jblu/Inex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases 8 Wiki Activity

Compare commits

base: jblu:abd669c3bbd6195aa34397f981c98182b95fa0e7
Branches Tags
jblu:main
jblu:middleofrebase
jblu:v.1.1.4
jblu:v.1.1.3
jblu:v.1.1.0
jblu:v.1.0.0
jblu:v.0.0.4
jblu:v.0.0.3
jblu:v.0.0.2
jblu:Basic
..
compare: jblu:69b520e97ca6635fb52e41e7111657b23bb1db08
Branches Tags
jblu:main
jblu:middleofrebase
jblu:v.1.1.4
jblu:v.1.1.3
jblu:v.1.1.0
jblu:v.1.0.0
jblu:v.0.0.4
jblu:v.0.0.3
jblu:v.0.0.2
jblu:Basic

No commits in common. "abd669c3bbd6195aa34397f981c98182b95fa0e7" and "69b520e97ca6635fb52e41e7111657b23bb1db08" have entirely different histories.
abd669c3bb ... 69b520e97c

7 changed files with 94 additions and 184 deletions
Show Stats Expand all files Collapse all files

14
config.toml.example
View File

@ -2,19 +2,19 @@
selectedPlatform = "dev" selectedPlatform = "dev"
[output] [output]
pushToplatform = false pushToplatform = true
dumpTojson = true dumpTojson = true
filename ="./data.json" filename ="./data.json"
token = "./.token" token = "./.token"
[logging] [logging]
useLog = true use_log = true
logLevel = "debug" logLevel = "debug"
logPath = "./inex.log" logPath = "./inex.log"
[database] [database]
overrideEmbeddedquery = false overrideEmbeddedquery = false
daysTopull = 20 daysTopull = 10
driver = "ODBC Driver 18 for SQL Server" driver = "ODBC Driver 18 for SQL Server"
server = "192.168.x.x" server = "192.168.x.x"
database = "EFTDB" database = "EFTDB"
@ -22,7 +22,7 @@ user = "a"
password = "a" password = "a"
query = """DECLARE @stopTime DATETIME2 query = """DECLARE @stopTime DATETIME2
SET @stopTime=DATEADD(DAY, -30, GETDATE()) SET @stopTime=DATEADD(DAY, -30, GETDATE())
SELECT p.ProtocolCommandID, t.Time_stamp, p.RemoteIP, p.RemotePort, p.LocalIP, p.LocalPort, p.Protocol, p.SiteName, p.Command, p.FileName, p.PhysicalFolderName, p.VirtualFolderName, p.FileSize, p.TransferTime, p.BytesTransferred, p.Description, p.ResultID, t.TransactionID, p.Actor, t.TransactionObject, t.NodeName, t.TransactionGUID, a.Protocol user_type SELECT p.ProtocolCommandID, t.Time_stamp, p.RemoteIP, p.RemotePort, p.LocalIP, p.LocalPort, p.Protocol, p.SiteName, p.Command, p.FileName, p.VirtualFolderName, p.FileSize, p.TransferTime, p.BytesTransferred, p.Description, p.ResultID, t.TransactionID, p.Actor, t.TransactionObject, t.NodeName, t.TransactionGUID, a.Protocol user_type
FROM tbl_Transactions t FROM tbl_Transactions t
Full JOIN tbl_ProtocolCommands p ON(t.TransactionID=p.TransactionID) Full JOIN tbl_ProtocolCommands p ON(t.TransactionID=p.TransactionID)
Full JOIN tbl_Authentications a ON(t.TransactionID=a.TransactionID) Full JOIN tbl_Authentications a ON(t.TransactionID=a.TransactionID)
@ -50,5 +50,7 @@ client_id = "eft-event-generator-confidential"
secret = "" secret = ""
[immutables] [immutables]
product_name = "GlobalScape EFT" prd_instance_id = 1
prd_ext_tenant_name = "GlobalScape EFT" product_guid = "asdf"
product_name = "EFT"
product_version ="8.1.0.9"

