mirror of https://github.com/MISP/misp-dashboard
fix: [userLogin] Do not consider all login as login from the SYSTEM
ADMIN anymore Due to the change in the misp-zmq, `misp_json_user` only contain the information that a user has logged in, the user always being the same. The code now records user logins from the audit channel `misp_json_audit`.pull/68/head
parent
52219856b9
commit
b76a9cd082
|
@ -27,7 +27,7 @@ class Users_helper:
|
||||||
logging.basicConfig(filename=logPath, filemode='a', level=logging.INFO)
|
logging.basicConfig(filename=logPath, filemode='a', level=logging.INFO)
|
||||||
self.logger = logging.getLogger(__name__)
|
self.logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
def add_user_login(self, timestamp, org):
|
def add_user_login(self, timestamp, org, email=''):
|
||||||
timestampDate = datetime.datetime.fromtimestamp(float(timestamp))
|
timestampDate = datetime.datetime.fromtimestamp(float(timestamp))
|
||||||
timestampDate_str = util.getDateStrFormat(timestampDate)
|
timestampDate_str = util.getDateStrFormat(timestampDate)
|
||||||
|
|
||||||
|
|
|
@ -464,6 +464,10 @@ def getUserLogins():
|
||||||
data = users_helper.getUserLoginsForPunchCard(date, org)
|
data = users_helper.getUserLoginsForPunchCard(date, org)
|
||||||
return jsonify(data)
|
return jsonify(data)
|
||||||
|
|
||||||
|
@app.route("/_getAllLoggedOrg")
|
||||||
|
def getAllLoggedOrg():
|
||||||
|
return jsonify(users_helper.getAllOrg())
|
||||||
|
|
||||||
@app.route("/_getTopOrglogin")
|
@app.route("/_getTopOrglogin")
|
||||||
def getTopOrglogin():
|
def getTopOrglogin():
|
||||||
try:
|
try:
|
||||||
|
|
|
@ -201,7 +201,7 @@ small {
|
||||||
var url_getTopOrglogin = "{{ url_for('getTopOrglogin') }}";
|
var url_getTopOrglogin = "{{ url_for('getTopOrglogin') }}";
|
||||||
var url_getLoginVSCOntribution = "{{ url_for('getLoginVSCOntribution') }}";
|
var url_getLoginVSCOntribution = "{{ url_for('getLoginVSCOntribution') }}";
|
||||||
var url_getUserLoginsAndContribOvertime = "{{ url_for('getUserLoginsAndContribOvertime') }}";
|
var url_getUserLoginsAndContribOvertime = "{{ url_for('getUserLoginsAndContribOvertime') }}";
|
||||||
var url_getTypeaheadData = "{{ url_for('getAllOrg') }}";
|
var url_getTypeaheadData = "{{ url_for('getAllLoggedOrg') }}";
|
||||||
|
|
||||||
/* DATA FROM CONF */
|
/* DATA FROM CONF */
|
||||||
|
|
||||||
|
|
|
@ -74,10 +74,28 @@ def getFields(obj, fields):
|
||||||
## HANDLERS ##
|
## HANDLERS ##
|
||||||
##############
|
##############
|
||||||
|
|
||||||
def handler_log(zmq_name, jsonevent):
|
def handler_skip(zmq_name, jsonevent):
|
||||||
logger.info('Log not processed')
|
logger.info('Log not processed')
|
||||||
return
|
return
|
||||||
|
|
||||||
|
def handler_audit(zmq_name, jsondata):
|
||||||
|
action = jsondata.get('action', None)
|
||||||
|
jsonlog = jsondata.get('Log', None)
|
||||||
|
|
||||||
|
if action is None or jsonlog is None:
|
||||||
|
return
|
||||||
|
|
||||||
|
# consider login operations
|
||||||
|
if action == 'log': # audit is related to log
|
||||||
|
logAction = jsonlog.get('action', None)
|
||||||
|
if logAction == 'login': # only consider user login
|
||||||
|
timestamp = int(time.time())
|
||||||
|
email = jsonlog.get('email', '')
|
||||||
|
org = jsonlog.get('org', '')
|
||||||
|
users_helper.add_user_login(timestamp, org, email)
|
||||||
|
else:
|
||||||
|
pass
|
||||||
|
|
||||||
def handler_dispatcher(zmq_name, jsonObj):
|
def handler_dispatcher(zmq_name, jsonObj):
|
||||||
if "Event" in jsonObj:
|
if "Event" in jsonObj:
|
||||||
handler_event(zmq_name, jsonObj)
|
handler_event(zmq_name, jsonObj)
|
||||||
|
@ -87,15 +105,15 @@ def handler_keepalive(zmq_name, jsonevent):
|
||||||
to_push = [ jsonevent['uptime'] ]
|
to_push = [ jsonevent['uptime'] ]
|
||||||
live_helper.publish_log(zmq_name, 'Keepalive', to_push)
|
live_helper.publish_log(zmq_name, 'Keepalive', to_push)
|
||||||
|
|
||||||
|
# Login are no longer pushed by `misp_json_user`, but by `misp_json_audit`
|
||||||
def handler_user(zmq_name, jsondata):
|
def handler_user(zmq_name, jsondata):
|
||||||
logger.info('Handling user')
|
logger.info('Handling user')
|
||||||
action = jsondata['action']
|
action = jsondata['action']
|
||||||
json_user = jsondata['User']
|
json_user = jsondata['User']
|
||||||
json_org = jsondata['Organisation']
|
json_org = jsondata['Organisation']
|
||||||
org = json_org['name']
|
org = json_org['name']
|
||||||
if action == 'login': #only consider user login
|
if action == 'edit': #only consider user login
|
||||||
timestamp = int(time.time())
|
pass
|
||||||
users_helper.add_user_login(timestamp, org)
|
|
||||||
else:
|
else:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
@ -264,10 +282,11 @@ dico_action = {
|
||||||
"misp_json_attribute": handler_attribute,
|
"misp_json_attribute": handler_attribute,
|
||||||
"misp_json_object": handler_object,
|
"misp_json_object": handler_object,
|
||||||
"misp_json_sighting": handler_sighting,
|
"misp_json_sighting": handler_sighting,
|
||||||
"misp_json_organisation": handler_log,
|
"misp_json_organisation": handler_skip,
|
||||||
"misp_json_user": handler_user,
|
"misp_json_user": handler_user,
|
||||||
"misp_json_conversation": handler_conversation,
|
"misp_json_conversation": handler_conversation,
|
||||||
"misp_json_object_reference": handler_log,
|
"misp_json_object_reference": handler_skip,
|
||||||
|
"misp_json_audit": handler_audit,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue