Esempio n. 1
0
  private Query buildESQuery(String startDate, String endDate) {

    // build query
    Query query = new Query();
    Filtered filtered = null;
    FilteredWithQuery filteredWithQuery = null;

    CreatedDate createdDate = new CreatedDate();
    createdDate.setGte(startDate);
    createdDate.setLte(endDate);

    Range range = new Range();
    range.setCreatedDate(createdDate);

    And and = new And();
    and.setRange(range);

    List<And> andList = new ArrayList<And>();
    andList.add(and);
    FilterWithAnd fwa = new FilterWithAnd();
    fwa.setAnd(andList);

    if (groupsNames != null) {
      QueryWithTerms qwt = new QueryWithTerms();
      Terms terms = new Terms();
      terms.setGroupName(PerisaiUtil.userGroupListToArr(groupsNames));
      qwt.setTerms(terms);

      filteredWithQuery = new FilteredWithQuery();
      filteredWithQuery.setQuery(qwt);
      filteredWithQuery.setFilter(fwa);
      query.setFiltered(filteredWithQuery);
    } else {
      filtered = new Filtered();
      filtered.setFilter(fwa);
      query.setFiltered(filtered);
    }
    return query;
  }
Esempio n. 2
0
public final class GridThreatEvents extends Grid {

  /** */
  private static final long serialVersionUID = 1L;

  private final SimpleDateFormat dateFormat;
  private String dtFormat = "yyyy-MM-dd";
  private Date today = new Date();
  private Date tmrw = PerisaiUtil.getFutureDate(today, 1);
  private HeaderRow filterRow;
  private FooterRow footer;
  private List<UserGroup> groups;
  private List<UserGroupName> groupsNames;

  @SuppressWarnings("unchecked")
  public GridThreatEvents() {
    groups = (List<UserGroup>) VaadinSession.getCurrent().getAttribute("groups");
    groupsNames = (List<UserGroupName>) VaadinSession.getCurrent().getAttribute("groupNames");
    dateFormat = new SimpleDateFormat("yyyy-MM-dd");
    buildGrid();
  }

  private void queryAndRefresh(String startDate, String endDate) {
    System.out.println("Start:" + startDate + ";End " + endDate);

    Query query = this.buildESQuery(startDate, endDate);
    List<EventThreatBean> list = this.getThreatsFromES(query);

    /*List<EventThreatBean> list = PerisaikonsolUI.getEventsDataProvider()
    .getThreatEvents(startDate, endDate,groups);*/

    // System.out.println("Result "+list.size());
    BeanItemContainer<EventThreatBean> ds =
        new BeanItemContainer<EventThreatBean>(EventThreatBean.class, list);
    setContainerDataSource(ds);
    this.scrollToStart();
    setCaption("Total events " + list.size());

    buildFilters();
  }

  public void styleHeaders() {
    getDefaultHeaderRow().getCell("groupName").setHtml("<b>Group</b>");
    getDefaultHeaderRow().getCell("threatName").setHtml("<b>Threat</b>");
    getDefaultHeaderRow().getCell("threatType").setHtml("<b>Type</b>");
    getDefaultHeaderRow().getCell("clientName").setHtml("<b>Client Name</b>");
    getDefaultHeaderRow().getCell("clientName").setHtml("<b>User</b>");
    getDefaultHeaderRow().getCell("threatLevel").setHtml("<b>Level</b>");
    getDefaultHeaderRow().getCell("threatDescription").setHtml("<b>Description</b>");
    getDefaultHeaderRow().getCell("fileName").setHtml("<b>Affected File</b>");
    getDefaultHeaderRow().getCell("threatOperatingSystem").setHtml("<b>Client OS</b>");
    getDefaultHeaderRow().getCell("actionTaken").setHtml("<b>Action Taken</b>");
    // getDefaultHeaderRow().getCell("scanCode").setHtml("<b>Scan Code</b>");
    getDefaultHeaderRow().getCell("created").setHtml("<b>Event Date</b>");
    getDefaultHeaderRow().getCell("perisaiVersion").setHtml("<b>Perisai Version</b>");
  }

