Merge pull request #38 from unifi-poller/dn2_alarms

Add Alarms/Anomalies methods.
2020-06-29 02:41:57 -07:00 · 2020-06-29 02:41:57 -07:00 · c6144ff473
parent 198aaaca3c 566b14005f
commit c6144ff473
7 changed files with 305 additions and 38 deletions
--- a/core/unifi/alarms.go
+++ b/core/unifi/alarms.go
@ -0,0 +1,120 @@
+package unifi
+
+import (
+	"fmt"
+	"sort"
+	"time"
+)
+
+type Alarm struct {
+	Archived              FlexBool  `json:"archived"`
+	DestPort              int       `json:"dest_port"`
+	SrcPort               int       `json:"src_port"`
+	FlowID                int64     `json:"flow_id"`
+	InnerAlertGID         int64     `json:"inner_alert_gid"`
+	InnerAlertRev         int64     `json:"inner_alert_rev"`
+	InnerAlertSeverity    int64     `json:"inner_alert_severity"`
+	InnerAlertSignatureID int64     `json:"inner_alert_signature_id"`
+	Time                  int64     `json:"time"`
+	Timestamp             int64     `json:"timestamp"`
+	Datetime              time.Time `json:"datetime"`
+	HandledTime           time.Time `json:"handled_time,omitempty"`
+	AppProto              string    `json:"app_proto,omitempty"`
+	Catname               string    `json:"catname"`
+	DestIP                string    `json:"dest_ip"`
+	DstMAC                string    `json:"dst_mac"`
+	DstIPASN              string    `json:"dstipASN,omitempty"`
+	DstIPCountry          string    `json:"dstipCountry,omitempty"`
+	EventType             string    `json:"event_type"`
+	HandledAdminID        string    `json:"handled_admin_id,omitempty"`
+	Host                  string    `json:"host"`
+	ID                    string    `json:"_id"`
+	InIface               string    `json:"in_iface"`
+	InnerAlertAction      string    `json:"inner_alert_action"`
+	InnerAlertCategory    string    `json:"inner_alert_category"`
+	InnerAlertSignature   string    `json:"inner_alert_signature"`
+	Key                   string    `json:"key"`
+	Msg                   string    `json:"msg"`
+	Proto                 string    `json:"proto"`
+	SiteID                string    `json:"site_id"`
+	SiteName              string    `json:"-"`
+	SourceName            string    `json:"-"`
+	SrcIP                 string    `json:"src_ip"`
+	SrcIPASN              string    `json:"srcipASN,omitempty"`
+	SrcIPCountry          string    `json:"srcipCountry,omitempty"`
+	SrcMAC                string    `json:"src_mac"`
+	Subsystem             string    `json:"subsystem"`
+	UniqueAlertID         string    `json:"unique_alertid"`
+	USGIP                 string    `json:"usgip"`
+	USGIPASN              string    `json:"usgipASN"`
+	USGIPCountry          string    `json:"usgipCountry"`
+	TxID                  FlexInt   `json:"tx_id,omitempty"`
+	DestIPGeo             IPGeo     `json:"dstipGeo"`
+	SourceIPGeo           IPGeo     `json:"usgipGeo"`
+	USGIPGeo              IPGeo     `json:"srcipGeo,omitempty"`
+}
+
+// GetAlarms returns Alarms for a list of Sites.
+func (u *Unifi) GetAlarms(sites []*Site) ([]*Alarm, error) {
+	data := []*Alarm{}
+
+	for _, site := range sites {
+		response, err := u.GetAlarmsSite(site)
+		if err != nil {
+			return data, err
+		}
+
+		data = append(data, response...)
+	}
+
+	return data, nil
+}
+
+// GetAlarmsSite retreives the Alarms for a single Site.
+func (u *Unifi) GetAlarmsSite(site *Site) ([]*Alarm, error) {
+	if site == nil || site.Name == "" {
+		return nil, errNoSiteProvided
+	}
+
+	u.DebugLog("Polling Controller for Alarms, site %s (%s)", site.Name, site.Desc)
+
+	var (
+		path   = fmt.Sprintf(APIEventPathAlarms, site.Name)
+		alarms struct {
+			Data alarms `json:"data"`
+		}
+	)
+
+	if err := u.GetData(path, &alarms, ""); err != nil {
+		return alarms.Data, err
+	}
+
+	for i := range alarms.Data {
+		// Add special SourceName value.
+		alarms.Data[i].SourceName = u.URL
+		// Add the special "Site Name" to each event. This becomes a Grafana filter somewhere.
+		alarms.Data[i].SiteName = site.Desc + " (" + site.Name + ")"
+	}
+
+	sort.Sort(alarms.Data)
+
+	return alarms.Data, nil
