Testovaci dotazy MongoDB - ukazka¶
- Table of contents
- Testovaci dotazy MongoDB - ukazka
Testovaci dotazy - zaklad¶
Seznam testovacich dotazu odpovidajicich jednotlivym test casum:
Ukazky hodnot¶
"values": {
"{gte3}": { "value": "2016-01-29T00:00:00", "type": "datetime"},
"{lte3}": { "value": "2016-02-01T00:00:00", "type": "datetime"},
"{gte7}": { "value": "2016-01-25T00:00:00", "type": "datetime"},
"{lte7}": { "value": "2016-02-01T00:00:00", "type": "datetime"},
"{gte30}": { "value": "2016-01-01T00:00:00", "type": "datetime"},
"{lte30}": { "value": "2016-02-01T00:00:00", "type": "datetime"},
"{ip1}": { "value": "79.0.43.89", "type": "ipv4"},
"{ip2}": { "value": "123.151.149.222", "type": "ipv4"},
"{ip3}": { "value": "82.221.105.6", "type": "ipv4"},
"{ip4}": { "value": "139.162.142.121", "type": "ipv4"},
"{ip5}": { "value": "198.20.99.130", "type": "ipv4"},
"{ip6}": { "value": "66.240.236.119", "type": "ipv4"},
"{ip7}": { "value": "212.122.196.96", "type": "ipv4"},
"{ip8}": { "value": "95.65.34.177", "type": "ipv4"},
"{ip9}": { "value": "111.248.97.59", "type": "ipv4"},
"{ip10}": { "value": "115.231.222.40", "type": "ipv4"},
"{ip11}": { "value": "218.241.98.198", "type": "ipv4"},
"{ip12}": { "value": "188.0.236.123", "type": "ipv4"},
"{ip13}": { "value": "112.33.3.69", "type": "ipv4"},
"{ip14}": { "value": "71.6.158.166", "type": "ipv4"},
"{ip15}": { "value": "45.35.105.106", "type": "ipv4"},
"{ip16}": { "value": "141.212.122.155", "type": "ipv4"},
"{ip17}": { "value": "141.212.122.156", "type": "ipv4"},
"{ip18}": { "value": "184.105.139.90", "type": "ipv4"},
"{ip19}": { "value": "141.212.122.82", "type": "ipv4"},
"{ip20}": { "value": "141.212.122.83", "type": "ipv4"},
"{net_min1}": { "value": "79.0.43.0", "type": "ipv4"},
"{net_max1}": { "value": "79.0.43.255", "type": "ipv4"},
"{category1}": { "value": "Attempt.Login", "type": "string"}
}
Dotaz 1¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-01-29T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND ("Source.IP4.ip" = "79.0.43.89" OR "Target.IP4.ip" = "79.0.43.89")
Python SQL Statement:'SELECT * FROM mentatData WHERE ("DetectTime" >= %s AND "DetectTime" <= %s) AND ("Source.IP4.ip" = %s OR "Target.IP4.ip" = %s)', sql_translate2tuple('gte3, lte3, ip1, ip1')
Popis: Zobraz záznamy z časového rozsahu (3 dni) kde zadaná IPv4 adresa (79.0.43.89) je zdrojová či cieľová
JSON:
{
"disabled":0,
"name":"time3_ip",
"filter":{
"$and":[
{
"$and":[
{
"DetectTime":{
"$gte":"{gte3}"
}
},
{
"DetectTime":{
"$lte":"{lte3}"
}
}
]
},
{
"$or":[
{
"Source.IP4.ip":"{ip1}"
},
{
"Target.IP4.ip":"{ip1}"
}
]
}
]
}
}
Dotaz 2¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-01-29T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND ("Source.IP4.ip" = "79.0.43.89" OR "Target.IP4.ip" = "79.0.43.89") AND ("Category" = "Attempt.Login")
Python SQL Statement:'SELECT * FROM mentatData WHERE ("DetectTime" >= %s AND "DetectTime" <= %s) AND ("Source.IP4.ip" = %s OR "Target.IP4.ip" = %s) AND ("Category" = %s)', sql_translate2tuple('gte3, lte3, ip1, ip1, category1')
Popis: Zobraz záznamy z danej kategórie (pokus o prihlásenie) z časového rozsahu (3 dni) kde zadaná IPv4 adresa (79.0.43.89) je zdrojová či cieľová
JSON:
{
"disabled":0,
"name":"time3_ip_category",
"filter":{
"$and":[
{
"$and":[
{
"DetectTime":{
"$gte":"{gte3}"
}
},
{
"DetectTime":{
"$lte":"{lte3}"
}
}
]
},
{
"$or":[
{
"Source.IP4.ip":"{ip1}"
},
{
"Target.IP4.ip":"{ip1}"
}
]
},
{
"Category":"{category1}"
}
]
}
}
Dotaz 3¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-01-29T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND (("Source.IP4.min" >= "79.0.43.0" AND "Source.IP4.max" <= "79.0.43.255") OR ("Target.IP4.min" >= "79.0.43.0" AND "Target.IP4.max" <= "79.0.43.255"))
Python SQL Statement:'SELECT * FROM mentatData WHERE ("DetectTime" >= %s AND "DetectTime" <= %s) AND (("Source.IP4.min" >= %s AND "Source.IP4.max" <= %s) OR ("Target.IP4.min" >= %s AND "Target.IP4.max" <= %s))', sql_translate2tuple('gte3, lte3, net_min1, net_max1, net_min1, net_max1')
MongoDB find() filter:{"$and":[{"$and":[{"DetectTime":{"$gte":"{gte3}"}},{"DetectTime":{"$lte":"{lte3}"}}]},{"$or":[{"Source.IP4.ip":"{ip1}"},{"Target.IP4.ip":"{ip1}"}]},{"Category":"{category1}"}]}
Popis: Zobraz záznamy z časového rozsahu (3 dni) kde zdrojová alebo cieľová IPv4 adresa je z uvedeného rozsahu (79.0.43.0/24)
JSON:
{
"disabled":0,
"name":"time3_net",
"filter":{
"$and":[
{
"$and":[
{
"DetectTime":{
"$gte":"{gte3}"
}
},
{
"DetectTime":{
"$lte":"{lte3}"
}
}
]
},
{
"$or":[
{
"$and":[
{
"Source.IP4.min":{
"$gte":"{net_min1}"
}
},
{
"Source.IP4.max":{
"$lte":"{net_max1}"
}
}
]
},
{
"$and":[
{
"Target.IP4.min":{
"$gte":"{net_min1}"
}
},
{
"Target.IP4.max":{
"$lte":"{net_max1}"
}
}
]
}
]
}
]
}
}
Dotaz 4¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-01-29T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND (("Source.IP4.min" >= "79.0.43.0" AND "Source.IP4.max" <= "79.0.43.255") OR ("Target.IP4.min" >= "79.0.43.0" AND "Target.IP4.max" <= "79.0.43.255")) AND ("Category" = "Attempt.Login")
Python SQL Statement:'SELECT * FROM mentatData WHERE ("DetectTime" >= %s AND "DetectTime" <= %s) AND (("Source.IP4.min" >= %s AND "Source.IP4.max" <= %s) OR ("Target.IP4.min" >= %s AND "Target.IP4.max" <= %s)) AND ("Category" = %s)', sql_translate2tuple('gte3, lte3, net_min1, net_max1, net_min1, net_max1, category1')
Popis: Zobraz záznamy z danej kategórie (pokus o prihlásenie) z časového rozsahu (3 dni) kde zdrojová alebo cieľová IPv4 adresa je z uvedeného rozsahu (79.0.43.0/24)
JSON:
{
"disabled":0,
"name":"time3_net_category",
"filter":{
"$and":[
{
"$and":[
{
"DetectTime":{
"$gte":"{gte3}"
}
},
{
"DetectTime":{
"$lte":"{lte3}"
}
}
]
},
{
"$or":[
{
"$and":[
{
"Source.IP4.min":{
"$gte":"{net_min1}"
}
},
{
"Source.IP4.max":{
"$lte":"{net_max1}"
}
}
]
},
{
"$and":[
{
"Target.IP4.min":{
"$gte":"{net_min1}"
}
},
{
"Target.IP4.max":{
"$lte":"{net_max1}"
}
}
]
}
]
},
{
"Category":"{category1}"
}
]
}
}
Dotaz 5¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-01-29T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND ("Source.IP4.ip" IN ("79.0.43.89", "123.151.149.222", "82.221.105.6", "139.162.142.121", "198.20.99.130", "66.240.236.119", "212.122.196.96", "95.65.34.177", "111.248.97.59", "115.231.222.40", "218.241.98.198", "188.0.236.123", "112.33.3.69", "71.6.158.166", "45.35.105.106", "141.212.122.155", "141.212.122.156", "184.105.139.90", "141.212.122.82", "141.212.122.83") OR "Target.IP4.ip" IN ("79.0.43.89", "123.151.149.222", "82.221.105.6", "139.162.142.121", "198.20.99.130", "66.240.236.119", "212.122.196.96", "95.65.34.177", "111.248.97.59", "115.231.222.40", "218.241.98.198", "188.0.236.123", "112.33.3.69", "71.6.158.166", "45.35.105.106", "141.212.122.155", "141.212.122.156", "184.105.139.90", "141.212.122.82", "141.212.122.83"))
Python SQL Statement:
'SELECT * FROM mentatData WHERE ("DetectTime" >= %s AND "DetectTime" <= %s) AND ("Source.IP4.ip" IN (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s) OR "Target.IP4.ip" IN (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s))', sql_translate2tuple('gte3, lte3, ip1, ip2, ip3, ip4, ip5, ip6, ip7, ip8, ip9, ip10, ip11, ip12, ip13, ip14, ip15, ip16, ip17, ip18, ip19, ip20, ip1, ip2, ip3, ip4, ip5, ip6, ip7, ip8, ip9, ip10, ip11, ip12, ip13, ip14, ip15, ip16, ip17, ip18, ip19, ip20')
Popis: Zobraz záznamy z časového rozsahu (3 dni) kde zdrojová alebo cieľová IPv4 adresa je niektorá z uvedeného zoznamu (79.0.43.89, 123.151.149.222, 82.221.105.6, 139.162.142.121, 198.20.99.130, 66.240.236.119, 212.122.196.96, 95.65.34.177, 111.248.97.59, 115.231.222.40, 218.241.98.198, 188.0.236.123, 112.33.3.69, 71.6.158.166, 45.35.105.106, 141.212.122.155, 141.212.122.156, 184.105.139.90, 141.212.122.82, 141.212.122.83)
JSON:
{
"disabled":0,
"name":"time3_ips",
"filter":{
"$and":[
{
"$and":[
{
"DetectTime":{
"$gte":"{gte3}"
}
},
{
"DetectTime":{
"$lte":"{lte3}"
}
}
]
},
{
"$or":[
{
"Source.IP4.ip":"{ip1}"
},
{
"Target.IP4.ip":"{ip1}"
},
