hawat.blueprints.timeline.forms module

This module contains custom IDEA event timeline search form for Hawat application.

class hawat.blueprints.timeline.forms.SimpleTimelineSearchForm(*args, **kwargs)[source]

Bases: FlaskForm

Class representing simple event timeline search form.

aggregations = <UnboundField(SelectMultipleField, (l'Restrict only to selected aggregations:',), {'validators': [<wtforms.validators.Optional object>], 'filters': [<function SimpleTimelineSearchForm.<lambda>>], 'description': l'Choose only which aggregation calculations to perform. When left empty all calculations will be performed.'})>
categories = <UnboundField(SelectMultipleField, (l'Categories:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleTimelineSearchForm.<lambda>>], 'description': l'Specification of event category. Each event may be optionally assigned one or more labels to better categorize that event, for example as "Recon.Scanning", "Abusive.Spam", "Test" etc.'})>
classes = <UnboundField(SelectMultipleField, (l'Classes:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleTimelineSearchForm.<lambda>>], 'description': l'Specification of event class. Each event may be optionally assigned one class to better describe the event and group all similar events together for better processing. Event classification in internal feature of Mentat system for better event management.'})>
description = <UnboundField(StringField, (l'Description:',), {'validators': [<wtforms.validators.Optional object>, <function check_null_character>], 'description': l'Specification of event description. Each event may be optionally assigned short descriptive string.'})>
detector_types = <UnboundField(SelectMultipleField, (l'Detector types:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleTimelineSearchForm.<lambda>>], 'description': l'Specification of event detector type. Each event detector may be optionally assigned one or more labels to better categorize that detector.'})>
detectors = <UnboundField(SelectMultipleField, (l'Detectors:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleTimelineSearchForm.<lambda>>], 'description': l'Name of the detector that detected the event.'})>
dt_from = <UnboundField(SmartDateTimeField, (l'Detection time from:',), {'validators': [<wtforms.validators.Optional object>], 'description': l'Lower time boundary for event detection time as provided by event detector. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event detectors are usually outside of the control of Mentat system administrators and may sometimes emit events with invalid detection times, for example timestamps in the future.', 'default': <function SimpleTimelineSearchForm.<lambda>>})>
dt_to = <UnboundField(SmartDateTimeField, (l'Detection time to:',), {'validators': [<wtforms.validators.Optional object>], 'description': l'Upper time boundary for event detection time as provided by event detector. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event detectors are usually outside of the control of Mentat system administrators and may sometimes emit events with invalid detection times, for example timestamps in the future.', 'default': <function default_dt>})>
groups = <UnboundField(QuerySelectMultipleField, (l'Abuse group:',), {'query_factory': <function get_available_groups>, 'allow_blank': False, 'get_pk': <function SimpleTimelineSearchForm.<lambda>>, 'description': l'Specification of the abuse group to whose constituency this event belongs based on one of the event source addresses.'})>
host_addrs = <UnboundField(CommaListField, (l'Host addresses:',), {'validators': [<wtforms.validators.Optional object>, <function check_network_record_list>], 'widget': <wtforms.widgets.core.TextArea object>, 'description': l'Comma separated list of event source or target IP4/6 addresses, ranges or networks. Any additional whitespace is ignored and may be used for better readability.'})>
host_ports = <UnboundField(CommaListField, (l'Host ports:',), {'validators': [<wtforms.validators.Optional object>, <function check_port_list>], 'description': l'Comma separated list of source or target ports as integers. Any additional whitespace is ignored and may be used for better readability.'})>
host_types = <UnboundField(SelectMultipleField, (l'Host types:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [], 'filters': [<function SimpleTimelineSearchForm.<lambda>>], 'description': l'Specification of event source or target type. Each event source or target may be optionally assigned one or more labels to better categorize type of a source or target.'})>
inspection_errs = <UnboundField(SelectMultipleField, (l'Inspection errors:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleTimelineSearchForm.<lambda>>], 'description': l'Specification of possible event errors detected during event inspection by real-time event processing inspection daemon.'})>
static is_multivalue(field_name)[source]

Check, if given form field is a multivalue field.

Parameters

field_name (str) – Name of the form field.

Returns

True, if the field can contain multiple values, False otherwise.

