diff --git a/config.cfg b/config.cfg index 15e92d9..dc79f3f 100644 --- a/config.cfg +++ b/config.cfg @@ -19,19 +19,21 @@ zoomlevel = 11 clusteringDistance = 10 [Log] -fieldname_order=["id", "category", "type", ["value", "comment"]] +fieldname_order=["Event.id", "Attribute.category", "Attribute.type", ["Attribute.value", "Attribute.comment"]] +#fieldname_order=["id", "category", "type", ["value", "comment"]] char_separator=|| [RedisLog] host=localhost -port=6250 +port=6251 db=0 channel=1 -zmq_url=tcp://localhost:9990 +zmq_url=tcp://192.168.56.50:50000 +#zmq_url=tcp://localhost:9990 [RedisMap] host=localhost -port=6250 +port=6251 db=1 channelProc=CoordToProcess channelDisp=PicToDisplay diff --git a/server.py b/server.py index c6d93dc..1bfcf24 100755 --- a/server.py +++ b/server.py @@ -38,8 +38,8 @@ class LogItem(): FIELDNAME_ORDER = [] FIELDNAME_ORDER_HEADER = [] - FIELDNAME_ORDER.append("time") - FIELDNAME_ORDER_HEADER.append("time") + FIELDNAME_ORDER.append("Time") + FIELDNAME_ORDER_HEADER.append("Time") for item in json.loads(cfg.get('Log', 'fieldname_order')): if type(item) is list: FIELDNAME_ORDER_HEADER.append(" | ".join(item)) @@ -58,7 +58,7 @@ class LogItem(): def get_head_row(self): to_ret = [] for fn in LogItem.FIELDNAME_ORDER_HEADER: - to_ret.append(fn[0].upper()+fn[1:]) + to_ret.append(fn) return to_ret def get_row(self): @@ -227,4 +227,4 @@ def event_stream_maps(): yield 'data: {}\n\n'.format(content) if __name__ == '__main__': - app.run(host='localhost', port=8000, threaded=True) + app.run(host='localhost', port=8001, threaded=True) diff --git a/zmq_subscriber.py b/zmq_subscriber.py index 3d6e4ec..0f0f0e2 100755 --- a/zmq_subscriber.py +++ b/zmq_subscriber.py @@ -99,6 +99,10 @@ def handler_keepalive(zmq_name, jsonevent): to_push = [ jsonevent['uptime'] ] publish_log(zmq_name, 'Keepalive', to_push) +def handler_sighting(zmq_name, jsonsight): + print('sending' ,'sighting') + return + def handler_event(zmq_name, jsonevent): #fields: threat_level_id, id, info jsonevent = jsonevent['Event'] @@ -112,17 +116,27 @@ def handler_event(zmq_name, jsonevent): handler_attribute(zmq_name, attributes) -def handler_attribute(zmq_name, jsonattr): +def getFields(obj, fields): + jsonWalker = fields.split('.') + itemToExplore = obj + for i in jsonWalker: + itemToExplore = itemToExplore[i] + return itemToExplore + +def handler_attribute(zmq_name, jsonobj): # check if jsonattr is an attribute object - if 'Attribute' in jsonattr: - jsonattr = jsonattr['Attribute'] + if 'Attribute' in jsonobj: + jsonattr = jsonobj['Attribute'] to_push = [] for field in json.loads(cfg.get('Log', 'fieldname_order')): if type(field) is list: - to_add = cfg.get('Log', 'char_separator').join([ jsonattr[subField] for subField in field ]) + to_join = [] + for subField in field: + to_join.append(getFields(jsonobj, subField)) + to_add = cfg.get('Log', 'char_separator').join(to_join) else: - to_add = jsonattr[field] + to_add = getFields(jsonobj, field) to_push.append(to_add) #try to get coord from ip @@ -154,10 +168,11 @@ def main(zmqName): dico_action = { - "misp_json": handler_event, + "misp_json": handler_log, + "misp_json_event": handler_event, "misp_json_self": handler_keepalive, "misp_json_attribute": handler_attribute, - "misp_json_sighting": handler_log, + "misp_json_sighting": handler_sighting, "misp_json_organisation": handler_log, "misp_json_user": handler_log, "misp_json_conversation": handler_log