mirror of
https://github.com/mblanke/ThreatHunt.git
synced 2026-03-01 05:50:21 -05:00
mblanke
04a9946891
- Rewrote NetworkMap to use deduplicated host inventory (163 hosts from 394K rows) - New host_inventory.py service: scans datasets, groups by FQDN/ClientId, extracts IPs/users/OS - New /api/network/host-inventory endpoint - Added AnalysisDashboard with 6 tabs (IOC, anomaly, host profile, query, triage, reports) - Added 16 analysis API endpoints with job queue and load balancer - Added 4 AI/analysis ORM models (ProcessingJob, AnalysisResult, HostProfile, IOCEntry) - Filters system accounts (DWM-*, UMFD-*, LOCAL/NETWORK SERVICE) - Infers OS from hostname patterns (W10-* -> Windows 10) - Canvas 2D force-directed graph with host/external-IP node types - Click popover shows hostname, FQDN, IPs, OS, users, datasets, connections
28 lines
898 B
Python
28 lines
898 B
Python
"""Network topology API - host inventory endpoint."""
|
|
|
|
import logging
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Query
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
|
|
from app.db import get_db
|
|
from app.services.host_inventory import build_host_inventory
|
|
|
|
logger = logging.getLogger(__name__)
|
|
router = APIRouter(prefix="/api/network", tags=["network"])
|
|
|
|
|
|
@router.get("/host-inventory")
|
|
async def get_host_inventory(
|
|
hunt_id: str = Query(..., description="Hunt ID to build inventory for"),
|
|
db: AsyncSession = Depends(get_db),
|
|
):
|
|
"""Build a deduplicated host inventory from all datasets in a hunt.
|
|
|
|
Returns unique hosts with hostname, IPs, OS, logged-in users, and
|
|
network connections derived from netstat/connection data.
|
|
"""
|
|
result = await build_host_inventory(hunt_id, db)
|
|
if result["stats"]["total_hosts"] == 0:
|
|
return result
|
|
return result |