{
"Source.IP4.ip":"{ip2}"
},
{
"Target.IP4.ip":"{ip2}"
},
{
"Source.IP4.ip":"{ip3}"
},
{
"Target.IP4.ip":"{ip3}"
},
{
"Source.IP4.ip":"{ip4}"
},
{
"Target.IP4.ip":"{ip4}"
},
{
"Source.IP4.ip":"{ip5}"
},
{
"Target.IP4.ip":"{ip5}"
},
{
"Source.IP4.ip":"{ip6}"
},
{
"Target.IP4.ip":"{ip6}"
},
{
"Source.IP4.ip":"{ip7}"
},
{
"Target.IP4.ip":"{ip7}"
},
{
"Source.IP4.ip":"{ip8}"
},
{
"Target.IP4.ip":"{ip8}"
},
{
"Source.IP4.ip":"{ip9}"
},
{
"Target.IP4.ip":"{ip9}"
},
{
"Source.IP4.ip":"{ip10}"
},
{
"Target.IP4.ip":"{ip10}"
},
{
"Source.IP4.ip":"{ip11}"
},
{
"Target.IP4.ip":"{ip11}"
},
{
"Source.IP4.ip":"{ip12}"
},
{
"Target.IP4.ip":"{ip12}"
},
{
"Source.IP4.ip":"{ip13}"
},
{
"Target.IP4.ip":"{ip13}"
},
{
"Source.IP4.ip":"{ip14}"
},
{
"Target.IP4.ip":"{ip14}"
},
{
"Source.IP4.ip":"{ip15}"
},
{
"Target.IP4.ip":"{ip15}"
},
{
"Source.IP4.ip":"{ip16}"
},
{
"Target.IP4.ip":"{ip16}"
},
{
"Source.IP4.ip":"{ip17}"
},
{
"Target.IP4.ip":"{ip17}"
},
{
"Source.IP4.ip":"{ip18}"
},
{
"Target.IP4.ip":"{ip18}"
},
{
"Source.IP4.ip":"{ip19}"
},
{
"Target.IP4.ip":"{ip19}"
},
{
"Source.IP4.ip":"{ip20}"
},
{
"Target.IP4.ip":"{ip20}"
}
]
}
]
}
}
Dotaz 6¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-01-29T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND ("Source.IP4.ip" IN ("79.0.43.89", "123.151.149.222", "82.221.105.6", "139.162.142.121", "198.20.99.130", "66.240.236.119", "212.122.196.96", "95.65.34.177", "111.248.97.59", "115.231.222.40", "218.241.98.198", "188.0.236.123", "112.33.3.69", "71.6.158.166", "45.35.105.106", "141.212.122.155", "141.212.122.156", "184.105.139.90", "141.212.122.82", "141.212.122.83") OR "Target.IP4.ip" IN ("79.0.43.89", "123.151.149.222", "82.221.105.6", "139.162.142.121", "198.20.99.130", "66.240.236.119", "212.122.196.96", "95.65.34.177", "111.248.97.59", "115.231.222.40", "218.241.98.198", "188.0.236.123", "112.33.3.69", "71.6.158.166", "45.35.105.106", "141.212.122.155", "141.212.122.156", "184.105.139.90", "141.212.122.82", "141.212.122.83")) AND ("Category" = "Attempt.Login")
Python SQL Statement:
'SELECT * FROM mentatData WHERE ("DetectTime" >= %s AND "DetectTime" <= %s) AND ("Source.IP4.ip" IN (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s) OR "Target.IP4.ip" IN (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)) AND ("Category" = %s)', sql_translate2tuple('gte3, lte3, ip1, ip2, ip3, ip4, ip5, ip6, ip7, ip8, ip9, ip10, ip11, ip12, ip13, ip14, ip15, ip16, ip17, ip18, ip19, ip20, ip1, ip2, ip3, ip4, ip5, ip6, ip7, ip8, ip9, ip10, ip11, ip12, ip13, ip14, ip15, ip16, ip17, ip18, ip19, ip20, category1')
Popis: Zobraz záznamy z danej kategórie (pokus o prihlásenie) z časového rozsahu (3 dni) kde zdrojová alebo cieľová IPv4 adresa je niektorá z uvedeného zoznamu (79.0.43.89, 123.151.149.222, 82.221.105.6, 139.162.142.121, 198.20.99.130, 66.240.236.119, 212.122.196.96, 95.65.34.177, 111.248.97.59, 115.231.222.40, 218.241.98.198, 188.0.236.123, 112.33.3.69, 71.6.158.166, 45.35.105.106, 141.212.122.155, 141.212.122.156, 184.105.139.90, 141.212.122.82, 141.212.122.83)
JSON:
{
"disabled":0,
"name":"time3_ips_category",
"filter":{
"$and":[
{
"$and":[
{
"DetectTime":{
"$gte":"{gte3}"
}
},
{
"DetectTime":{
"$lte":"{lte3}"
}
}
]
},
{
"$or":[
{
"Source.IP4.ip":"{ip1}"
},
{
"Target.IP4.ip":"{ip1}"
},
{
"Source.IP4.ip":"{ip2}"
},
{
"Target.IP4.ip":"{ip2}"
},
{
"Source.IP4.ip":"{ip3}"
},
{
"Target.IP4.ip":"{ip3}"
},
{
"Source.IP4.ip":"{ip4}"
},
{
"Target.IP4.ip":"{ip4}"
},
{
"Source.IP4.ip":"{ip5}"
},
{
"Target.IP4.ip":"{ip5}"
},
{
"Source.IP4.ip":"{ip6}"
},
{
"Target.IP4.ip":"{ip6}"
},
{
"Source.IP4.ip":"{ip7}"
},
{
"Target.IP4.ip":"{ip7}"
},
{
"Source.IP4.ip":"{ip8}"
},
{
"Target.IP4.ip":"{ip8}"
},
{
"Source.IP4.ip":"{ip9}"
},
{
"Target.IP4.ip":"{ip9}"
},
{
"Source.IP4.ip":"{ip10}"
},
{
"Target.IP4.ip":"{ip10}"
},
{
"Source.IP4.ip":"{ip11}"
},
{
"Target.IP4.ip":"{ip11}"
},
{
"Source.IP4.ip":"{ip12}"
},
{
"Target.IP4.ip":"{ip12}"
},
{
"Source.IP4.ip":"{ip13}"
},
{
"Target.IP4.ip":"{ip13}"
},
{
