diff --git a/ad_miner/sources/modules/requests.json b/ad_miner/sources/modules/requests.json
index 2eab4ff..5014a16 100644
--- a/ad_miner/sources/modules/requests.json
+++ b/ad_miner/sources/modules/requests.json
@@ -599,12 +599,12 @@
},
"anomaly_acl_1": {
"name": "anomaly_acl_1",
- "request": "MATCH (gg) WHERE NOT gg:Group with gg as g MATCH (g)-[r2{isacl:true}]->(n) WHERE ((g.is_da IS NULL OR g.is_da=FALSE) AND (g.is_dc IS NULL OR g.is_dc=FALSE)) OR (NOT n.domain CONTAINS '.' + g.domain AND n.domain <> g.domain) RETURN n.name,g.name, type(r2)",
+ "request": "MATCH (gg) WHERE NOT gg:Group with gg as g MATCH (g)-[r2{isacl:true}]->(n) WHERE ((g.is_da IS NULL OR g.is_da=FALSE) AND (g.is_dc IS NULL OR g.is_dc=FALSE)) OR (NOT n.domain CONTAINS '.' + g.domain AND n.domain <> g.domain) RETURN n.name,g.name,type(r2),LABELS(g)[0]",
"output_type": "dict"
},
"anomaly_acl_2": {
"name": "anomaly_acl_2",
- "request": "MATCH (gg:Group) WHERE EXISTS(gg.members_count) with gg as g order by gg.members_count DESC MATCH (g)-[r2{isacl:true}]->(n) WHERE ((g.is_da IS NULL OR g.is_da=FALSE) AND (g.is_dc IS NULL OR g.is_dc=FALSE)) OR (NOT n.domain CONTAINS '.' + g.domain AND n.domain <> g.domain) RETURN g.members_count,n.name,g.name, type(r2) order by g.members_count DESC",
+ "request": "MATCH (gg:Group) WHERE EXISTS(gg.members_count) with gg as g order by gg.members_count DESC MATCH (g)-[r2{isacl:true}]->(n) WHERE ((g.is_da IS NULL OR g.is_da=FALSE) AND (g.is_dc IS NULL OR g.is_dc=FALSE)) OR (NOT n.domain CONTAINS '.' + g.domain AND n.domain <> g.domain) RETURN g.members_count,n.name,g.name,type(r2),LABELS(g)[0] order by g.members_count DESC",
"output_type": "dict"
},
"get_empty_groups": {
diff --git a/ad_miner/sources/modules/users.py b/ad_miner/sources/modules/users.py
index 90d2127..d727943 100644
--- a/ad_miner/sources/modules/users.py
+++ b/ad_miner/sources/modules/users.py
@@ -1455,7 +1455,7 @@ def genGroupAnomalyAcl(self, domain):
if self.anomaly_acl_1 is None and self.anomaly_acl_2 is None:
page = Page(
- self.arguments.cache_prefix, "anomaly_acl", "Group Anomaly ACL", "anomaly_acl"
+ self.arguments.cache_prefix, "anomaly_acl", "ACL Anomaly ", "anomaly_acl"
)
page.render()
return 0
@@ -1470,23 +1470,29 @@ def genGroupAnomalyAcl(self, domain):
anomaly_acl_extract = []
for k in range(len(self.anomaly_acl)):
- if formated_data.get(self.anomaly_acl[k]["g.name"]) and formated_data[self.anomaly_acl[k]["g.name"]]["type"] == self.anomaly_acl[k]["type(r2)"]:
- formated_data[self.anomaly_acl[k]["g.name"]]["targets"].append(self.anomaly_acl[k]["n.name"])
- elif formated_data.get(self.anomaly_acl[k]["g.name"]) and formated_data[self.anomaly_acl[k]["g.name"]]["targets"] == [self.anomaly_acl[k]["n.name"]] and self.anomaly_acl[k]["type(r2)"] not in formated_data[self.anomaly_acl[k]["g.name"]]["type"] :
- formated_data[self.anomaly_acl[k]["g.name"]]["type"] += f" | {self.anomaly_acl[k]['type(r2)']}"
+ name_label_instance = f"{self.anomaly_acl[k]['g.name']} {self.anomaly_acl[k]['LABELS(g)[0]']}"
+ if formated_data.get(name_label_instance) and formated_data[name_label_instance]["type"] == self.anomaly_acl[k]["type(r2)"] and formated_data[name_label_instance]["label"] == self.anomaly_acl[k]["LABELS(g)[0]"]:
+ formated_data[name_label_instance]["targets"].append(self.anomaly_acl[k]["n.name"])
+ elif formated_data.get(name_label_instance) and formated_data[name_label_instance]["targets"] == [self.anomaly_acl[k]["n.name"]] and self.anomaly_acl[k]["type(r2)"] not in formated_data[name_label_instance]["type"] and formated_data[name_label_instance]["label"] == self.anomaly_acl[k]["LABELS(g)[0]"]:
