-
Notifications
You must be signed in to change notification settings - Fork 0
Pushing to the Database
The IT API runs over HTTP. Fortunately, there are some handy libraries that make it easy to post data to the server. We use Slumber.
api = slumber.API("http://127.0.0.1:8000/data-sub/api/", auth=("myusername","mypassword")
From here you can push data to the server and it will be persisted to the database and immediately available in the CITD Dashboard interface.
employee = api.employee.post(
{"employee_id": "SW001", "title": "Dr", "name": "Simon Walton", "dateOfBirth": "1982-02-11", "gender": "M",
"nationality": "British",
"maritalStatus": "S", "ethnicity": "British", "currentEmploymentStatus": "P", "homeAddress": last})The Detection Model Results hold information that is to be pushed from a detection model to the database to be shown to analysts. It takes information about the scores (coming from the detection model), evidence for those scores and the employee the result is posted for. You can also add a flag which will indicate that this is an important result.
First we post the evidence, or reason for the alert.
current_date = datetime.now()
email = api.detectionevidence.post(
{"description": "Email Activity Last 5 Days to j.marks@bbc.co.uk",
"evidence_type": "email",
"date_from": str(current_date - timedelta(days=5)), "date_to": str(current_date),
"subject": "j.marks@bbc.co.uk"})Then we can post the result itself which will refer to the evidence object and contain all the score information.
api.detectionmodelresult.post(
{"employee": employee, "date": str(random_date(current_date - timedelta(2), current_date)),
"evidence": [email], "reporter": "Detection Model",
"flag": "True", "score": 0.54, "email_anomaly": 0.78, "web_anomaly": 0.75, "device_anomaly":0.23, "login_anomaly":0.12})There are many other examples for the other data types available in the create_initial_db_content.py file in CITD_Dashboard/api/ when you check out the code.