hawat.blueprints.events.forms module

This module contains various IDEA event database search forms for Hawat application.

class hawat.blueprints.events.forms.EventDashboardForm(*args, **kwargs)[source]

Bases: FlaskForm

Class representing event dashboard search form.

dt_from = <UnboundField(SmartDateTimeField, (l'From:',), {'validators': [<wtforms.validators.Optional object>], 'description': l'Lower time boundary for event detection time as provided by event detector. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event detectors are usually outside of the control of Mentat system administrators and may sometimes emit events with invalid detection times, for example timestamps in the future.', 'default': <function EventDashboardForm.<lambda>>})>
dt_to = <UnboundField(SmartDateTimeField, (l'To:',), {'validators': [<wtforms.validators.Optional object>], 'description': l'Upper time boundary for event detection time as provided by event detector. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event detectors are usually outside of the control of Mentat system administrators and may sometimes emit events with invalid detection times, for example timestamps in the future.', 'default': <function default_dt>})>
submit = <UnboundField(SubmitField, (l'Search',), {})>
class hawat.blueprints.events.forms.SimpleEventSearchForm(*args, **kwargs)[source]

Bases: BaseSearchForm

Class representing simple event search form.

categories = <UnboundField(SelectMultipleField, (l'Categories:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleEventSearchForm.<lambda>>], 'description': l'Specification of event category. Each event may be optionally assigned one or more labels to better categorize that event, for example as "Recon.Scanning", "Abusive.Spam", "Test" etc.'})>
classes = <UnboundField(SelectMultipleField, (l'Classes:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleEventSearchForm.<lambda>>], 'description': l'Specification of event class. Each event may be optionally assigned one class to better describe the event and group all similar events together for better processing. Event classification in internal feature of Mentat system for better event management.'})>
description = <UnboundField(StringField, (l'Description:',), {'validators': [<wtforms.validators.Optional object>, <function check_null_character>], 'description': l'Specification of event description. Each event may be optionally assigned short descriptive string.'})>
detector_types = <UnboundField(SelectMultipleField, (l'Detector types:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleEventSearchForm.<lambda>>], 'description': l'Specification of event detector type. Each event detector may be optionally assigned one or more labels to better categorize that detector.'})>
detectors = <UnboundField(SelectMultipleField, (l'Detectors:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleEventSearchForm.<lambda>>], 'description': l'Name of the detector that detected the event.'})>
dt_from = <UnboundField(SmartDateTimeField, (l'Detection time from:',), {'validators': [<wtforms.validators.Optional object>], 'description': l'Lower time boundary for event detection time as provided by event detector. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event detectors are usually outside of the control of Mentat system administrators and may sometimes emit events with invalid detection times, for example timestamps in the future.', 'default': <function SimpleEventSearchForm.<lambda>>})>
dt_to = <UnboundField(SmartDateTimeField, (l'Detection time to:',), {'validators': [<wtforms.validators.Optional object>], 'description': l'Upper time boundary for event detection time as provided by event detector. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event detectors are usually outside of the control of Mentat system administrators and may sometimes emit events with invalid detection times, for example timestamps in the future.', 'default': <function default_dt>})>
groups = <UnboundField(QuerySelectMultipleField, (l'Abuse group:',), {'query_factory': <function get_available_groups>, 'allow_blank': False, 'get_pk': <function SimpleEventSearchForm.<lambda>>, 'description': l'Specification of the abuse group to whose constituency this event belongs based on one of the event source addresses.'})>
host_addrs = <UnboundField(CommaListField, (l'Host addresses:',), {'validators': [<wtforms.validators.Optional object>, <function check_network_record_list>], 'widget': <wtforms.widgets.core.TextArea object>, 'description': l'Comma separated list of event source or target IP4/6 addresses, ranges or networks. Any additional whitespace is ignored and may be used for better readability.'})>
host_ports = <UnboundField(CommaListField, (l'Host ports:',), {'validators': [<wtforms.validators.Optional object>, <function check_port_list>], 'description': l'Comma separated list of source or target ports as integers. Any additional whitespace is ignored and may be used for better readability.'})>
host_types = <UnboundField(SelectMultipleField, (l'Host types:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [], 'filters': [<function SimpleEventSearchForm.<lambda>>], 'description': l'Specification of event source or target type. Each event source or target may be optionally assigned one or more labels to better categorize type of a source or target.'})>
inspection_errs = <UnboundField(SelectMultipleField, (l'Inspection errors:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleEventSearchForm.<lambda>>], 'description': l'Specification of possible event errors detected during event inspection by real-time event processing inspection daemon.'})>
static is_multivalue(field_name)[source]

Check, if given form field is a multivalue field.

