Commit 75a30f1dfcfeceb358b54a7396dcdbc8ecf56dd5
1 parent
887080ac3b
Exists in
master
and in
1 other branch
MLTD taking the source and desstination/target ip from the last message from XLSIEM
Showing 4 changed files with 12 additions and 8 deletions
MLTD/src/OnlinePrediction.py
View file @
75a30f1
... | ... | @@ -31,6 +31,8 @@ |
31 | 31 | def __init__(self): |
32 | 32 | self.data_dates = [] |
33 | 33 | self.data_values = [] |
34 | + self.source_ip = "10.0.2.15" | |
35 | + self.target_ip = "10.0.2.15" | |
34 | 36 | self.read_log_conf(LOGGING_CONF_FILE) |
35 | 37 | self.logger = logging.getLogger("mltd-online") |
36 | 38 | self.logger.info("Online MLTD is running") |
... | ... | @@ -86,6 +88,8 @@ |
86 | 88 | # "%Y-%m-%dT%H:%M:%SZ" |
87 | 89 | # ) |
88 | 90 | # ) |
91 | + self.source_ip = measDict["event_alarm"][event]["source_ip"] | |
92 | + self.target_ip = measDict["event_alarm"][event]["destination_ip"] | |
89 | 93 | event_alarm_id = measDict["event_alarm"][event]["event_alarm_id"] |
90 | 94 | data_values.append(event_alarm_id) |
91 | 95 | |
92 | 96 | |
... | ... | @@ -126,12 +130,12 @@ |
126 | 130 | f" - Expected timeframe: {round(timeframe,2)} secs") |
127 | 131 | |
128 | 132 | ReportSyslog.report( |
129 | - self.asset_id, max(predictions) * 100, timeframe | |
133 | + self.asset_id, max(predictions) * 100, timeframe, self.source_ip, self.target_ip | |
130 | 134 | ) |
131 | 135 | ReportTimeDB.report( |
132 | 136 | self.time_db_client, self.asset_id, max(predictions) * 100, timeframe |
133 | 137 | ) |
134 | - self.logger.info(f"The incident was reportered on TimescaleDB") | |
138 | + self.logger.info(f"The incident was reportered on TimescaleDB and Rsyslog server") | |
135 | 139 | else: |
136 | 140 | self.logger.info( |
137 | 141 | f"The predicted risk {round(max(predictions),2)} is " |
MLTD/src/ReportSyslog.py
View file @
75a30f1
1 | 1 | import logging.handlers |
2 | 2 | |
3 | -def report(asset_id, risk, timeframe): | |
3 | +def report(asset_id, risk, timeframe, source_ip, target_ip): | |
4 | 4 | my_logger = logging.getLogger('MyLogger') |
5 | 5 | my_logger.setLevel(logging.DEBUG) |
6 | 6 | |
... | ... | @@ -10,5 +10,5 @@ |
10 | 10 | formatter = logging.Formatter(' %(message)s') |
11 | 11 | handler.setFormatter(formatter) |
12 | 12 | my_logger.addHandler(handler) |
13 | - my_logger.critical(f'source_ip: 10.0.2.15 target_ip: 10.0.2.15 asset: {asset_id} risk: {risk} timeframe: {timeframe}') | |
13 | + my_logger.critical(f'source_ip: {source_ip} target_ip: {target_ip} asset: {asset_id} risk: {risk} timeframe: {timeframe}') |
pcap-data/mltd1-unix.json
View file @
75a30f1
... | ... | @@ -6,9 +6,9 @@ |
6 | 6 | "event_alarm_id": "danger", |
7 | 7 | "event_alarm_char": "danger", |
8 | 8 | "name": "danger", |
9 | - "source_ip": "192.168.1.1", | |
9 | + "source_ip": "10.0.2.15", | |
10 | 10 | "source_port": 1234, |
11 | - "destination_ip": "192.168.1.50", | |
11 | + "destination_ip": "10.0.2.15", | |
12 | 12 | "destination_port": 1231, |
13 | 13 | "priority": 0, |
14 | 14 | "confidence": 0 |
pcap-data/mltd2-unix.json
View file @
75a30f1
... | ... | @@ -6,9 +6,9 @@ |
6 | 6 | "event_alarm_id": "danger", |
7 | 7 | "event_alarm_char": "danger", |
8 | 8 | "name": "danger", |
9 | - "source_ip": "192.168.1.1", | |
9 | + "source_ip": "10.0.2.15", | |
10 | 10 | "source_port": 1234, |
11 | - "destination_ip": "192.168.1.50", | |
11 | + "destination_ip": "10.0.2.15", | |
12 | 12 | "destination_port": 1231, |
13 | 13 | "priority": 0, |
14 | 14 | "confidence": 0 |