fix: #14 now correctly handles 'other' transactions
This commit is contained in:
44
inex.py
44
inex.py
@@ -10,6 +10,7 @@ import json
|
|||||||
import requests
|
import requests
|
||||||
import inexEncoder
|
import inexEncoder
|
||||||
import inexSqlquery
|
import inexSqlquery
|
||||||
|
|
||||||
class Inex:
|
class Inex:
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
"""Initilize config, calls functions from inex-connect.py and inex-logging.py"""
|
"""Initilize config, calls functions from inex-connect.py and inex-logging.py"""
|
||||||
@@ -30,25 +31,30 @@ class Inex:
|
|||||||
self.config = self.tl.load(c)
|
self.config = self.tl.load(c)
|
||||||
|
|
||||||
# set config
|
# set config
|
||||||
self.dbDriver = self.config["database"]["driver"]
|
try:
|
||||||
self.dbServer = self.config["database"]["server"]
|
if self.config:
|
||||||
self.dbDatabase = self.config["database"]["database"]
|
self.dbDriver = self.config["database"]["driver"]
|
||||||
self.dbUser = self.config["database"]["user"]
|
self.dbServer = self.config["database"]["server"]
|
||||||
self.dbPassword = self.config["database"]["password"]
|
self.dbDatabase = self.config["database"]["database"]
|
||||||
self.dbQuery = self.config["database"]["query"]
|
self.dbUser = self.config["database"]["user"]
|
||||||
self.outputFile = self.config["output"]["filename"]
|
self.dbPassword = self.config["database"]["password"]
|
||||||
self.useLog = self.config["logging"]["useLog"]
|
self.dbQuery = self.config["database"]["query"]
|
||||||
self.logPath = self.config["logging"]["logPath"]
|
self.outputFile = self.config["output"]["filename"]
|
||||||
self.logLevel = self.config["logging"]["logLevel"]
|
self.useLog = self.config["logging"]["useLog"]
|
||||||
self.prdInstanceID = self.config["immutables"]["prd_instance_id"]
|
self.logPath = self.config["logging"]["logPath"]
|
||||||
self.productGUID = self.config["immutables"]["product_guid"]
|
self.logLevel = self.config["logging"]["logLevel"]
|
||||||
self.productName = self.config["immutables"]["product_name"]
|
self.prdInstanceID = self.config["immutables"]["prd_instance_id"]
|
||||||
self.productVersion = self.config["immutables"]["product_version"]
|
self.productGUID = self.config["immutables"]["product_guid"]
|
||||||
self.tokenFilepath = self.config["output"]["token"]
|
self.productName = self.config["immutables"]["product_name"]
|
||||||
self.selectedPlatform = self.config["fortraPlatform"]["selectedPlatform"]
|
self.productVersion = self.config["immutables"]["product_version"]
|
||||||
self.writeJsonfile = self.config["output"]["dumpTojson"]
|
self.tokenFilepath = self.config["output"]["token"]
|
||||||
self.pushToplatform = self.config["output"]["pushToplatform"]
|
self.selectedPlatform = self.config["fortraPlatform"]["selectedPlatform"]
|
||||||
self.queryOverride = self.config["database"]["overrideEmbeddedquery"]
|
self.writeJsonfile = self.config["output"]["dumpTojson"]
|
||||||
|
self.pushToplatform = self.config["output"]["pushToplatform"]
|
||||||
|
self.queryOverride = self.config["database"]["overrideEmbeddedquery"]
|
||||||
|
except:
|
||||||
|
print("No config.toml. Please use example file and configure appropriately")
|
||||||
|
exit(1)
|
||||||
|
|
||||||
if "dev" in self.selectedPlatform.lower():
|
if "dev" in self.selectedPlatform.lower():
|
||||||
self.platformConfig = self.config["fortraPlatform"]["dev"]
|
self.platformConfig = self.config["fortraPlatform"]["dev"]
|
||||||
|
|||||||
@@ -123,5 +123,7 @@ def dataTemplate(transactionType,**kwargs):
|
|||||||
template = fileDeleted
|
template = fileDeleted
|
||||||
if transactionType == "user_logged_on":
|
if transactionType == "user_logged_on":
|
||||||
template = logon
|
template = logon
|
||||||
|
if transactionType == "other":
|
||||||
|
template = {}
|
||||||
|
|
||||||
return template
|
return template
|
||||||
@@ -7,45 +7,21 @@ def processData(data, template, **kwargs):
|
|||||||
# print(f'Row: {row}')
|
# print(f'Row: {row}')
|
||||||
if row.get('Command') == None:
|
if row.get('Command') == None:
|
||||||
continue
|
continue
|
||||||
|
try:
|
||||||
processedData.append(template(identifyUtype(row.get('Command')),\
|
processedData.append(template(identifyUtype(row.get('Command')),\
|
||||||
prd_ext_tenant_id='',\
|
prd_ext_tenant_id='',\
|
||||||
status_code=row.get('ResultID'),\
|
status_code=row.get('ResultID'),\
|
||||||
file_size=row.get('FileSize'),\
|
file_size=row.get('FileSize'),\
|
||||||
file_path=row.get('PhysicalFolderName'),\
|
file_path=row.get('PhysicalFolderName'),\
|
||||||
file_virtual_path=row.get('VirtualFolderName'),\
|
file_virtual_path=row.get('VirtualFolderName'),\
|
||||||
file_name=row.get('FileName'),\
|
file_name=row.get('FileName'),\
|
||||||
guid=row.get('TransactionGUID'),\
|
|
||||||
ref_id=row.get('ProtocolCommandID'),\
|
|
||||||
prd_instance_id=kwargs.get('prd_instance_id'),\
|
|
||||||
product_guid=kwargs.get('product_guid'),\
|
|
||||||
product_name=kwargs.get('product_name'),\
|
|
||||||
product_version=kwargs.get('product_version'),\
|
|
||||||
node_name=row.get('NodeName'),\
|
|
||||||
src_endpoint_type=row.get('Protocol'),\
|
|
||||||
src_endpoint_port=row.get('RemotePort'),\
|
|
||||||
src_endpoint_ip=row.get('RemoteIP'),\
|
|
||||||
dst_endpoint_port=row.get('LocalPort'),\
|
|
||||||
dst_endpoint_ip=row.get('LocalIP'),\
|
|
||||||
dst_endpoint_type=row.get('Protocol'),\
|
|
||||||
session_uid=row.get('TransactionID'),\
|
|
||||||
bytes_out=row.get('BytesTransferred'),\
|
|
||||||
duration=row.get('TransferTime'),\
|
|
||||||
time=row.get('Time_stamp'),\
|
|
||||||
user_type=identifyUserType(row.get('user_type')),\
|
|
||||||
user_domain=row.get('SiteName'),\
|
|
||||||
user_name=row.get('Actor'),\
|
|
||||||
user_home_directory=row.get('VirtualFolderName'),\
|
|
||||||
description=row.get('Description'),\
|
|
||||||
utype=identifyUtype(row.get('Command'))))
|
|
||||||
|
|
||||||
if row.get('TransactionGUID') not in transactionLoginid:
|
|
||||||
processedData.append(template(identifyUtype(row.get('TransactionObject')),\
|
|
||||||
guid=row.get('TransactionGUID'),\
|
guid=row.get('TransactionGUID'),\
|
||||||
|
ref_id=row.get('ProtocolCommandID'),\
|
||||||
prd_instance_id=kwargs.get('prd_instance_id'),\
|
prd_instance_id=kwargs.get('prd_instance_id'),\
|
||||||
product_guid=kwargs.get('product_guid'),\
|
product_guid=kwargs.get('product_guid'),\
|
||||||
product_name=kwargs.get('product_name'),\
|
product_name=kwargs.get('product_name'),\
|
||||||
product_version=kwargs.get('product_version'),\
|
product_version=kwargs.get('product_version'),\
|
||||||
|
node_name=row.get('NodeName'),\
|
||||||
src_endpoint_type=row.get('Protocol'),\
|
src_endpoint_type=row.get('Protocol'),\
