In [1]:
#Este es el script en el que se maneja el envio de eventos kafka
#Se crea un producer de kafka y se obtienen datos para enviar

"""
FUNCIONAL
"""
# kafka/bin/zookeeper-server-start.sh kafka/config/zookeeper.properties
# kafka/bin/kafka-server-start.sh kafka/config/server.properties
# kafka/bin/kafka-topics.sh --create --zookeeper localhost:2181 --replication-factor 1 --partitions 1 --topic SM

# kafka/bin/kafka-topics.sh --delete --zookeeper localhost:2181 --topic SM
 
# kafka/bin/kafka-topics.sh --list --zookeeper localhost:2181
# kafka/bin/kafka-console-consumer.sh --bootstrap-server 192.168.1.101:9092 --topic SM --from-beginning

# ./elasticsearch/bin/elasticsearch
# ./kibana/bin/kibana
# curl -XDELETE 'http://localhost:9200/sm*'

import findspark
findspark.init()

import time

from pyspark.context import SparkContext
from pyspark.sql.session import SparkSession
from pyspark.sql.functions import *
from pyspark.sql.types import *

from kafka import KafkaProducer, TopicPartition
import uuid

In [2]:
#Se crea una sescion de spark
#Importante tras ejecucion hacer sc.stop()

sc = SparkContext('local')
spark = SparkSession(sc)

In [3]:
base_path='../../'

In [4]:
#Se define el esquema que va a tener el data frame

schema = StructType([
    StructField('Signature', StringType(), True),
    StructField('Date', StringType(), True),
    StructField('Sensor', StringType(), True),
    StructField('Source', StringType(), True),
    StructField('Destination', StringType(), True),
    StructField('Risk', IntegerType(), True),
    ])    

In [5]:
df = spark.read.schema(schema).load(f'{base_path}datasets/dataset_siem_v1.csv',
                     format="csv", sep=";", inferSchema="false", header="true")

In [7]:
# Añadimos metadatos para simular eventos del sensor

df = df.withColumn('data', struct(col('*')))
df = df.withColumn('version', lit('1.0'))
df = df.withColumn('id' , lit('f0c48ba4-387d-11ea-a137-2e728ce88126'))
df = df.withColumn('type', lit('SM'))
df = df.withColumn('event', lit('DATA'))

In [15]:
df.count()

400

In [14]:
# Creamos productor de eventos Kafka

ip_server = '192.168.1.101:9092'
kafka_topic = 'SM'
c = 0
sleep = 20
seed = 1

while True:
    df_sample = df.sample(fraction = 0.05, seed = seed)
    df_sample = df_sample.withColumn('time', unix_timestamp().cast(StringType()))
    
    prediction_features = df_sample.select('version','time','id','type','event','data')

    if type(kafka_topic) == bytes:
        kafka_topic = kafka_topic.decode('utf-8')
    producer = KafkaProducer(bootstrap_servers=[ip_server],api_version=(0,10))
    PREDICTION_TOPIC = kafka_topic

    #FUNCIONAL
    for row in prediction_features.toJSON().collect():
        print((row))
        producer.send(PREDICTION_TOPIC , row.encode())
        producer.flush()
    
    time.sleep(sleep)
    c = c + 1
    seed = seed + 1

{"version":"1.0","time":"1614158728","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: IDS event.","Date":"22/02/2021 13:40","Sensor":"alienvault","Source":"192.168.4.202:55404","Destination":"83.217.27.178:80","Risk":0}}
{"version":"1.0","time":"1614158728","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session closed.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158728","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session closed","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158728","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: First time this IDS alert is generated.","Date":"

{"version":"1.0","time":"1614158748","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session opened.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158748","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session closed.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158748","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session closed","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158748","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session closed.","Date":"22/02/2021 13:39","Sensor":"

{"version":"1.0","time":"1614158768","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: IDS event.","Date":"22/02/2021 13:40","Sensor":"alienvault","Source":"192.168.4.202:55404","Destination":"83.217.27.178:80","Risk":0}}
{"version":"1.0","time":"1614158768","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session closed.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158768","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session closed","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158768","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session opened","Date":"22/02/2021 13:39","Sensor":"alienvau

