# Python Automation Tasks
---

## Scenario 1: Automate the login process

The security analyst team at XYZ Corp has asked you to automate the login process system. They require you to use python for automation. The objective is to automate the login process so the administrators do not have to approve the authentication manually.  

The following are the information you need to solve this task: 

* Approved users and devices list:

<div align="center">

| Users | Devices |
|---|---|
| keith | 789uk |
| john | jfklsdjf |
| jimmy | 9djflksf |
| sarah | 342dfsf |

</div>

* If the username matches the users list, the system will print `the user is approved`. Then, if the device id matches the devices list, the system will print `device_id is the assigned device for the users`. If the device id does not match the devices list, the system wil print `the device id is not their assigned device`. All in all, if the username does not match the users list, the system will print `the username is not approved to access the system` and the system will just print this statement without continuing to device id. 

* Please pay attention to lowercase or uppercase of the username. 


### Solution 1: Algorithm to automate the login process

In [6]:
# List of approved users and devices 
approved_users = ["keith", "john", "jimmy", "sarah"]

approved_devices =["789uk", "jfklsdjf", "9djflksf", "342dfsf"]

# Define username and device_id
def login(username, device_id):

    # Condition: if the username matches the approved users list
    if username in approved_users: 
        print("the user", username, "is approved")

        # The index of the users 
        ind = approved_users.index(username)

        # The index of the users is also the index of the approved device
        # From the index of the user, we find the index of the approved device
        if device_id == approved_devices[ind]:
            print(device_id, "is the assigned device for", username)

        # If it is unmatched, then....
        else:
            print(device_id, "is not their assigned device")
            
    # If the username does not match the approved users list
    else:
        print("the username", username, "is not approved to access the system")

login("keith", "789uk")
login("john", "jfklsdjf")
login("albert", "3242394872")
login("sarah","342dfsf")
# Small j matters 
login("Jimmy", "9djflksf")
# correct username, but different device id
login("keith", "dkfjs")

the user keith is approved
789uk is the assigned device for keith
the user john is approved
jfklsdjf is the assigned device for john
the username albert is not approved to access the system
the user sarah is approved
342dfsf is the assigned device for sarah
the username Jimmy is not approved to access the system
the user keith is approved
dkfjs is not their assigned device


## Scenario 2: Analyze the logins

The security analyst team at XYZ Corp has asked you to analyze the login activities in a conditional statements. They require you to use python for automation. The objective is to analyze the login activities by printing `Current day login total for the user`, `Average logins per day for the user`, and `Alert` if the account has more login activity than normal. 

The following are the information you need to solve the task: 

* Users info

<div align="center">

| Username | Current_day_logins | Average_day_logins |
|---|:---:|:---:|
| keith | 8 | 4 |
| john | 7 | 6 | 
| jimmy | 6 | 1 |
| sarah | 9 | 2 | 

</div>

* If the `login ratio` is more than 3, the output will alert the system. `Login ratio` is current day login/average day login. 
* For this task, use the `widget` and `display`to show interactive display. 
* For curiosity, you may prepare more than one way to analyze the user logins. 
* Present your results in order: Model 1 simple solution, Model 1 Widget, Model 2 solution, Model 2 widget. 

### Solution 2: Analyze the logins

In [16]:
# Model 1: Lists of approved users, current day logins, and average day logins
usernames = ["keith", "john", "jimmy", "sarah"]
current_day_logins = [8, 7, 6, 9]
average_day_logins = [4, 6, 1, 2]

# Define a function to analyze logins
def analyze_logins(username, current_day, average_day):
    # Check if the username is in the list of approved usernames
    if username in usernames:
        print("The user", username, "is approved.")
        
        # Find the index of the username in the list
        ind = usernames.index(username)
        
        # Check if the current day and average day logins match the records
        if current_day_logins[ind] == current_day:
            print("Username has been active for", current_day, "days today.")
        else:
            print("Current day login record for", username, "is not valid.")
        
        if average_day_logins[ind] == average_day:
            print("On average, the user has been active for", average_day, "days.")
        else:
            print("Average day login record for", username, "is not valid.")
    else:
        print("The username", username, "is not approved to access the system.")

# Test the function with various inputs
analyze_logins("keith", 8, 4)
analyze_logins("john", 7, 6)
analyze_logins("jimmy", 6, 1)
# Case sensitivity issue
analyze_logins("Jimmy", 8, 7)  # This will print not approved because of case sensitivity
# Incorrect login records
analyze_logins("keith", 9, 5)


The user keith is approved.
Username has been active for 8 days today.
On average, the user has been active for 4 days.
The user john is approved.
Username has been active for 7 days today.
On average, the user has been active for 6 days.
The user jimmy is approved.
Username has been active for 6 days today.
On average, the user has been active for 1 days.
The username Jimmy is not approved to access the system.
The user keith is approved.
Current day login record for keith is not valid.
Average day login record for keith is not valid.