|
||||||
src_endpoint_port=row.get('RemotePort'),\
|
src_endpoint_port=row.get('RemotePort'),\
|
||||||
src_endpoint_ip=row.get('RemoteIP'),\
|
src_endpoint_ip=row.get('RemoteIP'),\
|
||||||
@@ -54,15 +30,47 @@ def processData(data, template, **kwargs):
|
|||||||
dst_endpoint_type=row.get('Protocol'),\
|
dst_endpoint_type=row.get('Protocol'),\
|
||||||
session_uid=row.get('TransactionID'),\
|
session_uid=row.get('TransactionID'),\
|
||||||
bytes_out=row.get('BytesTransferred'),\
|
bytes_out=row.get('BytesTransferred'),\
|
||||||
transfer_time=row.get('TransferTime'),\
|
duration=row.get('TransferTime'),\
|
||||||
time=row.get('Time_stamp'),\
|
time=row.get('Time_stamp'),\
|
||||||
user_type=identifyUserType(row.get('user_type')),\
|
user_type=identifyUserType(row.get('user_type')),\
|
||||||
user_domain=row.get('SiteName'),\
|
user_domain=row.get('SiteName'),\
|
||||||
user_name=row.get('Actor'),\
|
user_name=row.get('Actor'),\
|
||||||
user_home_directory=row.get('VirtualFolderName'),\
|
user_home_directory=row.get('VirtualFolderName'),\
|
||||||
utype=identifyUtype(row.get('TransactionObject'))\
|
description=row.get('Description'),\
|
||||||
))
|
utype=identifyUtype(row.get('Command'))))
|
||||||
transactionLoginid.append(row.get('TransactionGUID'))
|
except UnboundLocalError:
|
||||||
|
print(f'Problem row GUID:{row.get("TransactionGUID")} ::: TransactionObject:{row.get("TransactionObject")} Command: {row.get("Command")}')
|
||||||
|
|
||||||
|
continue
|
||||||
|
|
||||||
|
if row.get('TransactionGUID') not in transactionLoginid:
|
||||||
|
try:
|
||||||
|
processedData.append(template(identifyUtype(row.get('TransactionObject')),\
|
||||||
|
guid=row.get('TransactionGUID'),\
|
||||||
|
prd_instance_id=kwargs.get('prd_instance_id'),\
|
||||||
|
product_guid=kwargs.get('product_guid'),\
|
||||||
|
product_name=kwargs.get('product_name'),\
|
||||||
|
product_version=kwargs.get('product_version'),\
|
||||||
|
src_endpoint_type=row.get('Protocol'),\
|
||||||
|
src_endpoint_port=row.get('RemotePort'),\
|
||||||
|
src_endpoint_ip=row.get('RemoteIP'),\
|
||||||
|
dst_endpoint_port=row.get('LocalPort'),\
|
||||||
|
dst_endpoint_ip=row.get('LocalIP'),\
|
||||||
|
dst_endpoint_type=row.get('Protocol'),\
|
||||||
|
session_uid=row.get('TransactionID'),\
|
||||||
|
bytes_out=row.get('BytesTransferred'),\
|
||||||
|
transfer_time=row.get('TransferTime'),\
|
||||||
|
time=row.get('Time_stamp'),\
|
||||||
|
user_type=identifyUserType(row.get('user_type')),\
|
||||||
|
user_domain=row.get('SiteName'),\
|
||||||
|
user_name=row.get('Actor'),\
|
||||||
|
user_home_directory=row.get('VirtualFolderName'),\
|
||||||
|
utype=identifyUtype(row.get('TransactionObject'))\
|
||||||
|
))
|
||||||
|
transactionLoginid.append(row.get('TransactionGUID'))
|
||||||
|
except UnboundLocalError:
|
||||||
|
print(f'Problem row GUID:{row.get("TransactionGUID")} ::: TransactionObject:{row.get("TransactionObject")} Command: {row.get("Command")}')
|
||||||
|
continue
|
||||||
|
|
||||||
return processedData
|
return processedData
|
||||||
|
|
||||||
@@ -89,4 +97,4 @@ def identifyUtype(obj):
|
|||||||
if obj in file_downloaded:
|
if obj in file_downloaded:
|
||||||
return "file_downloaded"
|
return "file_downloaded"
|
||||||
else:
|
else:
|
||||||
return None
|
return "other"
|
||||||
Reference in New Issue
Block a user