Return type

bool

limit = <UnboundField(IntegerField, (l'Toplist limit:',), {'validators': [<wtforms.validators.Optional object>, <wtforms.validators.NumberRange object>], 'default': 20, 'description': l'Perform toplisting to given limit for certain calculations like IP addresses and ports.'})>
not_categories = <UnboundField(BooleanField, (l'Negate category selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_classess = <UnboundField(BooleanField, (l'Negate class selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_detector_types = <UnboundField(BooleanField, (l'Negate detector_type selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_detectors = <UnboundField(BooleanField, (l'Negate detector selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_groups = <UnboundField(BooleanField, (l'Negate group selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_inspection_errs = <UnboundField(BooleanField, (l'Negate inspection error selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_protocols = <UnboundField(BooleanField, (l'Negate protocol selection:',), {'validators': [<wtforms.validators.Optional object>]})>
not_severities = <UnboundField(BooleanField, (l'Negate severity selection:',), {'validators': [<wtforms.validators.Optional object>]})>
protocols = <UnboundField(SelectMultipleField, (l'Protocols:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleTimelineSearchForm.<lambda>>], 'description': l'Specification of one or more communication protocols involved in the event.'})>
section = <UnboundField(SelectField, (l'Calculate section:',), {'validators': [<wtforms.validators.Optional object>], 'filters': [<function SimpleTimelineSearchForm.<lambda>>], 'default': ''})>
severities = <UnboundField(SelectMultipleField, (l'Severities:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [('__EMPTY__', l'<< without value >>'), ('__ANY__', l'<< any value >>')], 'filters': [<function SimpleTimelineSearchForm.<lambda>>], 'description': l'Specification of event severity. Each event may be optionally assigned one severity level, which can be then use during incident handling workflows to prioritize events.'})>
source_addrs = <UnboundField(CommaListField, (l'Source addresses:',), {'validators': [<wtforms.validators.Optional object>, <function check_network_record_list>], 'widget': <wtforms.widgets.core.TextArea object>, 'description': l'Comma separated list of event source IP4/6 addresses, ranges or networks. In this context a source does not necessarily mean a source of the connection, but rather a source of the problem as reported by a detector. Any additional whitespace is ignored and may be used for better readability.'})>
source_ports = <UnboundField(CommaListField, (l'Source ports:',), {'validators': [<wtforms.validators.Optional object>, <function check_port_list>], 'description': l'Comma separated list of source ports as integers. In this context a source does not necessarily mean a source of the connection, but rather a source of the problem as reported by a detector. Any additional whitespace is ignored and may be used for better readability.'})>
source_types = <UnboundField(SelectMultipleField, (l'Source types:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [], 'filters': [<function SimpleTimelineSearchForm.<lambda>>], 'description': l'Specification of event source type. Each event source may be optionally assigned one or more labels to better categorize type of a source.'})>
st_from = <UnboundField(SmartDateTimeField, (l'Storage time from:',), {'validators': [<wtforms.validators.Optional object>], 'description': l'Lower time boundary for event storage time. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event storage time is provided by Mentat system itself. It is a timestamp of the exact moment the event was stored into the database.'})>
st_to = <UnboundField(SmartDateTimeField, (l'Storage time to:',), {'validators': [<wtforms.validators.Optional object>], 'description': l'Upper time boundary for event storage time. Timestamp is expected to be in the format <code>YYYY-MM-DD hh:mm:ss</code> and in the timezone according to the user`s preferences. Event storage time is provided by Mentat system itself. It is a timestamp of the exact moment the event was stored into the database.'})>
submit = <UnboundField(SubmitField, (l'Search',), {})>
target_addrs = <UnboundField(CommaListField, (l'Target addresses:',), {'validators': [<wtforms.validators.Optional object>, <function check_network_record_list>], 'widget': <wtforms.widgets.core.TextArea object>, 'description': l'Comma separated list of event target IP4/6 addresses, ranges or networks. In this context a target does not necessarily mean a target of the connection, but rather a victim of the problem as reported by a detector. Any additional whitespace is ignored and may be used for better readability.'})>
target_ports = <UnboundField(CommaListField, (l'Target ports:',), {'validators': [<wtforms.validators.Optional object>, <function check_port_list>], 'description': l'Comma separated list of target ports as integers. In this context a target does not necessarily mean a target of the connection, but rather a victim of the problem as reported by a detector. Any additional whitespace is ignored and may be used for better readability.'})>
target_types = <UnboundField(SelectMultipleField, (l'Target types:',), {'validators': [<wtforms.validators.Optional object>], 'choices': [], 'filters': [<function SimpleTimelineSearchForm.<lambda>>], 'description': l'Specification of event target type. Each event target may be optionally assigned one or more labels to better categorize type of a target.'})>
hawat.blueprints.timeline.forms.get_available_groups()[source]

Query the database for list of all available groups.