1import socket
2from functools import lru_cache
3from typing import Union
4
5from mongoose.models import NetworkDPI, NetworkFlow, NetworkAlert
6from mongoose.utils.exceptions import IgnoreCacheException
7
8
[docs]
9class HostnameEnrichment:
[docs]
10 @lru_cache(maxsize=256)
11 def get_hostname(self, ip_address: str):
12 socket.setdefaulttimeout(0.4)
13 try:
14 return socket.gethostbyaddr(ip_address)[0]
15 except socket.error:
16 raise IgnoreCacheException
17
[docs]
18 def enrich_network_event(self, event: Union[NetworkDPI, NetworkFlow, NetworkAlert]):
19 if not hasattr(event, "src_ip") or not hasattr(event, "dst_ip"):
20 return
21
22 event.enrichment["src_hostname"] = ""
23 event.enrichment["dst_hostname"] = ""
24
25 try:
26 event.enrichment["src_hostname"] = self.get_hostname(event.src_ip)
27 except (Exception,):
28 pass
29 try:
30 event.enrichment["dst_hostname"] = self.get_hostname(event.dst_ip)
31 except (Exception,):
32 pass