Commits

György Kohut committed 7186e39

add stats page for idents

Comments (0)

Files changed (7)

hbwebui/queries.py

     
     def filter_ident(self, idents):
         self.where_append('filter_ident', 'ident_id IN (SELECT id from dim_ident WHERE ident IN %s)', [tuple(idents)])
+
+
+class Stats_Idents(QueryBase):
+    db = 'hbstats'
+    tpl = \
+        """SELECT
+                ident,
+                sum(agg_main.n_count)::bigint as n_count,
+                count(DISTINCT binary_id) AS n_binary, count(DISTINCT source_ip) AS n_source_ip, count(DISTINCT target_port) AS n_target_port,
+                count(DISTINCT asn) as n_asn, count(DISTINCT cc) as n_cc,
+                max(agg_main.ts_last) as ts_last, min(agg_main.ts_first) as ts_first
+            FROM
+                agg_main
+            JOIN
+                dim_ident ON agg_main.ident_id = dim_ident.id
+            LEFT JOIN
+                att_asn_shadowserver ON agg_main.source_ip = att_asn_shadowserver.ip
+            %(where_clause)s
+            GROUP BY ident
+            %(order_by_clause)s"""
+    
+    def __init__(self):
+        super(Stats_Idents, self).__init__()
+        self.where_init()
+        self.order_by_init()
+    
+    def filter_ident(self, idents):
+        self.where_append('filter_ident', 'ident_id IN (SELECT id from dim_ident WHERE ident IN %s)', [tuple(idents)])
+        
+    def order_n_count(self, desc=False):
+        self.order_by_append('order_n_count', 'n_count', desc)
+
+
+class Stats_Idents_Summary(QueryBase):
+    db = 'hbstats'
+    tpl = \
+        """SELECT
+                count(DISTINCT ident_id) as n_count,
+                count(DISTINCT binary_id) AS n_binary, count(DISTINCT source_ip) as n_source_ip, count(DISTINCT target_port) AS n_target_port,
+                count(DISTINCT asn) as n_asn, count(DISTINCT cc) as n_cc, 
+                max(agg_main.ts_last) as ts_last, min(agg_main.ts_first) as ts_first,
+                sum(n_count)::bigint as n_total
+            FROM
+                agg_main
+            LEFT JOIN
+                att_asn_shadowserver ON agg_main.source_ip = att_asn_shadowserver.ip
+            %(where_clause)s"""
+    
+    def __init__(self):
+        super(Stats_Idents_Summary, self).__init__()
+        self.where_init()
+    
+    def filter_ident(self, idents):
+        self.where_append('filter_ident', 'ident_id IN (SELECT id from dim_ident WHERE ident IN %s)', [tuple(idents)])