"Source.IP4.ip":"{ip14}"
},
{
"Target.IP4.ip":"{ip14}"
},
{
"Source.IP4.ip":"{ip15}"
},
{
"Target.IP4.ip":"{ip15}"
},
{
"Source.IP4.ip":"{ip16}"
},
{
"Target.IP4.ip":"{ip16}"
},
{
"Source.IP4.ip":"{ip17}"
},
{
"Target.IP4.ip":"{ip17}"
},
{
"Source.IP4.ip":"{ip18}"
},
{
"Target.IP4.ip":"{ip18}"
},
{
"Source.IP4.ip":"{ip19}"
},
{
"Target.IP4.ip":"{ip19}"
},
{
"Source.IP4.ip":"{ip20}"
},
{
"Target.IP4.ip":"{ip20}"
}
]
},
{
"Category":"{category1}"
}
]
}
}
Dotaz 7¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-01-25T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND ("Source.IP4.ip" = "79.0.43.89" OR "Target.IP4.ip" = "79.0.43.89")
Python SQL Statement:'SELECT * FROM mentatData WHERE ("DetectTime" >= %s AND "DetectTime" <= %s) AND ("Source.IP4.ip" = %s OR "Target.IP4.ip" = %s)', sql_translate2tuple('gte7, lte7, ip1, ip1')
Popis: Zobraz záznamy z časového rozsahu (7 dní) kde zadaná IPv4 adresa (79.0.43.89) je zdrojová či cieľová
JSON:
{
"disabled":0,
"name":"time7_ip",
"filter":{
"$and":[
{
"$and":[
{
"DetectTime":{
"$gte":"{gte7}"
}
},
{
"DetectTime":{
"$lte":"{lte7}"
}
}
]
},
{
"$or":[
{
"Source.IP4.ip":"{ip1}"
},
{
"Target.IP4.ip":"{ip1}"
}
]
}
]
}
}
Dotaz 8¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-01-25T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND ("Source.IP4.ip" = "79.0.43.89" OR "Target.IP4.ip" = "79.0.43.89") AND ("Category" = "Attempt.Login")
Python SQL Statement:'SELECT * FROM mentatData WHERE ("DetectTime" >= %s AND "DetectTime" <= %s) AND ("Source.IP4.ip" = %s OR "Target.IP4.ip" = %s) AND ("Category" = %s)', sql_translate2tuple('gte7, lte7, ip1, ip1, category1')
Popis: Zobraz záznamy z danej kategórie (pokus o prihlásenie) z časového rozsahu (7 dní) kde zadaná IPv4 adresa (79.0.43.89) je zdrojová či cieľová
JSON:
{
"disabled":0,
"name":"time7_ip_category",
"filter":{
"$and":[
{
"$and":[
{
"DetectTime":{
"$gte":"{gte3}"
}
},
{
"DetectTime":{
"$lte":"{lte3}"
}
}
]
},
{
"$or":[
{
"Source.IP4.ip":"{ip1}"
},
{
"Target.IP4.ip":"{ip1}"
}
]
},
{
"Category":"{category1}"
}
]
}
}
Dotaz 9¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-01-25T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND (("Source.IP4.min" >= "79.0.43.0" AND "Source.IP4.max" <= "79.0.43.255") OR ("Target.IP4.min" >= "79.0.43.0" AND "Target.IP4.max" <= "79.0.43.255"))
Python SQL Statement:'SELECT * FROM mentatData WHERE ("DetectTime" >= %s AND "DetectTime" <= %s) AND (("Source.IP4.min" >= %s AND "Source.IP4.max" <= %s) OR ("Target.IP4.min" >= %s AND "Target.IP4.max" <= %s))', sql_translate2tuple('gte7, lte7, net_min1, net_max1, net_min1, net_max1')
Popis: Zobraz záznamy z časového rozsahu (7 dní) kde zdrojová alebo cieľová IPv4 adresa je z uvedeného rozsahu (79.0.43.0/24)
JSON:
{
"disabled":0,
"name":"time7_net",
"filter":{
"$and":[
{
"$and":[
{
"DetectTime":{
"$gte":"{gte7}"
}
},
{
"DetectTime":{
"$lte":"{lte7}"
}
}
]
},
{
"$or":[
{
"$and":[
{
"Source.IP4.min":{
"$gte":"{net_min1}"
}
},
{
"Source.IP4.max":{
"$lte":"{net_max1}"
}
}
]
},
{
"$and":[
{
"Target.IP4.min":{
"$gte":"{net_min1}"
}
},
{
"Target.IP4.max":{
"$lte":"{net_max1}"
}
}
]
}
]
}
]
}
}
Dotaz 10¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-01-25T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND (("Source.IP4.min" >= "79.0.43.0" AND "Source.IP4.max" <= "79.0.43.255") OR ("Target.IP4.min" >= "79.0.43.0" AND "Target.IP4.max" <= "79.0.43.255")) AND ("Category" = "Attempt.Login")
Python SQL Statement:'SELECT * FROM mentatData WHERE ("DetectTime" >= %s AND "DetectTime" <= %s) AND (("Source.IP4.min" >= %s AND "Source.IP4.max" <= %s) OR ("Target.IP4.min" >= %s AND "Target.IP4.max" <= %s)) AND ("Category" = %s)', sql_translate2tuple('gte7, lte7, net_min1, net_max1, net_min1, net_max1, category1')
Popis: Zobraz záznamy z danej kategórie (pokus o prihlásenie) z časového rozsahu (7 dní) kde zdrojová alebo cieľová IPv4 adresa je z uvedeného rozsahu (79.0.43.0/24)
JSON:
{
"disabled":0,
"name":"time7_net_category",
"filter":{
"$and":[
{
"$and":[
{
