Ana Sayfa Keşfet Yardım
Giriş Yap
tum
/
soc
İzle 1
Yıldızla 0
Çatalla 0
Kod Sorunlar 0 Değişiklik İstekleri 0 İşlemeler 8 Sürümler 0 Wiki

Açıklama Yok

Ağaç: f14e344bb5
Dallar Biçim İmleri
soc
/
soc-integrator
/
app
/
repositories
/
mvp_repo.py

mvp_repo.py 4.9KB
Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154 
  1. from __future__ import annotations
    2. 

  2. 

  3. from datetime import datetime, timezone
    4. 

  4. from typing import Any
    5. 

  5. 

  6. from psycopg.types.json import Json
    7. 

  7. 

  8. from app.db import get_conn
    9. 

  9. 

  10. 

  11. def utc_now() -> datetime:
    12. 

  12.     return datetime.now(timezone.utc)
    13. 

  13. 

  14. 

  15. DEFAULT_POLICY: dict[str, Any] = {
    16. 

  16.     "escalate_severities": ["high", "critical"],
    17. 

  17.     "vpn": {
    18. 

  18.         "allowed_country": "TH",
    19. 

  19.         "exception_users": [],
    20. 

  20.     },
    21. 

  21.     "risk": {
    22. 

  22.         "weights": {
    23. 

  23.             "outside_thailand": 50,
    24. 

  24.             "admin": 20,
    25. 

  25.             "off_hours": 15,
    26. 

  26.             "first_seen_country": 15,
    27. 

  27.         },
    28. 

  28.         "thresholds": {
    29. 

  29.             "high": 70,
    30. 

  30.             "medium": 40,
    31. 

  31.         },
    32. 

  32.     },
    33. 

  33.     "shuffle": {
    34. 

  34.         "ioc_workflow_id": "",
    35. 

  35.     },
    36. 

  36. }
    37. 

  37. 

  38. 

  39. class MvpRepository:
    40. 

  40.     def has_event(self, source: str, event_id: str) -> bool:
    41. 

  41.         with get_conn() as conn, conn.cursor() as cur:
    42. 

  42.             cur.execute(
    43. 

  43.                 "SELECT 1 FROM incident_events WHERE source = %s AND event_id = %s LIMIT 1",
    44. 

  44.                 (source, event_id),
    45. 

  45.             )
    46. 

  46.             return cur.fetchone() is not None
    47. 

  47. 

  48.     def ensure_policy(self) -> None:
    49. 

  49.         with get_conn() as conn, conn.cursor() as cur:
    50. 

  50.             cur.execute("SELECT id FROM policy_config WHERE id = 1")
    51. 

  51.             found = cur.fetchone()
    52. 

  52.             if not found:
    53. 

  53.                 cur.execute(
    54. 

  54.                     "INSERT INTO policy_config(id, data) VALUES (1, %s)",
    55. 

  55.                     (Json(DEFAULT_POLICY),),
    56. 

  56.                 )
    57. 

  57. 

  58.     def get_policy(self) -> dict[str, Any]:
    59. 

  59.         self.ensure_policy()
    60. 

  60.         with get_conn() as conn, conn.cursor() as cur:
    61. 

  61.             cur.execute("SELECT data FROM policy_config WHERE id = 1")
    62. 

  62.             row = cur.fetchone()
    63. 

  63.             return dict(row["data"]) if row else dict(DEFAULT_POLICY)
    64. 

  64. 

  65.     def update_policy(self, data: dict[str, Any]) -> dict[str, Any]:
    66. 

  66.         with get_conn() as conn, conn.cursor() as cur:
    67. 

  67.             cur.execute(
    68. 

  68.                 """
    69. 

  69.                 INSERT INTO policy_config(id, data, updated_at)
    70. 

  70.                 VALUES (1, %s, NOW())
    71. 

  71.                 ON CONFLICT (id)
    72. 

  72.                 DO UPDATE SET data = EXCLUDED.data, updated_at = NOW()
    73. 

  73.                 RETURNING data
    74. 

  74.                 """,
    75. 

  75.                 (Json(data),),
    76. 

  76.             )
    77. 

  77.             row = cur.fetchone()
    78. 

  78.             return dict(row["data"])
    79. 

  79. 

  80.     def get_incident(self, incident_key: str) -> dict[str, Any] | None:
    81. 

  81.         with get_conn() as conn, conn.cursor() as cur:
    82. 

  82.             cur.execute(
    83. 

  83.                 "SELECT incident_key, iris_case_id, status, severity, first_seen, last_seen FROM incident_index WHERE incident_key = %s",
    84. 

  84.                 (incident_key,),
    85. 

  85.             )
    86. 

  86.             row = cur.fetchone()
    87. 

  87.             return dict(row) if row else None
    88. 

  88. 

  89.     def upsert_incident(
    90. 

  90.         self,
    91. 

  91.         incident_key: str,
    92. 

  92.         severity: str,
    93. 

  93.         status: str,
    94. 

  94.         iris_case_id: str | None,
    95. 

  95.     ) -> dict[str, Any]:
    96. 

  96.         now = utc_now()
    97. 

  97.         with get_conn() as conn, conn.cursor() as cur:
    98. 

  98.             cur.execute(
    99. 

  99.                 """
    100. 

  100.                 INSERT INTO incident_index(incident_key, iris_case_id, status, severity, first_seen, last_seen)
    101. 

  101.                 VALUES (%s, %s, %s, %s, %s, %s)
    102. 

  102.                 ON CONFLICT (incident_key)
    103. 

  103.                 DO UPDATE SET
    104. 

  104.                   iris_case_id = COALESCE(EXCLUDED.iris_case_id, incident_index.iris_case_id),
    105. 

  105.                   status = EXCLUDED.status,
    106. 

  106.                   severity = EXCLUDED.severity,
    107. 

  107.                   last_seen = EXCLUDED.last_seen
    108. 

  108.                 RETURNING incident_key, iris_case_id, status, severity, first_seen, last_seen
    109. 

  109.                 """,
    110. 

  110.                 (incident_key, iris_case_id, status, severity, now, now),
    111. 

  111.             )
    112. 

  112.             return dict(cur.fetchone())
    113. 

  113. 

  114.     def add_event(
    115. 

  115.         self,
    116. 

  116.         incident_key: str,
    117. 

  117.         event_id: str | None,
    118. 

  118.         source: str,
    119. 

  119.         event_type: str,
    120. 

  120.         raw_payload: dict[str, Any],
    121. 

  121.         decision_trace: dict[str, Any],
    122. 

  122.     ) -> None:
    123. 

  123.         with get_conn() as conn, conn.cursor() as cur:
    124. 

  124.             cur.execute(
    125. 

  125.                 """
    126. 

  126.                 INSERT INTO incident_events(incident_key, event_id, source, event_type, raw_payload, decision_trace)
    127. 

  127.                 VALUES (%s, %s, %s, %s, %s, %s)
    128. 

  128.                 """,
    129. 

  129.                 (
    130. 

  130.                     incident_key,
    131. 

  131.                     event_id,
    132. 

  132.                     source,
    133. 

  133.                     event_type,
    134. 

  134.                     Json(raw_payload),
    135. 

  135.                     Json(decision_trace),
    136. 

  136.                 ),
    137. 

  137.             )
    138. 

  138. 

  139.     def add_escalation_audit(
    140. 

  140.         self,
    141. 

  141.         incident_key: str,
    142. 

  142.         status_code: int | None,
    143. 

  143.         success: bool,
    144. 

  144.         response_excerpt: str | None,
    145. 

  145.     ) -> None:
    146. 

  146.         with get_conn() as conn, conn.cursor() as cur:
    147. 

  147.             cur.execute(
    148. 

  148.                 """
    149. 

  149.                 INSERT INTO escalation_audit(incident_key, status_code, success, response_excerpt)
    150. 

  150.                 VALUES (%s, %s, %s, %s)
    151. 

  151.                 """,
    152. 

  152.                 (incident_key, status_code, success, response_excerpt),
    153. 

  153.             )
    154. 

  154.