  private void buildFilters() {
    addFilter("clientName");
    addFilter("userName");
    addFilter("groupName");
    addFilter("threatName");
    addFilter("threatType");
    addFilter("threatLevel");
    addFilter("threatDescription");
    addFilter("fileName");
    addFilter("threatOperatingSystem");
    addFilter("actionTaken");
    // addFilter("scanCode");
    addFilter("perisaiVersion");
  }

  private Query buildESQuery(String startDate, String endDate) {

    // build query
    Query query = new Query();
    Filtered filtered = null;
    FilteredWithQuery filteredWithQuery = null;

    CreatedDate createdDate = new CreatedDate();
    createdDate.setGte(startDate);
    createdDate.setLte(endDate);

    Range range = new Range();
    range.setCreatedDate(createdDate);

    And and = new And();
    and.setRange(range);

    List<And> andList = new ArrayList<And>();
    andList.add(and);
    FilterWithAnd fwa = new FilterWithAnd();
    fwa.setAnd(andList);

    if (groupsNames != null) {
      QueryWithTerms qwt = new QueryWithTerms();
      Terms terms = new Terms();
      terms.setGroupName(PerisaiUtil.userGroupListToArr(groupsNames));
      qwt.setTerms(terms);

      filteredWithQuery = new FilteredWithQuery();
      filteredWithQuery.setQuery(qwt);
      filteredWithQuery.setFilter(fwa);
      query.setFiltered(filteredWithQuery);
    } else {
      filtered = new Filtered();
      filtered.setFilter(fwa);
      query.setFiltered(filtered);
    }
    return query;
  }

  @SuppressWarnings({"unchecked", "rawtypes"})
  private List<EventThreatBean> getThreatsFromES(Query query) {

    List<EventThreatBean> threats = new ArrayList<EventThreatBean>();
    Integer total = new Integer(0);

    RootQuery root = new RootQuery(query, PerisaiConstant.START_REC, PerisaiConstant.REC_SIZE);
    String url = PerisaiConstant.PERISAI_ELASTICSEARCH_INDEX + "/threat/_search";
    System.out.println(url);
    // PerisaiUtil.printJson(root);

    String response = PerisaiUtil.sendJsonWithOutput(url, root, "POST");

    ObjectMapper mapper = new ObjectMapper();
    try {
      LinkedHashMap<String, Object> map =
          (LinkedHashMap<String, Object>) mapper.readValue(response, LinkedHashMap.class);
      LinkedHashMap<String, Object> hits = (LinkedHashMap<String, Object>) map.get("hits");

      total = (Integer) hits.get("total");

      System.out.println("Total records " + total);

      if (total.intValue() > 0) {
        // threats = new ArrayList<EventThreatBean>();

        ArrayList res = (ArrayList) hits.get("hits");
        System.out.println("Total res " + res.size());
        for (Object entry : res) {
          EventThreatBean threat = new EventThreatBean();

          LinkedHashMap<String, Object> hit = (LinkedHashMap<String, Object>) entry;
          LinkedHashMap<String, Object> source = (LinkedHashMap<String, Object>) hit.get("_source");
          threat.setThreatId(0);
          threat.setThreatName((String) source.get("threatName"));
          threat.setThreatDescription((String) source.get("threatDescription"));
          threat.setClientId((Integer) source.get("clientId"));
          threat.setClientName((String) source.get("clientName"));
          threat.setGroupName((String) source.get("groupName"));
          threat.setFileName((String) source.get("fileName"));
          threat.setThreatLevel((String) source.get("level"));
          threat.setThreatType((String) source.get("type"));
          threat.setActionTaken((String) source.get("actionTaken"));
          threat.setThreatOperatingSystem((String) source.get("operatingSystem"));
          threat.setPerisaiVersion((String) source.get("perisaiVersion"));
          threat.setUserName((String) source.get("userName"));

          String createdDate = (String) source.get("createdDate");
          DateTime dt = new DateTime(createdDate);

          threat.setCreated(dt.toDate());

          threats.add(threat);
        }
      }

    } catch (JsonParseException e) {
      e.printStackTrace();
    } catch (JsonMappingException e) {
      e.printStackTrace();
    } catch (IOException e) {
      e.printStackTrace();
    }

    return threats;
  }

  private void buildGrid() {

    // disable and change for ES Search

    Query query =
        this.buildESQuery(
            PerisaiUtil.convertDateToString(today, dtFormat),
            PerisaiUtil.convertDateToString(tmrw, dtFormat));
    List<EventThreatBean> list = this.getThreatsFromES(query);

    /*
    List<EventThreatBean> list = PerisaikonsolUI.getEventsDataProvider()
    		.getThreatEvents(PerisaiUtil.convertDateToString(today, dtFormat),
    				PerisaiUtil.convertDateToString(tmrw, dtFormat),groups);*/

    System.out.println("Total Events " + list.size());

    final BeanItemContainer<EventThreatBean> ds =
        new BeanItemContainer<EventThreatBean>(EventThreatBean.class, list);
    setCaption("Total events " + list.size());
    setContainerDataSource(ds);
    setImmediate(true);

    /*if(list.size()<7){
    	this.setHeightMode(HeightMode.ROW);
    	this.setHeightByRows(list.size());
    }*/

    setSizeFull();
    filterRow = appendHeaderRow();

    HeaderCell dateCell = filterRow.getCell("created");
    dateCell.setComponent(buildDateFilter());

    removeColumn("clientId");
    removeColumn("threatId");
    removeColumn("scanCode");

    setFrozenColumnCount(4);

    styleHeaders();

    setColumnOrder(
        "groupName",
        "clientName",
        "userName",
        "perisaiVersion",
        "created",
        "threatName",
        "fileName",
        "threatType",
        "threatLevel",
        "threatOperatingSystem",
        "actionTaken",
        "threatDescription");
    this.getColumn("fileName").setWidth(300);
    this.getColumn("threatDescription").setWidth(500);

    footer = appendFooterRow();
    footer.join(
        "groupName",
        "clientName",
        "userName",
        "perisaiVersion",
        "created",
        "threatName",
        "threatDescription",
        "fileName",
        "threatType",
        "threatLevel",
        "threatOperatingSystem",
        "actionTaken");

    // this.getColumn("created").setHeaderCaption("Event Date");

    buildFilters();

    buildFooterButtons();
  }

  @SuppressWarnings("serial")
  private Component buildDateFilter() {

    HorizontalLayout dateLayout = new HorizontalLayout();

    final PopupDateField startDate = new PopupDateField();
    startDate.addStyleName(ValoTheme.DATEFIELD_TINY);
    startDate.setWidth("150px");
    startDate.setDateFormat("yyyy-MM-dd");
    startDate.setInputPrompt("Start");

    startDate.setValue(today);

    dateLayout.addComponent(startDate);

    dateLayout.setComponentAlignment(startDate, Alignment.MIDDLE_CENTER);

    Label separator = new Label();
    separator.setCaptionAsHtml(true);
    separator.setCaption("&nbsp;-&nbsp;");
    dateLayout.addComponent(separator);

    final PopupDateField endDate = new PopupDateField();
    endDate.addStyleName(ValoTheme.DATEFIELD_TINY);
    endDate.setDateFormat("yyyy-MM-dd");
    endDate.setWidth("150px");
    endDate.setInputPrompt("End");
    endDate.setValue(tmrw);

    startDate.addValueChangeListener(
        new Property.ValueChangeListener() {

          public void valueChange(ValueChangeEvent event) {

            // endDateVal = (String) event.getProperty().getValue();
            // Notification.show("Start Date:"+startDate.getValue()+"End Date: " +
            // endDate.getValue());