17
inex.py
View File

@ -43,19 +43,18 @@ class Inex:
self.useLog = self.config["logging"]["useLog"] self.useLog = self.config["logging"]["useLog"]
self.logPath = self.config["logging"]["logPath"] self.logPath = self.config["logging"]["logPath"]
self.logLevel = self.config["logging"]["logLevel"] self.logLevel = self.config["logging"]["logLevel"]
self.prdExttenantname = self.config["immutables"]["prd_ext_tenant_name"] self.prdInstanceID = self.config["immutables"]["prd_instance_id"]
self.productGUID = self.config["immutables"]["product_guid"]
self.productName = self.config["immutables"]["product_name"] self.productName = self.config["immutables"]["product_name"]
self.productVersion = self.config["immutables"]["product_version"]
self.tokenFilepath = self.config["output"]["token"] self.tokenFilepath = self.config["output"]["token"]
self.selectedPlatform = self.config["fortraPlatform"]["selectedPlatform"] self.selectedPlatform = self.config["fortraPlatform"]["selectedPlatform"]
self.writeJsonfile = self.config["output"]["dumpTojson"] self.writeJsonfile = self.config["output"]["dumpTojson"]
self.pushToplatform = self.config["output"]["pushToplatform"] self.pushToplatform = self.config["output"]["pushToplatform"]
self.queryOverride = self.config["database"]["overrideEmbeddedquery"] self.queryOverride = self.config["database"]["overrideEmbeddedquery"]
self.queryDaystopull = self.config["database"]["daysTopull"] self.queryDaystopull = self.config["database"]["daysTopull"]
except Exception as e: except:
print("No config.toml or possibly missing settings in the file. Please use config.toml.example file and configure appropriately") print("No config.toml. Please use example file and configure appropriately")
self.il.error(e)
print(e)
exit(1) exit(1)
if "dev" in self.selectedPlatform.lower(): if "dev" in self.selectedPlatform.lower():
@ -74,11 +73,11 @@ class Inex:
self.data = self.ic.inexSql.databaseQuery(self, self.cursor, self.sq.sqlQuerymodel.queryData(self.queryOverride,self.dbQuery, self.queryDaystopull)) self.data = self.ic.inexSql.databaseQuery(self, self.cursor, self.sq.sqlQuerymodel.queryData(self.queryOverride,self.dbQuery, self.queryDaystopull))
self.modifiedData = processData(self.data, dataTemplate, prd_ext_tenant_name=self.prdExttenantname,product_name=self.productName,\ self.modifiedData = processData(self.data, dataTemplate, prd_instance_id=self.prdInstanceID,\
prd_ext_tenant_id=self.platformConfig["tenant_id"]) product_guid=self.productGUID,product_name=self.productName,product_version=self.productVersion)
if self.pushToplatform: if self.pushToplatform:
inexConnect.fortraEFC.__init__(self) inexConnect.fortraEFC.pushPayload(self)
# TODO: move this to its own function # TODO: move this to its own function
if self.useLog: if self.useLog:

51
inexConnect.py
View File

@ -43,46 +43,33 @@ class inexSql:
return r return r
class fortraEFC: class fortraEFC:
def __init__(self): def getToken(self):
# Check if .token file is present self.tokenData = self.r.post(self.platformConfig["idp"], data={"grant_type":"client_credentials",\
if fortraEFC.readToken(self) == 1: "client_id": self.platformConfig["client_id"],\
# Get fresh token. First run. "client_secret": self.platformConfig["secret"],})
def writeToken(self):
fortraEFC.getToken(self) fortraEFC.getToken(self)
fortraEFC.writeToken(self) with open(self.tokenFilepath, "w") as f:
# Push data with token self.j.dump(self.tokenData.json(), f, indent = 2)
self.pushPayloadresponse = fortraEFC.pushPayload(self)
if self.pushPayloadresponse == 401:
fortraEFC.getToken(self)
fortraEFC.writeToken(self)
fortraEFC.pushPayload(self)
def readToken(self): def readToken(self):
if self.os.path.exists(self.tokenFilepath): if self.os.path.exists(self.tokenFilepath):
with open(self.tokenFilepath, 'rb') as t: with open(self.tokenFilepath, 'rb') as t:
self.tokenData = self.j.load(t) self.tokenData = self.j.load(t)
self.il.debug(f'readToken {self.tokenData["access_token"]}') # print(self.tokenData["access_token"])
return 0
else: else:
return 1 fortraEFC.writeToken(self)
def getToken(self):
self.tokenData = self.r.post(self.platformConfig["idp"], data={"grant_type":"client_credentials",\
"client_id": self.platformConfig["client_id"],\
"client_secret": self.platformConfig["secret"],})
self.tokenData = self.tokenData.json()
self.il.debug(f'getToken {self.tokenData["access_token"]}')
def writeToken(self):
fortraEFC.getToken(self)
with open(self.tokenFilepath, "w") as f:
self.j.dump(self.tokenData, f, indent = 2)
self.il.debug(f'writeToken {self.tokenData["access_token"]}')
def pushPayload(self): def pushPayload(self):
self.il.debug(f'pushPayload {self.tokenData["access_token"]}') fortraEFC.readToken(self)
print(self.tokenData)
try:
url = f'{self.platformConfig["efc_url"]}/api/v1/unity/data/{self.platformConfig["tenant_id"]}/machine_event' url = f'{self.platformConfig["efc_url"]}/api/v1/unity/data/{self.platformConfig["tenant_id"]}/machine_event'
pushPayloadResponse = self.r.post(url, headers={'Authorization': f'Bearer {self.tokenData["access_token"]}'},\ pushPayloadResponse = self.r.post(url, headers={'Authorization': f'bearer {self.tokenData["access_token"]}'},\
data=self.j.dumps(self.modifiedData, cls=self.e)) json=self.j.dumps(self.modifiedData,indent = 2, cls=self.e))
self.il.debug(pushPayloadResponse.status_code)
self.il.debug(pushPayloadResponse.text)
return pushPayloadResponse.status_code return pushPayloadResponse.status_code
except self.r.exceptions.HTTPError as errh:
print ("Http Error:",errh)
if "401" in errh:
fortraEFC.writeToken(self)
fortraEFC.pushPayload(self)

