttrObj() self.dataset["timeline"].quick = [ (_("Today"), 1, "day", 1), (_("This month"), 1, "month", 1), (ngettext("%d hour", "%d hours", 1) % 1, 1, "hour", 0), (ngettext("%d hour", "%d hours", 2) % 2, 2, "hour", 0), (ngettext("%d day", "%d days", 1) % 1, 1, "day", 0), (ngettext("%d day", "%d days", 2) % 2, 2, "day", 0), (ngettext("%d week", "%d weeks", 1) % 1, 1, "week", 0), (ngettext("%d month", "%d months", 1) % 1, 1, "month", 0), (ngettext("%d month", "%d months", 3) % 3, 3, "month", 0), (ngettext("%d year", "%d years", 1) % 1, 1, "year", 0)] self.dataset["timeline"].refresh = [ (ngettext("%d second", "%d seconds", 30) % 30, 30), (ngettext("%d minute", "%d minutes", 1) % 1, 60), (ngettext("%d minute", "%d minutes", 5) % 5, 60*5), (ngettext("%d minute", "%d minutes", 10) % 10, 60*10)]
def _setup_dataset_default(self): env.request.dataset["document"] = utils.AttrObj() env.request.dataset["document"].base_url = utils.iri2uri( env.request.web.get_baseurl()) env.request.dataset["document"].href = utils.iri2uri( env.request.web.get_uri())
def analyze(self, analyzerid): analyzer, heartbeat = self._get_analyzer(analyzerid) delta = heartbeat["create_time"] - utils.timeutil.now() analyzer.last_heartbeat_time = localization.format_timedelta(delta, add_direction=True) analyzer.status = None analyzer.events = [] res = env.dataprovider.get(Criterion("heartbeat.analyzer(-1).analyzerid", "=", analyzerid), limit=self._heartbeat_count) prev = None total_interval = 0 # Iterate from oldest heartbeat to newest for obj in reversed(res): cur = HeartbeatObject(obj["heartbeat"]) if not (prev and cur.status and cur.interval): prev = cur continue total_interval += cur.interval event = None if cur.status == "starting": if prev.status == "exiting": event = utils.AttrObj(time=cur.time_str, value=_("Normal sensor start"), type="start") else: event = utils.AttrObj(time=cur.time_str, value=_("Unexpected sensor restart"), type="unexpected_restart") elif cur.status == "running": delta = cur.time - prev.time if abs(delta.total_seconds() - cur.interval) > self._heartbeat_error_margin: delta = localization.format_timedelta(delta, granularity="second") event = utils.AttrObj(time=cur.time_str, value=_("Unexpected heartbeat interval: %(delta)s") % {'delta': delta}, type="abnormal_heartbeat_interval") elif cur.status == "exiting": event = utils.AttrObj(time=cur.time_str, value=_("Normal sensor stop"), type="normal_stop") if event: analyzer.events.append(event) prev = cur if prev: analyzer.status, analyzer.status_meaning = \ utils.get_analyzer_status_from_latest_heartbeat(obj["heartbeat"], self._heartbeat_error_margin) if analyzer.status == "missing": delta = utils.timeutil.now() - prev.time analyzer.events.append(utils.AttrObj(time=prev.time_str, value=_("Sensor is down since %s") % localization.format_timedelta(delta), type="down")) if not analyzer.status: analyzer.status, analyzer.status_meaning = "unknown", _("Unknown") if not analyzer.events: delta = localization.format_timedelta(total_interval / self._heartbeat_count) analyzer.events.append(utils.AttrObj( time="", value=_("No anomaly in the last %(count)d heartbeats (one heartbeat every %(delta)s average)") % {'count': self._heartbeat_count, 'delta': delta}, type="no_anomaly" )) return template.PrewikkaTemplate(__name__, "templates/heartbeatanalyze.mak").render(analyzer=analyzer)
def analyze(self, analyzerid): analyzer, heartbeat = self._get_analyzer(analyzerid) delta = float(heartbeat["create_time"]) - time.time() analyzer.last_heartbeat_time = localization.format_timedelta( delta, add_direction=True) analyzer.status = None analyzer.events = [] res = env.dataprovider.get(Criterion( "heartbeat.analyzer(-1).analyzerid", "=", analyzerid), limit=self._heartbeat_count) prev = None latest = True total_interval = 0 for idx, cur in enumerate(res): cur = cur["heartbeat"] cur_status, cur_interval, cur_time = cur.get( "additional_data('Analyzer status').data" )[0], cur["heartbeat_interval"], cur["create_time"] cur_time_str = localization.format_datetime(float(cur_time)) try: prev = res[idx + 1]["heartbeat"] prev_status, prev_time = prev.get( "additional_data('Analyzer status').data" )[0], prev["create_time"] except: break if not cur_status or not cur_interval: continue total_interval += int(cur_interval) if latest: latest = False analyzer.status, analyzer.status_meaning = \ utils.get_analyzer_status_from_latest_heartbeat(cur, self._heartbeat_error_margin) if analyzer.status == "missing": delta = time.time() - float(cur_time) analyzer.events.append( utils.AttrObj(time=cur_time_str, value=_("Sensor is down since %s") % localization.format_timedelta(delta), type="down")) event = None if cur_status == "starting": if prev_status == "exiting": event = utils.AttrObj(time=cur_time_str, value=_("Normal sensor start"), type="start") else: event = utils.AttrObj(time=cur_time_str, value=_("Unexpected sensor restart"), type="unexpected_restart") elif cur_status == "running": delta = abs(int(cur_time) - int(prev_time) - int(cur_interval)) if delta > self._heartbeat_error_margin: delta = localization.format_timedelta(delta, granularity="second") event = utils.AttrObj( time=cur_time_str, value=_("Unexpected heartbeat interval: %(delta)s") % {'delta': delta}, type="abnormal_heartbeat_interval") elif cur_status == "exiting": event = utils.AttrObj(time=cur_time_str, value=_("Normal sensor stop"), type="normal_stop") if event: analyzer.events.append(event) if not analyzer.status: analyzer.status, analyzer.status_meaning = "unknown", _("Unknown") if not analyzer.events: delta = localization.format_timedelta(total_interval / self._heartbeat_count) analyzer.events.append( utils.AttrObj( time="", value= _("No anomaly in the last %(count)d heartbeats (one heartbeat every %(delta)s average)" ) % { 'count': self._heartbeat_count, 'delta': delta }, type="no_anomaly")) return template.PrewikkaTemplate( __name__, "templates/heartbeatanalyze.mak").render(analyzer=analyzer)
def get_properties(self): return utils.AttrObj(format=self._db.getFormatName())