usiem-utils 0.1.0

A framework for building custom SIEMs
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

pub mod aws;
pub mod azure;
pub(crate) mod common;
pub mod enrichment;
pub mod err;
pub mod maxmind;
pub mod o365;
pub mod tasks;

#[cfg(test)]
mod tst {

    use usiem::prelude::{geo_ip::GeoIpDataset, SiemIp};

    use crate::maxmind::{
        download_maxmind_geo_litle2_asn, download_maxmind_geo_litle2_city,
        download_maxmind_geo_litle2_country, extract_zip_db, join_path_files,
        process_maxmind_geo_lite2_csv,
    };

    #[ignore]
    #[test]
    fn should_load_geoip() {
        let now = std::time::Instant::now();
        #[cfg(not(feature = "slow_geoip"))]
        let dataset = GeoIpDataset::new();
        #[cfg(feature = "slow_geoip")]
        let dataset = GeoIpDataset::new("./slow_geo_ip");
        println!("Duration {}", now.elapsed().as_secs_f32());
        let res = dataset
            .get(&SiemIp::from_ip_str("1.0.0.0").unwrap())
            .unwrap();
        println!("{:?}", res);
        let res = dataset
            .get(&SiemIp::from_ip_str("1.0.4.0").unwrap())
            .unwrap();
        println!("{:?}", res);
        let now = std::time::Instant::now();
        for i in 0..1_000_000 {
            let _res = dataset.get(&SiemIp::V4(i));
        }
        println!("Duration {}", now.elapsed().as_secs_f32());
    }
    #[ignore]
    #[tokio::test]
    async fn should_update_geo_ip() {
        let now = std::time::Instant::now();
        let asn_path = download_maxmind_geo_litle2_asn(
            &std::env::var("MAXMIND_API").expect("Should exists var"),
        )
        .await
        .unwrap();
        let city_path = download_maxmind_geo_litle2_city(
            &std::env::var("MAXMIND_API").expect("Should exists var"),
        )
        .await
        .unwrap();
        let country_path = download_maxmind_geo_litle2_country(
            &std::env::var("MAXMIND_API").expect("Should exists var"),
        )
        .await
        .unwrap();
        let city_path = extract_zip_db(&city_path).await.unwrap();
        let country_path = extract_zip_db(&country_path).await.unwrap();
        let asn_path = extract_zip_db(&asn_path).await.unwrap();
        println!("{:?}", city_path);
        println!("{:?}", country_path);
        println!("{:?}", asn_path);
        let new_path = join_path_files(vec![city_path, country_path, asn_path])
            .await
            .unwrap();
        println!("{:?}", new_path);
        #[cfg(not(feature = "slow_geoip"))]
        let res = process_maxmind_geo_lite2_csv("/tmp/geoip_501122574_db", true, "en")
            .await
            .unwrap();
        #[cfg(feature = "slow_geoip")]
        let res = process_maxmind_geo_lite2_csv("/tmp/geoip_501122574_db", true, "en", "./slow_geo_ip")
            .await
            .unwrap();
        println!("Duration {}", now.elapsed().as_secs_f32());
        let _geoip = res.get(&SiemIp::from_ip_str("1.0.0.0").unwrap()).unwrap();
        let now = std::time::Instant::now();
        for i in 0..1_000_000 {
            let _res = res.get(&SiemIp::V4(i));
        }
        println!("Duration {}", now.elapsed().as_secs_f32());
    }
}