Loading .gitignore 0 → 100644 +1 −0 Original line number Diff line number Diff line tools/kypo2csv/target/ tools/kypo2csv/src/main/java/cz/muni/csirt/kypo/Application.java +15 −11 Original line number Diff line number Diff line Loading @@ -53,7 +53,6 @@ public class Application { String dir = cmd.getOptionValue("dir"); ObjectMapper mapper = new ObjectMapper(); System.out.println(dir+SANDBOX_EVENTS_DIR); List<Command> sandboxEvents = readJSONs(mapper, dir+SANDBOX_EVENTS_DIR, Command.class); List<GameEvent> trainingEvents = readJSONs(mapper, dir+TRAINING_EVENTS_DIR, GameEvent.class); List<Event> finalEvents = checkAndNormalize(Stream.concat(sandboxEvents.stream(), trainingEvents.stream()).toList()); Loading @@ -61,8 +60,8 @@ public class Application { addLevelsToCommands(finalEvents); printCsv(cmd.hasOption("filter") ? finalEvents.stream().filter(e -> !SKIP_EVENT_TYPES.contains(e.getClass())) : finalEvents.stream()); ? finalEvents.stream().filter(e -> !SKIP_EVENT_TYPES.contains(e.getClass())).toList() : finalEvents.stream().toList()); } private static <T extends Event> List<T> readJSONs(ObjectMapper mapper, String dir, Class<T> clazz) throws IOException { Loading Loading @@ -95,16 +94,21 @@ public class Application { } } private static void printCsv(Stream<Event> events) { private static void printCsv(List<Event> events) { System.out.println(Event.getCsvHeader()); events.forEach(event -> { for (var event: events) { try { String lineToAppend = event.getCsvLine(); if (lineToAppend.split(Event.CSV_SEPARATOR).length != 11) { if (lineToAppend.split(Event.CSV_SEPARATOR).length != 10) { System.out.println("ERROR: Wrong format of obtained CSV line: " + lineToAppend); // !!! } else { System.out.println(lineToAppend); } }); } catch (Exception ex) { System.err.println("ERROR in CSV for " + event); ex.printStackTrace(System.err); } } } private static List<Event> checkAndNormalize(List<Event> events) { Loading tools/kypo2csv/src/main/java/cz/muni/csirt/kypo/events/sandbox/Command.java +7 −5 Original line number Diff line number Diff line package cz.muni.csirt.kypo.events.sandbox; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import cz.muni.csirt.kypo.events.Event; import java.time.Instant; import lombok.Data; Loading @@ -7,6 +8,7 @@ import lombok.Data; import java.util.List; @Data @JsonIgnoreProperties(value = { "tags" }) public class Command extends Event { private String cmd_type; private String ip; Loading Loading @@ -72,17 +74,17 @@ public class Command extends Event { @Override public String getCsvLine() { return (new StringBuilder()) .append(getHostname()).append(Event.CSV_SEPARATOR) .append(getInstantTimestamp()).append(Event.CSV_SEPARATOR) .append(getIp()).append(Event.CSV_SEPARATOR) .append(getSandbox_id()).append(Event.CSV_SEPARATOR) .append(getCmd_type()).append(Event.CSV_SEPARATOR) .append(getCommand()).append(Event.CSV_SEPARATOR) .append(getArgs()).append(Event.CSV_SEPARATOR) .append(getHostname()).append(Event.CSV_SEPARATOR) .append(getIp()).append(Event.CSV_SEPARATOR) .append(getLevel()).append(Event.CSV_SEPARATOR) .append(getWd()).append(Event.CSV_SEPARATOR) .append(getCmd_type()).append(Event.CSV_SEPARATOR) .append(getUsername()).append(Event.CSV_SEPARATOR) .append(getInstantTimestamp()).append(Event.CSV_SEPARATOR) .append(getRelativeTime()) //.append(getWd()).append(Event.CSV_SEPARATOR) .toString(); } Loading