110
inexDataModel.py
View File

@ -1,6 +1,6 @@
def dataTemplate(transactionType,**kwargs): def dataTemplate(transactionType,**kwargs):
upload = { uploadDownload = {
"bytes" : kwargs.get('bytes'), "bytes" : kwargs.get('bytes_out'),
"dst_endpoint": { "dst_endpoint": {
"port": kwargs.get('dst_endpoint_port'), "port": kwargs.get('dst_endpoint_port'),
"ip": kwargs.get('dst_endpoint_ip'), "ip": kwargs.get('dst_endpoint_ip'),
@ -8,17 +8,16 @@ def dataTemplate(transactionType,**kwargs):
}, },
"duration": kwargs.get('duration'), "duration": kwargs.get('duration'),
"file": { "file": {
"created_time": kwargs.get('file_created_time'), "created_time": kwargs.get('time'),
"uid": kwargs.get('file_uid'),
"size": kwargs.get('file_size'), "size": kwargs.get('file_size'),
"name": kwargs.get('file_name'), "name": kwargs.get('file_name'),
"path": kwargs.get('file_path') "path": kwargs.get('file_path')
}, },
"guid": kwargs.get('file_uid'), "guid": kwargs.get('guid'),
"node_name": kwargs.get('node_name'), "node_name": kwargs.get('node_name'),
"prd_ext_tenant_id": kwargs.get('prd_ext_tenant_id'), "prd_ext_tenant_id": kwargs.get('tenant'),
"product_name": kwargs.get('product_name'), "product_name": "GlobalScape EFT",
"prd_ext_tenant_name": kwargs.get('prd_ext_tenant_name'), "prd_ext_tenant_name": "GlobalScape EFT",
"classifications": [{ "classifications": [{
"ref_id": f"globalscape:{kwargs.get('guid')}", "ref_id": f"globalscape:{kwargs.get('guid')}",
"time": kwargs.get('time'), "time": kwargs.get('time'),
@ -32,61 +31,15 @@ def dataTemplate(transactionType,**kwargs):
"ip": kwargs.get('src_endpoint_ip'), "ip": kwargs.get('src_endpoint_ip'),
"type": kwargs.get('src_endpoint_type') "type": kwargs.get('src_endpoint_type')
}, },
"tenant": kwargs.get('prd_ext_tenant_id'), "tenant": kwargs.get('tenant'),
"tenant_name":"GlobalScape", "tenant_name":"GlobalScape",
"time": kwargs.get('time'), "time": kwargs.get('time'),
"status_code": kwargs.get('status_code'), "status_code": kwargs.get('status_code'),
"status_detail": kwargs.get('status_detail'), "status_detail": kwargs.get('description'),
"user": { "user": {
"home_directory": kwargs.get('user_home_directory'), "home_directory": kwargs.get('user_home_directory'),
"uuid": kwargs.get('guid'), "uuid": kwargs.get('guid'),
"uid": kwargs.get('user_uid'), "uid": kwargs.get('uid'),
"type": kwargs.get('user_type'),
"name": kwargs.get('user_name')
},
"utype": kwargs.get('utype')
}
download = {
"bytes" : kwargs.get('bytes'),
"dst_endpoint": {
"port": kwargs.get('dst_endpoint_port'),
"ip": kwargs.get('dst_endpoint_ip'),
"type": kwargs.get('dst_endpoint_type')
},
"duration": kwargs.get('duration'),
"file": {
"uid": kwargs.get('file_uid'),
"size": kwargs.get('file_size'),
"name": kwargs.get('file_name'),
"path": kwargs.get('file_path')
},
"guid": kwargs.get('file_uid'),
"node_name": kwargs.get('node_name'),
"prd_ext_tenant_id": kwargs.get('prd_ext_tenant_id'),
"product_name": kwargs.get('product_name'),
"prd_ext_tenant_name": kwargs.get('prd_ext_tenant_name'),
"classifications": [{
"ref_id": f"globalscape:{kwargs.get('guid')}",
"time": kwargs.get('time'),
}],
"session": {
"created_time": kwargs.get('time'),
"uid": kwargs.get('session_uid')
},
"src_endpoint": {
"port": kwargs.get('src_endpoint_port'),
"ip": kwargs.get('src_endpoint_ip'),
"type": kwargs.get('src_endpoint_type')
},
"tenant": kwargs.get('prd_ext_tenant_id'),
"tenant_name":"GlobalScape",
"time": kwargs.get('time'),
"status_code": kwargs.get('status_code'),
"status_detail": kwargs.get('status_detail'),
"user": {
"home_directory": kwargs.get('user_home_directory'),
"uuid": kwargs.get('guid'),
"uid": kwargs.get('user_uid'),
"type": kwargs.get('user_type'), "type": kwargs.get('user_type'),
"name": kwargs.get('user_name') "name": kwargs.get('user_name')
}, },
@ -97,18 +50,16 @@ def dataTemplate(transactionType,**kwargs):
"file": { "file": {
"size": kwargs.get('file_size'), "size": kwargs.get('file_size'),
