Support of the ZMQ_REWORK

2017-10-27 12:05:14 +02:00 · 2017-10-27 12:05:14 +02:00 · 724157f9e5
parent 38c0eef615
commit 724157f9e5
3 changed files with 32 additions and 15 deletions
--- a/config.cfg
+++ b/config.cfg
@ -19,19 +19,21 @@ zoomlevel = 11
 clusteringDistance = 10

 [Log]
-fieldname_order=["id", "category", "type", ["value", "comment"]]
+fieldname_order=["Event.id", "Attribute.category", "Attribute.type", ["Attribute.value", "Attribute.comment"]]
+#fieldname_order=["id", "category", "type", ["value", "comment"]]
 char_separator=||

 [RedisLog]
 host=localhost
-port=6250
+port=6251
 db=0
 channel=1
-zmq_url=tcp://localhost:9990
+zmq_url=tcp://192.168.56.50:50000
+#zmq_url=tcp://localhost:9990

 [RedisMap]
 host=localhost
-port=6250
+port=6251
 db=1
 channelProc=CoordToProcess
 channelDisp=PicToDisplay
--- a/server.py
+++ b/server.py
@ -38,8 +38,8 @@ class LogItem():

    FIELDNAME_ORDER = []
    FIELDNAME_ORDER_HEADER = []
-    FIELDNAME_ORDER.append("time")
-    FIELDNAME_ORDER_HEADER.append("time")
+    FIELDNAME_ORDER.append("Time")
+    FIELDNAME_ORDER_HEADER.append("Time")
    for item in json.loads(cfg.get('Log', 'fieldname_order')):
        if type(item) is list:
            FIELDNAME_ORDER_HEADER.append(" | ".join(item))
@ -58,7 +58,7 @@ class LogItem():
    def get_head_row(self):
        to_ret = []
        for fn in LogItem.FIELDNAME_ORDER_HEADER:
-            to_ret.append(fn[0].upper()+fn[1:])
+            to_ret.append(fn)
        return to_ret

    def get_row(self):
@ -227,4 +227,4 @@ def event_stream_maps():
        yield 'data: {}\n\n'.format(content)

 if __name__ == '__main__':
-    app.run(host='localhost', port=8000, threaded=True)
+    app.run(host='localhost', port=8001, threaded=True)
--- a/zmq_subscriber.py
+++ b/zmq_subscriber.py
@ -99,6 +99,10 @@ def handler_keepalive(zmq_name, jsonevent):
    to_push = [ jsonevent['uptime'] ]
    publish_log(zmq_name, 'Keepalive', to_push)

+def handler_sighting(zmq_name, jsonsight):
+    print('sending' ,'sighting')
+    return
+
 def handler_event(zmq_name, jsonevent):
    #fields: threat_level_id, id, info
    jsonevent = jsonevent['Event']
@ -112,17 +116,27 @@ def handler_event(zmq_name, jsonevent):
            handler_attribute(zmq_name, attributes)


-def handler_attribute(zmq_name, jsonattr):
+def getFields(obj, fields):
+    jsonWalker = fields.split('.')
+    itemToExplore = obj
+    for i in jsonWalker:
+        itemToExplore = itemToExplore[i]
+    return itemToExplore
+
+def handler_attribute(zmq_name, jsonobj):
    # check if jsonattr is an attribute object
-    if 'Attribute' in jsonattr:
-        jsonattr = jsonattr['Attribute']
+    if 'Attribute' in jsonobj:
+        jsonattr = jsonobj['Attribute']

    to_push = []
    for field in json.loads(cfg.get('Log', 'fieldname_order')):
        if type(field) is list:
-            to_add = cfg.get('Log', 'char_separator').join([ jsonattr[subField] for subField in field ])
+            to_join = []
+            for subField in field:
+                to_join.append(getFields(jsonobj, subField))
+            to_add = cfg.get('Log', 'char_separator').join(to_join)
        else:
-            to_add = jsonattr[field]
+            to_add = getFields(jsonobj, field)
        to_push.append(to_add)

    #try to get coord from ip
@ -154,10 +168,11 @@ def main(zmqName):


 dico_action = {
-        "misp_json":                handler_event,
+        "misp_json":                handler_log,
+        "misp_json_event":          handler_event,
        "misp_json_self":           handler_keepalive,
        "misp_json_attribute":      handler_attribute,
-        "misp_json_sighting":       handler_log,
+        "misp_json_sighting":       handler_sighting,
        "misp_json_organisation":   handler_log,
        "misp_json_user":           handler_log,
        "misp_json_conversation":   handler_log