Support of the ZMQ_REWORK

config.cfg

@@ -19,19 +19,21 @@ zoomlevel = 11
 clusteringDistance = 10
 
 [Log]
-fieldname_order=["id", "category", "type", ["value", "comment"]]
+fieldname_order=["Event.id", "Attribute.category", "Attribute.type", ["Attribute.value", "Attribute.comment"]]
+#fieldname_order=["id", "category", "type", ["value", "comment"]]
 char_separator=||
 
 [RedisLog]
 host=localhost
-port=6250
+port=6251
 db=0
 channel=1
-zmq_url=tcp://localhost:9990
+zmq_url=tcp://192.168.56.50:50000
+#zmq_url=tcp://localhost:9990
 
 [RedisMap]
 host=localhost
-port=6250
+port=6251
 db=1
 channelProc=CoordToProcess
 channelDisp=PicToDisplay

server.py

@@ -38,8 +38,8 @@ class LogItem():
 
     FIELDNAME_ORDER = []
     FIELDNAME_ORDER_HEADER = []
-    FIELDNAME_ORDER.append("time")
+    FIELDNAME_ORDER.append("Time")
-    FIELDNAME_ORDER_HEADER.append("time")
+    FIELDNAME_ORDER_HEADER.append("Time")
     for item in json.loads(cfg.get('Log', 'fieldname_order')):
         if type(item) is list:
             FIELDNAME_ORDER_HEADER.append(" | ".join(item))
@@ -58,7 +58,7 @@ class LogItem():
     def get_head_row(self):
         to_ret = []
         for fn in LogItem.FIELDNAME_ORDER_HEADER:
-            to_ret.append(fn[0].upper()+fn[1:])
+            to_ret.append(fn)
         return to_ret
 
     def get_row(self):
@@ -227,4 +227,4 @@ def event_stream_maps():
         yield 'data: {}\n\n'.format(content)
 
 if __name__ == '__main__':
-    app.run(host='localhost', port=8000, threaded=True)
+    app.run(host='localhost', port=8001, threaded=True)

zmq_subscriber.py

@@ -99,6 +99,10 @@ def handler_keepalive(zmq_name, jsonevent):
     to_push = [ jsonevent['uptime'] ]
     publish_log(zmq_name, 'Keepalive', to_push)
 
+def handler_sighting(zmq_name, jsonsight):
+    print('sending' ,'sighting')
+    return
+
 def handler_event(zmq_name, jsonevent):
     #fields: threat_level_id, id, info
     jsonevent = jsonevent['Event']
@@ -112,17 +116,27 @@ def handler_event(zmq_name, jsonevent):
             handler_attribute(zmq_name, attributes)
 
 
-def handler_attribute(zmq_name, jsonattr):
+def getFields(obj, fields):
+    jsonWalker = fields.split('.')
+    itemToExplore = obj
+    for i in jsonWalker:
+        itemToExplore = itemToExplore[i]
+    return itemToExplore
+
+def handler_attribute(zmq_name, jsonobj):
     # check if jsonattr is an attribute object
-    if 'Attribute' in jsonattr:
+    if 'Attribute' in jsonobj:
-        jsonattr = jsonattr['Attribute']
+        jsonattr = jsonobj['Attribute']
 
     to_push = []
     for field in json.loads(cfg.get('Log', 'fieldname_order')):
         if type(field) is list:
-            to_add = cfg.get('Log', 'char_separator').join([ jsonattr[subField] for subField in field ])
+            to_join = []
+            for subField in field:
+                to_join.append(getFields(jsonobj, subField))
+            to_add = cfg.get('Log', 'char_separator').join(to_join)
         else:
-            to_add = jsonattr[field]
+            to_add = getFields(jsonobj, field)
         to_push.append(to_add)
 
     #try to get coord from ip
@@ -154,10 +168,11 @@ def main(zmqName):
 
 
 dico_action = {
-        "misp_json":                handler_event,
+        "misp_json":                handler_log,
+        "misp_json_event":          handler_event,
         "misp_json_self":           handler_keepalive,
         "misp_json_attribute":      handler_attribute,
-        "misp_json_sighting":       handler_log,
+        "misp_json_sighting":       handler_sighting,
         "misp_json_organisation":   handler_log,
         "misp_json_user":           handler_log,
         "misp_json_conversation":   handler_log