"name": kwargs.get('file_name'), "name": kwargs.get('file_name'),
"path": kwargs.get('file_path'), "path": kwargs.get('file_path')
"uid": kwargs.get('file_uid'),
}, },
"guid": f'deleted:{kwargs.get("guid")}', "guid": kwargs.get('guid'),
"node_name": kwargs.get('node_name'),
"classifications": [{ "classifications": [{
"ref_id": f"globalscape:{kwargs.get('guid')}", "ref_id": f"globalscape:{kwargs.get('guid')}",
"time": kwargs.get('time'), "time": kwargs.get('time'),
}], }],
"prd_ext_tenant_name": kwargs.get("prd_ext_tenant_name"), "prd_ext_tenant_name": "Globalscape EFT",
"prd_ext_tenant_id": kwargs.get('prd_ext_tenant_id'), "prd_ext_tenant_id": kwargs.get('tenant'),
"product_name": kwargs.get("product_name"), "product_name": "Globalscape EFT",
"session": { "session": {
"created_time": kwargs.get('time'), "created_time": kwargs.get('time'),
"uid": kwargs.get('session_uid') "uid": kwargs.get('session_uid')
@ -118,20 +69,16 @@ def dataTemplate(transactionType,**kwargs):
"ip": kwargs.get('src_endpoint_ip'), "ip": kwargs.get('src_endpoint_ip'),
"type": kwargs.get('src_endpoint_type') "type": kwargs.get('src_endpoint_type')
}, },
"tenant": kwargs.get('prd_ext_tenant_id'),
"tenant_name":"GlobalScape",
"dst_endpoint": { "dst_endpoint": {
"port": kwargs.get('dst_endpoint_port'), "port": kwargs.get('dst_endpoint_port'),
"ip": kwargs.get('dst_endpoint_ip'), "ip": kwargs.get('dst_endpoint_ip'),
"type": kwargs.get('dst_endpoint_type') "type": kwargs.get('dst_endpoint_type')
}, },
"time": kwargs.get('time'), "time": kwargs.get('time'),
"status_code": kwargs.get('status_code'),
"status_detail": kwargs.get('status_detail'),
"user": { "user": {
"home_directory": kwargs.get('user_home_directory'), "home_directory": kwargs.get('user_home_directory'),
"uuid": kwargs.get('user_session_uid'), "uuid": kwargs.get('guid'),
"uid": kwargs.get('user_uid'), "uid": kwargs.get('uid'),
"type": kwargs.get('user_type'), "type": kwargs.get('user_type'),
"name": kwargs.get('user_name') "name": kwargs.get('user_name')
}, },
@ -149,14 +96,9 @@ def dataTemplate(transactionType,**kwargs):
"type": kwargs.get('dst_endpoint_type') "type": kwargs.get('dst_endpoint_type')
}, },
"guid": kwargs.get('guid'), "guid": kwargs.get('guid'),
"node_name": kwargs.get('node_name'), "prd_ext_tenant_id": kwargs.get('tenant'),
"tenant": kwargs.get('prd_ext_tenant_id'), "product_name": "GlobalScape EFT",
"tenant_name":"GlobalScape", "prd_ext_tenant_name": "GlobalScape EFT",
"prd_ext_tenant_id": kwargs.get('prd_ext_tenant_id'),
"product_name": kwargs.get("product_name"),
"prd_ext_tenant_name": kwargs.get('prd_ext_tenant_name'),
"status_code": kwargs.get('status_code'),
"status_detail": kwargs.get('status_detail'),
"src_endpoint": { "src_endpoint": {
"port": kwargs.get('src_endpoint_port'), "port": kwargs.get('src_endpoint_port'),
"ip": kwargs.get('src_endpoint_ip'), "ip": kwargs.get('src_endpoint_ip'),
@ -165,22 +107,18 @@ def dataTemplate(transactionType,**kwargs):
"time": kwargs.get('time'), "time": kwargs.get('time'),
"user": { "user": {
"home_directory": kwargs.get('user_home_directory'), "home_directory": kwargs.get('user_home_directory'),
"uuid": kwargs.get('user_session_uid'), "uuid": kwargs.get('guid'),
"uid": kwargs.get('user_uid'), "uid": kwargs.get('uid'),
"type": kwargs.get('user_type'), "type": kwargs.get('user_type'),
"name": kwargs.get('user_name') "name": kwargs.get('user_name')
}, },
"session": {
"created_time": kwargs.get('time'),
"uid": kwargs.get('session_uid')
},
"utype": kwargs.get('utype') "utype": kwargs.get('utype')
} }
if transactionType == "file_uploaded": if transactionType == "file_uploaded":
template = upload template = uploadDownload
if transactionType == "file_downloaded": if transactionType == "file_downloaded":
template = download template = uploadDownload
if transactionType == "file_deleted": if transactionType == "file_deleted":
template = fileDeleted template = fileDeleted
if transactionType == "user_logged_on": if transactionType == "user_logged_on":

