Development of an "attack map" plugin
Added by David Casier almost 8 years ago
Hello,
I'm a student in computer science and I’m currently creating a prewikka plugin which would display the localisation of attacks on a map, through the geolocalisation of Ip addresses.
I currently use a modified version of this python script to geolocalize IPs and create the map as an png file.
The problem of this method is that the generation of the map (as a png image) can take a bit of time, which can be troublesome if it need to be updated regularly.
Do you happen to know if it is possible to include a pyplot image in a cheetah template? I didn’t found any documentation about this. I tried to create a simple pyplot graph and use pyplot.show() in the plugin, but it then keep loading endlessly without displaying an error.
Also how does the _config.get() function work in prewikka? The example in the plugin tutorial isn't clear about what the parameters do.
Regards
Replies (4)
RE: Development of an "attack map" plugin - Added by Antoine LUONG almost 8 years ago
Hello,
The pyplot.show() function is not adapted to web development, you cannot use it here. You need to export to png format, and then use <img> html tags.
The ConfigParserSection.get() function is the same as the classic dict get() since ConfigParserSection inherits from OrderedDict.
Regards
RE: Development of an "attack map" plugin - Added by David Casier over 7 years ago
Hello,
Thanks for your help. I've found a better script for the map visualization, using Javascript rather than Python.
Also, is it possible to query the alert database from the plugin through a simple SQL command or is there already implemented method for that? I'm trying to query the IP in order to add markers on the map.
Regards
RE: Development of an "attack map" plugin - Added by Antoine LUONG over 7 years ago
You should use the libpreludedb API for this. For example in Python:
import preludedb
db = preludedb.DB(preludedb.SQL("type=mysql host=localhost name=prelude user=prelude pass=prelude"))
# Get the first 10 classifications of high-severity alerts
results = db.getValues(["count(alert.classification.text)/order_desc", "alert.classification.text/group_by"],
criteria="alert.assessment.impact.severity == 'high'", limit=10, offset=0)
More info here: LibpreludedbAPI
Regards
RE: Development of an "attack map" plugin - Added by David Casier over 7 years ago
Thanks, with your helpp, I've been able to produce a first basic fonctionnal version of my plugin.
You can find it here
There is still however a bug; Any Ajax request prevent the map from loading and unbind javascript functions linked to buttons. Reloading the map fix the issue, but in order to use more function of the map API, I still need to fix that bug.
I suppose this is caused by the fact that the javascript is not loaded a second time after an ajax request, but i didnt found how to force the javascript reloading.
Regards