dt_automate/attack_event/fw.go

package attackevent

import (
	"bytes"
	"dt_automate/conn"
	"dt_automate/tool"
	"encoding/json"
	"fmt"
	"log"
	"net/url"
	"strconv"
	"time"

	"github.com/Esword618/unioffice/schema/soo/sml"
	"github.com/Esword618/unioffice/spreadsheet"
)

var cookieStr string

// 传入cookie
func Fw_event(cookieStr string) {
	ss := spreadsheet.New()
	sheet := ss.AddSheet()
	// sheet.SetFrozen(true, false)
	v := sheet.InitialView()
	v.SetState(sml.ST_PaneStateFrozen)
	v.SetXSplit(0) //冻结列
	v.SetYSplit(1) //冻结行
	// v.SetTopLeft("B2")
	// // 获取第一个工作表
	// sheet, err := ss.GetSheet("Sheet2")
	// if err != nil {
	// 	log.Println(err)
	// }
	sheet.Cell("A1").SetString("序号")
	sheet.Cell("B1").SetString("攻击时间")
	sheet.Cell("C1").SetString("源安全域")
	sheet.Cell("D1").SetString("目的安全域")
	sheet.Cell("E1").SetString("源IP")
	sheet.Cell("F1").SetString("目的IP")
	sheet.Cell("G1").SetString("目的端口")
	sheet.Cell("H1").SetString("攻击类型")
	sheet.Cell("I1").SetString("应用协议")
	sheet.Cell("J1").SetString("域名（host）")

	//当前时间
	EndTime := time.Unix(tool.Timestamp("second"), 0).Format("2006-01-02T15:04:05")
	//今天0点
	StartTime := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Format("2006-01-02T15:04:05")
	// 构建 x-www-form-urlencoded 格式的请求体
	values := url.Values{}
	values.Add("xml", "<rpc message-id='101' xmlns='urn:ietf:params:xml:ns:netconf:base:1.0'  xmlns:web='urn:ietf:params:xml:ns:netconf:base:1.0'><get-bulk><filter type='subtree'><top xmlns='http://www.unis.cn/netconf/data:1.0' xmlns:web='http://www.unis.cn/netconf/base:1.0' xmlns:data='http://www.unis.cn/netconf/data:1.0'><NTOP><LogPaging><Log><LogType>1</LogType><UserID/><ID/><TimeFilter><StartTime>"+StartTime+"</StartTime><EndTime>"+EndTime+"</EndTime></TimeFilter><PageNo>1</PageNo><CountPerPage>200</CountPerPage><TotalCounts/><InputJSON>{&#34;SrcZoneName&#34;:&#34;Untrust&#34;,&#34;DestZoneName&#34;:&#34;Trust&#34;}</InputJSON><OutputJSON/></Log></LogPaging></NTOP></top></filter></get-bulk></rpc>")
	values.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog")
	header := map[string]string{
		"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
		"referer":      "https://11.2.68.146/wnm/frame/index.php",
		"cookie":       cookieStr,
	}
	datas := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values.Encode()))["NTOP"].(map[string]interface{})["LogPaging"]
	var a map[string]interface{}
	for v, k := range datas.([]interface{}) {
		b := k.(map[string]interface{})["OutputJSON"].(string)
		if err := json.Unmarshal([]byte(b), &a); err != nil {
			log.Fatalf("Failed to unmarshal JSON: %v", err)
		}
		fmt.Println(v, a)
		fmt.Printf("序号：%d,攻击时间：[%s],安全域：%s-%s##攻击源IP：%s#目的源IP：%s:%s,攻击类型：%s,应用协议：%s,请求域名：%s\n", v, a["Time"], a["SrcZoneName"], a["DestZoneName"], a["SrcIPAddr"], a["DestIPAddr"], strconv.FormatFloat(a["DestPort"].(float64), 'f', 0, 64), a["ThreatName"], a["Application"], a["HttpHost"])
		sheet.Cell("A" + strconv.Itoa(v+1)).SetString(strconv.Itoa(v)) // 第一列 (A1)
		sheet.Cell("B" + strconv.Itoa(v+1)).SetString(a["Time"].(string))
		sheet.Cell("C" + strconv.Itoa(v+1)).SetString(a["SrcZoneName"].(string))
		sheet.Cell("D" + strconv.Itoa(v+1)).SetString(a["DestZoneName"].(string))
		sheet.Cell("E" + strconv.Itoa(v+1)).SetString(a["SrcIPAddr"].(string))
		sheet.Cell("F" + strconv.Itoa(v+1)).SetString(a["DestIPAddr"].(string))
		sheet.Cell("G" + strconv.Itoa(v+1)).SetString(strconv.FormatFloat(a["DestPort"].(float64), 'f', 0, 64))
		sheet.Cell("H" + strconv.Itoa(v+1)).SetString(a["ThreatName"].(string))
		sheet.Cell("I" + strconv.Itoa(v+1)).SetString(a["Application"].(string))
		sheet.Cell("J" + strconv.Itoa(v+1)).SetString(a["HttpHost"].(string))
	}
	// 保存修改后的 Excel 文件
	if err := ss.Validate(); err != nil {
		log.Fatalf("验证文件时出错: %s", err)
	}
	if err := ss.SaveToFile("防火墙安全事件.xlsx"); err != nil {
		log.Fatalf("保存文件时出错: %s", err)
	}
}