hawat.blueprints.events.forms module

This module contains various IDEA event database search forms for Hawat application.

class hawat.blueprints.events.forms.EventDashboardForm(formdata=<object object>, **kwargs)[source]

Bases: flask_wtf.form.FlaskForm

Class representing event dashboard search form.

dt_from = <UnboundField(SmartDateTimeField, (l'From:',), {'default': <function EventDashboardForm.<lambda>>, 'description': l'Lower time boundary for event detection time as provided by event detector. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event detectors are usually outside of the control of Mentat system administrators and may sometimes emit events with invalid detection times, for example timestamps in the future.', 'validators': [<wtforms.validators.Optional object>]})>
dt_to = <UnboundField(SmartDateTimeField, (l'To:',), {'description': l'Upper time boundary for event detection time as provided by event detector. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event detectors are usually outside of the control of Mentat system administrators and may sometimes emit events with invalid detection times, for example timestamps in the future.', 'validators': [<wtforms.validators.Optional object>]})>
submit = <UnboundField(SubmitField, (l'Search',), {})>
class hawat.blueprints.events.forms.SimpleEventSearchForm(*args, **kwargs)[source]

Bases: hawat.forms.BaseSearchForm

Class representing simple event search form.

categories = <UnboundField(SelectMultipleField, (l'Categories:',), {'description': l'Specification of event category. Each event may be optionally assigned one or more labels to better categorize that event, for example as "Recon.Scanning", "Abusive.Spam", "Test" etc.', 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'validators': [<wtforms.validators.Optional object>], 'filters': [<function SimpleEventSearchForm.<lambda>>]})>
classes = <UnboundField(SelectMultipleField, (l'Classes:',), {'description': l'Specification of event class. Each event may be optionally assigned one class to better describe the event and group all similar events together for better processing. Event classification in internal feature of Mentat system for better event management.', 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'validators': [<wtforms.validators.Optional object>], 'filters': [<function SimpleEventSearchForm.<lambda>>]})>
description = <UnboundField(StringField, (l'Description:',), {'description': l'Specification of event description. Each event may be optionally assigned short descriptive string.', 'validators': [<wtforms.validators.Optional object>]})>
detector_types = <UnboundField(SelectMultipleField, (l'Detector types:',), {'description': l'Specification of event detector type. Each event detector may be optionally assigned one or more labels to better categorize that detector.', 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'validators': [<wtforms.validators.Optional object>], 'filters': [<function SimpleEventSearchForm.<lambda>>]})>
detectors = <UnboundField(SelectMultipleField, (l'Detectors:',), {'description': l'Name of the detector that detected the event.', 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'validators': [<wtforms.validators.Optional object>], 'filters': [<function SimpleEventSearchForm.<lambda>>]})>
dt_from = <UnboundField(SmartDateTimeField, (l'Detection time from:',), {'description': l'Lower time boundary for event detection time as provided by event detector. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event detectors are usually outside of the control of Mentat system administrators and may sometimes emit events with invalid detection times, for example timestamps in the future.', 'validators': [<wtforms.validators.Optional object>]})>
dt_to = <UnboundField(SmartDateTimeField, (l'Detection time to:',), {'description': l'Upper time boundary for event detection time as provided by event detector. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event detectors are usually outside of the control of Mentat system administrators and may sometimes emit events with invalid detection times, for example timestamps in the future.', 'validators': [<wtforms.validators.Optional object>]})>
groups = <UnboundField(QuerySelectMultipleField, (l'Abuse group:',), {'query_factory': <function get_available_groups>, 'description': l'Specification of the abuse group to whose constituency this event belongs based on one of the event source addresses.', 'allow_blank': False, 'get_pk': <function SimpleEventSearchForm.<lambda>>})>
host_addrs = <UnboundField(CommaListField, (l'Host addresses:',), {'description': l'Comma separated list of event source or target IP4/6 addresses, ranges or networks. Any additional whitespace is ignored and may be used for better readability.', 'widget': <wtforms.widgets.core.TextArea object>, 'validators': [<wtforms.validators.Optional object>, <function check_network_record_list>]})>
host_ports = <UnboundField(CommaListField, (l'Host ports:',), {'description': l'Comma separated list of source or target ports as integers. Any additional whitespace is ignored and may be used for better readability.', 'validators': [<wtforms.validators.Optional object>, <function check_port_list>]})>
host_types = <UnboundField(SelectMultipleField, (l'Host types:',), {'description': l'Specification of event source or target type. Each event source or target may be optionally assigned one or more labels to better categorize type of a source or target.', 'choices': [], 'validators': [<wtforms.validators.Optional object>], 'filters': [<function SimpleEventSearchForm.<lambda>>]})>
inspection_errs = <UnboundField(SelectMultipleField, (l'Inspection errors:',), {'description': l'Specification of possible event errors detected during event inspection by real-time event processing inspection daemon.', 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'validators': [<wtforms.validators.Optional object>], 'filters': [<function SimpleEventSearchForm.<lambda>>]})>
static is_multivalue(field_name)[source]

Check, if given form field is a multivalue field.