+ formated_data[name_label_instance]["type"] += f" | {self.anomaly_acl[k]['type(r2)']}"
else:
- formated_data[self.anomaly_acl[k]["g.name"]] = {
+ # it is possible to have an OU and a Group with the same name for example, that's why it is necessary to have the name + the label as key
+ formated_data[name_label_instance] = {
"name": self.anomaly_acl[k]["g.name"],
+ "label": self.anomaly_acl[k]["LABELS(g)[0]"],
"type": self.anomaly_acl[k]["type(r2)"],
"members_count": self.anomaly_acl[k]["g.members_count"],
- "targets": [self.anomaly_acl[k]["n.name"]]
+ "targets": [self.anomaly_acl[k]["n.name"]],
}
- for name_instance in formated_data:
+ print("formated data : ", formated_data)
+
+ for name_label_instance in formated_data:
+ name_instance = name_label_instance.split(" ")[0]
formated_data_details = []
interest = 0
- for k in formated_data[name_instance]["targets"]:
+ for k in formated_data[name_label_instance]["targets"]:
tmp_dict = {}
if k in domain.admin_list:
tmp_dict["targets"] = ' ' + k
@@ -1514,7 +1520,7 @@ def genGroupAnomalyAcl(self, domain):
formated_data_details.append(tmp_dict)
page = Page(
- self.arguments.cache_prefix, f"anomaly_acl_details_{name_instance}", "Group Anomaly ACL Details", "anomaly_acl"
+ self.arguments.cache_prefix, f"anomaly_acl_details_{name_label_instance.replace(' ', '_')}", "Group Anomaly ACL Details", "anomaly_acl"
)
@@ -1527,24 +1533,24 @@ def genGroupAnomalyAcl(self, domain):
anomaly_acl_extract.append(
{
- "name": ' ' + name_instance if formated_data[name_instance]["members_count"] != "-" else ' ' + name_instance,
- "type": formated_data[name_instance]["type"],
- "members count": f' ' + str(formated_data[name_instance]["members_count"]) if formated_data[name_instance]["members_count"] != '-' else '-',
+ "name": name_instance,
+ "label": ' '+formated_data[name_label_instance]["label"] if formated_data[name_label_instance]["members_count"] != "-" else ' '+formated_data[name_label_instance]["label"],
+ "type": formated_data[name_label_instance]["type"],
+ "members count": f' ' + str(formated_data[name_label_instance]["members_count"]) if formated_data[name_label_instance]["members_count"] != '-' else '-',
"targets count": grid_data_stringify({
- "link": f"anomaly_acl_details_{quote(str(name_instance))}.html",
- "value": f"{str(len(formated_data[name_instance]['targets'])) +' targets' if len(formated_data[name_instance]['targets']) > 1 else formated_data[name_instance]['targets'][0]} ",
- "before_link": f" "
+ "link": f"anomaly_acl_details_{quote(str(name_label_instance.replace(' ', '_')))}.html",
+ "value": f"{str(len(formated_data[name_label_instance]['targets'])) +' targets' if len(formated_data[name_label_instance]['targets']) > 1 else formated_data[name_label_instance]['targets'][0]} ",
+ "before_link": f" "
}),
"interest": f""*interest + ""*(3-interest)
}
)
- #{'s' if len(formated_data[name_instance]['targets']) > 1 else ''}
page = Page(
- self.arguments.cache_prefix, "anomaly_acl", "Group Anomaly ACL", "anomaly_acl"
+ self.arguments.cache_prefix, "anomaly_acl", "ACL Anomaly", "anomaly_acl"
)
grid = Grid("anomaly_acl")
- grid.setheaders(["name", "type", "members count", "targets count", "interest"])
+ grid.setheaders(["name", "label", "members count", "type", "targets count", "interest"])
grid.setData(anomaly_acl_extract)
page.addComponent(grid)