+}
+
+// alarms satisfies the sort.Sort Interface.
+type alarms []*Alarm
+
+// Len satisfies sort.Interface.
+func (a alarms) Len() int {
+	return len(a)
+}
+
+// Swap satisfies sort.Interface.
+func (a alarms) Swap(i, j int) {
+	a[i], a[j] = a[j], a[i]
+}
+
+// Less satisfies sort.Interface. Sort our list by Datetime.
+func (a alarms) Less(i, j int) bool {
+	return a[i].Datetime.Before(a[j].Datetime)
+}
--- a/core/unifi/anomalies.go
+++ b/core/unifi/anomalies.go
@ -0,0 +1,130 @@
+package unifi
+
+import (
+	"fmt"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// anomaly is the type UniFi returns, but not the type this library returns.
+type anomaly struct {
+	Anomaly    string  `json:"anomaly"`
+	MAC        string  `json:"mac"`
+	Timestamps []int64 `json:"timestamps"`
+}
+
+// Anomaly is the reformatted data type that this library returns.
+type Anomaly struct {
+	Datetime   time.Time
+	SourceName string
+	SiteName   string
+	Anomaly    string
+	DeviceMAC  string
+	//	DeviceName string // we do not have this....
+}
+
+// GetAnomalies returns Anomalies for a list of Sites.
+func (u *Unifi) GetAnomalies(sites []*Site, timeRange ...time.Time) ([]*Anomaly, error) {
+	data := []*Anomaly{}
+
+	for _, site := range sites {
+		response, err := u.GetAnomaliesSite(site, timeRange...)
+		if err != nil {
+			return data, err
+		}
+
+		data = append(data, response...)
+	}
+
+	return data, nil
+}
+
+// GetAnomaliesSite retreives the Anomalies for a single Site.
+func (u *Unifi) GetAnomaliesSite(site *Site, timeRange ...time.Time) ([]*Anomaly, error) {
+	if site == nil || site.Name == "" {
+		return nil, errNoSiteProvided
+	}
+
+	u.DebugLog("Polling Controller for Anomalies, site %s (%s)", site.Name, site.Desc)
+
+	var (
+		path      = fmt.Sprintf(APIAnomaliesPath, site.Name)
+		anomalies = anomalies{}
+		data      struct {
+			Data []*anomaly `json:"data"`
+		}
+	)
+
+	if params, err := makeAnomalyParams("hourly", timeRange...); err != nil {
+		return anomalies, err
+	} else if err := u.GetData(path+params, &data, ""); err != nil {
+		return anomalies, err
+	}
+
+	for _, d := range data.Data {
+		for _, ts := range d.Timestamps {
+			anomalies = append(anomalies, &Anomaly{
+				Datetime:   time.Unix(ts/int64(time.Microsecond), 0),
+				SourceName: u.URL,
+				SiteName:   site.Desc + " (" + site.Name + ")",
+				Anomaly:    d.Anomaly,
+				DeviceMAC:  d.MAC,
+				//				DeviceName: d.Anomaly,
+			})
+		}
+	}
+
+	sort.Sort(anomalies)
+
+	return anomalies, nil
+}
+
+// anomalies satisfies the sort.Sort interface.
+type anomalies []*Anomaly
+
+// Len satisfies sort.Interface.
+func (a anomalies) Len() int {
+	return len(a)
+}
+
+// Swap satisfies sort.Interface.
+func (a anomalies) Swap(i, j int) {
+	a[i], a[j] = a[j], a[i]
+}
+
+// Less satisfies sort.Interface. Sort our list by Datetime.
+func (a anomalies) Less(i, j int) bool {
+	return a[i].Datetime.Before(a[j].Datetime)
+}
+
+func makeAnomalyParams(scale string, timeRange ...time.Time) (string, error) {
+	out := []string{}
+
+	if scale != "" {
+		out = append(out, "scale="+scale)
+	}
+
+	switch len(timeRange) {
+	case 0:
+		end := time.Now().Unix() * int64(time.Microsecond)
+		out = append(out, "end="+strconv.FormatInt(end, 10))
+	case 1:
+		start := timeRange[0].Unix() * int64(time.Microsecond)
+		end := time.Now().Unix() * int64(time.Microsecond)
+		out = append(out, "end="+strconv.FormatInt(end, 10), "start="+strconv.FormatInt(start, 10))
+	case 2: // nolint: gomnd
+		start := timeRange[0].Unix() * int64(time.Microsecond)
+		end := timeRange[1].Unix() * int64(time.Microsecond)
+		out = append(out, "end="+strconv.FormatInt(end, 10), "start="+strconv.FormatInt(start, 10))
+	default:
+		return "", errInvalidTimeRange
+	}
+
+	if len(out) == 0 {
+		return "", nil
+	}
+
+	return "?" + strings.Join(out, "&"), nil
+}
--- a/core/unifi/events.go
+++ b/core/unifi/events.go
@ -69,9 +69,6 @@ func (u *Unifi) GetSiteEvents(site *Site, hours time.Duration) ([]*Event, error)
 	return event.Data, nil
 }