Parameters

field_name (str) – Name of the form field.

Returns

True, if the field can contain multiple values, False otherwise.

Return type

bool

not_categories = <UnboundField(BooleanField, (l'Negate category selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_classess = <UnboundField(BooleanField, (l'Negate class selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_detector_types = <UnboundField(BooleanField, (l'Negate detector_type selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_detectors = <UnboundField(BooleanField, (l'Negate detector selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_groups = <UnboundField(BooleanField, (l'Negate group selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_inspection_errs = <UnboundField(BooleanField, (l'Negate inspection error selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_protocols = <UnboundField(BooleanField, (l'Negate protocol selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_severities = <UnboundField(BooleanField, (l'Negate severity selection:',), {'validators': [<wtforms.validators.Optional object>]})>
protocols = <UnboundField(SelectMultipleField, (l'Protocols:',), {'description': l'Specification of one or more communication protocols involved in the event.', 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'validators': [<wtforms.validators.Optional object>], 'filters': [<function SimpleEventSearchForm.<lambda>>]})>
severities = <UnboundField(SelectMultipleField, (l'Severities:',), {'description': l'Specification of event severity. Each event may be optionally assigned one severity level, which can be then use during incident handling workflows to prioritize events.', 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'validators': [<wtforms.validators.Optional object>], 'filters': [<function SimpleEventSearchForm.<lambda>>]})>
sortby = <UnboundField(SelectField, (l'Sort by:',), {'default': 'time.desc', 'validators': [<wtforms.validators.Optional object>], 'choices': [('time.desc', l'by time descending'), ('time.asc', l'by time ascending'), ('detecttime.desc', l'by detection time descending'), ('detecttime.asc', l'by detection time ascending'), ('storagetime.desc', l'by storage time descending'), ('storagetime.asc', l'by storage time ascending')]})>
source_addrs = <UnboundField(CommaListField, (l'Source addresses:',), {'description': l'Comma separated list of event source IP4/6 addresses, ranges or networks. In this context a source does not necessarily mean a source of the connection, but rather a source of the problem as reported by a detector. Any additional whitespace is ignored and may be used for better readability.', 'widget': <wtforms.widgets.core.TextArea object>, 'validators': [<wtforms.validators.Optional object>, <function check_network_record_list>]})>
source_ports = <UnboundField(CommaListField, (l'Source ports:',), {'description': l'Comma separated list of source ports as integers. In this context a source does not necessarily mean a source of the connection, but rather a source of the problem as reported by a detector. Any additional whitespace is ignored and may be used for better readability.', 'validators': [<wtforms.validators.Optional object>, <function check_port_list>]})>
source_types = <UnboundField(SelectMultipleField, (l'Source types:',), {'description': l'Specification of event source type. Each event source may be optionally assigned one or more labels to better categorize type of a source.', 'choices': [], 'validators': [<wtforms.validators.Optional object>], 'filters': [<function SimpleEventSearchForm.<lambda>>]})>
st_from = <UnboundField(SmartDateTimeField, (l'Storage time from:',), {'description': l'Lower time boundary for event storage time. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event storage time is provided by Mentat system itself. It is a timestamp of the exact moment the event was stored into the database.', 'validators': [<wtforms.validators.Optional object>]})>
st_to = <UnboundField(SmartDateTimeField, (l'Storage time to:',), {'description': l'Upper time boundary for event storage time. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event storage time is provided by Mentat system itself. It is a timestamp of the exact moment the event was stored into the database.', 'validators': [<wtforms.validators.Optional object>]})>
target_addrs = <UnboundField(CommaListField, (l'Target addresses:',), {'description': l'Comma separated list of event target IP4/6 addresses, ranges or networks. In this context a target does not necessarily mean a target of the connection, but rather a victim of the problem as reported by a detector. Any additional whitespace is ignored and may be used for better readability.', 'widget': <wtforms.widgets.core.TextArea object>, 'validators': [<wtforms.validators.Optional object>, <function check_network_record_list>]})>
target_ports = <UnboundField(CommaListField, (l'Target ports:',), {'description': l'Comma separated list of target ports as integers. In this context a target does not necessarily mean a target of the connection, but rather a victim of the problem as reported by a detector. Any additional whitespace is ignored and may be used for better readability.', 'validators': [<wtforms.validators.Optional object>, <function check_port_list>]})>
target_types = <UnboundField(SelectMultipleField, (l'Target types:',), {'description': l'Specification of event target type. Each event target may be optionally assigned one or more labels to better categorize type of a target.', 'choices': [], 'validators': [<wtforms.validators.Optional object>], 'filters': [<function SimpleEventSearchForm.<lambda>>]})>
hawat.blueprints.events.forms.get_available_groups()[source]

Query the database for list of all available groups.