Skip to content

Instantly share code, notes, and snippets.

@rjurney

rjurney/beaconingFeature.scala

Created April 13, 2014 21:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rjurney/10602837 to your computer and use it in GitHub Desktop.
Save rjurney/10602837 to your computer and use it in GitHub Desktop.
Download ZIP
How to return an eventTime sorted array of values for each unique grouping of (periodSeconds, cIp, csHost, requestMethod, userAgent)
Raw
beaconingFeature.scala
package com.securityx.modelfeature.resources
import javax.ws.rs.{QueryParam, GET, Produces, Path}
import scala.Array
import javax.ws.rs.core.{Response, MediaType}
import org.slf4j.{LoggerFactory, Logger}
import org.joda.time.format.{ISODateTimeFormat, DateTimeFormatter}
import org.joda.time.DateTimeZone
import com.securityx.modelfeature.dao.{FeatureDao, BeaconActivityDao}
import com.fasterxml.jackson.databind.ObjectMapper
import com.fasterxml.jackson.module.scala.DefaultScalaModule
import com.securityx.modelfeature.ModelFeatureConfiguration
import com.sun.corba.se.spi.activation._ActivatorImplBase
@Path ("/beaconingactivities")
@Produces(Array(MediaType.APPLICATION_JSON))
class BeaconingActivityFeature (val conf:ModelFeatureConfiguration) {
private final val LOGGER: Logger = LoggerFactory.getLogger(classOf[BluecoatFeature])
private val beaconingActivityDao = new BeaconActivityDao
@GET
@Path("/beaconingSeries")
def getBeaconingSeries(@QueryParam("isoStartTime") isoStartTime : String,
@QueryParam("isoEndTime") isoEndTime : String,
@QueryParam("period") periodInt : Integer) = {
val buf = beaconingActivityDao.getBeaconingSeries(isoStartTime, isoEndTime, periodInt);
val mapper = new ObjectMapper()
mapper.registerModule(DefaultScalaModule)
// I want to group by these values so the key is can also serialize to a json object
val groups = buf.groupBy(x=>List(x.get("periodSeconds"), x.get("cIp"), x.get("csHost"), x.get("requestMethod"), x.get("userAgent")))
val groupJson = mapper.writeValueAsString(groups)
Response.ok(groupJson).build()
}
}
Raw
data.json
{
"List(Some(3600), Some(45.14.1.135), Some(www.bangedup.com), Some(GET), Some(\"Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.11\"))": [
{
"sld": "bangedup.com",
"periodSeconds": 3600,
"cIp": "45.14.1.135",
"confidence": 0.4,
"csHost": "www.bangedup.com",
"eventTime": "2014-04-08T21:00:00.000Z",
"requestMethod": "GET",
"interval": 12.0,
"risk": 99.79047619047618,
"userAgent": "\"Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.11\""
}
],
"List(Some(3600), Some(45.14.1.137), Some(ebay.doubleclick.net), Some(GET), Some(\"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\"))": [
{
"sld": "doubleclick.net",
"periodSeconds": 3600,
"cIp": "45.14.1.137",
"confidence": 0.0,
"csHost": "ebay.doubleclick.net",
"eventTime": "2014-04-08T22:00:00.000Z",
"requestMethod": "GET",
"interval": 26.0,
"risk": 60.71428571428572,
"userAgent": "\"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\""
}
],
"List(Some(3600), Some(45.14.1.145), Some(cgi.ebay.com), Some(GET), Some(\"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\"))": [
{
"sld": "ebay.com",
"periodSeconds": 3600,
"cIp": "45.14.1.145",
"confidence": 0.0,
"csHost": "cgi.ebay.com",
"eventTime": "2014-04-08T22:00:00.000Z",
"requestMethod": "GET",
"interval": 127.0,
"risk": 39.26732150600034,
"userAgent": "\"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\""
}
],
"List(Some(3600), Some(82.115.68.247), Some(-), Some(unknown), Some(-))": [
{
"sld": "-",
"periodSeconds": 3600,
"cIp": "82.115.68.247",
"confidence": 0.8,
"csHost": "-",
"eventTime": "2014-04-08T21:00:00.000Z",
"requestMethod": "unknown",
"interval": 110.0,
"risk": 93.64181662382177,
"userAgent": "-"
},
{
"sld": "-",
"periodSeconds": 3600,
"cIp": "82.115.68.247",
"confidence": 0.0,
"csHost": "-",
"eventTime": "2014-04-08T22:00:00.000Z",
"requestMethod": "unknown",
"interval": 222.0,
"risk": 94.52786119452786,
"userAgent": "-"
}
],
}
@rjurney
Copy link
Author

rjurney commented Apr 14, 2014

Group key: "Map(csHost -> Some(192.16.170.42), cIp -> Some(202.201.249.222), userAgent -> Some(-), requestMethod -> Some(POST), periodSeconds -> Some(3600))"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment