In [1]:
#make the Imports 
import pymongo

In [2]:
#making the database connection to Mongo DB localy
# Create a connection to MongoDB 
client = pymongo.MongoClient("mongodb://localhost:27017/") 
db = client["cybersecurity_lab"] 
collection = db["cyberattacks"] 

2. Inserting Documents (Create): 
Insert a single document into the cyberattacks collection. A document in MongoDB resembles a 
JSON object. 


In [3]:
#Inserting date into the database 
cyberattack_data = { 
"Timestamp": "2023-07-02 10:38:46", 
"Source IP Address": "163.42.196.10", 
"Destination IP Address": "101.228.192.255", 
"Source Port": 20018, 
"Destination Port": 32534, 
"Protocol": "UDP", 
"Packet Length": 385, 
"Packet Type": "Data", 
"Traffic Type": "HTTP", 
"Malware Indicators": "IoC Detected", 
"Anomaly Scores": 15.79, 
"Attack Type": "Malware", 
"Severity Level": "Medium", 
"Actions Taken": "Blocked" 
} 
collection.insert_one(cyberattack_data) 
print("Data Inserted") 

Data Inserted


In [4]:
#To insert multiple documents at once:

data_list = [ 
{"Timestamp": "2020-08-26 07:08:30", "Source IP Address": "78.199.217.198", 
"Anomaly Scores": 51.5, "Attack Type": "Malware"}, 
{"Timestamp": "2023-05-30 06:33:58", "Source IP Address": "103.216.15.12", 
"Anomaly Scores": 28.67, "Attack Type": "Malware"} 
] 
collection.insert_many(data_list) 
print("Multiple Data Inserted")

Multiple Data Inserted


In [5]:
#3. Reading Documents (Read): 

#Find one document 
result = collection.find_one() 
print(result) 


{'_id': ObjectId('67496fe9e10a30f5a9d2822d'), 'Timestamp': '2023-07-02 10:38:46', 'Source IP Address': '163.42.196.10', 'Destination IP Address': '101.228.192.255', 'Source Port': 20018, 'Destination Port': 32534, 'Protocol': 'UDP', 'Packet Length': 385, 'Packet Type': 'Data', 'Traffic Type': 'HTTP', 'Malware Indicators': 'IoC Detected', 'Anomaly Scores': 15.79, 'Attack Type': 'Malware', 'Severity Level': 'Medium', 'Actions Taken': 'Blocked'}


In [6]:

# Find documents with specific criteria (e.g., attack type = "Malware") 
malware_attacks = collection.find({"Attack Type": "Malware"}) 
for attack in malware_attacks: 
    print(attack) 

{'_id': ObjectId('67496fe9e10a30f5a9d2822d'), 'Timestamp': '2023-07-02 10:38:46', 'Source IP Address': '163.42.196.10', 'Destination IP Address': '101.228.192.255', 'Source Port': 20018, 'Destination Port': 32534, 'Protocol': 'UDP', 'Packet Length': 385, 'Packet Type': 'Data', 'Traffic Type': 'HTTP', 'Malware Indicators': 'IoC Detected', 'Anomaly Scores': 15.79, 'Attack Type': 'Malware', 'Severity Level': 'Medium', 'Actions Taken': 'Blocked'}
{'_id': ObjectId('674975a5e10a30f5a9d2822e'), 'Timestamp': '2020-08-26 07:08:30', 'Source IP Address': '78.199.217.198', 'Anomaly Scores': 51.5, 'Attack Type': 'Malware'}
{'_id': ObjectId('674975a5e10a30f5a9d2822f'), 'Timestamp': '2023-05-30 06:33:58', 'Source IP Address': '103.216.15.12', 'Anomaly Scores': 28.67, 'Attack Type': 'Malware'}


In [7]:
# Update a specific document's severity level 
collection.update_one( 
{"Source IP Address": "163.42.196.10"}, 
{"$set": {"Severity Level": "High"}} 
) 
# Update multiple documents at once 
collection.update_many( 
{"Attack Type": "Malware"}, 
{"$set": {"Action Taken": "Logged"}} 
) 

UpdateResult({'n': 3, 'nModified': 3, 'ok': 1.0, 'updatedExisting': True}, acknowledged=True)

In [8]:
# The Delete a specific document or all documents that match a condition. 
# Delete a specific document 
collection.delete_one({"Source IP Address": "163.42.196.10"}) 


DeleteResult({'n': 1, 'ok': 1.0}, acknowledged=True)

In [9]:
# Delete multiple documents (e.g., all with Action Taken = Logged) 
collection.delete_many({"Action Taken": "Logged"}) 

DeleteResult({'n': 2, 'ok': 1.0}, acknowledged=True)

In [10]:
#Insterting an Array into Mongo DB 
cyberattack_with_actions = { 
"Timestamp": "2023-07-02 10:38:46", 
"Source IP Address": "163.42.196.10", 
"Attack Type": "Malware", 
"Actions": ["Alert Triggered", "Blocked", "Notified Admin"] 
} 
collection.insert_one(cyberattack_with_actions) 

InsertOneResult(ObjectId('67497b15e10a30f5a9d28230'), acknowledged=True)

In [11]:
#Query documents where the array contains a specific value: 
# Find documents where "Blocked" is one of the actions taken 
result = collection.find({"Actions": "Blocked"}) 
for r in result: 
    print(r)

{'_id': ObjectId('67497b15e10a30f5a9d28230'), 'Timestamp': '2023-07-02 10:38:46', 'Source IP Address': '163.42.196.10', 'Attack Type': 'Malware', 'Actions': ['Alert Triggered', 'Blocked', 'Notified Admin']}


In [13]:
#Add a new value to an existing array using the $push operator: 
# Add "Logged" action to the array 
collection.update_one( 
    {"Source IP Address": "163.42.196.10"}, 
    {"$push": {"Actions": "Logged"}}
)

UpdateResult({'n': 1, 'nModified': 1, 'ok': 1.0, 'updatedExisting': True}, acknowledged=True)

In [14]:
# Remove "Notified Admin" from the actions array 
collection.update_one( 
    {"Source IP Address": "163.42.196.10"}, 
    {"$pull": {"Actions": "Notified Admin"}} 
    )

UpdateResult({'n': 1, 'nModified': 1, 'ok': 1.0, 'updatedExisting': True}, acknowledged=True)