tools/kypo2csv/src/main/java/cz/muni/csirt/kypo/events/trainings/GameEvent.java +7 −8 Original line number Diff line number Diff line Loading @@ -44,21 +44,20 @@ public class GameEvent extends Event { public String getCsvLine() { String nodeName = getClass().getSimpleName() + getNameAppender(); // to not have super long names for nodes if (nodeName.length() > 60) { nodeName = nodeName.substring(0, 57) + "..."; } //if (nodeName.length() > 60) { // nodeName = nodeName.substring(0, 57) + "..."; //} return (new StringBuilder()) .append("KYPO Portal").append(Event.CSV_SEPARATOR) .append(getInstantTimestamp()).append(Event.CSV_SEPARATOR) .append(getSyslog().getHostIp()).append(Event.CSV_SEPARATOR) .append(getSandbox_id()).append(Event.CSV_SEPARATOR) .append("game-event").append(Event.CSV_SEPARATOR) .append(nodeName).append(Event.CSV_SEPARATOR) .append(getSpecialContent()).append(Event.CSV_SEPARATOR) .append("KYPO Portal").append(Event.CSV_SEPARATOR) .append(getSyslog().getHostIp()).append(Event.CSV_SEPARATOR) .append(getLevel()).append(Event.CSV_SEPARATOR) .append(getUser_ref_id()).append(Event.CSV_SEPARATOR) .append("event").append(Event.CSV_SEPARATOR) .append(getUser_ref_id()).append(Event.CSV_SEPARATOR) .append(getInstantTimestamp()).append(Event.CSV_SEPARATOR) .append(getRelativeTime()) .toString(); } Loading tools/kypo2csv/src/main/java/cz/muni/csirt/kypo/events/trainings/Syslog.java +2 −1 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ public class Syslog { private Long version; public String getHostIp() { return host.replace("\"", "").replace("}", "").split(":")[1]; String[] str = host.replace("\"", "").replace("}", "").split(":"); return str.length > 1 ? str[1] : host; } } Loading
tools/kypo2csv/src/main/java/cz/muni/csirt/kypo/Application.java +15 −11 Original line number Diff line number Diff line Loading @@ -53,7 +53,6 @@ public class Application { String dir = cmd.getOptionValue("dir"); ObjectMapper mapper = new ObjectMapper(); System.out.println(dir+SANDBOX_EVENTS_DIR); List<Command> sandboxEvents = readJSONs(mapper, dir+SANDBOX_EVENTS_DIR, Command.class); List<GameEvent> trainingEvents = readJSONs(mapper, dir+TRAINING_EVENTS_DIR, GameEvent.class); List<Event> finalEvents = checkAndNormalize(Stream.concat(sandboxEvents.stream(), trainingEvents.stream()).toList()); Loading @@ -61,8 +60,8 @@ public class Application { addLevelsToCommands(finalEvents); printCsv(cmd.hasOption("filter") ? finalEvents.stream().filter(e -> !SKIP_EVENT_TYPES.contains(e.getClass())) : finalEvents.stream()); ? finalEvents.stream().filter(e -> !SKIP_EVENT_TYPES.contains(e.getClass())).toList() : finalEvents.stream().toList()); } private static <T extends Event> List<T> readJSONs(ObjectMapper mapper, String dir, Class<T> clazz) throws IOException { Loading Loading @@ -95,16 +94,21 @@ public class Application { } } private static void printCsv(Stream<Event> events) { private static void printCsv(List<Event> events) { System.out.println(Event.getCsvHeader()); events.forEach(event -> { for (var event: events) { try { String lineToAppend = event.getCsvLine(); if (lineToAppend.split(Event.CSV_SEPARATOR).length != 11) { if (lineToAppend.split(Event.CSV_SEPARATOR).length != 10) { System.out.println("ERROR: Wrong format of obtained CSV line: " + lineToAppend); // !!! } else { System.out.println(lineToAppend); } }); } catch (Exception ex) { System.err.println("ERROR in CSV for " + event); ex.printStackTrace(System.err); } } } private static List<Event> checkAndNormalize(List<Event> events) { Loading
