dergeorg/NtopngGlobe
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Ntopng webhook + Globe.gl + data filter

Browse Source
This commit is contained in:
Georg Reisinger
2022-02-01 13:56:49 +01:00
parent 414b2d8e69
commit 1b523cf458
14 changed files with 2662 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
model/alerts.js Normal file
View File

@ -0,0 +1,121 @@
var alerts = [{
first_seen: 1643634860,
srv_city_name: '',
ip_version: 4,
action: 'store',
pool_id: 0,
srv_continent_name: '',
score: 10,
entity_val: 'flow',
vlan_id: 0,
cli2srv_bytes: 236,
cli_country_name: '',
entity_id: 4,
srv_asn: 0,
l7_proto: 5,
is_cli_attacker: false,
srv_name: 'pdns6.ultradns.co.uk',
srv_ip: '204.74.115.1',
proto: 17,
json: '{"ntopng.key":184352024,"hash_entry_id":21200,"info":"65.127.154.156.in-addr.arpa","alert_generation": {"script_key":"udp_unidirectional","subdir":"flow"}}',
srv_country_name: '',
community_id: '1:iKl3Ri2iIm0GunF8jR1DEatNOlw=',
alert_id: 26,
is_srv_attacker: false,
srv_blacklisted: false,
alerts_map: '04000000',
srv_os: '',
cli_localhost: true,
cli_asn: 0,
srv2cli_packets: 0,
cli2srv_packets: 4,
tstamp: 1643634921,
cli_name: 'opnsense.localdomain',
cli_continent_name: '',
srv2cli_bytes: 0,
l7_cat: 14,
'proto.ndpi': 'DNS',
ifid: 2,
observation_point_id: 0,
srv_localhost: false,
cli_port: 42530,
cli_blacklisted: false,
dns_last_query: '65.127.154.156.in-addr.arpa',
is_flow_alert: true,
srv_port: 53,
l7_master_proto: 0,
is_cli_victim: false,
cli_ip: '62.178.50.96',
cli_city_name: '',
cli_os: 'Android 11.0',
is_srv_victim: false
}];
function addAlert(first_seen, srv_city_name, ip_version, action, pool_id, srv_continent_name, score, entity_val, vlan_id, cli2srv_bytes, cli_country_name, entity_id, srv_asn, l7_proto, is_cli_attacker, srv_name, srv_ip, proto, json, srv_country_name, community_id, alert_id, is_srv_attacker, srv_blacklisted, alerts_map, srv_os, cli_localhost, cli_asn, srv2cli_packets, cli2srv_packets, tstamp, cli_name, cli_continent_name, srv2cli_bytes, l7_cat, ifid, observation_point_id, srv_localhost, cli_port, cli_blacklisted, dns_last_query, is_flow_alert, srv_port, l7_master_proto, is_cli_victim, cli_ip, cli_city_name, cli_os, is_srv_victim){
// function addAlert(srv_name, srv_ip, srv_port, json, cli_ip, cli_port){
var data = {
first_seen:first_seen,
srv_city_name:srv_city_name,
ip_version:ip_version,
action:action,
pool_id:pool_id,
srv_continent_name:srv_continent_name,
score:score,
entity_val:entity_val,
vlan_id:vlan_id,
cli2srv_bytes:cli2srv_bytes,
cli_country_name:cli_country_name,
entity_id:entity_id,
srv_asn:srv_asn,
l7_proto:l7_proto,
is_cli_attacker:is_cli_attacker,
srv_name:srv_name,
srv_ip:srv_ip,
proto:proto,
json:json,
srv_country_name:srv_country_name,
community_id:community_id,
alert_id:alert_id,
is_srv_attacker:is_srv_attacker,
srv_blacklisted:srv_blacklisted,
alerts_map:alerts_map,
srv_os:srv_os,
cli_localhost:cli_localhost,
cli_asn:cli_asn,
srv2cli_packets:srv2cli_packets,
cli2srv_packets:cli2srv_packets,
tstamp:tstamp,
cli_name:cli_name,
cli_continent_name:cli_continent_name,
srv2cli_bytes:srv2cli_bytes,
l7_cat:l7_cat,
'proto.ndpi': 'DNS',
ifid:ifid,
observation_point_id:observation_point_id,
srv_localhost:srv_localhost,
cli_port:cli_port,
cli_blacklisted:cli_blacklisted,
dns_last_query:dns_last_query,
is_flow_alert:is_flow_alert,
srv_port:srv_port,
l7_master_proto:l7_master_proto,
is_cli_victim:is_cli_victim,
cli_ip:cli_ip,
cli_city_name:cli_city_name,
cli_os:cli_os,
is_srv_victim:is_srv_victim
}
if(!alerts.some(x => x.cli_ip === data.cli_ip && x.srv_ip === data.srv_ip)) {
alerts.push(data);
}
}
function getAlerts(){
return alerts;
}
module.exports = {
getAlerts,
addAlert
};

102
model/globedata.js Normal file
View File

@ -0,0 +1,102 @@
var data = {
loc: [],
arc: []
}
var colors = {
loc: "green",
arc: ["green", "red"],
}
var stroke = {
loc: 0.1,
arc: 1.1
}
var geoip = require('geoip-lite');
function addArc(src, dest){
const arcName = src + " -> " + dest;
if(!data.arc.some(x => x.name === arcName)) {
if (!src.includes("192.168.1.")) {
var geoSrc = geoip.lookup(src);
var startLat = geoSrc.ll[0]
var startLng = geoSrc.ll[1]
} else {
console.log("w")
}
if (!dest.includes("192.168.1.")) {
var geoDest = geoip.lookup(dest);
var endLat = geoDest.ll[0]
var endLng = geoDest.ll[1]
} else {
console.log("w")
}
// console.log(geoSrc, geoDest)
if (geoSrc == undefined) {
startLat = 48.1712
startLng = 16.321
}
if (geoDest == undefined) {
endLat = 48.1712
endLng = 16.321
}
console.log(endLat, endLng)
var dat = {
name: arcName,
startLat: startLat,
startLng: startLng,
endLat: endLat,
endLng: endLng,
color: colors.arc,
stroke: stroke.arc
}
console.log(arcName)
data.arc.push(dat);
addLoc(arcName, startLat, startLng)
}
}
function addLoc(name, lat, lng){
var dat = {
name: name,
lat: lat,
lng: lng,
size: stroke.loc,
color: colors.loc
};
if(!data.loc.some(x => x.lat === lat && x.lng === lng)) {
data.loc.push(dat);
}else{
const dataIndex = data.loc.findIndex(obj => obj.lat === lat && obj.lng === lng);
data.loc[dataIndex].name = data.loc[dataIndex].name + "<br>" + name;
}
}
function getLocColor(){
return colors.loc;
}
function getArcColor(){
return colors.arc;
}
function getData(){
return data;
}
function getLocData(){
return data.loc;
}
function getArcData(){
return data.arc;
}
module.exports = {
addArc, addLoc, getLocData, getArcColor, getData, getArcData, getLocColor
}