Compare commits
2 Commits
v.1.1.0
...
middleofre
| Author | SHA1 | Date | |
|---|---|---|---|
|
9bfca58c7d | ||
|
|
c56c9ac208 |
@@ -2,19 +2,19 @@
|
|||||||
selectedPlatform = "dev"
|
selectedPlatform = "dev"
|
||||||
|
|
||||||
[output]
|
[output]
|
||||||
pushToplatform = true
|
pushToplatform = false
|
||||||
dumpTojson = true
|
dumpTojson = true
|
||||||
filename ="./data.json"
|
filename ="./data.json"
|
||||||
token = "./.token"
|
token = "./.token"
|
||||||
|
|
||||||
[logging]
|
[logging]
|
||||||
use_log = true
|
useLog = true
|
||||||
logLevel = "debug"
|
logLevel = "debug"
|
||||||
logPath = "./inex.log"
|
logPath = "./inex.log"
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
overrideEmbeddedquery = false
|
overrideEmbeddedquery = false
|
||||||
daysTopull = 10
|
daysTopull = 20
|
||||||
driver = "ODBC Driver 18 for SQL Server"
|
driver = "ODBC Driver 18 for SQL Server"
|
||||||
server = "192.168.x.x"
|
server = "192.168.x.x"
|
||||||
database = "EFTDB"
|
database = "EFTDB"
|
||||||
@@ -22,7 +22,7 @@ user = "a"
|
|||||||
password = "a"
|
password = "a"
|
||||||
query = """DECLARE @stopTime DATETIME2
|
query = """DECLARE @stopTime DATETIME2
|
||||||
SET @stopTime=DATEADD(DAY, -30, GETDATE())
|
SET @stopTime=DATEADD(DAY, -30, GETDATE())
|
||||||
SELECT p.ProtocolCommandID, t.Time_stamp, p.RemoteIP, p.RemotePort, p.LocalIP, p.LocalPort, p.Protocol, p.SiteName, p.Command, p.FileName, p.VirtualFolderName, p.FileSize, p.TransferTime, p.BytesTransferred, p.Description, p.ResultID, t.TransactionID, p.Actor, t.TransactionObject, t.NodeName, t.TransactionGUID, a.Protocol user_type
|
SELECT p.ProtocolCommandID, t.Time_stamp, p.RemoteIP, p.RemotePort, p.LocalIP, p.LocalPort, p.Protocol, p.SiteName, p.Command, p.FileName, p.PhysicalFolderName, p.VirtualFolderName, p.FileSize, p.TransferTime, p.BytesTransferred, p.Description, p.ResultID, t.TransactionID, p.Actor, t.TransactionObject, t.NodeName, t.TransactionGUID, a.Protocol user_type
|
||||||
FROM tbl_Transactions t
|
FROM tbl_Transactions t
|
||||||
Full JOIN tbl_ProtocolCommands p ON(t.TransactionID=p.TransactionID)
|
Full JOIN tbl_ProtocolCommands p ON(t.TransactionID=p.TransactionID)
|
||||||
Full JOIN tbl_Authentications a ON(t.TransactionID=a.TransactionID)
|
Full JOIN tbl_Authentications a ON(t.TransactionID=a.TransactionID)
|
||||||
@@ -49,8 +49,6 @@ tenant_id = ""
|
|||||||
client_id = "eft-event-generator-confidential"
|
client_id = "eft-event-generator-confidential"
|
||||||
secret = ""
|
secret = ""
|
||||||
|
|
||||||
[immutables]
|
[immutables]
|
||||||
prd_instance_id = 1
|
product_name = "GlobalScape EFT"
|
||||||
product_guid = "asdf"
|
prd_ext_tenant_name = "GlobalScape EFT"
|
||||||
product_name = "EFT"
|
|
||||||
product_version ="8.1.0.9"
|
|
||||||
19
inex.py
19
inex.py
@@ -43,18 +43,19 @@ class Inex:
|
|||||||
self.useLog = self.config["logging"]["useLog"]
|
self.useLog = self.config["logging"]["useLog"]
|
||||||
self.logPath = self.config["logging"]["logPath"]
|
self.logPath = self.config["logging"]["logPath"]
|
||||||
self.logLevel = self.config["logging"]["logLevel"]
|
self.logLevel = self.config["logging"]["logLevel"]
|
||||||
self.prdInstanceID = self.config["immutables"]["prd_instance_id"]
|
self.prdExttenantname = self.config["immutables"]["prd_ext_tenant_name"]
|
||||||
self.productGUID = self.config["immutables"]["product_guid"]
|
|
||||||
self.productName = self.config["immutables"]["product_name"]
|
self.productName = self.config["immutables"]["product_name"]
|
||||||
self.productVersion = self.config["immutables"]["product_version"]
|
|
||||||
self.tokenFilepath = self.config["output"]["token"]
|
self.tokenFilepath = self.config["output"]["token"]
|
||||||
self.selectedPlatform = self.config["fortraPlatform"]["selectedPlatform"]
|
self.selectedPlatform = self.config["fortraPlatform"]["selectedPlatform"]
|
||||||
self.writeJsonfile = self.config["output"]["dumpTojson"]
|
self.writeJsonfile = self.config["output"]["dumpTojson"]
|
||||||
self.pushToplatform = self.config["output"]["pushToplatform"]
|
self.pushToplatform = self.config["output"]["pushToplatform"]
|
||||||
self.queryOverride = self.config["database"]["overrideEmbeddedquery"]
|
self.queryOverride = self.config["database"]["overrideEmbeddedquery"]
|
||||||
self.queryDaystopull = self.config["database"]["daysTopull"]
|
self.queryDaystopull = self.config["database"]["daysTopull"]
|
||||||
except:
|
except Exception as e:
|
||||||
print("No config.toml. Please use example file and configure appropriately")
|
print("No config.toml or possibly missing settings in the file. Please use config.toml.example file and configure appropriately")
|
||||||
|
self.il.error(e)
|
||||||
|
print(e)
|
||||||
|
|
||||||
exit(1)
|
exit(1)
|
||||||
|
|
||||||
if "dev" in self.selectedPlatform.lower():
|
if "dev" in self.selectedPlatform.lower():
|
||||||
@@ -73,11 +74,11 @@ class Inex:
|
|||||||
|
|
||||||
self.data = self.ic.inexSql.databaseQuery(self, self.cursor, self.sq.sqlQuerymodel.queryData(self.queryOverride,self.dbQuery, self.queryDaystopull))
|
self.data = self.ic.inexSql.databaseQuery(self, self.cursor, self.sq.sqlQuerymodel.queryData(self.queryOverride,self.dbQuery, self.queryDaystopull))
|
||||||
|
|
||||||
self.modifiedData = processData(self.data, dataTemplate, prd_instance_id=self.prdInstanceID,\
|
self.modifiedData = processData(self.data, dataTemplate, prd_ext_tenant_name=self.prdExttenantname,product_name=self.productName,\
|
||||||
product_guid=self.productGUID,product_name=self.productName,product_version=self.productVersion)
|
prd_ext_tenant_id=self.platformConfig["tenant_id"])
|
||||||
|
|
||||||
if self.pushToplatform:
|
if self.pushToplatform:
|
||||||
inexConnect.fortraEFC.pushPayload(self)
|
inexConnect.fortraEFC.__init__(self)
|
||||||
|
|
||||||
# TODO: move this to its own function
|
# TODO: move this to its own function
|
||||||
if self.useLog:
|
if self.useLog:
|
||||||
|
|||||||
@@ -43,33 +43,46 @@ class inexSql:
|
|||||||
return r
|
return r
|
||||||
|
|
||||||
class fortraEFC:
|
class fortraEFC:
|
||||||
def getToken(self):
|
def __init__(self):
|
||||||
self.tokenData = self.r.post(self.platformConfig["idp"], data={"grant_type":"client_credentials",\
|
# Check if .token file is present
|
||||||
"client_id": self.platformConfig["client_id"],\
|
if fortraEFC.readToken(self) == 1:
|
||||||
"client_secret": self.platformConfig["secret"],})
|
# Get fresh token. First run.
|
||||||
def writeToken(self):
|
fortraEFC.getToken(self)
|
||||||
fortraEFC.getToken(self)
|
fortraEFC.writeToken(self)
|
||||||
with open(self.tokenFilepath, "w") as f:
|
# Push data with token
|
||||||
self.j.dump(self.tokenData.json(), f, indent = 2)
|
self.pushPayloadresponse = fortraEFC.pushPayload(self)
|
||||||
|
if self.pushPayloadresponse == 401:
|
||||||
|
fortraEFC.getToken(self)
|
||||||
|
fortraEFC.writeToken(self)
|
||||||
|
fortraEFC.pushPayload(self)
|
||||||
|
|
||||||
def readToken(self):
|
def readToken(self):
|
||||||
if self.os.path.exists(self.tokenFilepath):
|
if self.os.path.exists(self.tokenFilepath):
|
||||||
with open(self.tokenFilepath, 'rb') as t:
|
with open(self.tokenFilepath, 'rb') as t:
|
||||||
self.tokenData = self.j.load(t)
|
self.tokenData = self.j.load(t)
|
||||||
# print(self.tokenData["access_token"])
|
self.il.debug(f'readToken {self.tokenData["access_token"]}')
|
||||||
|
return 0
|
||||||
else:
|
else:
|
||||||
fortraEFC.writeToken(self)
|
return 1
|
||||||
|
|
||||||
|
def getToken(self):
|
||||||
|
self.tokenData = self.r.post(self.platformConfig["idp"], data={"grant_type":"client_credentials",\
|
||||||
|
"client_id": self.platformConfig["client_id"],\
|
||||||
|
"client_secret": self.platformConfig["secret"],})
|
||||||
|
self.tokenData = self.tokenData.json()
|
||||||
|
self.il.debug(f'getToken {self.tokenData["access_token"]}')
|
||||||
|
|
||||||
|
def writeToken(self):
|
||||||
|
fortraEFC.getToken(self)
|
||||||
|
with open(self.tokenFilepath, "w") as f:
|
||||||
|
self.j.dump(self.tokenData, f, indent = 2)
|
||||||
|
self.il.debug(f'writeToken {self.tokenData["access_token"]}')
|
||||||
|
|
||||||
def pushPayload(self):
|
def pushPayload(self):
|
||||||
fortraEFC.readToken(self)
|
self.il.debug(f'pushPayload {self.tokenData["access_token"]}')
|
||||||
print(self.tokenData)
|
url = f'{self.platformConfig["efc_url"]}/api/v1/unity/data/{self.platformConfig["tenant_id"]}/machine_event'
|
||||||
try:
|
pushPayloadResponse = self.r.post(url, headers={'Authorization': f'Bearer {self.tokenData["access_token"]}'},\
|
||||||
url = f'{self.platformConfig["efc_url"]}/api/v1/unity/data/{self.platformConfig["tenant_id"]}/machine_event'
|
data=self.j.dumps(self.modifiedData, cls=self.e))
|
||||||
pushPayloadResponse = self.r.post(url, headers={'Authorization': f'bearer {self.tokenData["access_token"]}'},\
|
self.il.debug(pushPayloadResponse.status_code)
|
||||||
json=self.j.dumps(self.modifiedData,indent = 2, cls=self.e))
|
self.il.debug(pushPayloadResponse.text)
|
||||||
return pushPayloadResponse.status_code
|
return pushPayloadResponse.status_code
|
||||||
except self.r.exceptions.HTTPError as errh:
|
|
||||||
print ("Http Error:",errh)
|
|
||||||
if "401" in errh:
|
|
||||||
fortraEFC.writeToken(self)
|
|
||||||
fortraEFC.pushPayload(self)
|
|
||||||
110
inexDataModel.py
110
inexDataModel.py
@@ -1,6 +1,6 @@
|
|||||||
def dataTemplate(transactionType,**kwargs):
|
def dataTemplate(transactionType,**kwargs):
|
||||||
uploadDownload = {
|
upload = {
|
||||||
"bytes" : kwargs.get('bytes_out'),
|
"bytes" : kwargs.get('bytes'),
|
||||||
"dst_endpoint": {
|
"dst_endpoint": {
|
||||||
"port": kwargs.get('dst_endpoint_port'),
|
"port": kwargs.get('dst_endpoint_port'),
|
||||||
"ip": kwargs.get('dst_endpoint_ip'),
|
"ip": kwargs.get('dst_endpoint_ip'),
|
||||||
@@ -8,16 +8,17 @@ def dataTemplate(transactionType,**kwargs):
|
|||||||
},
|
},
|
||||||
"duration": kwargs.get('duration'),
|
"duration": kwargs.get('duration'),
|
||||||
"file": {
|
"file": {
|
||||||
"created_time": kwargs.get('time'),
|
"created_time": kwargs.get('file_created_time'),
|
||||||
|
"uid": kwargs.get('file_uid'),
|
||||||
"size": kwargs.get('file_size'),
|
"size": kwargs.get('file_size'),
|
||||||
"name": kwargs.get('file_name'),
|
"name": kwargs.get('file_name'),
|
||||||
"path": kwargs.get('file_path')
|
"path": kwargs.get('file_path')
|
||||||
},
|
},
|
||||||
"guid": kwargs.get('guid'),
|
"guid": kwargs.get('file_uid'),
|
||||||
"node_name": kwargs.get('node_name'),
|
"node_name": kwargs.get('node_name'),
|
||||||
"prd_ext_tenant_id": kwargs.get('tenant'),
|
"prd_ext_tenant_id": kwargs.get('prd_ext_tenant_id'),
|
||||||
"product_name": "GlobalScape EFT",
|
"product_name": kwargs.get('product_name'),
|
||||||
"prd_ext_tenant_name": "GlobalScape EFT",
|
"prd_ext_tenant_name": kwargs.get('prd_ext_tenant_name'),
|
||||||
"classifications": [{
|
"classifications": [{
|
||||||
"ref_id": f"globalscape:{kwargs.get('guid')}",
|
"ref_id": f"globalscape:{kwargs.get('guid')}",
|
||||||
"time": kwargs.get('time'),
|
"time": kwargs.get('time'),
|
||||||
@@ -31,15 +32,61 @@ def dataTemplate(transactionType,**kwargs):
|
|||||||
"ip": kwargs.get('src_endpoint_ip'),
|
"ip": kwargs.get('src_endpoint_ip'),
|
||||||
"type": kwargs.get('src_endpoint_type')
|
"type": kwargs.get('src_endpoint_type')
|
||||||
},
|
},
|
||||||
"tenant": kwargs.get('tenant'),
|
"tenant": kwargs.get('prd_ext_tenant_id'),
|
||||||
"tenant_name":"GlobalScape",
|
"tenant_name":"GlobalScape",
|
||||||
"time": kwargs.get('time'),
|
"time": kwargs.get('time'),
|
||||||
"status_code": kwargs.get('status_code'),
|
"status_code": kwargs.get('status_code'),
|
||||||
"status_detail": kwargs.get('description'),
|
"status_detail": kwargs.get('status_detail'),
|
||||||
"user": {
|
"user": {
|
||||||
"home_directory": kwargs.get('user_home_directory'),
|
"home_directory": kwargs.get('user_home_directory'),
|
||||||
"uuid": kwargs.get('guid'),
|
"uuid": kwargs.get('guid'),
|
||||||
"uid": kwargs.get('uid'),
|
"uid": kwargs.get('user_uid'),
|
||||||
|
"type": kwargs.get('user_type'),
|
||||||
|
"name": kwargs.get('user_name')
|
||||||
|
},
|
||||||
|
"utype": kwargs.get('utype')
|
||||||
|
}
|
||||||
|
download = {
|
||||||
|
"bytes" : kwargs.get('bytes'),
|
||||||
|
"dst_endpoint": {
|
||||||
|
"port": kwargs.get('dst_endpoint_port'),
|
||||||
|
"ip": kwargs.get('dst_endpoint_ip'),
|
||||||
|
"type": kwargs.get('dst_endpoint_type')
|
||||||
|
},
|
||||||
|
"duration": kwargs.get('duration'),
|
||||||
|
"file": {
|
||||||
|
"uid": kwargs.get('file_uid'),
|
||||||
|
"size": kwargs.get('file_size'),
|
||||||
|
"name": kwargs.get('file_name'),
|
||||||
|
"path": kwargs.get('file_path')
|
||||||
|
},
|
||||||
|
"guid": kwargs.get('file_uid'),
|
||||||
|
"node_name": kwargs.get('node_name'),
|
||||||
|
"prd_ext_tenant_id": kwargs.get('prd_ext_tenant_id'),
|
||||||
|
"product_name": kwargs.get('product_name'),
|
||||||
|
"prd_ext_tenant_name": kwargs.get('prd_ext_tenant_name'),
|
||||||
|
"classifications": [{
|
||||||
|
"ref_id": f"globalscape:{kwargs.get('guid')}",
|
||||||
|
"time": kwargs.get('time'),
|
||||||
|
}],
|
||||||
|
"session": {
|
||||||
|
"created_time": kwargs.get('time'),
|
||||||
|
"uid": kwargs.get('session_uid')
|
||||||
|
},
|
||||||
|
"src_endpoint": {
|
||||||
|
"port": kwargs.get('src_endpoint_port'),
|
||||||
|
"ip": kwargs.get('src_endpoint_ip'),
|
||||||
|
"type": kwargs.get('src_endpoint_type')
|
||||||
|
},
|
||||||
|
"tenant": kwargs.get('prd_ext_tenant_id'),
|
||||||
|
"tenant_name":"GlobalScape",
|
||||||
|
"time": kwargs.get('time'),
|
||||||
|
"status_code": kwargs.get('status_code'),
|
||||||
|
"status_detail": kwargs.get('status_detail'),
|
||||||
|
"user": {
|
||||||
|
"home_directory": kwargs.get('user_home_directory'),
|
||||||
|
"uuid": kwargs.get('guid'),
|
||||||
|
"uid": kwargs.get('user_uid'),
|
||||||
"type": kwargs.get('user_type'),
|
"type": kwargs.get('user_type'),
|
||||||
"name": kwargs.get('user_name')
|
"name": kwargs.get('user_name')
|
||||||
},
|
},
|
||||||
@@ -50,16 +97,18 @@ def dataTemplate(transactionType,**kwargs):
|
|||||||
"file": {
|
"file": {
|
||||||
"size": kwargs.get('file_size'),
|
"size": kwargs.get('file_size'),
|
||||||
"name": kwargs.get('file_name'),
|