tools/kypo2csv/src/main/java/cz/muni/csirt/kypo/events/sandbox/Command.java +7 −5 Original line number Diff line number Diff line package cz.muni.csirt.kypo.events.sandbox; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import cz.muni.csirt.kypo.events.Event; import java.time.Instant; import lombok.Data; Loading @@ -7,6 +8,7 @@ import lombok.Data; import java.util.List; @Data @JsonIgnoreProperties(value = { "tags" }) public class Command extends Event { private String cmd_type; private String ip; Loading Loading @@ -72,17 +74,17 @@ public class Command extends Event { @Override public String getCsvLine() { return (new StringBuilder()) .append(getHostname()).append(Event.CSV_SEPARATOR) .append(getInstantTimestamp()).append(Event.CSV_SEPARATOR) .append(getIp()).append(Event.CSV_SEPARATOR) .append(getSandbox_id()).append(Event.CSV_SEPARATOR) .append(getCmd_type()).append(Event.CSV_SEPARATOR) .append(getCommand()).append(Event.CSV_SEPARATOR) .append(getArgs()).append(Event.CSV_SEPARATOR) .append(getHostname()).append(Event.CSV_SEPARATOR) .append(getIp()).append(Event.CSV_SEPARATOR) .append(getLevel()).append(Event.CSV_SEPARATOR) .append(getWd()).append(Event.CSV_SEPARATOR) .append(getCmd_type()).append(Event.CSV_SEPARATOR) .append(getUsername()).append(Event.CSV_SEPARATOR) .append(getInstantTimestamp()).append(Event.CSV_SEPARATOR) .append(getRelativeTime()) //.append(getWd()).append(Event.CSV_SEPARATOR) .toString(); } Loading
tools/kypo2csv/src/main/java/cz/muni/csirt/kypo/events/trainings/GameEvent.java +7 −8 Original line number Diff line number Diff line Loading @@ -44,21 +44,20 @@ public class GameEvent extends Event { public String getCsvLine() { String nodeName = getClass().getSimpleName() + getNameAppender(); // to not have super long names for nodes if (nodeName.length() > 60) { nodeName = nodeName.substring(0, 57) + "..."; } //if (nodeName.length() > 60) { // nodeName = nodeName.substring(0, 57) + "..."; //} return (new StringBuilder()) .append("KYPO Portal").append(Event.CSV_SEPARATOR) .append(getInstantTimestamp()).append(Event.CSV_SEPARATOR) .append(getSyslog().getHostIp()).append(Event.CSV_SEPARATOR) .append(getSandbox_id()).append(Event.CSV_SEPARATOR) .append("game-event").append(Event.CSV_SEPARATOR) .append(nodeName).append(Event.CSV_SEPARATOR) .append(getSpecialContent()).append(Event.CSV_SEPARATOR) .append("KYPO Portal").append(Event.CSV_SEPARATOR) .append(getSyslog().getHostIp()).append(Event.CSV_SEPARATOR) .append(getLevel()).append(Event.CSV_SEPARATOR) .append(getUser_ref_id()).append(Event.CSV_SEPARATOR) .append("event").append(Event.CSV_SEPARATOR) .append(getUser_ref_id()).append(Event.CSV_SEPARATOR) .append(getInstantTimestamp()).append(Event.CSV_SEPARATOR) .append(getRelativeTime()) .toString(); } Loading
tools/kypo2csv/src/main/java/cz/muni/csirt/kypo/events/trainings/Syslog.java +2 −1 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ public class Syslog { private Long version; public String getHostIp() { return host.replace("\"", "").replace("}", "").split(":")[1]; String[] str = host.replace("\"", "").replace("}", "").split(":"); return str.length > 1 ? str[1] : host; } }