64
inexDataProcessing.py
View File

@ -7,66 +7,55 @@ def processData(data, template, **kwargs):
for row in data: for row in data:
# print(f'Row: {row}') # print(f'Row: {row}')
# must set variables for the different templates and do logic based on that. Do not call identifyUtype many times if identifyUtype(row.get('Command')) == "other":
identifyUtypecommand = identifyUtype(row.get('Command'))
if identifyUtypecommand == "other":
continue continue
if row.get('Command') == None: if row.get('Command') == None:
continue continue
userType = identifyUserType(row.get('user_type'))
try: try:
processedData.append(template(identifyUtypecommand,\ processedData.append(template(identifyUtype(row.get('Command')),\
prd_ext_tenant_name=kwargs.get('prd_ext_tenant_name'),\ prd_ext_tenant_id='',\
user_uid=row.get('TransactionID'),\
status_detail=row.get('Description'),\
prd_ext_tenant_id=kwargs.get('prd_ext_tenant_id'),\
status_code=row.get('ResultID'),\ status_code=row.get('ResultID'),\
file_created_time=row.get('Time_stamp'),\
file_size=row.get('FileSize'),\ file_size=row.get('FileSize'),\
file_uid=row.get('ProtocolCommandID'),\
file_path=row.get('PhysicalFolderName'),\ file_path=row.get('PhysicalFolderName'),\
file_virtual_path=row.get('VirtualFolderName'),\
file_name=row.get('FileName'),\ file_name=row.get('FileName'),\
guid=row.get('TransactionGUID'),\ guid=row.get('TransactionGUID'),\
ref_id=row.get('ProtocolCommandID'),\
prd_instance_id=kwargs.get('prd_instance_id'),\
product_guid=kwargs.get('product_guid'),\
product_name=kwargs.get('product_name'),\ product_name=kwargs.get('product_name'),\
product_version=kwargs.get('product_version'),\
node_name=row.get('NodeName'),\ node_name=row.get('NodeName'),\
session_uid=row.get('TransactionID'),\
src_endpoint_type=row.get('Protocol'),\ src_endpoint_type=row.get('Protocol'),\
src_endpoint_port=row.get('RemotePort'),\ src_endpoint_port=row.get('RemotePort'),\
src_endpoint_ip=row.get('RemoteIP'),\ src_endpoint_ip=row.get('RemoteIP'),\
dst_endpoint_port=row.get('LocalPort'),\ dst_endpoint_port=row.get('LocalPort'),\
dst_endpoint_ip=row.get('LocalIP'),\ dst_endpoint_ip=row.get('LocalIP'),\
dst_endpoint_type=row.get('Protocol'),\ dst_endpoint_type=row.get('Protocol'),\
user_session_uid=row.get('TransactionID'),\ session_uid=row.get('TransactionID'),\
bytes=row.get('BytesTransferred'),\ bytes_out=row.get('BytesTransferred'),\
time=row.get('Time_stamp'),\
duration=row.get('TransferTime'),\ duration=row.get('TransferTime'),\
user_type=userType,\ time=row.get('Time_stamp'),\
user_type=identifyUserType(row.get('user_type')),\
user_domain=row.get('SiteName'),\
user_name=row.get('Actor'),\ user_name=row.get('Actor'),\
user_home_directory=row.get('VirtualFolderName'),\ user_home_directory=row.get('VirtualFolderName'),\
utype=identifyUtypecommand)) description=row.get('Description'),\
utype=identifyUtype(row.get('Command'))))
except UnboundLocalError: except UnboundLocalError:
print(f'Problem row GUID:{row.get("TransactionGUID")} ::: TransactionObject:{row.get("TransactionObject")} Command: {row.get("Command")}') print(f'Problem row GUID:{row.get("TransactionGUID")} ::: TransactionObject:{row.get("TransactionObject")} Command: {row.get("Command")}')
continue
identifyUtypetransactionObject = identifyUtype(row.get('TransactionObject'))
if identifyUtypetransactionObject == "other":
continue continue
if row.get('TransactionGUID') not in transactionLoginid: if row.get('TransactionGUID') not in transactionLoginid:
try: try:
processedData.append(template(identifyUtypetransactionObject,\ processedData.append(template(identifyUtype(row.get('TransactionObject')),\
prd_ext_tenant_id=kwargs.get('prd_ext_tenant_id'),\
prd_ext_tenant_name=kwargs.get('prd_ext_tenant_name'),\
status_detail=row.get('Description'),\
guid=row.get('TransactionGUID'),\ guid=row.get('TransactionGUID'),\
status_code=row.get('ResultID'),\
node_name=row.get('NodeName'),\
prd_instance_id=kwargs.get('prd_instance_id'),\ prd_instance_id=kwargs.get('prd_instance_id'),\
product_guid=kwargs.get('product_guid'),\
product_name=kwargs.get('product_name'),\ product_name=kwargs.get('product_name'),\
product_version=kwargs.get('product_version'),\
src_endpoint_type=row.get('Protocol'),\ src_endpoint_type=row.get('Protocol'),\
src_endpoint_port=row.get('RemotePort'),\ src_endpoint_port=row.get('RemotePort'),\
src_endpoint_ip=row.get('RemoteIP'),\ src_endpoint_ip=row.get('RemoteIP'),\
@ -74,14 +63,14 @@ def processData(data, template, **kwargs):
dst_endpoint_ip=row.get('LocalIP'),\ dst_endpoint_ip=row.get('LocalIP'),\
dst_endpoint_type=row.get('Protocol'),\ dst_endpoint_type=row.get('Protocol'),\
session_uid=row.get('TransactionID'),\ session_uid=row.get('TransactionID'),\
bytes_out=row.get('BytesTransferred'),\
transfer_time=row.get('TransferTime'),\ transfer_time=row.get('TransferTime'),\
time=row.get('Time_stamp'),\ time=row.get('Time_stamp'),\
user_session_uid=row.get('TransactionID'),\ user_type=identifyUserType(row.get('user_type')),\
user_uid=row.get('TransactionID'),\ user_domain=row.get('SiteName'),\
user_type=userType,\
user_name=row.get('Actor'),\ user_name=row.get('Actor'),\
user_home_directory=row.get('PhysicalFolderName'),\ user_home_directory=row.get('VirtualFolderName'),\
utype=identifyUtypetransactionObject\ utype=identifyUtype(row.get('TransactionObject'))\
)) ))
transactionLoginid.append(row.get('TransactionGUID')) transactionLoginid.append(row.get('TransactionGUID'))
except UnboundLocalError: except UnboundLocalError:
@ -99,7 +88,6 @@ def identifyUserType(obj):
return "User" return "User"
else: else:
return None return None
def identifyUtype(obj): def identifyUtype(obj):
"""Process Type of transaction based on string that passed in. """Process Type of transaction based on string that passed in.
Return transaction type.""" Return transaction type."""
@ -110,11 +98,11 @@ def identifyUtype(obj):
if obj in user_logged_on: if obj in user_logged_on:
return "user_logged_on" return "user_logged_on"
elif obj in file_deleted: if obj in file_deleted:
return "file_deleted" return "file_deleted"
elif obj in file_uploaded: if obj in file_uploaded:
return "file_uploaded" return "file_uploaded"
elif obj in file_downloaded: if obj in file_downloaded:
return "file_downloaded" return "file_downloaded"
else: else:
return "other" return "other"

