|
15 | 15 | data = st.session_state.parsed_df |
16 | 16 |
|
17 | 17 | # Créer les onglets principaux |
18 | | -tab1, tab2 = st.tabs(["Analysis", "Sankey"]) |
| 18 | +tab1, tab2, tab3, tab4 = st.tabs( |
| 19 | + ["Dataviz", "Analysis", "Foreign IP addresses", "Sankey"] |
| 20 | +) |
19 | 21 |
|
20 | 22 | # Onglet Analysis |
21 | 23 | with tab1: |
22 | | - st.subheader("Analysis") |
| 24 | + st.subheader("Dataviz") |
23 | 25 |
|
24 | 26 | # Vérifier que la colonne timestamp existe et est bien de type datetime |
25 | 27 | if "timestamp" in data.columns and data["timestamp"].dtype == pl.Datetime: |
@@ -134,13 +136,54 @@ def set_dynamic(): |
134 | 136 |
|
135 | 137 | # Affichage des données filtrées |
136 | 138 | st.write(f"### 🔍 Data filtered : {filtered_data.shape[0]} entries") |
137 | | - st.dataframe(filtered_data) |
| 139 | + st.dataframe(filtered_data, use_container_width=True) |
138 | 140 |
|
139 | 141 | else: |
140 | 142 | st.warning( |
141 | 143 | "The 'timestamp' column does not exist or is not in datetime format." |
142 | 144 | ) |
143 | 145 |
|
144 | | -# Onglet Sankey |
| 146 | +# Onglet Analysis |
145 | 147 | with tab2: |
| 148 | + st.subheader("Analysis") |
| 149 | + |
| 150 | + # Afficher ici le top 10 des ports inférieurs à 1024 avec accès autorisé |
| 151 | + st.write( |
| 152 | + "### 🔢 Top 10 ports with authorized access" |
| 153 | + " (portdst < 1024 and action == 'PERMIT')" |
| 154 | + ) |
| 155 | + top_ports = ( |
| 156 | + data.filter((pl.col("portdst") < 1024) & (pl.col("action") == "PERMIT")) |
| 157 | + .group_by("portdst") |
| 158 | + .agg(pl.count("portdst").alias("count")) |
| 159 | + .sort("count", descending=True) |
| 160 | + .head(10) |
| 161 | + ) |
| 162 | + st.dataframe(top_ports, use_container_width=True) |
| 163 | + |
| 164 | + # Afficher ici le top 5 des IP sources les plus émettrices |
| 165 | + st.write("### 🌐 Top 5 emitting IP addresses (ipsource and action == 'PERMIT')") |
| 166 | + top_ips = ( |
| 167 | + data.filter(pl.col("action") == "PERMIT") |
| 168 | + .group_by("ipsrc") |
| 169 | + .agg(pl.count("ipsrc").alias("count")) |
| 170 | + .sort("count", descending=True) |
| 171 | + .head(5) |
| 172 | + ) |
| 173 | + st.dataframe(top_ips, use_container_width=True) |
| 174 | + |
| 175 | + |
| 176 | +# Onglet Foreign IP addresses |
| 177 | +with tab3: |
| 178 | + # Afficher ici la liste des accès hors plan d’adressage universitaire |
| 179 | + st.write("### 🚫 List of access outside the university network") |
| 180 | + external_access = data.filter( |
| 181 | + ~pl.col("ipdst").cast(pl.Utf8).str.contains(r"^192\.168\.") |
| 182 | + & ~pl.col("ipdst").cast(pl.Utf8).str.contains(r"^10\.79\.") |
| 183 | + & ~pl.col("ipdst").cast(pl.Utf8).str.contains(r"^159\.84\.") |
| 184 | + ) |
| 185 | + st.dataframe(external_access, use_container_width=True) |
| 186 | + |
| 187 | +# Onglet Sankey |
| 188 | +with tab4: |
146 | 189 | st.subheader("Sankey Diagram") |
0 commit comments