|
|
@@ -15,8 +15,8 @@ _date = "(^[A-Z][a-z]{2}) ([0-9]{2}) ([0-9]{2})\:([0-9]){2}\:([0-9]{2})"
|
|
|
_ip = "\d+\.\d+\.\d+\.\d+"
|
|
|
_regex = {
|
|
|
'login':{'pattern':f'{_date} .*Accepted password for ([a-z]+) from ({_ip})', 'columns':['month','day','hour','minute','second','user','ip']},
|
|
|
- 'attacks':{'pattern':f'{_date} .*Invalid user ([a-z,0-6]+) from ({_ip})','columns':['month','day','hour','minute','second','user','ip']},
|
|
|
- 'risk':{'pattern':f'{_date} .*Failed password for ([a-z,0-6]+) from ({_ip})','columns':['month','day','hour','minute','second','user','ip']} #-- accounts at risk
|
|
|
+ 'attacks':{'pattern':f'{_date} .*Invalid user ([a-z,0-9]+) from ({_ip})','columns':['month','day','hour','minute','second','user','ip']},
|
|
|
+ 'risk':{'pattern':f'{_date} .*Failed password for ([a-z,0-9]+) from ({_ip})','columns':['month','day','hour','minute','second','user','ip']} #-- accounts at risk
|
|
|
|
|
|
}
|
|
|
_map = {'Jan':1,'Feb':2,'Mar':3,'Apr':4,'May':5,'Jun':6,'Jul':7,'Aug':8,'Sep':9,'Oct':10,'Nov':11,'Dec':12}
|
|
|
@@ -27,7 +27,7 @@ def risk (_content,_id='user'):
|
|
|
_df = pd.DataFrame(_content)
|
|
|
_g = _df.groupby([_id]).apply(lambda row: {'start_date':row.date.min(),'end_date':row.date.max() ,'count':row[_id].size} )
|
|
|
_df = pd.DataFrame(_g.tolist())
|
|
|
- _df['user'] = _g.index
|
|
|
+ _df[_id] = _g.index
|
|
|
_df.start_date = _df.start_date.astype(str)
|
|
|
_df.end_date = _df.end_date.astype(str)
|
|
|
return _df
|
Steve Nyemba