            // fire event
            if (endDate.getValue() != null) {
              queryAndRefresh(
                  dateFormat.format(startDate.getValue()), dateFormat.format(endDate.getValue()));
            }
          }
        });

    endDate.addValueChangeListener(
        new Property.ValueChangeListener() {

          @SuppressWarnings("deprecation")
          public void valueChange(ValueChangeEvent event) {

            // endDateVal = (String) event.getProperty().getValue();
            // Notification.show("Start Date:"+startDate.getValue()+"End Date: " +
            // endDate.getValue());

            // fire event
            if (startDate.getValue() != null) {
              queryAndRefresh(
                  dateFormat.format(startDate.getValue()), dateFormat.format(endDate.getValue()));
            } else {
              Notification.show("Please enter Start Date", Notification.TYPE_WARNING_MESSAGE);
            }
          }
        });

    dateLayout.addComponent(endDate);

    return dateLayout;
  }

  private void addFilter(final String pid) {

    HeaderCell cell = filterRow.getCell(pid);
    TextField filterField = new TextField();
    filterField.addStyleName(ValoTheme.TEXTFIELD_TINY);
    filterField.setInputPrompt("Filter");
    filterField.setWidth("100px");

    @SuppressWarnings("unchecked")
    final BeanItemContainer<EventThreatBean> container =
        (BeanItemContainer<EventThreatBean>) getContainerDataSource();

    filterField.addTextChangeListener(
        new TextChangeListener() {

          private static final long serialVersionUID = 1L;

          @Override
          public void textChange(final TextChangeEvent event) {

            container.removeContainerFilters(pid);

            System.out.println(event.getText());

            if (!event.getText().isEmpty()) {

              container.addContainerFilter(
                  new SimpleStringFilter(pid, event.getText(), true, false));
            }

            setCaption("Total events " + container.size());
          }
        });

    cell.setComponent(filterField);
  }

  private void buildFooterButtons() {

    FooterCell cell = footer.getCell("clientName");

    HorizontalLayout btnLayout = new HorizontalLayout();
    btnLayout.setSpacing(true);

    Button exportBtn = new Button("Export");
    exportBtn.addStyleName(ValoTheme.BUTTON_TINY);
    exportBtn.addStyleName(ValoTheme.BUTTON_FRIENDLY);
    exportBtn.setIcon(FontAwesome.FILE_EXCEL_O);

    Button refreshBtn = new Button("Refresh");
    refreshBtn.addStyleName(ValoTheme.BUTTON_TINY);
    refreshBtn.addStyleName(ValoTheme.BUTTON_FRIENDLY);
    refreshBtn.setIcon(FontAwesome.REFRESH);

    refreshBtn.addClickListener(
        new Button.ClickListener() {

          private static final long serialVersionUID = 1L;

          @Override
          public void buttonClick(ClickEvent event) {

            queryAndRefresh(
                PerisaiUtil.convertDateToString(today, dtFormat),
                PerisaiUtil.convertDateToString(tmrw, dtFormat));
          }
        });

    // btnLayout.addComponent(exportBtn);
    // btnLayout.addComponent(refreshBtn);
    cell.setComponent(btnLayout);
  }
}
Esempio n. 3
0
  private void buildGrid() {

    // disable and change for ES Search

    Query query =
        this.buildESQuery(
            PerisaiUtil.convertDateToString(today, dtFormat),
            PerisaiUtil.convertDateToString(tmrw, dtFormat));
    List<EventThreatBean> list = this.getThreatsFromES(query);

    /*
    List<EventThreatBean> list = PerisaikonsolUI.getEventsDataProvider()
    		.getThreatEvents(PerisaiUtil.convertDateToString(today, dtFormat),
    				PerisaiUtil.convertDateToString(tmrw, dtFormat),groups);*/

    System.out.println("Total Events " + list.size());

    final BeanItemContainer<EventThreatBean> ds =
        new BeanItemContainer<EventThreatBean>(EventThreatBean.class, list);
    setCaption("Total events " + list.size());
    setContainerDataSource(ds);
    setImmediate(true);

    /*if(list.size()<7){
    	this.setHeightMode(HeightMode.ROW);
    	this.setHeightByRows(list.size());
    }*/

    setSizeFull();
    filterRow = appendHeaderRow();

    HeaderCell dateCell = filterRow.getCell("created");
    dateCell.setComponent(buildDateFilter());

    removeColumn("clientId");
    removeColumn("threatId");
    removeColumn("scanCode");

    setFrozenColumnCount(4);

    styleHeaders();

    setColumnOrder(
        "groupName",
        "clientName",
        "userName",
        "perisaiVersion",
        "created",
        "threatName",
        "fileName",
        "threatType",
        "threatLevel",
        "threatOperatingSystem",
        "actionTaken",
        "threatDescription");
    this.getColumn("fileName").setWidth(300);
    this.getColumn("threatDescription").setWidth(500);

    footer = appendFooterRow();
    footer.join(
        "groupName",
        "clientName",
        "userName",
        "perisaiVersion",
        "created",
        "threatName",
        "threatDescription",
        "fileName",
        "threatType",
        "threatLevel",
        "threatOperatingSystem",
        "actionTaken");

    // this.getColumn("created").setHeaderCaption("Event Date");

    buildFilters();

    buildFooterButtons();
  }
Esempio n. 4
0
  @SuppressWarnings({"unchecked", "rawtypes"})
  private List<EventThreatBean> getThreatsFromES(Query query) {

    List<EventThreatBean> threats = new ArrayList<EventThreatBean>();
    Integer total = new Integer(0);

    RootQuery root = new RootQuery(query, PerisaiConstant.START_REC, PerisaiConstant.REC_SIZE);
    String url = PerisaiConstant.PERISAI_ELASTICSEARCH_INDEX + "/threat/_search";
    System.out.println(url);
    // PerisaiUtil.printJson(root);

    String response = PerisaiUtil.sendJsonWithOutput(url, root, "POST");

    ObjectMapper mapper = new ObjectMapper();
    try {
      LinkedHashMap<String, Object> map =
          (LinkedHashMap<String, Object>) mapper.readValue(response, LinkedHashMap.class);
      LinkedHashMap<String, Object> hits = (LinkedHashMap<String, Object>) map.get("hits");

      total = (Integer) hits.get("total");

      System.out.println("Total records " + total);

      if (total.intValue() > 0) {
        // threats = new ArrayList<EventThreatBean>();

        ArrayList res = (ArrayList) hits.get("hits");
        System.out.println("Total res " + res.size());
        for (Object entry : res) {
          EventThreatBean threat = new EventThreatBean();

          LinkedHashMap<String, Object> hit = (LinkedHashMap<String, Object>) entry;
          LinkedHashMap<String, Object> source = (LinkedHashMap<String, Object>) hit.get("_source");
          threat.setThreatId(0);
          threat.setThreatName((String) source.get("threatName"));
          threat.setThreatDescription((String) source.get("threatDescription"));
          threat.setClientId((Integer) source.get("clientId"));
          threat.setClientName((String) source.get("clientName"));
          threat.setGroupName((String) source.get("groupName"));
          threat.setFileName((String) source.get("fileName"));
          threat.setThreatLevel((String) source.get("level"));
          threat.setThreatType((String) source.get("type"));
          threat.setActionTaken((String) source.get("actionTaken"));
          threat.setThreatOperatingSystem((String) source.get("operatingSystem"));
          threat.setPerisaiVersion((String) source.get("perisaiVersion"));
          threat.setUserName((String) source.get("userName"));

          String createdDate = (String) source.get("createdDate");
          DateTime dt = new DateTime(createdDate);

          threat.setCreated(dt.toDate());

          threats.add(threat);
        }
      }

    } catch (JsonParseException e) {
      e.printStackTrace();
    } catch (JsonMappingException e) {
      e.printStackTrace();
    } catch (IOException e) {
      e.printStackTrace();
    }

    return threats;
  }