"DetectTime":{
"$gte":"{gte7}"
}
},
{
"DetectTime":{
"$lte":"{lte7}"
}
}
]
},
{
"$or":[
{
"$and":[
{
"Source.IP4.min":{
"$gte":"{net_min1}"
}
},
{
"Source.IP4.max":{
"$lte":"{net_max1}"
}
}
]
},
{
"$and":[
{
"Target.IP4.min":{
"$gte":"{net_min1}"
}
},
{
"Target.IP4.max":{
"$lte":"{net_max1}"
}
}
]
}
]
},
{
"Category":"{category1}"
}
]
}
}
Dotaz 11¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-01-25T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND ("Source.IP4.ip" IN ("79.0.43.89", "123.151.149.222", "82.221.105.6", "139.162.142.121", "198.20.99.130", "66.240.236.119", "212.122.196.96", "95.65.34.177", "111.248.97.59", "115.231.222.40", "218.241.98.198", "188.0.236.123", "112.33.3.69", "71.6.158.166", "45.35.105.106", "141.212.122.155", "141.212.122.156", "184.105.139.90", "141.212.122.82", "141.212.122.83") OR "Target.IP4.ip" IN ("79.0.43.89", "123.151.149.222", "82.221.105.6", "139.162.142.121", "198.20.99.130", "66.240.236.119", "212.122.196.96", "95.65.34.177", "111.248.97.59", "115.231.222.40", "218.241.98.198", "188.0.236.123", "112.33.3.69", "71.6.158.166", "45.35.105.106", "141.212.122.155", "141.212.122.156", "184.105.139.90", "141.212.122.82", "141.212.122.83"))
Python SQL Statement:
'SELECT * FROM mentatData WHERE ("DetectTime" >= %s AND "DetectTime" <= %s) AND ("Source.IP4.ip" IN (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s) OR "Target.IP4.ip" IN (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s))', sql_translate2tuple('gte7, lte7, ip1, ip2, ip3, ip4, ip5, ip6, ip7, ip8, ip9, ip10, ip11, ip12, ip13, ip14, ip15, ip16, ip17, ip18, ip19, ip20, ip1, ip2, ip3, ip4, ip5, ip6, ip7, ip8, ip9, ip10, ip11, ip12, ip13, ip14, ip15, ip16, ip17, ip18, ip19, ip20')
Popis: Zobraz záznamy z časového rozsahu (7 dní) kde zdrojová alebo cieľová IPv4 adresa je niektorá z uvedeného zoznamu (79.0.43.89, 123.151.149.222, 82.221.105.6, 139.162.142.121, 198.20.99.130, 66.240.236.119, 212.122.196.96, 95.65.34.177, 111.248.97.59, 115.231.222.40, 218.241.98.198, 188.0.236.123, 112.33.3.69, 71.6.158.166, 45.35.105.106, 141.212.122.155, 141.212.122.156, 184.105.139.90, 141.212.122.82, 141.212.122.83)
JSON:
{
"disabled":0,
"name":"time3_ips",
"filter":{
"$and":[
{
"$and":[
{
"DetectTime":{
"$gte":"{gte7}"
}
},
{
"DetectTime":{
"$lte":"{lte7}"
}
}
]
},
{
"$or":[
{
"Source.IP4.ip":"{ip1}"
},
{
"Target.IP4.ip":"{ip1}"
},
{
"Source.IP4.ip":"{ip2}"
},
{
"Target.IP4.ip":"{ip2}"
},
{
"Source.IP4.ip":"{ip3}"
},
{
"Target.IP4.ip":"{ip3}"
},
{
"Source.IP4.ip":"{ip4}"
},
{
"Target.IP4.ip":"{ip4}"
},
{
"Source.IP4.ip":"{ip5}"
},
{
"Target.IP4.ip":"{ip5}"
},
{
"Source.IP4.ip":"{ip6}"
},
{
"Target.IP4.ip":"{ip6}"
},
{
"Source.IP4.ip":"{ip7}"
},
{
"Target.IP4.ip":"{ip7}"
},
{
"Source.IP4.ip":"{ip8}"
},
{
"Target.IP4.ip":"{ip8}"
},
{
"Source.IP4.ip":"{ip9}"
},
{
"Target.IP4.ip":"{ip9}"
},
{
"Source.IP4.ip":"{ip10}"
},
{
"Target.IP4.ip":"{ip10}"
},
{
"Source.IP4.ip":"{ip11}"
},
{
"Target.IP4.ip":"{ip11}"
},
{
"Source.IP4.ip":"{ip12}"
},
{
"Target.IP4.ip":"{ip12}"
},
{
"Source.IP4.ip":"{ip13}"
},
{
"Target.IP4.ip":"{ip13}"
},
{
"Source.IP4.ip":"{ip14}"
},
{
"Target.IP4.ip":"{ip14}"
},
{
"Source.IP4.ip":"{ip15}"
},
{
"Target.IP4.ip":"{ip15}"
},
{
"Source.IP4.ip":"{ip16}"
},
{
"Target.IP4.ip":"{ip16}"
},
{
"Source.IP4.ip":"{ip17}"
},
{
"Target.IP4.ip":"{ip17}"
},
{
"Source.IP4.ip":"{ip18}"
},
{
"Target.IP4.ip":"{ip18}"
},
{
"Source.IP4.ip":"{ip19}"
},
{
"Target.IP4.ip":"{ip19}"
},
{
"Source.IP4.ip":"{ip20}"
},
{
"Target.IP4.ip":"{ip20}"
}
]
}
]
}
}
Dotaz 12¶
Testcase:
SQL Statement:
SELECT ... WHERE (("DetectTime" >= "2016-01-25T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND ("Source.IP4.ip" = "79.0.43.89" OR "Target.IP4.ip" = "79.0.43.89" OR "Source.IP4.ip" = "123.151.149.222" OR "Target.IP4.ip" = "123.151.149.222" OR ... ) AND "Category" = "Attempt.Login");
Popis: Zobraz záznamy z časového rozsahu (7 dní) kde zdrojová nebo cilová IPv4 adresa je nekterá z uvedeného seznamu a kategorie je nastavena na Attempt.Login.