"name": kwargs.get('file_name'),
|
||||||
"path": kwargs.get('file_path')
|
"path": kwargs.get('file_path'),
|
||||||
|
"uid": kwargs.get('file_uid'),
|
||||||
},
|
},
|
||||||
"guid": kwargs.get('guid'),
|
"guid": f'deleted:{kwargs.get("guid")}',
|
||||||
|
"node_name": kwargs.get('node_name'),
|
||||||
"classifications": [{
|
"classifications": [{
|
||||||
"ref_id": f"globalscape:{kwargs.get('guid')}",
|
"ref_id": f"globalscape:{kwargs.get('guid')}",
|
||||||
"time": kwargs.get('time'),
|
"time": kwargs.get('time'),
|
||||||
}],
|
}],
|
||||||
"prd_ext_tenant_name": "Globalscape EFT",
|
"prd_ext_tenant_name": kwargs.get("prd_ext_tenant_name"),
|
||||||
"prd_ext_tenant_id": kwargs.get('tenant'),
|
"prd_ext_tenant_id": kwargs.get('prd_ext_tenant_id'),
|
||||||
"product_name": "Globalscape EFT",
|
"product_name": kwargs.get("product_name"),
|
||||||
"session": {
|
"session": {
|
||||||
"created_time": kwargs.get('time'),
|
"created_time": kwargs.get('time'),
|
||||||
"uid": kwargs.get('session_uid')
|
"uid": kwargs.get('session_uid')
|
||||||
@@ -69,16 +118,20 @@ def dataTemplate(transactionType,**kwargs):
|
|||||||
"ip": kwargs.get('src_endpoint_ip'),
|
"ip": kwargs.get('src_endpoint_ip'),
|
||||||
"type": kwargs.get('src_endpoint_type')
|
"type": kwargs.get('src_endpoint_type')
|
||||||
},
|
},
|
||||||
|
"tenant": kwargs.get('prd_ext_tenant_id'),
|
||||||
|
"tenant_name":"GlobalScape",
|
||||||
"dst_endpoint": {
|
"dst_endpoint": {
|
||||||
"port": kwargs.get('dst_endpoint_port'),
|
"port": kwargs.get('dst_endpoint_port'),
|
||||||
"ip": kwargs.get('dst_endpoint_ip'),
|
"ip": kwargs.get('dst_endpoint_ip'),
|
||||||
"type": kwargs.get('dst_endpoint_type')
|
"type": kwargs.get('dst_endpoint_type')
|
||||||
},
|
},
|
||||||
"time": kwargs.get('time'),
|
"time": kwargs.get('time'),
|
||||||
|
"status_code": kwargs.get('status_code'),
|
||||||
|
"status_detail": kwargs.get('status_detail'),
|
||||||
"user": {
|
"user": {
|
||||||
"home_directory": kwargs.get('user_home_directory'),
|
"home_directory": kwargs.get('user_home_directory'),
|
||||||
"uuid": kwargs.get('guid'),
|
"uuid": kwargs.get('user_session_uid'),
|
||||||
"uid": kwargs.get('uid'),
|
"uid": kwargs.get('user_uid'),
|
||||||
"type": kwargs.get('user_type'),
|
"type": kwargs.get('user_type'),
|
||||||
"name": kwargs.get('user_name')
|
"name": kwargs.get('user_name')
|
||||||
},
|
},
|
||||||
@@ -96,9 +149,14 @@ def dataTemplate(transactionType,**kwargs):
|
|||||||
"type": kwargs.get('dst_endpoint_type')
|
"type": kwargs.get('dst_endpoint_type')
|
||||||
},
|
},
|
||||||
"guid": kwargs.get('guid'),
|
"guid": kwargs.get('guid'),
|
||||||
"prd_ext_tenant_id": kwargs.get('tenant'),
|
"node_name": kwargs.get('node_name'),
|
||||||
"product_name": "GlobalScape EFT",
|
"tenant": kwargs.get('prd_ext_tenant_id'),
|
||||||
"prd_ext_tenant_name": "GlobalScape EFT",
|
"tenant_name":"GlobalScape",
|
||||||
|
"prd_ext_tenant_id": kwargs.get('prd_ext_tenant_id'),
|
||||||
|
"product_name": kwargs.get("product_name"),
|
||||||
|
"prd_ext_tenant_name": kwargs.get('prd_ext_tenant_name'),
|
||||||
|
"status_code": kwargs.get('status_code'),
|
||||||
|
"status_detail": kwargs.get('status_detail'),
|
||||||
"src_endpoint": {
|
"src_endpoint": {
|
||||||
"port": kwargs.get('src_endpoint_port'),
|
"port": kwargs.get('src_endpoint_port'),
|
||||||
"ip": kwargs.get('src_endpoint_ip'),
|
"ip": kwargs.get('src_endpoint_ip'),
|
||||||
@@ -107,18 +165,22 @@ def dataTemplate(transactionType,**kwargs):
|
|||||||
"time": kwargs.get('time'),
|
"time": kwargs.get('time'),
|
||||||
"user": {
|
"user": {
|
||||||
"home_directory": kwargs.get('user_home_directory'),
|
"home_directory": kwargs.get('user_home_directory'),
|
||||||
"uuid": kwargs.get('guid'),
|
"uuid": kwargs.get('user_session_uid'),
|
||||||
"uid": kwargs.get('uid'),
|
"uid": kwargs.get('user_uid'),
|
||||||
"type": kwargs.get('user_type'),
|
"type": kwargs.get('user_type'),
