Skip to content

Commit

Permalink
code cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@garanews
garanews committed Jul 29, 2019
1 parent b19bbaa commit 2746b20
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 20 deletions.
32 changes: 13 additions & 19 deletions mans_to_es/mans_to_es.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,25 +41,25 @@
],
"dateformat": "%Y-%m-%dT%H:%M:%SZ",
},
"processes-api": { ## OK
"processes-api": {
"key": "ProcessItem",
"datefield": ["startTime"],
"dateformat": "%Y-%m-%dT%H:%M:%SZ",
"message_fields": [["name"]],
},
"processes-memory": { ## OK
"processes-memory": {
"key": "ProcessItem",
"datefield": ["startTime"],
"dateformat": "%Y-%m-%dT%H:%M:%SZ",
"message_fields": [["name"]],
},
"urlhistory": { ## OK
"urlhistory": {
"key": "UrlHistoryItem",
"datefield": ["LastVisitDate"],
"dateformat": "%Y-%m-%dT%H:%M:%SZ",
"message_fields": [["URL"]],
},
"stateagentinspector": { ## OK
"stateagentinspector": {
"key": "eventItem",
"datefield": ["timestamp"],
"dateformat": "%Y-%m-%dT%H:%M:%S.%fZ",
Expand Down Expand Up @@ -201,13 +201,13 @@
},
},
},
"prefetch": { ## OK
"prefetch": {
"key": "PrefetchItem",
"datefield": ["LastRun", "Created"],
"dateformat": "%Y-%m-%dT%H:%M:%SZ",
"message_fields": [["ApplicationFileName"], ["ApplicationFileName"]],
},
"filedownloadhistory": { ## OK
"filedownloadhistory": {
"key": "FileDownloadHistoryItem",
"datefield": ["LastModifiedDate", "LastAccessedDate", "StartDate", "EndDate"],
"dateformat": "%Y-%m-%dT%H:%M:%SZ",
Expand All @@ -227,7 +227,7 @@
}


def output_dict(details, itemtype):
def output_dict(details):
"""
Output_dict: details column in stateagentinspector df contains all the row info
In:
Expand Down Expand Up @@ -415,9 +415,7 @@ def process(self):
# stateagentinspector have in eventType the main subtype and in timestamp usually the relative time
if filetype == "stateagentinspector":
df = df.rename(columns={"eventType": "message"})
df["datetime"] = df["timestamp"].apply(
lambda x: convert_date(x)
)
df["datetime"] = df["timestamp"].apply(lambda x: convert_date(x))
df["timestamp"] = df["datetime"].apply(
lambda x: convert_timestamp(
x, date_format="%Y-%m-%dT%H:%M:%S+00:00"
Expand All @@ -430,11 +428,7 @@ def process(self):
df[datefield] = df[datefield].apply(
lambda x: convert_date(x, type_name[filetype]["dateformat"])
)
df = df.drop(
["@created", "@sequence_num"],
axis=1,
errors="ignore",
)
df = df.drop(["@created", "@sequence_num"], axis=1, errors="ignore")
logging.debug("\tPreprocessing done")

# stateagentinspector is big and converted in parallel
Expand Down Expand Up @@ -490,7 +484,7 @@ def explode_stateagentinspector(self, edf, itemtype):
[
edf,
edf.apply(
lambda row: output_dict(row.details, itemtype),
lambda row: output_dict(row.details),
axis=1,
result_type="expand",
),
Expand Down Expand Up @@ -534,7 +528,7 @@ def to_elastic(self, end):
helpers.bulk(es, data, index=self.index, doc_type="generic_event")


def Main():
def main():
parser = argparse.ArgumentParser(
description="Push .mans information in Elasticsearch index", prog="MANS to ES"
)
Expand Down Expand Up @@ -562,7 +556,7 @@ def Main():
)

parser.add_argument(
"--version", dest="version", action="version", version="%(prog)s 1.0"
"--version", dest="version", action="version", version="%(prog)s 1.2"
)
args = parser.parse_args()

Expand All @@ -582,7 +576,7 @@ def Main():


if __name__ == "__main__":
if not Main():
if not main():
sys.exit(1)
else:
sys.exit(0)
2 changes: 1 addition & 1 deletion setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@

setuptools.setup(
name="mans_to_es",
version="1.0",
version="1.2",
author="LDO-CERT",
author_email="[email protected]",
description="Send .mans to ElasticSearch",
Expand Down

0 comments on commit 2746b20

Please sign in to comment.