JSON:
{
"disabled": 0,
"name": "time7_ips_category",
"filter": {
"$and": [
{
"$and": [
{
"DetectTime": {
"$gte": "{gte7}"
}
},
{
"DetectTime": {
"$lte": "{lte7}"
}
}
]
},
{
"$or": [
{
"Source.IP4.ip": "{ip1}"
},
{
"Target.IP4.ip": "{ip1}"
},
{
"Source.IP4.ip": "{ip2}"
},
{
"Target.IP4.ip": "{ip2}"
},
{
"Source.IP4.ip": "{ip3}"
},
{
"Target.IP4.ip": "{ip3}"
},
{
"Source.IP4.ip": "{ip4}"
},
{
"Target.IP4.ip": "{ip4}"
},
{
"Source.IP4.ip": "{ip5}"
},
{
"Target.IP4.ip": "{ip5}"
},
{
"Source.IP4.ip": "{ip6}"
},
{
"Target.IP4.ip": "{ip6}"
},
{
"Source.IP4.ip": "{ip7}"
},
{
"Target.IP4.ip": "{ip7}"
},
{
"Source.IP4.ip": "{ip8}"
},
{
"Target.IP4.ip": "{ip8}"
},
{
"Source.IP4.ip": "{ip9}"
},
{
"Target.IP4.ip": "{ip9}"
},
{
"Source.IP4.ip": "{ip10}"
},
{
"Target.IP4.ip": "{ip10}"
},
{
"Source.IP4.ip": "{ip11}"
},
{
"Target.IP4.ip": "{ip11}"
},
{
"Source.IP4.ip": "{ip12}"
},
{
"Target.IP4.ip": "{ip12}"
},
{
"Source.IP4.ip": "{ip13}"
},
{
"Target.IP4.ip": "{ip13}"
},
{
"Source.IP4.ip": "{ip14}"
},
{
"Target.IP4.ip": "{ip14}"
},
{
"Source.IP4.ip": "{ip15}"
},
{
"Target.IP4.ip": "{ip15}"
},
{
"Source.IP4.ip": "{ip16}"
},
{
"Target.IP4.ip": "{ip16}"
},
{
"Source.IP4.ip": "{ip17}"
},
{
"Target.IP4.ip": "{ip17}"
},
{
"Source.IP4.ip": "{ip18}"
},
{
"Target.IP4.ip": "{ip18}"
},
{
"Source.IP4.ip": "{ip19}"
},
{
"Target.IP4.ip": "{ip19}"
},
{
"Source.IP4.ip": "{ip20}"
},
{
"Target.IP4.ip": "{ip20}"
}
]
},
{
"Category": "{category1}"
}
]
}
},
Dotaz 13¶
Testcase:
SQL Statement:
SELECT ... WHERE (("DetectTime" >= "2016-01-01T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND ("Source.IP4.ip" = "79.0.43.89" OR "Target.IP4.ip" = "79.0.43.89"));
Popis: Zobraz záznamy z časového rozsahu (1 mesic) kde zdrojová nebo cilová IPv4 adresa je 79.0.43.89.
JSON:
{
"disabled": 0,
"name": "time30_ip",
"filter": {
"$and": [
{
"$and": [
{
"DetectTime": {
"$gte": "{gte30}"
}
},
{
"DetectTime": {
"$lte": "{lte30}"
}
}
]
},
{
"$or": [
{
"Source.IP4.ip": "{ip1}"
},
{
"Target.IP4.ip": "{ip1}"
}
]
}
]
}
},
Dotaz 14¶
Testcase:
SQL Statement:
SELECT ... WHERE (("DetectTime" >= "2016-01-01T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND ("Source.IP4.ip" = "79.0.43.89" OR "Target.IP4.ip" = "79.0.43.89") AND "Category" = "Attempt.Login");
Popis: Zobraz záznamy z časového rozsahu (1 mesic) kde zdrojová nebo cilová IPv4 adresa je 79.0.43.89 a kategorie je Attempt.Login.
