Pathogen
/
neptune
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Make notification rules queryable

Browse Source
master
Mark Veidemanis 1 year ago
parent df1e82c5f2
commit 81c8e34211
Signed by: m
GPG Key ID: 5ACFCEED46C0904F
11 changed files with 76 additions and 9 deletions
Show Stats Download Patch File Download Diff File

19
core/db/elastic.py
Unescape Escape View File

@ -14,6 +14,7 @@ from core.lib.parsing import (
QueryError,
parse_date_time,
parse_index,
parse_rule,
parse_sentiment,
parse_size,
parse_sort,
@ -32,6 +33,7 @@ mapping = {
"ts": {"type": "date", "format": "epoch_second"},
"match_ts": {"type": "date", "format": "iso8601"},
"file_tim": {"type": "date", "format": "epoch_millis"},
"rule_uuid": {"type": "keyword"},
}
}
}
@ -271,7 +273,6 @@ class ElasticsearchBackend(StorageBackend):
if self.async_client is None:
await self.async_initialise()
for match in matches:
print("INDEXING", match)
result = await self.async_client.index(
index=settings.INDEX_RULE_STORAGE, body=match
)
@ -439,10 +440,18 @@ class ElasticsearchBackend(StorageBackend):
if isinstance(size, dict):
return size
# I - Index
index = parse_index(request.user, query_params)
if isinstance(index, dict):
return index
rule_object = parse_rule(request.user, query_params)
if isinstance(rule_object, dict):
return rule_object
if rule_object is not None:
index = settings.INDEX_RULE_STORAGE
add_bool.append({"rule_uuid": str(rule_object.id)})
else:
# I - Index
index = parse_index(request.user, query_params)
if isinstance(index, dict):
return index
# Q/T - Query/Tags
search_query = self.parse_query(

28
core/lib/parsing.py
Unescape Escape View File

@ -1,12 +1,40 @@
from datetime import datetime
from django.conf import settings
from django.core.exceptions import ValidationError
from core.models import NotificationRule
class QueryError(Exception):
pass
def parse_rule(user, query_params):
"""
Parse a rule query.
"""
if "rule" in query_params:
try:
rule_object = NotificationRule.objects.filter(id=query_params["rule"])
except ValidationError:
message = "Rule is not a valid UUID"
message_class = "danger"
return {"message": message, "class": message_class}
if not rule_object.exists():
message = "Rule does not exist"
message_class = "danger"
return {"message": message, "class": message_class}
rule_object = rule_object.first()
if not rule_object.user == user:
message = "Rule does not belong to you"
message_class = "danger"
return {"message": message, "class": message_class}
return rule_object
else:
return None
def parse_size(query_params, sizes):
if "size" in query_params:
size = query_params["size"]

1
core/lib/rules.py
Unescape Escape View File

@ -284,7 +284,6 @@ class NotificationRuleData(object):
if not isinstance(matches, list):
matches = [matches]
matches_copy = matches.copy()
print("MATHCES COPY: ", matches_copy)
match_ts = datetime.utcnow().isoformat()
for match_index, _ in enumerate(matches_copy):
matches_copy[match_index]["index"] = index

4
core/static/js/column-shifter.js
Unescape Escape View File

@ -66,6 +66,10 @@ $(document).ready(function(){
"file_size": "off",
"lang_code": "off",
"tokens": "off",
"rule_uuid": "off",
"index": "off",
"meta": "off",
"match_ts": "off",
//"lang_name": "off",
// "words_noun": "off",
// "words_adj": "off",

4
core/templates/partials/results_load.html
Unescape Escape View File

@ -14,7 +14,9 @@
</span>
{% endif %}
fetched {{ table.data|length }} hits in {{ took }}ms
fetched {{ table.data|length }}
{% if params.rule is None %} hits {% else %} rule hits for {{ params.rule }}{% endif %}
in {{ took }}ms
{% if exemption is not None %}
<span class="icon has-tooltip-bottom" data-tooltip="God mode">

5
core/templates/partials/results_table.html
Unescape Escape View File

@ -3,6 +3,7 @@
{% load static %}
{% load joinsep %}
{% load urlsafe %}
{% load pretty %}
{% block table-wrapper %}
<script src="{% static 'js/column-shifter.js' %}"></script>
<div id="drilldown-table" class="column-shifter-container" style="position:relative; z-index:1;">
@ -373,6 +374,10 @@
{% endfor %}
</div>
</td>
{% elif column.name == "meta" %}
<td class="{{ column.name }}">
<pre>{{ cell|pretty }}</pre>
</td>
{% else %}
<td class="{{ column.name }}">
<a

2
core/templates/partials/rule-list.html
Unescape Escape View File

@ -22,7 +22,7 @@
</thead>
{% for item in object_list %}
<tr>
<td>{{ item.id }}</td>
<td><a href="/search/?rule={{ item.id }}&query=*&source=all">{{ item.id }}</a></td>
<td>{{ item.user }}</td>
<td>{{ item.name }}</td>
<td>{{ item.interval }}s</td>

4
core/templates/window-content/results.html
Unescape Escape View File

@ -7,7 +7,9 @@
</span>
{% endif %}
fetched {{ table.data|length }} hits in {{ took }}ms
fetched {{ table.data|length }}
{% if params.rule is None %} hits {% else %} rule hits for {{ params.rule }}{% endif %}
in {{ took }}ms
{% if exemption is not None %}
<span class="icon has-tooltip-bottom" data-tooltip="God mode">

5
core/templates/window-content/search.html
Unescape Escape View File

@ -404,4 +404,9 @@
value="{{ params.tags }}">
</div>
<div class="is-hidden"></div>
{% if params.rule is not None %}
<div style="display:none;">
<input name="rule" value="{{ params.rule }}">
</div>
{% endif %}
</form>

9
core/templatetags/pretty.py
Unescape Escape View File

@ -0,0 +1,9 @@
import orjson
from django import template
register = template.Library()
@register.filter
def pretty(data):
return orjson.dumps(data, option=orjson.OPT_INDENT_2).decode("utf-8")

4
core/views/ui/tables.py
Unescape Escape View File

@ -76,6 +76,10 @@ class DrilldownTable(Table):
file_md5 = Column()
file_ext = Column()
file_size = Column()
rule_uuid = Column()
index = Column()
meta = Column()
match_ts = Column()
template_name = "ui/drilldown/table_results.html"
paginate_by = settings.DRILLDOWN_RESULTS_PER_PAGE

Write Preview
Loading…
Cancel
Save