In [24]:
# Display the widget for data list
from ipywidgets import widgets, Layout
from IPython.display import display

# Define the widgets
username_widget = widgets.Dropdown(
    options=usernames,
    description='Username:',
    layout=Layout(width='40%')
)

output = widgets.Output()

# Display the widget
display(username_widget, output)

# Define the update function to display login details
def update_login_details(change):
    output.clear_output()  # Clear the previous output
    username = change['new']  # Get the new username
    if username in usernames:
        ind = usernames.index(username)  # Find the index of the username
        current_day = current_day_logins[ind]
        average_day = average_day_logins[ind]
        with output:
            print(f"Username: {username}")
            print(f"Current Day Logins: {current_day}")
            print(f"Average Day Logins: {average_day}")
    else:
        with output:
            print("Please select a valid username.")

# Attach the update function to the username widget
username_widget.observe(update_login_details, names='value')


Dropdown(description='Username:', layout=Layout(width='40%'), options=('keith', 'john', 'jimmy', 'sarah'), val…

Output()

In [54]:
# Model 2: Lists of approved users, current day logins, and average day logins
usernames = ["keith", "john", "jimmy", "sarah"]
current_day_logins = [8, 7, 6, 9]
average_day_logins = [4, 6, 1, 2]

# Refined function to analyze logins with all requested details and checks
def analyze_logins(username, current_day, average_day):
    # Check if the username is in the list of approved usernames
    if username in usernames:
        print("The user", username, "is approved.")
        
        # Find the index of the username in the list
        ind = usernames.index(username)
        
        # Display username
        print(f"Username: {username}")
        
        # Check and display current day logins
        if current_day == current_day_logins[ind]:
            print(f"Current Day Logins: {current_day}")
        else:
            print(f"Current day login record for {username} does not match. Expected: {current_day_logins[ind]}, Provided: {current_day}")
            return  # Exit the function early if current day doesn't match
        
        # Display average day logins
        print(f"Average Day Logins: {average_day_logins[ind]}")
        
        # Ensure average day logins is not zero to avoid division by zero error
        if average_day == average_day_logins[ind]:
        
            # Calculate and display login ratio
            login_ratio = current_day / average_day
            print(f"Login Ratio: {login_ratio:.2f}")
            
            # Check if the login ratio exceeds 3
            if login_ratio > 3:
                print("This account has MORE login activity than normal.")
       
    else:
        print("The username", username, "is not approved to access the system.")

# Test the updated function with various inputs

analyze_logins("john", 7, 6)
analyze_logins("jimmy", 6, 1)
# Test with a case that should trigger the high activity message
analyze_logins("sarah", 9, 2)  # Expected to have a high login ratio
analyze_logins("Sarah", 8, 3) # Might not work for the user, might wanna Check spelling
analyze_logins("sarah", 9, 1)
analyze_logins("sarah", 3, 2)


The user john is approved.
Username: john
Current Day Logins: 7
Average Day Logins: 6
Login Ratio: 1.17
The user jimmy is approved.
Username: jimmy
Current Day Logins: 6
Average Day Logins: 1
Login Ratio: 6.00
This account has MORE login activity than normal.
The user sarah is approved.
Username: sarah
Current Day Logins: 9
Average Day Logins: 2
Login Ratio: 4.50
This account has MORE login activity than normal.
The username Sarah is not approved to access the system.
The user sarah is approved.
Username: sarah
Current Day Logins: 9
Average Day Logins: 2
The user sarah is approved.
Username: sarah
Current day login record for sarah does not match. Expected: 9, Provided: 3


In [33]:
# Widget 2
from ipywidgets import Dropdown, Button, Output, VBox
from IPython.display import display

# Lists of approved users, current day logins, and average day logins
usernames = ["keith", "john", "jimmy", "sarah"]
current_day_logins = [8, 7, 6, 9]
average_day_logins = [4, 6, 1, 2]

# Create a dropdown for selecting a username
username_dropdown = Dropdown(
    options=usernames,
    description='Username:',
)

# Create a button for triggering the analysis
run_button = Button(
    description='Analyze Logins',
    button_style='',  # 'success', 'info', 'warning', 'danger' or ''
    icon='check',  # Button icon
)

# Create an output area for displaying the results
output_area = Output()

# Function to display the login details
def display_login_details(username):
    with output_area:
        output_area.clear_output()  # Clear the previous output
        if username in usernames:
            ind = usernames.index(username)
            current_day = current_day_logins[ind]
            average_day = average_day_logins[ind]
            login_ratio = current_day / average_day if average_day else 0  # Avoid division by zero
            
            # Display the details
            print(f"Username: {username}")
            print(f"Current Day Logins: {current_day}")
            print(f"Average Day Logins: {average_day}")
            if average_day:  # Ensure average day is not zero before displaying ratio
                print(f"Login Ratio: {login_ratio:.2f}")
                if login_ratio > 3:
                    print("This account has more login activity than normal.")
            else:
                print("Cannot calculate login ratio due to zero average day logins.")
        else:
            print("Username not found in the approved list.")

# Event handler for the button click
def on_run_button_clicked(b):
    display_login_details(username_dropdown.value)

# Attach the event handler to the button
run_button.on_click(on_run_button_clicked)

# Display the widgets
display(VBox([username_dropdown, run_button, output_area]))


VBox(children=(Dropdown(description='Username:', options=('keith', 'john', 'jimmy', 'sarah'), value='keith'), …

## Scenario 3: Regular expression to find patterns

The security analyst team at XYZ Corp has asked you to investigate patterns in the activities. They require you to use python for automation. The objective is to find the patterns behind it by using regular experessions. 

The following are the information you need to solve the tasks:

* Find the hex signature from this data: `The malware signature is 0x9ACDAB and needs analysis`.
* Find the device IDs that start with r15 and display the results from: `r262c36 67bv8fy 41j1u2e r151dm4 1270t3o 42dr56i r15xk9h 2j33krk 253be78 ac742a1 r15u9q5 zh86b2l ii286fq 9x482kt 6oa6m6u x3463ac i4l56nq g07h55q 081qc9t r159r1u`.  
* Find the IP adddress in the form of 192.xxx.xxx and analzye the logs. These are the logs : `eraab 2022-05-10 6:03:41 192.168.152.148 \niuduike 2022-05-09 6:46:40 192.168.22.115 \nsmartell 2022-05-09 19:30:32 192.168.190.178 \narutley 2022-05-12 17:00:59 1923.1689.3.24 \nrjensen 2022-05-11 0:59:26 192.168.213.128 \naestrada 2022-05-09 19:28:12 1924.1680.27.57 \nasundara 2022-05-11 18:38:07 192.168.96.200 \ndkot 2022-05-12 10:52:00 1921.168.1283.75 \nabernard 2022-05-12 23:38:46 19245.168.2345.49 \ncjackson 2022-05-12 19:36:42 192.168.247.153 \njclark 2022-05-10 10:48:02 192.168.174.117 \nalevitsk 2022-05-08 12:09:10 192.16874.1390.176 \njrafael 2022-05-10 22:40:01 192.168.148.115 \nyappiah 2022-05-12 10:37:22 192.168.103.10654 \ndaquino 2022-05-08 7:02:35 192.168.168.144`.


### Solution 3: Regular expression to find patterns

In [34]:
import re

In [35]:
data = "The malware signature is 0x9ACDAB and needs analysis."
# \b: word boundary to make sure b is at the front or the end. 0x matches the hexadecimal. [a-fA-F0-0] matches any hexadecimal digit, a-f matches lowercase digit, A-F matches any uppercase hex digit, 0-9 matches decimal digit. + means one or more of the previous element 
hex_signatures = re.findall(r"\b0x[a-fA-F0-9]+\b", data)
print(hex_signatures)  # ['0x9ACDAB']


['0x9ACDAB']


In [39]:
# Assign `devices` to a string containing device IDs, each device ID represented by alphanumeric characters
devices = "r262c36 67bv8fy 41j1u2e r151dm4 1270t3o 42dr56i r15xk9h 2j33krk 253be78 ac742a1 r15u9q5 zh86b2l ii286fq 9x482kt 6oa6m6u x3463ac i4l56nq g07h55q 081qc9t r159r1u"

# Assign `target_pattern` to a regular expression pattern for finding device IDs that start with "r15"
target_pattern = r"r15\w+"

# Use `re.findall()` to find the device IDs that start with "r15" and display the results
print(re.findall(target_pattern, devices))

['r151dm4', 'r15xk9h', 'r15u9q5', 'r159r1u']


In [48]:
# Assign `log_file` to a string containing username, date, login time, and IP address for a series of login attempts 
log_file = "eraab 2022-05-10 6:03:41 192.168.152.148 \niuduike 2022-05-09 6:46:40 192.168.22.115 \nsmartell 2022-05-09 19:30:32 192.168.190.178 \narutley 2022-05-12 17:00:59 1923.1689.3.24 \nrjensen 2022-05-11 0:59:26 192.168.213.128 \naestrada 2022-05-09 19:28:12 1924.1680.27.57 \nasundara 2022-05-11 18:38:07 192.168.96.200 \ndkot 2022-05-12 10:52:00 1921.168.1283.75 \nabernard 2022-05-12 23:38:46 19245.168.2345.49 \ncjackson 2022-05-12 19:36:42 192.168.247.153 \njclark 2022-05-10 10:48:02 192.168.174.117 \nalevitsk 2022-05-08 12:09:10 192.16874.1390.176 \njrafael 2022-05-10 22:40:01 192.168.148.115 \nyappiah 2022-05-12 10:37:22 192.168.103.10654 \ndaquino 2022-05-08 7:02:35 192.168.168.144"

# Assign `pattern` to a regular expression pattern that will match with IP addresses of the form xxx.xxx.xxx.xxx
# \d matches any digit from 0-9
# pattern = r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}". but IP address can have more than 3 digits per octet. 
# For example: 192.168.1.1 or 192.168.22.155 
pattern = r"\d\d\d\.\d\d\d\.\d\d\d\.\d\d\d"


# Use the `re.findall()` function on `pattern` and `log_file` to extract the IP addresses of the form xxx.xxx.xxx.xxx and display the results
print(re.findall(pattern, log_file))

['192.168.152.148', '192.168.190.178', '192.168.213.128', '192.168.247.153', '192.168.174.117', '192.168.148.115', '192.168.103.106', '192.168.168.144']


In [43]:
# Assign `log_file` to a string containing username, date, login time, and IP address for a series of login attempts 
log_file = "eraab 2022-05-10 6:03:41 192.168.152.148 \niuduike 2022-05-09 6:46:40 192.168.22.115 \nsmartell 2022-05-09 19:30:32 192.168.190.178 \narutley 2022-05-12 17:00:59 1923.1689.3.24 \nrjensen 2022-05-11 0:59:26 192.168.213.128 \naestrada 2022-05-09 19:28:12 1924.1680.27.57 \nasundara 2022-05-11 18:38:07 192.168.96.200 \ndkot 2022-05-12 10:52:00 1921.168.1283.75 \nabernard 2022-05-12 23:38:46 19245.168.2345.49 \ncjackson 2022-05-12 19:36:42 192.168.247.153 \njclark 2022-05-10 10:48:02 192.168.174.117 \nalevitsk 2022-05-08 12:09:10 192.16874.1390.176 \njrafael 2022-05-10 22:40:01 192.168.148.115 \nyappiah 2022-05-12 10:37:22 192.168.103.10654 \ndaquino 2022-05-08 7:02:35 192.168.168.144"

# Assign `pattern` to a regular expression that matches with all valid IP addresses and only those 
pattern = r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"

# Use `re.findall()` on `pattern` and `log_file` and assign `valid_ip_addresses` to the output 
valid_ip_addresses = re.findall(pattern, log_file)

# Assign `flagged_addresses` to a list of IP addresses that have been previously flagged for unusual activity
flagged_addresses = ["192.168.190.178", "192.168.96.200", "192.168.174.117", "192.168.168.144"]

# Loop through `valid_ip_addresses` with `address` as the loop variable
for address in valid_ip_addresses:

    # Conditional begins here
    # If `address` belongs to `flagged_addresses`, display "The IP address ______ has been flagged for further analysis."
    if address in flagged_addresses:
        print("The IP address", address, "has been flagged for further analysis.")

    # Otherwise, display "The IP address ______ does not require further analysis."
    else:
        print("The IP address", address, "does not require further analysis.")

The IP address 192.168.152.148 does not require further analysis.
The IP address 192.168.22.115 does not require further analysis.
The IP address 192.168.190.178 has been flagged for further analysis.
The IP address 192.168.213.128 does not require further analysis.
The IP address 192.168.96.200 has been flagged for further analysis.
The IP address 192.168.247.153 does not require further analysis.
The IP address 192.168.174.117 has been flagged for further analysis.
The IP address 192.168.148.115 does not require further analysis.
The IP address 192.168.103.106 does not require further analysis.
The IP address 192.168.168.144 has been flagged for further analysis.
