jblu/Inex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases 8 Wiki Activity

Fixed an issue where login transactions weren't being filtered.

Browse Source
This commit is contained in:
Jonathan Branan 2024-08-17 13:33:09 -05:00
parent 2793b5602c
commit b1a2174e7c
2 changed files with 26 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
inex.py
View File

@ -51,8 +51,11 @@ class Inex:
self.pushToplatform = self.config["output"]["pushToplatform"]
self.queryOverride = self.config["database"]["overrideEmbeddedquery"]
self.queryDaystopull = self.config["database"]["daysTopull"]
except:
except Exception as e:
print("No config.toml or possibly missing settings in the file. Please use config.toml.example file and configure appropriately")
self.il.error(e)
print(e)
exit(1)
if "dev" in self.selectedPlatform.lower():

33
inexDataProcessing.py
View File

@ -4,15 +4,21 @@ def processData(data, template, **kwargs):
additional data to insert into the template."""
processedData = []
transactionLoginid = []
for row in data:
# print(f'Row: {row}')
if identifyUtype(row.get('Command')) == "other":
# must set variables for the different templates and do logic based on that. Do not call identifyUtype many times
identifyUtypecommand = identifyUtype(row.get('Command'))
if identifyUtypecommand == "other":
continue
if row.get('Command') == None:
continue
userType = identifyUserType(row.get('user_type'))
try:
processedData.append(template(identifyUtype(row.get('Command')),\
processedData.append(template(identifyUtypecommand,\
prd_ext_tenant_name=kwargs.get('prd_ext_tenant_name'),\
user_uid=row.get('TransactionID'),\
status_detail=row.get('Description'),\
@ -37,18 +43,22 @@ def processData(data, template, **kwargs):
bytes=row.get('BytesTransferred'),\
time=row.get('Time_stamp'),\
duration=row.get('TransferTime'),\
user_type=identifyUserType(row.get('user_type')),\
user_type=userType,\
user_name=row.get('Actor'),\
user_home_directory=row.get('VirtualFolderName'),\
utype=identifyUtype(row.get('Command'))))
utype=identifyUtypecommand))
except UnboundLocalError:
print(f'Problem row GUID:{row.get("TransactionGUID")} ::: TransactionObject:{row.get("TransactionObject")} Command: {row.get("Command")}')
continue
identifyUtypetransactionObject = identifyUtype(row.get('TransactionObject'))
if identifyUtypetransactionObject == "other":
continue
if row.get('TransactionGUID') not in transactionLoginid:
try:
processedData.append(template(identifyUtype(row.get('TransactionObject')),\
processedData.append(template(identifyUtypetransactionObject,\
prd_ext_tenant_id=kwargs.get('prd_ext_tenant_id'),\
prd_ext_tenant_name=kwargs.get('prd_ext_tenant_name'),\
status_detail=row.get('Description'),\
@ -68,10 +78,10 @@ def processData(data, template, **kwargs):
time=row.get('Time_stamp'),\
user_session_uid=row.get('TransactionID'),\
user_uid=row.get('TransactionID'),\
user_type=identifyUserType(row.get('user_type')),\
user_type=userType,\
user_name=row.get('Actor'),\
user_home_directory=row.get('PhysicalFolderName'),\
utype=identifyUtype(row.get('TransactionObject'))\
utype=identifyUtypetransactionObject\
))
transactionLoginid.append(row.get('TransactionGUID'))
except UnboundLocalError:
@ -89,6 +99,7 @@ def identifyUserType(obj):
return "User"
else:
return None
def identifyUtype(obj):
"""Process Type of transaction based on string that passed in.
Return transaction type."""
@ -99,11 +110,11 @@ def identifyUtype(obj):
if obj in user_logged_on:
return "user_logged_on"
if obj in file_deleted:
elif obj in file_deleted:
return "file_deleted"
if obj in file_uploaded:
elif obj in file_uploaded:
return "file_uploaded"
if obj in file_downloaded:
elif obj in file_downloaded:
return "file_downloaded"
else:
return "other"