2
inexSqlquery.py
View File

@ -3,7 +3,7 @@ class sqlQuerymodel:
"""Embedded query data""" """Embedded query data"""
q ="""DECLARE @stopTime DATETIME2 q ="""DECLARE @stopTime DATETIME2
SET @stopTime=DATEADD(DAY, -30, GETDATE()) SET @stopTime=DATEADD(DAY, -30, GETDATE())
SELECT p.ProtocolCommandID, t.Time_stamp, p.RemoteIP, p.RemotePort, p.LocalIP, p.LocalPort, p.Protocol, p.SiteName, p.Command, p.FileName, p.PhysicalFolderName, p.VirtualFolderName, p.FileSize, p.TransferTime, p.BytesTransferred, p.Description, p.ResultID, t.TransactionID, p.Actor, t.TransactionObject, t.NodeName, t.TransactionGUID, a.Protocol user_type SELECT p.ProtocolCommandID, t.Time_stamp, p.RemoteIP, p.RemotePort, p.LocalIP, p.LocalPort, p.Protocol, p.SiteName, p.Command, p.FileName, p.VirtualFolderName, p.FileSize, p.TransferTime, p.BytesTransferred, p.Description, p.ResultID, t.TransactionID, p.Actor, t.TransactionObject, t.NodeName, t.TransactionGUID, a.Protocol user_type
FROM tbl_Transactions t FROM tbl_Transactions t
Full JOIN tbl_ProtocolCommands p ON(t.TransactionID=p.TransactionID) Full JOIN tbl_ProtocolCommands p ON(t.TransactionID=p.TransactionID)
Full join tbl_Authentications a ON(t.TransactionID=a.TransactionID) Full join tbl_Authentications a ON(t.TransactionID=a.TransactionID)

4
test.py
View File

@ -36,7 +36,3 @@ def identifyUtype(obj):
return "file_downloaded" return "file_downloaded"
else: else:
return "other" return "other"
transactionType = 'file_uploaded'
print(transactionType.split("_")[1].rstrip("d").rstrip("e"))