{"version":"1.0","time":"1614158788","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session opened.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"Host-10-0-2-15","Destination":"Host-10-0-2-15","Risk":0}}
{"version":"1.0","time":"1614158788","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session opened","Date":"22/02/2021 13:37","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158788","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session closed","Date":"22/02/2021 13:37","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158788","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session closed.","Date":"22/02/2021 13:37","Sensor":"alie

{"version":"1.0","time":"1614158808","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: IDS event.","Date":"22/02/2021 13:40","Sensor":"alienvault","Source":"192.168.4.202:55416","Destination":"74.208.103.8:80","Risk":0}}
{"version":"1.0","time":"1614158808","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session opened.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158808","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session closed.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158808","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session opened","Date":"22/02/2021 13:39","

{"version":"1.0","time":"1614158829","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session closed","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158829","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session closed","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158829","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session closed.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158829","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session closed.","Date":"22/02/2021 13:37","Sensor":"alienvault","Sourc

{"version":"1.0","time":"1614158849","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: IDS event.","Date":"22/02/2021 13:40","Sensor":"alienvault","Source":"83.217.27.178:80","Destination":"192.168.4.202:55404","Risk":0}}
{"version":"1.0","time":"1614158849","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session opened.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158849","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session closed","Date":"22/02/2021 13:37","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158849","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session opened","Date":"22/02/2021 13:37","Sensor":"alienvau

{"version":"1.0","time":"1614158869","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: IDS event.","Date":"22/02/2021 13:40","Sensor":"alienvault","Source":"192.168.4.202:55416","Destination":"74.208.103.8:80","Risk":0}}
{"version":"1.0","time":"1614158869","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session closed.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158869","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session opened.","Date":"22/02/2021 13:37","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158869","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session opened","Date":"22/02/2021 13:37","

{"version":"1.0","time":"1614158889","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session closed.","Date":"22/02/2021 13:40","Sensor":"alienvault","Source":"Host-10-0-2-15","Destination":"Host-10-0-2-15","Risk":0}}
{"version":"1.0","time":"1614158889","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session opened.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158889","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session closed","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158889","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session closed","Date":"22/02/2021 13:39","Sensor":"alie

{"version":"1.0","time":"1614158909","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session closed.","Date":"22/02/2021 13:40","Sensor":"alienvault","Source":"Host-10-0-2-15","Destination":"Host-10-0-2-15","Risk":0}}
{"version":"1.0","time":"1614158909","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session opened.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158909","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session closed.","Date":"22/02/2021 13:37","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158909","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session closed","Date":"22/02/2021 13:

{"version":"1.0","time":"1614158930","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session closed","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158930","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session opened","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158930","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: First time this IDS alert is generated.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158930","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session opened.","Date":"22/02/2021 13:37","Sensor":"

{"version":"1.0","time":"1614158951","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session opened","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158951","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session opened","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158951","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: First time this IDS alert is generated.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158951","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session opened.","Date":"22/02/2021 13:39","Sensor":"

{"version":"1.0","time":"1614158971","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: IDS event.","Date":"22/02/2021 13:40","Sensor":"alienvault","Source":"192.168.4.202:55404","Destination":"83.217.27.178:80","Risk":0}}
{"version":"1.0","time":"1614158971","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session opened","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158971","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: First time this IDS alert is generated.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158971","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Successful sudo to ROOT execute

{"version":"1.0","time":"1614158992","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"AlienVault HIDS: Login session opened.","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158992","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session opened","Date":"22/02/2021 13:39","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158992","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session closed","Date":"22/02/2021 13:37","Sensor":"alienvault","Source":"0.0.0.0","Destination":"0.0.0.0","Risk":0}}
{"version":"1.0","time":"1614158992","id":"f0c48ba4-387d-11ea-a137-2e728ce88126","type":"SM","event":"DATA","data":{"Signature":"sudo: Session closed","Date":"22/02/2021 13:37","Sensor":"alienvault","Source":"0.0.0.0","Dest

KeyboardInterrupt: 

In [None]:
sc.stop()