41 lines
2.2 KiB
Go
41 lines
2.2 KiB
Go
package attackevent
|
||
|
||
import (
|
||
"bytes"
|
||
"dt_automate/conn"
|
||
"dt_automate/tool"
|
||
"encoding/json"
|
||
"fmt"
|
||
"log"
|
||
"net/url"
|
||
"time"
|
||
)
|
||
|
||
// var cookieStr string
|
||
|
||
func Fw_event() {
|
||
//当前时间
|
||
EndTime := time.Unix(tool.Timestamp("second"), 0).Format("2006-01-02T15:04:05")
|
||
//今天0点
|
||
StartTime := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Format("2006-01-02T15:04:05")
|
||
// 构建 x-www-form-urlencoded 格式的请求体
|
||
values := url.Values{}
|
||
values.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0' xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime+"</StartTime><EndTime>"+EndTime+"</EndTime></TimeFilter><PageNo>1</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{"SrcZoneName":"Untrust","DestZoneName":"Trust"}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
|
||
values.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
|
||
header := map[string]string{
|
||
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
|
||
"referer": "https://11.2.68.146/wnm/frame/index.php",
|
||
"cookie": cookieStr,
|
||
}
|
||
datas := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values.Encode()))["NTOP"].(map[string]interface{})["LogPaging"]
|
||
var a map[string]interface{}
|
||
for v, k := range datas.([]interface{}) {
|
||
b := k.(map[string]interface{})["OutputJSON"].(string)
|
||
if err := json.Unmarshal([]byte(b), &a); err != nil {
|
||
log.Fatalf("Failed to unmarshal JSON: %v", err)
|
||
}
|
||
fmt.Println(v, a)
|
||
// fmt.Printf("序号:%d,攻击时间:[%s],安全域:%s-%s##攻击源IP:%s#目的源IP:%s:%s,攻击类型:%s,应用协议:%s,请求域名:%s\n", v, a["Time"], a["SrcZoneName"], a["DestZoneName"], a["SrcIPAddr"], a["DestIPAddr"], strconv.FormatFloat(a["DestPort"].(float64), 'f', 0, 64), a["ThreatName"], a["Application"], a["HttpHost"])
|
||
}
|
||
}
|