-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAlertSystem.py
More file actions
45 lines (39 loc) · 1.57 KB
/
AlertSystem.py
File metadata and controls
45 lines (39 loc) · 1.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import logging
import json
from datetime import datetime
from scapy.packet import Packet
from scapy.fields import FlagValue
class AlertSystem:
def __init__(self, log_file="ids_alerts.log"):
self.logger = logging.getLogger("IDS_Alerts")
self.logger.setLevel(logging.INFO)
handler = logging.FileHandler(log_file)
formatter = logging.Formatter(
'%(asctime)s - %(levelname)s - %(message)s'
)
handler.setFormatter(formatter)
self.logger.addHandler(handler)
def generate_alert(self, threat, packet_info):
alert = {
'timestamp': datetime.now().isoformat(),
'threat_type': threat['type'],
'source_ip': packet_info.get('source_ip'),
'destination_ip': packet_info.get('destination_ip'),
'confidence': threat.get('confidence', 0.0),
'interface': threat.get('interface', 'unknown'),
'details': threat
}
class ScapyJSONEncoder(json.JSONEncoder):
def default(self, obj):
if isinstance(obj, FlagValue):
return str(obj)
if isinstance(obj, Packet):
return str(obj)
return super().default(obj)
self.logger.warning(json.dumps(alert, cls=ScapyJSONEncoder))
if threat['confidence'] > 0.8:
self.logger.critical(
f"High confidence threat detected: {json.dumps(alert)}"
)
# Implement additional notification methods here
# (e.g., email, Slack, SIEM integration)