-// Events satisfied the sort.Interface.
-type events []*Event
-
 // Event describes a UniFi Event.
 // API Path: /api/s/default/stat/event.
 type Event struct {
@ -143,11 +140,6 @@ type Event struct {
 // IPGeo is part of the UniFi Event data. Each event may have up to three of these.
 // One for source, one for dest and one for the USG location.
 type IPGeo struct {
-	GeoIP
-}
-
-// GeoIP is a struct in a struct to deal with weird UniFi output.
-type GeoIP struct {
 	Asn           int64   `json:"asn"`
 	Latitude      float64 `json:"latitude"`
 	Longitude     float64 `json:"longitude"`
@ -158,6 +150,9 @@ type GeoIP struct {
 	Organization  string  `json:"organization"`
 }

+// Events satisfied the sort.Interface.
+type events []*Event
+
 // Len satisfies sort.Interface.
 func (e events) Len() int {
 	return len(e)
@ -180,5 +175,26 @@ func (v *IPGeo) UnmarshalJSON(data []byte) error {
 		return nil // it's empty
 	}

-	return json.Unmarshal(data, &v.GeoIP)
+	g := struct {
+		Asn           int64   `json:"asn"`
+		Latitude      float64 `json:"latitude"`
+		Longitude     float64 `json:"longitude"`
+		City          string  `json:"city"`
+		ContinentCode string  `json:"continent_code"`
+		CountryCode   string  `json:"country_code"`
+		CountryName   string  `json:"country_name"`
+		Organization  string  `json:"organization"`
+	}{}
+
+	err := json.Unmarshal(data, &g)
+	v.Asn = g.Asn
+	v.Latitude = g.Latitude
+	v.Longitude = g.Longitude
+	v.City = g.City
+	v.ContinentCode = g.ContinentCode
+	v.CountryCode = g.CountryCode
+	v.CountryName = g.CountryName
+	v.Organization = g.Organization
+
+	return err
 }
--- a/core/unifi/go.mod
+++ b/core/unifi/go.mod
@ -7,5 +7,5 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/pmezard/go-difflib v1.0.0
 	github.com/stretchr/testify v1.4.0
-	golang.org/x/net v0.0.0-20200602114024-627f9648deb9
+	golang.org/x/net v0.0.0-20200625001655-4c5254603344
 )
--- a/core/unifi/go.sum
+++ b/core/unifi/go.sum
@ -1,21 +1,18 @@
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjutRKlBEZQ6wTn8ozI/nI=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200602114024-627f9648deb9 h1:pNX+40auqi2JqRfOP1akLGtYcn15TUbkhwuCO3foqqM=
-golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
--- a/core/unifi/ids.go
+++ b/core/unifi/ids.go
@ -7,19 +7,16 @@ import (
 	"time"
 )

