jblu/Inex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases 8 Wiki Activity

dev-update-data-model #13

Merged
jblu merged 2 commits from dev-update-data-model into main 2024-08-10 00:03:55 -05:00
Conversation 0 Commits 2 Files Changed 3 +73 -36
3 changed files with 73 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit ebe10f80ba - Show all commits

16
inexDataModel.py
View File

@@ -1,5 +1,5 @@
def dataTemplate(transactionType,**kwargs): def dataTemplate(transactionType,**kwargs):
general = { uploadDownload = {
"bytes" : kwargs.get('bytes_out'), "bytes" : kwargs.get('bytes_out'),
"dst_endpoint": { "dst_endpoint": {
"port": kwargs.get('dst_endpoint_port'), "port": kwargs.get('dst_endpoint_port'),
@@ -114,12 +114,14 @@ def dataTemplate(transactionType,**kwargs):
}, },
"utype": kwargs.get('utype') "utype": kwargs.get('utype')
} }
if transactionType == "FileUploaded":
template = general if transactionType == "file_uploaded":
if transactionType == "FileDownloaded": template = uploadDownload
template = general if transactionType == "file_downloaded":
if transactionType == "FileDeleted": template = uploadDownload
if transactionType == "file_deleted":
template = fileDeleted template = fileDeleted
if transactionType == "Logon": if transactionType == "user_logged_on":
template = logon template = logon
return template return template

88
inexDataProcessing.py
View File

@@ -1,36 +1,68 @@
def processData(data, template, **kwargs): def processData(data, template, **kwargs):
processedData = [] processedData = []
transactionLoginid = []
for row in data: for row in data:
print(f'Row: {row}') # print(f'Row: {row}')
if row.get('Command') == None: if row.get('Command') == None:
continue continue
processedData.append(template(identifyUtype(row.get('Command')),\ processedData.append(template(identifyUtype(row.get('Command')),\
status_detail=row.get(''),\ prd_ext_tenant_id='',\
status_code=row.get('ResultID'),\ status_code=row.get('ResultID'),\
file_size=row.get('FileSize'),\ file_size=row.get('FileSize'),\
file_path=row.get('PhysicalFolderName'),\ file_path=row.get('PhysicalFolderName'),\
file_virtual_path=row.get('VirtualFolderName'),\ file_virtual_path=row.get('VirtualFolderName'),\
file_name=row.get('FileName'),\ file_name=row.get('FileName'),\
guid=row.get('TransactionGUID'),\ guid=row.get('TransactionGUID'),\
ref_id=row.get('ProtocolCommandID'),\ ref_id=row.get('ProtocolCommandID'),\
prd_instance_id=kwargs.get('prd_instance_id'),\ prd_instance_id=kwargs.get('prd_instance_id'),\
product_guid=kwargs.get('product_guid'),\ product_guid=kwargs.get('product_guid'),\
product_name=kwargs.get('product_name'),\ product_name=kwargs.get('product_name'),\
product_version=kwargs.get('product_version'),\ product_version=kwargs.get('product_version'),\
node_name=row.get('NodeName'),\ node_name=row.get('NodeName'),\
src_endpoint_port=row.get('RemotePort'),\ src_endpoint_type=row.get('Protocol'),\
src_endpoint_ip=row.get('RemoteIP'),\ src_endpoint_port=row.get('RemotePort'),\
dst_endpoint_port=row.get('LocalPort'),\ src_endpoint_ip=row.get('RemoteIP'),\
dst_endpoint_ip=row.get('LocalIP'),\ dst_endpoint_port=row.get('LocalPort'),\
dst_endpoint_type=row.get('Protocol'),\ dst_endpoint_ip=row.get('LocalIP'),\
session_uid=row.get('TransactionID'),\ dst_endpoint_type=row.get('Protocol'),\
bytes_out=row.get('BytesTransferred'),\ session_uid=row.get('TransactionID'),\
transfer_time=row.get('TransferTime'),\ bytes_out=row.get('BytesTransferred'),\
time=row.get('Time_stamp'),\ duration=row.get('TransferTime'),\
user_type=identifyUserType(row.get('user_type')),\ time=row.get('Time_stamp'),\
user_domain=row.get('SiteName'),\ user_type=identifyUserType(row.get('user_type')),\
user_name=row.get('Actor'),\ user_domain=row.get('SiteName'),\
utype=identifyUtype(row.get('Command')))) user_name=row.get('Actor'),\
user_home_directory=row.get('VirtualFolderName'),\
utype=identifyUtype(row.get('Command'))))
if row.get('TransactionGUID') not in transactionLoginid:
processedData.append(template(identifyUtype(row.get('TransactionObject')),\
guid=row.get('TransactionGUID'),\
prd_instance_id=kwargs.get('prd_instance_id'),\
product_guid=kwargs.get('product_guid'),\
product_name=kwargs.get('product_name'),\
product_version=kwargs.get('product_version'),\
src_endpoint_type=row.get('Protocol'),\
src_endpoint_port=row.get('RemotePort'),\
src_endpoint_ip=row.get('RemoteIP'),\
dst_endpoint_port=row.get('LocalPort'),\
dst_endpoint_ip=row.get('LocalIP'),\
dst_endpoint_type=row.get('Protocol'),\
session_uid=row.get('TransactionID'),\
bytes_out=row.get('BytesTransferred'),\
transfer_time=row.get('TransferTime'),\
time=row.get('Time_stamp'),\
user_type=identifyUserType(row.get('user_type')),\
user_domain=row.get('SiteName'),\
user_name=row.get('Actor'),\
user_home_directory=row.get('VirtualFolderName'),\
utype=identifyUtype(row.get('TransactionObject'))\
))
transactionLoginid.append(row.get('TransactionGUID'))
return processedData return processedData
def identifyUserType(obj): def identifyUserType(obj):
@@ -42,7 +74,7 @@ def identifyUserType(obj):
else: else:
return None return None
def identifyUtype(obj): def identifyUtype(obj):
user_logged_on = [] user_logged_on = ['AUTH']
file_deleted = ["dele"] file_deleted = ["dele"]
file_uploaded = ["created"] file_uploaded = ["created"]
file_downloaded = ["sent"] file_downloaded = ["sent"]

5
test.py
View File

@@ -15,4 +15,7 @@ def builddict(keys,*args,**kwargs):
dict[key] = kwargs.get(key) dict[key] = kwargs.get(key)
print(dict) print(dict)
a = builddict(["bytes","duration","dst_endpoint"],bytes=2490,duration=200,dst_enpoint={"port": 1,"ip": 1,"type":1}) testfolder = '/Usr/a/asdf/asf'
user = 'a'
print(testfolder.split(f"/{user}/"))