|
||||||
"name": kwargs.get('user_name')
|
"name": kwargs.get('user_name')
|
||||||
},
|
},
|
||||||
|
"session": {
|
||||||
|
"created_time": kwargs.get('time'),
|
||||||
|
"uid": kwargs.get('session_uid')
|
||||||
|
},
|
||||||
"utype": kwargs.get('utype')
|
"utype": kwargs.get('utype')
|
||||||
}
|
}
|
||||||
|
|
||||||
if transactionType == "file_uploaded":
|
if transactionType == "file_uploaded":
|
||||||
template = uploadDownload
|
template = upload
|
||||||
if transactionType == "file_downloaded":
|
if transactionType == "file_downloaded":
|
||||||
template = uploadDownload
|
template = download
|
||||||
if transactionType == "file_deleted":
|
if transactionType == "file_deleted":
|
||||||
template = fileDeleted
|
template = fileDeleted
|
||||||
if transactionType == "user_logged_on":
|
if transactionType == "user_logged_on":
|
||||||
|
|||||||
@@ -4,58 +4,69 @@ def processData(data, template, **kwargs):
|
|||||||
additional data to insert into the template."""
|
additional data to insert into the template."""
|
||||||
processedData = []
|
processedData = []
|
||||||
transactionLoginid = []
|
transactionLoginid = []
|
||||||
|
|
||||||
for row in data:
|
for row in data:
|
||||||
# print(f'Row: {row}')
|
# print(f'Row: {row}')
|
||||||
if identifyUtype(row.get('Command')) == "other":
|
# must set variables for the different templates and do logic based on that. Do not call identifyUtype many times
|
||||||
|
identifyUtypecommand = identifyUtype(row.get('Command'))
|
||||||
|
|
||||||
|
if identifyUtypecommand == "other":
|
||||||
continue
|
continue
|
||||||
|
|
||||||
if row.get('Command') == None:
|
if row.get('Command') == None:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
userType = identifyUserType(row.get('user_type'))
|
||||||
try:
|
try:
|
||||||
processedData.append(template(identifyUtype(row.get('Command')),\
|
processedData.append(template(identifyUtypecommand,\
|
||||||
prd_ext_tenant_id='',\
|
prd_ext_tenant_name=kwargs.get('prd_ext_tenant_name'),\
|
||||||
|
user_uid=row.get('TransactionID'),\
|
||||||
|
status_detail=row.get('Description'),\
|
||||||
|
prd_ext_tenant_id=kwargs.get('prd_ext_tenant_id'),\
|
||||||
status_code=row.get('ResultID'),\
|
status_code=row.get('ResultID'),\
|
||||||
|
file_created_time=row.get('Time_stamp'),\
|
||||||
file_size=row.get('FileSize'),\
|
file_size=row.get('FileSize'),\
|
||||||
|
file_uid=row.get('ProtocolCommandID'),\
|
||||||
file_path=row.get('PhysicalFolderName'),\
|
file_path=row.get('PhysicalFolderName'),\
|
||||||
file_virtual_path=row.get('VirtualFolderName'),\
|
|
||||||
file_name=row.get('FileName'),\
|
file_name=row.get('FileName'),\
|
||||||
guid=row.get('TransactionGUID'),\
|
guid=row.get('TransactionGUID'),\
|
||||||
ref_id=row.get('ProtocolCommandID'),\
|
|
||||||
prd_instance_id=kwargs.get('prd_instance_id'),\
|
|
||||||
product_guid=kwargs.get('product_guid'),\
|
|
||||||
product_name=kwargs.get('product_name'),\
|
product_name=kwargs.get('product_name'),\
|
||||||
product_version=kwargs.get('product_version'),\
|
|
||||||
node_name=row.get('NodeName'),\
|
node_name=row.get('NodeName'),\
|
||||||
|
session_uid=row.get('TransactionID'),\
|
||||||
src_endpoint_type=row.get('Protocol'),\
|
src_endpoint_type=row.get('Protocol'),\
|
||||||
src_endpoint_port=row.get('RemotePort'),\
|
src_endpoint_port=row.get('RemotePort'),\
|
||||||
src_endpoint_ip=row.get('RemoteIP'),\
|
src_endpoint_ip=row.get('RemoteIP'),\
|
||||||
dst_endpoint_port=row.get('LocalPort'),\
|
dst_endpoint_port=row.get('LocalPort'),\
|
||||||
dst_endpoint_ip=row.get('LocalIP'),\
|
dst_endpoint_ip=row.get('LocalIP'),\
|
||||||
dst_endpoint_type=row.get('Protocol'),\
|
dst_endpoint_type=row.get('Protocol'),\
|
||||||
session_uid=row.get('TransactionID'),\
|
user_session_uid=row.get('TransactionID'),\
|
||||||
bytes_out=row.get('BytesTransferred'),\
|
bytes=row.get('BytesTransferred'),\
|
||||||