Parameters

field_name (str) – Name of the form field.

Returns

True, if the field can contain multiple values, False otherwise.

Return type

bool

not_categories = <UnboundField(BooleanField, (l'Negate category selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_classess = <UnboundField(BooleanField, (l'Negate class selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_detector_types = <UnboundField(BooleanField, (l'Negate detector_type selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_detectors = <UnboundField(BooleanField, (l'Negate detector selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_groups = <UnboundField(BooleanField, (l'Negate group selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_inspection_errs = <UnboundField(BooleanField, (l'Negate inspection error selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_protocols = <UnboundField(BooleanField, (l'Negate protocol selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_severities = <UnboundField(BooleanField, (l'Negate severity selection:',), {'validators': [<wtforms.validators.Optional object>]})>
protocols = <UnboundField(SelectMultipleField, (l'Protocols:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleEventSearchForm.<lambda>>], 'description': l'Specification of one or more communication protocols involved in the event.'})>
severities = <UnboundField(SelectMultipleField, (l'Severities:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleEventSearchForm.<lambda>>], 'description': l'Specification of event severity. Each event may be optionally assigned one severity level, which can be then use during incident handling workflows to prioritize events.'})>
sortby = <UnboundField(SelectField, (l'Sort by:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('time.desc', l'by time descending'), ('time.asc', l'by time ascending'), ('detecttime.desc', l'by detection time descending'), ('detecttime.asc', l'by detection time ascending'), ('storagetime.desc', l'by storage time descending'), ('storagetime.asc', l'by storage time ascending')], 'default': 'time.desc'})>
source_addrs = <UnboundField(CommaListField, (l'Source addresses:',), {'validators': [<wtforms.validators.Optional object>, <function check_network_record_list>], 'widget': <wtforms.widgets.core.TextArea object>, 'description': l'Comma separated list of event source IP4/6 addresses, ranges or networks. In this context a source does not necessarily mean a source of the connection, but rather a source of the problem as reported by a detector. Any additional whitespace is ignored and may be used for better readability.'})>
source_ports = <UnboundField(CommaListField, (l'Source ports:',), {'validators': [<wtforms.validators.Optional object>, <function check_port_list>], 'description': l'Comma separated list of source ports as integers. In this context a source does not necessarily mean a source of the connection, but rather a source of the problem as reported by a detector. Any additional whitespace is ignored and may be used for better readability.'})>
source_types = <UnboundField(SelectMultipleField, (l'Source types:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [], 'filters': [<function SimpleEventSearchForm.<lambda>>], 'description': l'Specification of event source type. Each event source may be optionally assigned one or more labels to better categorize type of a source.'})>
st_from = <UnboundField(SmartDateTimeField, (l'Storage time from:',), {'validators': [<wtforms.validators.Optional object>], 'description': l'Lower time boundary for event storage time. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event storage time is provided by Mentat system itself. It is a timestamp of the exact moment the event was stored into the database.'})>
st_to = <UnboundField(SmartDateTimeField, (l'Storage time to:',), {'validators': [<wtforms.validators.Optional object>], 'description': l'Upper time boundary for event storage time. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event storage time is provided by Mentat system itself. It is a timestamp of the exact moment the event was stored into the database.'})>
target_addrs = <UnboundField(CommaListField, (l'Target addresses:',), {'validators': [<wtforms.validators.Optional object>, <function check_network_record_list>], 'widget': <wtforms.widgets.core.TextArea object>, 'description': l'Comma separated list of event target IP4/6 addresses, ranges or networks. In this context a target does not necessarily mean a target of the connection, but rather a victim of the problem as reported by a detector. Any additional whitespace is ignored and may be used for better readability.'})>
target_ports = <UnboundField(CommaListField, (l'Target ports:',), {'validators': [<wtforms.validators.Optional object>, <function check_port_list>], 'description': l'Comma separated list of target ports as integers. In this context a target does not necessarily mean a target of the connection, but rather a victim of the problem as reported by a detector. Any additional whitespace is ignored and may be used for better readability.'})>
target_types = <UnboundField(SelectMultipleField, (l'Target types:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [], 'filters': [<function SimpleEventSearchForm.<lambda>>], 'description': l'Specification of event target type. Each event target may be optionally assigned one or more labels to better categorize type of a target.'})>
hawat.blueprints.events.forms.get_available_groups()[source]

Query the database for list of all available groups.