hbwebui/static/js/hbwebui/mod_stats_idents.js

+mod_stats_idents = (function() {
+    
+    function summary(container, url) {
+        mod_stats_base.summary.call(this, container, url);
+                
+        this.tpl = this.tpl = '\
+            <h3><%= n_count %> <% print(pluralize(n_count, "Ident")) %></h3>\
+            <ul>\
+                <li>seen <%= n_binary %> <% print(pluralize(n_binary, "binary", "binaries")) %></li>\
+                <li>from <%= n_source_ip %> <% print(pluralize(n_source_ip, "source IP")) %></li>\
+                <li>from <%= n_asn %> <% print(pluralize(n_asn, "ASN")) %></li>\
+                <li>from <%= n_cc %> <% print(pluralize(n_cc, "country", "countries")) %></li>\
+                <li>on <%= n_target_port %> target <% print(pluralize(n_target_port, "port")) %></li>\
+                <li>between <%= ts_first %> - <%= ts_last %></li>\
+                <li>in <%= n_total %> <% print(pluralize(n_total, "attack")) %> in total</li>\
+            </ul>';
+    }
+    summary.prototype = utils.extend(
+        mod_stats_base.summary,
+        {
+            renderer: function(data) {
+                data.ts_first = mod_base.renderTimestamp(data.ts_first);
+                data.ts_last = mod_base.renderTimestamp(data.ts_last);
+                mod_stats_base.summary.prototype.renderer.call(this, data);
+            }
+        }
+    );
+    
+    
+    function table(container, url) {
+        mod_stats_base.table.call(this, container, url);
+        
+        this.dtConfig = $.extend(
+            this.dtConfig,
+            {
+                'aoColumnDefs': [
+                    { 'sTitle': 'Ident', 'mDataProp': 'ident', 'sType': 'string', 'aTargets': [0], 'fnRender': function(o, val) { return '<a href="#">'+val+'</a>'; } },
+                    { 'sTitle': '# Attacks', 'mDataProp': 'n_count', 'sType': 'numeric', 'aTargets': [1] },
+                    { 'sTitle': '# Binaries', 'mDataProp': 'n_binary', 'sType': 'numeric', 'aTargets': [2] },
+                    { 'sTitle': '# Source IPs', 'mDataProp': 'n_source_ip', 'sType': 'numeric', 'aTargets': [3] },
+                    { 'sTitle': '# Target Ports', 'mDataProp': 'n_target_port', 'sType': 'numeric', 'aTargets': [4] },
+                    { 'sTitle': '# ASNs', 'mDataProp': 'n_asn', 'sType': 'numeric', 'aTargets': [5] },
+                    { 'sTitle': '# Countries', 'mDataProp': 'n_cc', 'sType': 'numeric', 'aTargets': [6] },
+                    { 'sTitle': 'Last', 'mDataProp': 'ts_last', 'sType': null, 'aTargets': [7], 'fnRender': function(o, val) { return mod_base.renderTimestamp(val); }},
+                    { 'sTitle': 'First', 'mDataProp': 'ts_first', 'sType': null, 'aTargets': [8], 'fnRender': function(o, val) { return mod_base.renderTimestamp(val); }},
+                    { 'sDefaultContent': '-', 'aTargets': [0, 1, 2, 3, 4, 5, 6, 7, 8] },
+                ],
+                'aaSorting': [
+                    [1, 'desc']
+                ]
+            }
+        );
+    }
+    table.prototype = utils.extend(mod_stats_base.table);
+    
+    
+    return {
+        summary: summary,
+        table: table
+    };
+})();

hbwebui/templates/navbar.html

             <ul class="nav">
                 <li {% if page == "dashboard" %}class="active"{% endif %}><a href="{% if page == "dashboard" %}#{% else %}{% url dashboard %}{% endif %}">Dashboard</a></li>
                 
-                {% if page == "stats_binaries" or page == "stats_source_ips" or page == "stats_asns" or page == "stats_countries" %}
+                {% if page == "stats_idents" or page == "stats_binaries" or page == "stats_source_ips" or page == "stats_asns" or page == "stats_countries" %}
                 <li class="dropdown active">
+                    {% if page == "stats_idents" %}
+                    <a class="dropdown-toggle" data-toggle="dropdown" href="#">Stats / Idents <span class="caret"></span></a>
+                    {% endif %}
                     {% if page == "stats_binaries" %}
                     <a class="dropdown-toggle" data-toggle="dropdown" href="#">Stats / Binaries <span class="caret"></span></a>
                     {% endif %}
                     <a class="dropdown-toggle" data-toggle="dropdown" href="#">Stats <span class="caret"></span></a>
                 {% endif %}
                     <ul class="dropdown-menu">
+                        {% if page == "stats_idents" %}
+                        <li><a href="#"><strong>Idents</strong></a></li>
+                        {% else %}
+                        <li><a href="{% url stats_idents %}">Idents</a>
+                        {% endif %}
                         {% if page == "stats_binaries" %}
                         <li><a href="#"><strong>Binaries</strong></a></li>
                         {% else %}

hbwebui/templates/stats_countries.html

 <script src="{% static "js/hbwebui/mod_stats_countries.js" %}"></script>
 
 
-<title>ASN Stats</title>
+<title>Countries Stats</title>
 
 
 <script>

hbwebui/templates/stats_idents.html

+{% extends "bootstrap.html" %}
+{% block bootstrap-head %}
+
+{% load staticfiles %}
+
+<script src="{% static "js/lodash.min.js" %}"></script>
+<script src="{% static "js/hbwebui/utils.js" %}"></script>
+<script src="{% static "js/hbwebui/mod_base.js" %}"></script>
+<script src="{% static "js/hbwebui/mod_stats_base.js" %}"></script>
+<script src="{% static "js/hbwebui/mod_stats_idents.js" %}"></script>
+
+
+<title>Ident Stats</title>
+
+
+<script>
+    urls = {
+        'mod_summary': '{% url r_stats_idents_summary %}',
+        'mod_table': '{% url r_stats_idents %}',
+    };
+    
+    var idents = {{ idents|safe }};
+    
+    
+    $(
+        function() {
+            mod_summary = new mod_stats_idents.summary($('#mod-summary'), urls.mod_summary);
+            mod_summary.render();
+            
+            mod_table = new mod_stats_idents.table($('#mod-table'), urls.mod_table);
+            mod_table.render();
+        }
+    );
+</script>
+
+{% endblock %}
+
+{% block bootstrap-body %}
+{% include "navbar.html" %}
+
+<div class="container-fluid">
+    <div class="row-fluid">
+        <div id="mod-summary"></div>
+        <hr/>
+    </div>
+    <div class="row-fluid">
+        <div id="mod-table"></div>
+    </div>
+</div>
+
+{% endblock %}
     url(r'^stats/source_ips$', 'stats_source_ips', name='stats_source_ips'),
     url(r'^stats/asns$', 'stats_asns', name='stats_asns'),
     url(r'^stats/countries$', 'stats_countries', name='stats_countries'),
+    url(r'^stats/idents$', 'stats_idents', name='stats_idents'),
     
     url(r'^r/stats/binaries$', 'r_stats_binaries', name='r_stats_binaries'),
     url(r'^r/stats/binaries/summary$', 'r_stats_binaries_summary', name='r_stats_binaries_summary'),
     
     url(r'^r/stats/countries$', 'r_stats_countries', name='r_stats_countries'),
     url(r'^r/stats/countries/summary$', 'r_stats_countries_summary', name='r_stats_countries_summary'),
-
+    
+    url(r'^r/stats/idents$', 'r_stats_idents', name='r_stats_idents'),
+    url(r'^r/stats/idents/summary$', 'r_stats_idents_summary', name='r_stats_idents_summary'),
+    
+    
 
     
     url(r'^r/myidents', 'myidents', name='myidents'),
     
     return response
 
+@login_required(login_url=login_url)
+@ident_required
+def stats_idents(request):
+    idents = request.session['idents']
+        
+    t = loader.get_template('stats_idents.html')
+    c = RequestContext(request, {
+            'page': 'stats_idents',
+            'idents': json.dumps(idents),
+    })
+    return HttpResponse(t.render(c))
+
+@login_required_simple
+@ident_required_simple
+def r_stats_idents(request):
+    idents = request.session['idents']
+    
+    q = queries.Stats_Idents()
+    q.filter_ident(idents)
+    q.order_n_count(desc=True)
+    cursor = q.execute()
+    qr = util.dictfetchall(cursor)
+    
+    r = []
+    for d in qr:
+        o = {}
+        o['ident'] = d['ident']
+        o['n_count'] = d['n_count']
+        o['n_binary'] = d['n_binary']
+        o['n_source_ip'] = d['n_source_ip']
+        o['n_target_port'] = d['n_target_port']
+        o['n_asn'] = d['n_asn']
+        o['n_cc'] = d['n_cc']
+        o['ts_last'] = calendar.timegm(d['ts_last'].utctimetuple())
+        o['ts_first'] = calendar.timegm(d['ts_first'].utctimetuple())
+        r.append(o)
+    
+    response = HttpResponse(mimetype='application/json')
+    json.dump(r, response)
+    
+    return response
+
+@login_required_simple
+@ident_required_simple
+def r_stats_idents_summary(request):
+    idents = request.session['idents']
+    
+    q = queries.Stats_Idents_Summary()
+    q.filter_ident(idents)
+    cursor = q.execute()
+    qr = util.dictfetchall(cursor)
+    
+    r = {}
+    r['n_count'] = qr[0]['n_count']
+    r['n_binary'] = qr[0]['n_binary']
+    r['n_source_ip'] = qr[0]['n_source_ip']
+    r['n_target_port'] = qr[0]['n_target_port']
+    r['n_asn'] = qr[0]['n_asn']
+    r['n_cc'] = qr[0]['n_cc']
+    r['ts_last'] = calendar.timegm(qr[0]['ts_last'].utctimetuple())
+    r['ts_first'] = calendar.timegm(qr[0]['ts_first'].utctimetuple())
+    r['n_total'] = qr[0]['n_total']
+    
+    response = HttpResponse(mimetype='application/json')
+    json.dump(r, response)
+    
+    return response
+
 # example
 @login_required_simple
 @ident_required_simple
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.