From ebe10f80ba2fb90a69bf49744f077a0eba29649f Mon Sep 17 00:00:00 2001 From: jblu Date: Sat, 10 Aug 2024 00:01:58 -0500 Subject: [PATCH] Updated data models for download/upload, delete and login --- inexDataModel.py | 16 ++++---- inexDataProcessing.py | 88 +++++++++++++++++++++++++++++-------------- test.py | 5 ++- 3 files changed, 73 insertions(+), 36 deletions(-) diff --git a/inexDataModel.py b/inexDataModel.py index 638313c..5190be5 100644 --- a/inexDataModel.py +++ b/inexDataModel.py @@ -1,5 +1,5 @@ def dataTemplate(transactionType,**kwargs): - general = { + uploadDownload = { "bytes" : kwargs.get('bytes_out'), "dst_endpoint": { "port": kwargs.get('dst_endpoint_port'), @@ -114,12 +114,14 @@ def dataTemplate(transactionType,**kwargs): }, "utype": kwargs.get('utype') } - if transactionType == "FileUploaded": - template = general - if transactionType == "FileDownloaded": - template = general - if transactionType == "FileDeleted": + + if transactionType == "file_uploaded": + template = uploadDownload + if transactionType == "file_downloaded": + template = uploadDownload + if transactionType == "file_deleted": template = fileDeleted - if transactionType == "Logon": + if transactionType == "user_logged_on": template = logon + return template \ No newline at end of file diff --git a/inexDataProcessing.py b/inexDataProcessing.py index ac89716..de01e0f 100644 --- a/inexDataProcessing.py +++ b/inexDataProcessing.py @@ -1,36 +1,68 @@ def processData(data, template, **kwargs): + processedData = [] + transactionLoginid = [] + for row in data: - print(f'Row: {row}') + # print(f'Row: {row}') if row.get('Command') == None: continue + processedData.append(template(identifyUtype(row.get('Command')),\ - status_detail=row.get(''),\ - status_code=row.get('ResultID'),\ - file_size=row.get('FileSize'),\ - file_path=row.get('PhysicalFolderName'),\ - file_virtual_path=row.get('VirtualFolderName'),\ - file_name=row.get('FileName'),\ - guid=row.get('TransactionGUID'),\ - ref_id=row.get('ProtocolCommandID'),\ - prd_instance_id=kwargs.get('prd_instance_id'),\ - product_guid=kwargs.get('product_guid'),\ - product_name=kwargs.get('product_name'),\ - product_version=kwargs.get('product_version'),\ - node_name=row.get('NodeName'),\ - src_endpoint_port=row.get('RemotePort'),\ - src_endpoint_ip=row.get('RemoteIP'),\ - dst_endpoint_port=row.get('LocalPort'),\ - dst_endpoint_ip=row.get('LocalIP'),\ - dst_endpoint_type=row.get('Protocol'),\ - session_uid=row.get('TransactionID'),\ - bytes_out=row.get('BytesTransferred'),\ - transfer_time=row.get('TransferTime'),\ - time=row.get('Time_stamp'),\ - user_type=identifyUserType(row.get('user_type')),\ - user_domain=row.get('SiteName'),\ - user_name=row.get('Actor'),\ - utype=identifyUtype(row.get('Command')))) + prd_ext_tenant_id='',\ + status_code=row.get('ResultID'),\ + file_size=row.get('FileSize'),\ + file_path=row.get('PhysicalFolderName'),\ + file_virtual_path=row.get('VirtualFolderName'),\ + file_name=row.get('FileName'),\ + guid=row.get('TransactionGUID'),\ + ref_id=row.get('ProtocolCommandID'),\ + prd_instance_id=kwargs.get('prd_instance_id'),\ + product_guid=kwargs.get('product_guid'),\ + product_name=kwargs.get('product_name'),\ + product_version=kwargs.get('product_version'),\ + node_name=row.get('NodeName'),\ + src_endpoint_type=row.get('Protocol'),\ + src_endpoint_port=row.get('RemotePort'),\ + src_endpoint_ip=row.get('RemoteIP'),\ + dst_endpoint_port=row.get('LocalPort'),\ + dst_endpoint_ip=row.get('LocalIP'),\ + dst_endpoint_type=row.get('Protocol'),\ + session_uid=row.get('TransactionID'),\ + bytes_out=row.get('BytesTransferred'),\ + duration=row.get('TransferTime'),\ + time=row.get('Time_stamp'),\ + user_type=identifyUserType(row.get('user_type')),\ + user_domain=row.get('SiteName'),\ + user_name=row.get('Actor'),\ + user_home_directory=row.get('VirtualFolderName'),\ + utype=identifyUtype(row.get('Command')))) + + if row.get('TransactionGUID') not in transactionLoginid: + processedData.append(template(identifyUtype(row.get('TransactionObject')),\ + guid=row.get('TransactionGUID'),\ + prd_instance_id=kwargs.get('prd_instance_id'),\ + product_guid=kwargs.get('product_guid'),\ + product_name=kwargs.get('product_name'),\ + product_version=kwargs.get('product_version'),\ + src_endpoint_type=row.get('Protocol'),\ + src_endpoint_port=row.get('RemotePort'),\ + src_endpoint_ip=row.get('RemoteIP'),\ + dst_endpoint_port=row.get('LocalPort'),\ + dst_endpoint_ip=row.get('LocalIP'),\ + dst_endpoint_type=row.get('Protocol'),\ + session_uid=row.get('TransactionID'),\ + bytes_out=row.get('BytesTransferred'),\ + transfer_time=row.get('TransferTime'),\ + time=row.get('Time_stamp'),\ + user_type=identifyUserType(row.get('user_type')),\ + user_domain=row.get('SiteName'),\ + user_name=row.get('Actor'),\ + user_home_directory=row.get('VirtualFolderName'),\ + utype=identifyUtype(row.get('TransactionObject'))\ + )) + transactionLoginid.append(row.get('TransactionGUID')) + return processedData def identifyUserType(obj): @@ -42,7 +74,7 @@ def identifyUserType(obj): else: return None def identifyUtype(obj): - user_logged_on = [] + user_logged_on = ['AUTH'] file_deleted = ["dele"] file_uploaded = ["created"] file_downloaded = ["sent"] diff --git a/test.py b/test.py index 25ddc6d..d1c1ce3 100644 --- a/test.py +++ b/test.py @@ -15,4 +15,7 @@ def builddict(keys,*args,**kwargs): dict[key] = kwargs.get(key) print(dict) -a = builddict(["bytes","duration","dst_endpoint"],bytes=2490,duration=200,dst_enpoint={"port": 1,"ip": 1,"type":1}) \ No newline at end of file +testfolder = '/Usr/a/asdf/asf' +user = 'a' + +print(testfolder.split(f"/{user}/")) \ No newline at end of file