JSON:
{
"disabled": 0,
"name": "time30_ip_category",
"filter": {
"$and": [
{
"$and": [
{
"DetectTime": {
"$gte": "{gte30}"
}
},
{
"DetectTime": {
"$lte": "{lte30}"
}
}
]
},
{
"$or": [
{
"Source.IP4.ip": "{ip1}"
},
{
"Target.IP4.ip": "{ip1}"
}
]
},
{
"Category": "{category1}"
}
]
}
},
Dotaz 15¶
Testcase:
SQL Statement:
SELECT ... WHERE (("DetectTime" >= "2016-01-01T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND (("Source.IP4.min" = "79.0.43.0" AND "Source.IP4.max" = "79.0.43.255") OR ("Target.IP4.min" = "79.0.43.0" AND "Target.IP4.max" = "79.0.43.255")));
Popis: Zobraz záznamy z časového rozsahu (1 mesic) kde zdrojová nebo cilova IPv4 adresa lezi v subnetu 79.0.43.0/24.
JSON:
{
"disabled": 0,
"name": "time30_net",
"filter": {
"$and": [
{
"$and": [
{
"DetectTime": {
"$gte": "{gte30}"
}
},
{
"DetectTime": {
"$lte": "{lte30}"
}
}
]
},
{
"$or": [
{
"$and": [
{
"Source.IP4.min": {
"$gte": "{net_min1}"
}
},
{
"Source.IP4.max": {
"$lte": "{net_max1}"
}
}
]
},
{
"$and": [
{
"Target.IP4.min": {
"$gte": "{net_min1}"
}
},
{
"Target.IP4.max": {
"$lte": "{net_max1}"
}
}
]
}
]
}
]
}
},
Dotaz 16¶
Testcase:
SQL Statement:
SELECT ... WHERE (("DetectTime" >= "2016-01-01T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND (("Source.IP4.min" = "79.0.43.0" AND "Source.IP4.max" = "79.0.43.255") OR ("Target.IP4.min" = "79.0.43.0" AND "Target.IP4.max" = "79.0.43.255")) AND "Category" = "Attempt.Login");
Popis: Zobraz záznamy z časového rozsahu (1 mesic) kde zdrojová nebo cilova IPv4 adresa lezi v subnetu 79.0.43.0/24 a kategorie je Attempt.Login.
JSON:
{
"disabled": 0,
"name": "time30_net_category",
"filter": {
"$and": [
{
"$and": [
{
"DetectTime": {
"$gte": "{gte30}"
}
},
{
"DetectTime": {
"$lte": "{lte30}"
}
}
]
},
{
"$or": [
{
"$and": [
{
"Source.IP4.min": {
"$gte": "{net_min1}"
}
},
{
"Source.IP4.max": {
"$lte": "{net_max1}"
}
}
]
},
{
"$and": [
{
"Target.IP4.min": {
"$gte": "{net_min1}"
}
},
{
"Target.IP4.max": {
"$lte": "{net_max1}"
}
}
]
}
]
},
{
"Category": "{category1}"
}
]
}
},
Dotaz 17¶
Testcase:
SQL Statement:
SELECT ... WHERE (("DetectTime" >= "2016-01-01T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND ("Source.IP4.ip" = "79.0.43.89" OR "Target.IP4.ip" = "79.0.43.89" OR "Source.IP4.ip" = "123.151.149.222" OR "Target.IP4.ip" = "123.151.149.222" OR ... ));
Popis: Zobraz záznamy z časového rozsahu (1 mesic) kde zdrojová nebo cilová IPv4 adresa je nekterá z uvedeného seznamu adres.
JSON:
{
"disabled": 0,
"name": "time30_ips",
"filter": {
"$and": [
{
"$and": [
{
"DetectTime": {
"$gte": "{gte30}"
}
},
{
"DetectTime": {
"$lte": "{lte30}"
}
}
]
},
{
"$or": [
{
"Source.IP4.ip": "{ip1}"
},
{
"Target.IP4.ip": "{ip1}"
},
{
"Source.IP4.ip": "{ip2}"
},
{
"Target.IP4.ip": "{ip2}"
},
{
"Source.IP4.ip": "{ip3}"
},
{
"Target.IP4.ip": "{ip3}"
},
{
"Source.IP4.ip": "{ip4}"
},
{
"Target.IP4.ip": "{ip4}"
},
{
"Source.IP4.ip": "{ip5}"
},
{
"Target.IP4.ip": "{ip5}"
},
{
"Source.IP4.ip": "{ip6}"
},
{
"Target.IP4.ip": "{ip6}"
},
{
"Source.IP4.ip": "{ip7}"
},
{
"Target.IP4.ip": "{ip7}"
},
{
"Source.IP4.ip": "{ip8}"
},
{
"Target.IP4.ip": "{ip8}"
},
{
"Source.IP4.ip": "{ip9}"
},
{
"Target.IP4.ip": "{ip9}"
},
{
"Source.IP4.ip": "{ip10}"
},
{
"Target.IP4.ip": "{ip10}"
},
{
"Source.IP4.ip": "{ip11}"
},
{
"Target.IP4.ip": "{ip11}"
},
{
"Source.IP4.ip": "{ip12}"
},
{
"Target.IP4.ip": "{ip12}"
},
{
"Source.IP4.ip": "{ip13}"
},
{
"Target.IP4.ip": "{ip13}"
},
{
"Source.IP4.ip": "{ip14}"
},
{
"Target.IP4.ip": "{ip14}"
},
{
"Source.IP4.ip": "{ip15}"
},
{
"Target.IP4.ip": "{ip15}"
},
{
"Source.IP4.ip": "{ip16}"
},
{
"Target.IP4.ip": "{ip16}"
},
{
"Source.IP4.ip": "{ip17}"
},
{
"Target.IP4.ip": "{ip17}"
},
{
"Source.IP4.ip": "{ip18}"
},
{
"Target.IP4.ip": "{ip18}"
},
{
"Source.IP4.ip": "{ip19}"
},
{
"Target.IP4.ip": "{ip19}"
},
{
"Source.IP4.ip": "{ip20}"
},
{
"Target.IP4.ip": "{ip20}"
}
]
}
]
}
},
Dotaz 18¶
Testcase:
SQL Statement:
SELECT ... WHERE (("DetectTime" >= "2016-01-01T00:00:00" AND "DetectTime" <= "2016-02-01T00:00:00") AND ("Source.IP4.ip" = "79.0.43.89" OR "Target.IP4.ip" = "79.0.43.89" OR "Source.IP4.ip" = "123.151.149.222" OR "Target.IP4.ip" = "123.151.149.222" OR ... ) AND "Category" = "Attempt.Login");
Popis: Zobraz záznamy z časového rozsahu (1 mesic) kde zdrojová nebo cilová IPv4 adresa je nekterá z uvedeného seznamu adres a kategorie je nastavena na Attempt.Login.
