mentat.reports.event module

Library for generating event reports.

The implementation is based on mentat.reports.base.BaseReporter.

class mentat.reports.event.EventReporter(logger, reports_dir, templates_dir, locale, timezone, eventservice, sqlservice, mailer, event_classes_dir, thresholding=True)[source]

Bases: mentat.reports.base.BaseReporter

Implementation of reporting class providing Mentat event reports.

static aggregate_events(events)[source]

Aggregate given list of events to dictionary structure that can be used to generate report message.

Parameters

events (dict) – Structure containing events as mentat.idea.internal.Idea objects.

Returns

Dictionary structure of aggregated events.

Return type

dict

aggregate_relapsed_events(relapsed)[source]
Parameters

events (dict) – Dicetionary of events aggregated by threshold key.

Returns

Events aggregated by source.

Return type

dict

cleanup(ttl)[source]

Cleanup thresholding cache and remove all records with TTL older than given value.

Parameters

time_h (datetime.datetime) – Upper cleanup time threshold.

Returns

Number of removed records.

Return type

int

fetch_severity_events(abuse_group, severity, time_l, time_h, testdata=False)[source]

Fetch events with given severity for given abuse group within given time iterval.

Parameters

  • abuse_group – Abuse group model object.

  • severity (str) – Event severity level to fetch.

  • time_l (datetime.datetime) – Lower time interval boundary.

  • time_h (datetime.datetime) – Upper time interval boundary.

  • testdata (bool) – Switch to use test data for reporting.

Returns

List of events matching search criteria.

Return type

list

filter_event(filter_rules, event, to_db=True)[source]

Filter given event according to given list of filtering rules.

Parameters

  • filter_rules (list) – Filters to be used.

  • mentat.idea.internal.Idea – Event to be filtered.

  • to_db (bool) – Save hit to db.

Returns

True in case any filter matched, False otherwise.

Return type

bool

filter_events(events, abuse_group, settings)[source]

Filter given list of IDEA events according to given abuse group settings.

Parameters

  • events (list) – List of IDEA events as mentat.idea.internal.Idea objects.

  • mentat.datatype.sqldb.GroupModel – Abuse group.

  • settings (mentat.reports.event.ReportingSettings) – Reporting settings.

Returns

Tuple with list of events that passed filtering, aggregation of them and filtering log as a dictionary.

Return type

tuple

static j2t_idea_path_valueset(message_s, jpath_s)[source]

Calculate and return set of all values on all given jpaths in all given messages. Messages and jpaths can also be a single values.

static prepare_structured_data(events_reg_aggr, events_rel_aggr, settings)[source]

Prepare structured data for report column

Parameters
Returns

Structured data that cam be used to generate report message

Return type

dict

relapse_events(abuse_group, severity, time_h)[source]

Detect IDEA event relapses for given abuse group settings.

Parameters

  • mentat.datatype.sqldb.GroupModel – Abuse group.

  • severity (str) – Severity for which to perform reporting.

  • time_h (datetime.datetime) – Upper reporting time threshold.

Returns

List of events that relapsed.

Return type

list

render_report(report, settings, template_vars=None, srcip=None)[source]
report(abuse_group, settings, severity, time_l, time_h, template_vars=None, testdata=False)[source]

Perform reporting for given abuse group, event severity and time window.

Parameters

  • abuse_group (mentat.datatype.internal.GroupModel) – Abuse group.

  • settings (mentat.reports.event.ReportingSettings) – Reporting settings.

  • severity (str) – Severity for which to perform reporting.

  • time_l (datetime.datetime) – Lower reporting time threshold.

  • time_h (datetime.datetime) – Upper reporting time threshold.

  • template_vars (dict) – Dictionary containing additional template variables.

  • testdata (bool) – Switch to use test data for reporting.

report_extra(parent_rep, result, events, abuse_group, settings, severity, time_l, time_h, template_vars=None, testdata=False)[source]

Generate extra reports from given events for given abuse group, severity and period.

Parameters

  • parent_rep (mentat.datatype.internal.EventReportModel) – Parent summary report.

  • result (dict) – Reporting result structure with various usefull metadata.

  • events (dict) – Dictionary structure with IDEA events to be reported.

  • abuse_group (mentat.datatype.internal.GroupModel) – Abuse group.

  • settings (mentat.reports.event.ReportingSettings) – Reporting settings.

  • severity (str) – Severity for which to perform reporting.

  • time_l (datetime.datetime) – Lower reporting time threshold.

  • time_h (datetime.datetime) – Upper reporting time threshold.

  • template_vars (dict) – Dictionary containing additional template variables.

  • testdata (bool) – Switch to use test data for reporting.

report_summary(result, events, abuse_group, settings, severity, time_l, time_h, template_vars=None, testdata=False)[source]

Generate summary report from given events for given abuse group, severity and period.

Parameters

  • result (dict) – Reporting result structure with various usefull metadata.

  • events (dict) – Dictionary structure with IDEA events to be reported.

  • abuse_group (mentat.datatype.internal.GroupModel) – Abuse group.

  • settings (mentat.reports.event.ReportingSettings) – Reporting settings.

  • severity (str) – Severity for which to perform reporting.

  • time_l (datetime.datetime) – Lower reporting time threshold.

  • time_h (datetime.datetime) – Upper reporting time threshold.

  • template_vars (dict) – Dictionary containing additional template variables.

  • testdata (bool) – Switch to use test data for reporting.

threshold_events(events_aggr, abuse_group, severity, time_h)[source]

Threshold given list of IDEA events according to given abuse group settings.

Parameters

  • events_aggr (dict) – Aggregation of IDEA events as mentat.idea.internal.Idea objects by source.

  • mentat.datatype.sqldb.GroupModel – Abuse group.

  • severity (str) – Severity for which to perform reporting.

  • time_h (datetime.datetime) – Upper reporting time threshold.

Returns

List of events that passed thresholding.

Return type

list

update_thresholding_cache(events, settings, severity, time_h)[source]
Parameters

  • events (dict) – Dictionary structure with IDEA events that were reported.

  • settings (mentat.reports.event.ReportingSettings) – Reporting settings.

  • severity (str) – Severity for which to perform reporting.

  • time_h (datetime.datetime) – Upper reporting time threshold.

mentat.reports.event.REPORT_EMAIL_TEXT_WIDTH = 90

Width of the report email text.

mentat.reports.event.REPORT_SUBJECT_EXTRA = '[{:s}] {:s} - Notice about possible problems regarding host {:s}'

Subject for extra report emails.

mentat.reports.event.REPORT_SUBJECT_SUMMARY = '[{:s}] {:s} - Notice about possible problems in your network'

Subject for summary report emails.

mentat.reports.event.json_default(val)[source]

Helper function for JSON serialization of non basic data types.