Spaces:
Sleeping
Sleeping
| # flow_builder.py | |
| from collections import defaultdict | |
| def build_flows(events): | |
| flows = defaultdict(lambda: { | |
| "src_ip": "", | |
| "dst_ip": "", | |
| "sport": "", | |
| "dport": "", | |
| "proto": "", | |
| "packets": 0, | |
| "bytes": 0, | |
| "first_seen": "", | |
| "last_seen": "", | |
| }) | |
| for e in events: | |
| key = (e["src_ip"], e["dst_ip"], e["sport"], e["dport"], e["proto"]) | |
| f = flows[key] | |
| f["src_ip"] = e["src_ip"] | |
| f["dst_ip"] = e["dst_ip"] | |
| f["sport"] = e["sport"] | |
| f["dport"] = e["dport"] | |
| f["proto"] = e["proto"] | |
| f["packets"] += 1 | |
| f["bytes"] += 1500 # approximation (or use real payload length if available) | |
| # Update timestamps | |
| if not f["first_seen"]: | |
| f["first_seen"] = e.get("time") | |
| f["last_seen"] = e.get("time") | |
| return list(flows.values()) | |