jblu/Inex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases 8 Wiki Activity

Fixed an issue where login transactions weren't being filtered.

Browse Source
This commit is contained in:
Jonathan Branan 2024-08-17 13:33:09 -05:00
parent 2793b5602c
commit b1a2174e7c
2 changed files with 26 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
inex.py
View File

@ -51,8 +51,11 @@ class Inex:
self.pushToplatform = self.config["output"]["pushToplatform"] self.pushToplatform = self.config["output"]["pushToplatform"]
self.queryOverride = self.config["database"]["overrideEmbeddedquery"] self.queryOverride = self.config["database"]["overrideEmbeddedquery"]
self.queryDaystopull = self.config["database"]["daysTopull"] self.queryDaystopull = self.config["database"]["daysTopull"]
except: except Exception as e:
print("No config.toml or possibly missing settings in the file. Please use config.toml.example file and configure appropriately") print("No config.toml or possibly missing settings in the file. Please use config.toml.example file and configure appropriately")
self.il.error(e)
print(e)
exit(1) exit(1)
if "dev" in self.selectedPlatform.lower(): if "dev" in self.selectedPlatform.lower():

33
inexDataProcessing.py
View File

@ -4,15 +4,21 @@ def processData(data, template, **kwargs):
additional data to insert into the template.""" additional data to insert into the template."""
processedData = [] processedData = []
transactionLoginid = [] transactionLoginid = []
for row in data: for row in data:
# print(f'Row: {row}') # print(f'Row: {row}')
if identifyUtype(row.get('Command')) == "other": # must set variables for the different templates and do logic based on that. Do not call identifyUtype many times
identifyUtypecommand = identifyUtype(row.get('Command'))
if identifyUtypecommand == "other":
continue continue
if row.get('Command') == None: if row.get('Command') == None:
continue continue
userType = identifyUserType(row.get('user_type'))
try: try:
processedData.append(template(identifyUtype(row.get('Command')),\ processedData.append(template(identifyUtypecommand,\
prd_ext_tenant_name=kwargs.get('prd_ext_tenant_name'),\ prd_ext_tenant_name=kwargs.get('prd_ext_tenant_name'),\
user_uid=row.get('TransactionID'),\ user_uid=row.get('TransactionID'),\
status_detail=row.get('Description'),\ status_detail=row.get('Description'),\
@ -37,18 +43,22 @@ def processData(data, template, **kwargs):
bytes=row.get('BytesTransferred'),\ bytes=row.get('BytesTransferred'),\
time=row.get('Time_stamp'),\ time=row.get('Time_stamp'),\
duration=row.get('TransferTime'),\ duration=row.get('TransferTime'),\
user_type=identifyUserType(row.get('user_type')),\ user_type=userType,\
user_name=row.get('Actor'),\ user_name=row.get('Actor'),\
user_home_directory=row.get('VirtualFolderName'),\ user_home_directory=row.get('VirtualFolderName'),\
utype=identifyUtype(row.get('Command')))) utype=identifyUtypecommand))
except UnboundLocalError: except UnboundLocalError:
print(f'Problem row GUID:{row.get("TransactionGUID")} ::: TransactionObject:{row.get("TransactionObject")} Command: {row.get("Command")}') print(f'Problem row GUID:{row.get("TransactionGUID")} ::: TransactionObject:{row.get("TransactionObject")} Command: {row.get("Command")}')
continue
identifyUtypetransactionObject = identifyUtype(row.get('TransactionObject'))
if identifyUtypetransactionObject == "other":
continue continue
if row.get('TransactionGUID') not in transactionLoginid: if row.get('TransactionGUID') not in transactionLoginid:
try: try:
processedData.append(template(identifyUtype(row.get('TransactionObject')),\ processedData.append(template(identifyUtypetransactionObject,\
prd_ext_tenant_id=kwargs.get('prd_ext_tenant_id'),\ prd_ext_tenant_id=kwargs.get('prd_ext_tenant_id'),\
prd_ext_tenant_name=kwargs.get('prd_ext_tenant_name'),\ prd_ext_tenant_name=kwargs.get('prd_ext_tenant_name'),\
status_detail=row.get('Description'),\ status_detail=row.get('Description'),\
@ -68,10 +78,10 @@ def processData(data, template, **kwargs):
time=row.get('Time_stamp'),\ time=row.get('Time_stamp'),\
user_session_uid=row.get('TransactionID'),\ user_session_uid=row.get('TransactionID'),\
user_uid=row.get('TransactionID'),\ user_uid=row.get('TransactionID'),\
user_type=identifyUserType(row.get('user_type')),\ user_type=userType,\
user_name=row.get('Actor'),\ user_name=row.get('Actor'),\
user_home_directory=row.get('PhysicalFolderName'),\ user_home_directory=row.get('PhysicalFolderName'),\
utype=identifyUtype(row.get('TransactionObject'))\ utype=identifyUtypetransactionObject\
)) ))
transactionLoginid.append(row.get('TransactionGUID')) transactionLoginid.append(row.get('TransactionGUID'))
except UnboundLocalError: except UnboundLocalError:
@ -89,6 +99,7 @@ def identifyUserType(obj):
return "User" return "User"
else: else:
return None return None
def identifyUtype(obj): def identifyUtype(obj):
"""Process Type of transaction based on string that passed in. """Process Type of transaction based on string that passed in.
Return transaction type.""" Return transaction type."""
@ -99,11 +110,11 @@ def identifyUtype(obj):
if obj in user_logged_on: if obj in user_logged_on:
return "user_logged_on" return "user_logged_on"
if obj in file_deleted: elif obj in file_deleted:
return "file_deleted" return "file_deleted"
if obj in file_uploaded: elif obj in file_uploaded:
return "file_uploaded" return "file_uploaded"
if obj in file_downloaded: elif obj in file_downloaded:
return "file_downloaded" return "file_downloaded"
else: else:
return "other" return "other"