duration=row.get('TransferTime'),\
|
|
||||||
time=row.get('Time_stamp'),\
|
time=row.get('Time_stamp'),\
|
||||||
user_type=identifyUserType(row.get('user_type')),\
|
duration=row.get('TransferTime'),\
|
||||||
user_domain=row.get('SiteName'),\
|
user_type=userType,\
|
||||||
user_name=row.get('Actor'),\
|
user_name=row.get('Actor'),\
|
||||||
user_home_directory=row.get('VirtualFolderName'),\
|
user_home_directory=row.get('VirtualFolderName'),\
|
||||||
description=row.get('Description'),\
|
utype=identifyUtypecommand))
|
||||||
utype=identifyUtype(row.get('Command'))))
|
|
||||||
except UnboundLocalError:
|
except UnboundLocalError:
|
||||||
print(f'Problem row GUID:{row.get("TransactionGUID")} ::: TransactionObject:{row.get("TransactionObject")} Command: {row.get("Command")}')
|
print(f'Problem row GUID:{row.get("TransactionGUID")} ::: TransactionObject:{row.get("TransactionObject")} Command: {row.get("Command")}')
|
||||||
|
continue
|
||||||
|
|
||||||
|
identifyUtypetransactionObject = identifyUtype(row.get('TransactionObject'))
|
||||||
|
|
||||||
|
if identifyUtypetransactionObject == "other":
|
||||||
continue
|
continue
|
||||||
|
|
||||||
if row.get('TransactionGUID') not in transactionLoginid:
|
if row.get('TransactionGUID') not in transactionLoginid:
|
||||||
try:
|
try:
|
||||||
processedData.append(template(identifyUtype(row.get('TransactionObject')),\
|
processedData.append(template(identifyUtypetransactionObject,\
|
||||||
|
prd_ext_tenant_id=kwargs.get('prd_ext_tenant_id'),\
|
||||||
|
prd_ext_tenant_name=kwargs.get('prd_ext_tenant_name'),\
|
||||||
|
status_detail=row.get('Description'),\
|
||||||
guid=row.get('TransactionGUID'),\
|
guid=row.get('TransactionGUID'),\
|
||||||
|
status_code=row.get('ResultID'),\
|
||||||
|
node_name=row.get('NodeName'),\
|
||||||
prd_instance_id=kwargs.get('prd_instance_id'),\
|
prd_instance_id=kwargs.get('prd_instance_id'),\
|
||||||
product_guid=kwargs.get('product_guid'),\
|
|
||||||
product_name=kwargs.get('product_name'),\
|
product_name=kwargs.get('product_name'),\
|
||||||
product_version=kwargs.get('product_version'),\
|
|
||||||
src_endpoint_type=row.get('Protocol'),\
|
src_endpoint_type=row.get('Protocol'),\
|
||||||
src_endpoint_port=row.get('RemotePort'),\
|
src_endpoint_port=row.get('RemotePort'),\
|
||||||
src_endpoint_ip=row.get('RemoteIP'),\
|
src_endpoint_ip=row.get('RemoteIP'),\
|
||||||
@@ -63,14 +74,14 @@ def processData(data, template, **kwargs):
|
|||||||
dst_endpoint_ip=row.get('LocalIP'),\
|
dst_endpoint_ip=row.get('LocalIP'),\
|
||||||
dst_endpoint_type=row.get('Protocol'),\
|
dst_endpoint_type=row.get('Protocol'),\
|
||||||
session_uid=row.get('TransactionID'),\
|
session_uid=row.get('TransactionID'),\
|
||||||
bytes_out=row.get('BytesTransferred'),\
|
|
||||||
transfer_time=row.get('TransferTime'),\
|
transfer_time=row.get('TransferTime'),\
|
||||||
time=row.get('Time_stamp'),\
|
time=row.get('Time_stamp'),\
|
||||||
user_type=identifyUserType(row.get('user_type')),\
|
user_session_uid=row.get('TransactionID'),\
|
||||||
user_domain=row.get('SiteName'),\
|
user_uid=row.get('TransactionID'),\
|
||||||
|
user_type=userType,\
|
||||||
user_name=row.get('Actor'),\
|
user_name=row.get('Actor'),\
|
||||||
user_home_directory=row.get('VirtualFolderName'),\
|
user_home_directory=row.get('PhysicalFolderName'),\
|
||||||
utype=identifyUtype(row.get('TransactionObject'))\
|
utype=identifyUtypetransactionObject\
|
||||||
))
|
))
|
||||||
transactionLoginid.append(row.get('TransactionGUID'))
|
transactionLoginid.append(row.get('TransactionGUID'))
|
||||||
except UnboundLocalError:
|
except UnboundLocalError:
|
||||||
@@ -88,6 +99,7 @@ def identifyUserType(obj):
|
|||||||
return "User"
|
return "User"
|
||||||
else:
|
else:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def identifyUtype(obj):
|
def identifyUtype(obj):
|
||||||
"""Process Type of transaction based on string that passed in.