-type idsList []*IDS
-
 // IDS holds an Intrusion Prevention System Event.
 type IDS struct {
 	Archived              FlexBool  `json:"archived"`
-	DstIPCountry          FlexBool  `json:"dstipCountry"`
 	DestPort              int       `json:"dest_port,omitempty"`
 	SrcPort               int       `json:"src_port,omitempty"`
+	FlowID                int64     `json:"flow_id"`
 	InnerAlertRev         int64     `json:"inner_alert_rev"`
 	InnerAlertSeverity    int64     `json:"inner_alert_severity"`
 	InnerAlertGID         int64     `json:"inner_alert_gid"`
 	InnerAlertSignatureID int64     `json:"inner_alert_signature_id"`
-	FlowID                int64     `json:"flow_id"`
 	Time                  int64     `json:"time"`
 	Timestamp             int64     `json:"timestamp"`
 	Datetime              time.Time `json:"datetime"`
@ -28,6 +25,7 @@ type IDS struct {
 	DestIP                string    `json:"dest_ip"`
 	DstMAC                string    `json:"dst_mac"`
 	DstIPASN              string    `json:"dstipASN"`
+	DstIPCountry          string    `json:"dstipCountry"`
 	EventType             string    `json:"event_type"`
 	Host                  string    `json:"host"`
 	ID                    string    `json:"_id"`
@ -42,9 +40,9 @@ type IDS struct {
 	SiteName              string    `json:"-"`
 	SourceName            string    `json:"-"`
 	SrcIP                 string    `json:"src_ip"`
-	SrcMAC                string    `json:"src_mac"`
 	SrcIPASN              string    `json:"srcipASN"`
 	SrcIPCountry          string    `json:"srcipCountry"`
+	SrcMAC                string    `json:"src_mac"`
 	Subsystem             string    `json:"subsystem"`
 	UniqueAlertID         string    `json:"unique_alertid"`
 	USGIP                 string    `json:"usgip"`
@ -55,21 +53,6 @@ type IDS struct {
 	USGIPGeo              IPGeo     `json:"usgipGeo"`
 }

-// Len satisfies sort.Interface.
-func (e idsList) Len() int {
-	return len(e)
-}
-
-// Swap satisfies sort.Interface.
-func (e idsList) Swap(i, j int) {
-	e[i], e[j] = e[j], e[i]
-}
-
-// Less satisfies sort.Interface. Sort our list by Datetime.
-func (e idsList) Less(i, j int) bool {
-	return e[i].Datetime.Before(e[j].Datetime)
-}
-
 // GetIDS returns Intrusion Detection Systems events for a list of Sites.
 // timeRange may have a length of 0, 1 or 2. The first time is Start, the second is End.
 // Events between start and end are returned. End defaults to time.Now().
@ -150,3 +133,20 @@ func makeEventParams(timeRange ...time.Time) (string, error) {

 	return string(params), err
 }
+
+type idsList []*IDS
+
+// Len satisfies sort.Interface.
+func (e idsList) Len() int {
+	return len(e)
+}
+
+// Swap satisfies sort.Interface.
+func (e idsList) Swap(i, j int) {
+	e[i], e[j] = e[j], e[i]
+}
+
+// Less satisfies sort.Interface. Sort our list by Datetime.
+func (e idsList) Less(i, j int) bool {
+	return e[i].Datetime.Before(e[j].Datetime)
+}
--- a/core/unifi/types.go
+++ b/core/unifi/types.go
@ -37,8 +37,12 @@ const (
 	APILoginPathNew string = "/api/auth/login"
 	// APIEventPathIDS returns Intrusion Detection/Prevention Systems Events
 	APIEventPathIDS string = "/api/s/%s/stat/ips/event"
+	// APIEventPathAlarms contains the site alarms.
+	APIEventPathAlarms string = "/api/s/%s/list/alarm"
 	// APIPrefixNew is the prefix added to the new API paths; except login. duh.
 	APIPrefixNew string = "/proxy/network"
+	// APIAnomaliesPath returns site anomalies.
+	APIAnomaliesPath string = "/api/s/%s/stat/anomalies"
 )

 // path returns the correct api path based on the new variable.