зеркало из https://github.com/mozilla/MozDef.git
adding alert request api endpoint
This commit is contained in:
Phrozyn
Родитель
37599c7928
Коммит
f7ece902a8
|
|
@ -82,8 +82,8 @@ def status():
|
||||||
request.body.close()
|
request.body.close()
|
||||||
response.status = 200
|
response.status = 200
|
||||||
response.content_type = "application/json"
|
response.content_type = "application/json"
|
||||||
response.body = json.dumps(dict(status='ok', service='restapi'))
|
response.body = getWatchlist()
|
||||||
sendMessgeToPlugins(request, response, 'watchlist')
|
sendMessgeToPlugins(request, response, 'getwatchlist')
|
||||||
return response
|
return response
|
||||||
|
|
||||||
@route('/logincounts')
|
@route('/logincounts')
|
||||||
|
|
@ -543,6 +543,43 @@ def kibanaDashboards():
|
||||||
return json.dumps(resultsList)
|
return json.dumps(resultsList)
|
||||||
|
|
||||||
|
|
||||||
|
def getWatchlist():
|
||||||
|
WatchList = []
|
||||||
|
try:
|
||||||
|
# connect to mongo
|
||||||
|
client = MongoClient(options.mongohost, options.mongoport)
|
||||||
|
mozdefdb = client.meteor
|
||||||
|
watchlist = mozdefdb['watchlist']
|
||||||
|
|
||||||
|
# Log the entries we are removing to maintain an audit log
|
||||||
|
expired = watchlist.find({'dateExpiring': {"$lte": datetime.utcnow()-timedelta(hours=1)}})
|
||||||
|
for entry in expired:
|
||||||
|
sys.stdout.write('Deleting entry {0} from watchlist /n'.format(entry))
|
||||||
|
|
||||||
|
# delete any that expired
|
||||||
|
watchlist.delete_many({'dateExpiring': {"$lte": datetime.utcnow()-timedelta(hours=1)}})
|
||||||
|
|
||||||
|
# Lastly, export the combined watchlist
|
||||||
|
watchCursor=mozdefdb['watchlist'].aggregate([
|
||||||
|
{"$sort": {"dateAdded": -1}},
|
||||||
|
{"$match": {"watchcontent": {"$exists": True}}},
|
||||||
|
{"$match":
|
||||||
|
{"$or":[
|
||||||
|
{"dateExpiring": {"$gte": datetime.utcnow()}},
|
||||||
|
{"dateExpiring": {"$exists": False}},
|
||||||
|
]},
|
||||||
|
},
|
||||||
|
{"$project":{"watchcontent":1}},
|
||||||
|
])
|
||||||
|
WatchList=[]
|
||||||
|
for content in watchCursor:
|
||||||
|
WatchList.append(
|
||||||
|
content['watchcontent']
|
||||||
|
)
|
||||||
|
return json.dumps({'content': WatchList})
|
||||||
|
except ValueError as e:
|
||||||
|
sys.stderr.write('Exception {0} collecting watch list\n'.format(e))
|
||||||
|
|
||||||
def getWhois(ipaddress):
|
def getWhois(ipaddress):
|
||||||
try:
|
try:
|
||||||
whois = dict()
|
whois = dict()
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче