print the max threshold of each tw in json format

stratosphereips · Jan 9, 2024 · 32692f6 · 32692f6
1 parent 5543e16
commit 32692f6
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 11 deletions.
diff --git a/scripts/extractor.py b/scripts/extractor.py
@@ -8,10 +8,15 @@
 
 """
 
-
 import json
 import sys
 import ipaddress
+from typing import Dict
+from pprint import pp
+
+tws = {}
+alertsjson = sys.argv[1]
+srcip = sys.argv[2]
 
 def count_and_print_duplicate_scores(scores: list):
     """
@@ -63,6 +68,20 @@ def count_and_print_duplicate_scores(scores: list):
             print(f"{prev_score} --  {ctr} times")
 
 
+def print_json_max_accumulated_score(
+        sorted_tws: Dict[str, float]
+    ):
+    """
+    prints this dict
+    {filename: { 'twid': max_acc_threat_level }}
+    """
+    res = {alertsjson: {} }
+    for timewindow, scores in sorted_tws.items():
+        timewindow: int
+        scores: list
+        res[alertsjson].update({timewindow: max(scores)})
+
+    pp(res)
 
 def print_max_accumulated_score(scores: list):
 
@@ -80,15 +99,13 @@ def get_ip_version(srcip):
 
 
 
-tws = {}
-alertsjson = sys.argv[1]
-srcip = sys.argv[2]
+
 
 ip_version: str = get_ip_version(srcip)
 
 with open(alertsjson, 'r') as f:
     lines_ctr = 0
-    while line:= f.readline():
+    while line := f.readline():
         lines_ctr += 1
         line: dict = json.loads(line)
         try:
@@ -111,12 +128,15 @@ def get_ip_version(srcip):
 
 #print(f"total alerts.json lines read: {lines_ctr}")
 
-sorted_dict = dict(sorted(tws.items()))
+sorted_tws = dict(sorted(tws.items()))
 
 
-for twid, scores in sorted_dict.items():
-    print(f"\n\ntimewindow {twid}\n")
+# for twid, scores in sorted_tws.items():
+    #print(f"\n\ntimewindow {twid}\n")
 
     #count_and_print_duplicate_scores(scores)
 
-    print_max_accumulated_score(scores)
+    #print_max_accumulated_score(scores)
+    # pass
+
+print_json_max_accumulated_score(sorted_tws)
diff --git a/utils/hash.py b/utils/hash.py
@@ -26,9 +26,17 @@ def get_aid(self, flow: dict):
             proto = flow['proto'].lower()
 
             if 'icmp' in proto:
-                tpl = cases['icmp'](ts, flow['saddr'], flow['daddr'], flow['type'], flow['code'])
+                tpl = cases['icmp'](ts,
+                                    flow['saddr'],
+                                    flow['daddr'],
+                                    flow['type'],
+                                    flow['code'])
             else:
-                tpl = cases[proto](ts, flow['saddr'], flow['daddr'], flow['sport'], flow['dport'])
+                tpl = cases[proto](ts,
+                                   flow['saddr'],
+                                   flow['daddr'],
+                                   flow['sport'],
+                                   flow['dport'])
 
             return self.aid.calc(tpl)
         except (KeyError, TypeError):