Mathias Vagnes 1 year ago
parent
commit
cbb7e2cf81

BIN
part_a/uc3ima051_vagnes_1.pdf


File diff suppressed because it is too large
+ 34 - 28
part_a/uc3ima051_vagnes_1.tex


+ 22 - 0
workings/results/alienvault.txt

@@ -0,0 +1,22 @@
+259
+
+US, 90
+CN, 25
+KR, 15
+TW, 13
+JP, 13
+"", 10
+RU, 7
+SC, 7
+NL, 5
+IN, 5
+SE, 5
+TR, 5
+UA, 4
+VN, 4
+BR, 4
+FR, 4
+RO, 3
+GB, 3
+NO, 3
+MY, 2

+ 20 - 0
workings/src/alienvault.py

@@ -0,0 +1,20 @@
+import csv
+from xinit import *
+
+alienvault = []
+alienvault_db = db["alienvault"]
+
+for document in tqdm(alienvault_db.find({"ip": {"$exists": True}}), total=84508):
+    alienvault.append({"ip": document["ip"], "country": document["Country"]})
+
+bad_ips = 0
+bad_countries = []
+
+for source in tqdm(alienvault):
+    av_ip = collection.find_one({"src_ip": source["ip"]})
+    if av_ip:
+        bad_ips += 1
+        bad_countries.append(source["country"])
+
+pprint(bad_ips)
+pprint(Counter(bad_countries).most_common(20))

+ 1 - 9
workings/tools/cowrie-analyser.py

@@ -1,17 +1,9 @@
-import operator
 import glob
 import os
 import matplotlib.pyplot as plt
 from dateutil.parser import parse
 from datetime import timedelta
-from collections import defaultdict
-from pymongo import MongoClient
-from tqdm import tqdm
-
-client = MongoClient()
-db = client["cowrie_full"]
-collection = db["cowrie_full"]
-
+from xinit import *
 
 def bin_by_hours(given_time, bin_amt):
     return given_time - timedelta(hours=given_time.hour % bin_amt, minutes=given_time.minute,

+ 0 - 1
workings/src/failed_login.py

@@ -1,4 +1,3 @@
-import operator
 from xinit import *
 
 sources = defaultdict(int)

+ 0 - 1
workings/src/succeeded_login.py

@@ -1,4 +1,3 @@
-import operator
 from xinit import *
 
 sources = defaultdict(int)

+ 1 - 0
workings/src/xinit.py

@@ -1,3 +1,4 @@
+import operator
 from pymongo import MongoClient
 from tqdm import tqdm
 from pprint import pprint

+ 26 - 0
workings/tools/alienvault_to_mongo.py

@@ -0,0 +1,26 @@
+import csv
+import os
+from tqdm import tqdm
+from pymongo import MongoClient
+
+client = MongoClient()
+db = client["cowrie_full"]
+collection = db["alienvault"]
+
+final_data = []
+
+with open("../data/alienvault.data") as file:
+    data_csv = csv.reader(file, delimiter="#")
+    for k, v in enumerate(data_csv):
+        document = {"ip": v[0],
+                    "Risk": v[1],
+                    "Reliability": v[2],
+                    "Activity": v[3],
+                    "Country": v[4],
+                    "City": v[5]}
+
+        final_data.append(document)
+
+collection.insert_many(final_data)
+
+# print(final_data)

+ 0 - 13
workings/tools/csv_to_mongo.py

@@ -1,13 +0,0 @@
-import csv
-import os
-from tqdm import tqdm
-from pymongo import MongoClient
-
-client = MongoClient()
-db = client["ti_dbs"]
-collection = db["alienvault"]
-
-with open("./alien_vault.csv") as file:
-    data_csv = [csv.reader(line) for line in file]
-    print(type(data_csv))
-    collection.insert_many(data_csv)