|
"""Process Type of transaction based on string that passed in.
|
||||||
Return transaction type."""
|
Return transaction type."""
|
||||||
@@ -98,11 +110,11 @@ def identifyUtype(obj):
|
|||||||
|
|
||||||
if obj in user_logged_on:
|
if obj in user_logged_on:
|
||||||
return "user_logged_on"
|
return "user_logged_on"
|
||||||
if obj in file_deleted:
|
elif obj in file_deleted:
|
||||||
return "file_deleted"
|
return "file_deleted"
|
||||||
if obj in file_uploaded:
|
elif obj in file_uploaded:
|
||||||
return "file_uploaded"
|
return "file_uploaded"
|
||||||
if obj in file_downloaded:
|
elif obj in file_downloaded:
|
||||||
return "file_downloaded"
|
return "file_downloaded"
|
||||||
else:
|
else:
|
||||||
return "other"
|
return "other"
|
||||||
@@ -3,7 +3,7 @@ class sqlQuerymodel:
|
|||||||
"""Embedded query data"""
|
"""Embedded query data"""
|
||||||
q ="""DECLARE @stopTime DATETIME2
|
q ="""DECLARE @stopTime DATETIME2
|
||||||
SET @stopTime=DATEADD(DAY, -30, GETDATE())
|
SET @stopTime=DATEADD(DAY, -30, GETDATE())
|
||||||
SELECT p.ProtocolCommandID, t.Time_stamp, p.RemoteIP, p.RemotePort, p.LocalIP, p.LocalPort, p.Protocol, p.SiteName, p.Command, p.FileName, p.VirtualFolderName, p.FileSize, p.TransferTime, p.BytesTransferred, p.Description, p.ResultID, t.TransactionID, p.Actor, t.TransactionObject, t.NodeName, t.TransactionGUID, a.Protocol user_type
|
SELECT p.ProtocolCommandID, t.Time_stamp, p.RemoteIP, p.RemotePort, p.LocalIP, p.LocalPort, p.Protocol, p.SiteName, p.Command, p.FileName, p.PhysicalFolderName, p.VirtualFolderName, p.FileSize, p.TransferTime, p.BytesTransferred, p.Description, p.ResultID, t.TransactionID, p.Actor, t.TransactionObject, t.NodeName, t.TransactionGUID, a.Protocol user_type
|
||||||
FROM tbl_Transactions t
|
FROM tbl_Transactions t
|
||||||
Full JOIN tbl_ProtocolCommands p ON(t.TransactionID=p.TransactionID)
|
Full JOIN tbl_ProtocolCommands p ON(t.TransactionID=p.TransactionID)
|
||||||
Full join tbl_Authentications a ON(t.TransactionID=a.TransactionID)
|
Full join tbl_Authentications a ON(t.TransactionID=a.TransactionID)
|
||||||
|
|||||||
6
test.py
6
test.py
@@ -35,4 +35,8 @@ def identifyUtype(obj):
|
|||||||
if obj in file_downloaded:
|
if obj in file_downloaded:
|
||||||
return "file_downloaded"
|
return "file_downloaded"
|
||||||
else:
|
else:
|
||||||
return "other"
|
return "other"
|
||||||
|
|
||||||
|
transactionType = 'file_uploaded'
|
||||||
|
|
||||||
|
print(transactionType.split("_")[1].rstrip("d").rstrip("e"))
|
||||||
Reference in New Issue
Block a user