JSON:
{
"disabled": 0,
"name": "time30_ips_category",
"filter": {
"$and": [
{
"$and": [
{
"DetectTime": {
"$gte": "{gte30}"
}
},
{
"DetectTime": {
"$lte": "{lte30}"
}
}
]
},
{
"$or": [
{
"Source.IP4.ip": "{ip1}"
},
{
"Target.IP4.ip": "{ip1}"
},
{
"Source.IP4.ip": "{ip2}"
},
{
"Target.IP4.ip": "{ip2}"
},
{
"Source.IP4.ip": "{ip3}"
},
{
"Target.IP4.ip": "{ip3}"
},
{
"Source.IP4.ip": "{ip4}"
},
{
"Target.IP4.ip": "{ip4}"
},
{
"Source.IP4.ip": "{ip5}"
},
{
"Target.IP4.ip": "{ip5}"
},
{
"Source.IP4.ip": "{ip6}"
},
{
"Target.IP4.ip": "{ip6}"
},
{
"Source.IP4.ip": "{ip7}"
},
{
"Target.IP4.ip": "{ip7}"
},
{
"Source.IP4.ip": "{ip8}"
},
{
"Target.IP4.ip": "{ip8}"
},
{
"Source.IP4.ip": "{ip9}"
},
{
"Target.IP4.ip": "{ip9}"
},
{
"Source.IP4.ip": "{ip10}"
},
{
"Target.IP4.ip": "{ip10}"
},
{
"Source.IP4.ip": "{ip11}"
},
{
"Target.IP4.ip": "{ip11}"
},
{
"Source.IP4.ip": "{ip12}"
},
{
"Target.IP4.ip": "{ip12}"
},
{
"Source.IP4.ip": "{ip13}"
},
{
"Target.IP4.ip": "{ip13}"
},
{
"Source.IP4.ip": "{ip14}"
},
{
"Target.IP4.ip": "{ip14}"
},
{
"Source.IP4.ip": "{ip15}"
},
{
"Target.IP4.ip": "{ip15}"
},
{
"Source.IP4.ip": "{ip16}"
},
{
"Target.IP4.ip": "{ip16}"
},
{
"Source.IP4.ip": "{ip17}"
},
{
"Target.IP4.ip": "{ip17}"
},
{
"Source.IP4.ip": "{ip18}"
},
{
"Target.IP4.ip": "{ip18}"
},
{
"Source.IP4.ip": "{ip19}"
},
{
"Target.IP4.ip": "{ip19}"
},
{
"Source.IP4.ip": "{ip20}"
},
{
"Target.IP4.ip": "{ip20}"
}
]
},
{
"Category": "{category1}"
}
]
}
}
Testovaci dotazy - doplneni¶
Ukazky hodnot¶
"values": {
"{gte}": "2016-03-21T00:00:00"
"{lte}": "2016-03-23T00:00:00"
"{ip_s}": "27.254.67.139"
"{ip_t}": "158.196.0.0"
"{net_min1}": "27.254.67.0"
"{net_max1}": "27.254.67.255"
"{net_min2}": "79.0.43.0"
"{net_max2}": "79.0.43.255"
"{category1}": "Attempt.Login"
"{node.sw1}": "value": "Mentat"
"{node.name1}": "value": "cz.cesnet.mentat.warden_filer"
Dotaz 19¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-03-21T00:00:00" AND "DetectTime" <= "2016-03-23T00:00:00") AND ("Source.IP4.ip" = "27.254.67.139" OR "Target.IP4.ip" = "158.196.0.0");
Popis: Zobraz záznamy z časového rozsahu (2 dny) kde zdrojová IPv4 adresa je 27.254.67.139 nebo cilová IPv4 adresa je 158.196.0.0.
JSON:
{"$and": [
{
"$and": [
{
"DetectTime": {
"$gte": "{gte}"
}
},
{
"DetectTime": {
"$lte": "{lte}"
}
}
]
},
{
"$or": [
{
"Source.IP4.ip": "{ip_s}"
},
{
"Target.IP4.ip": "{ip_t}"
}
]
}
]}
Dotaz 20¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-03-21T00:00:00" AND "DetectTime" <= "2016-03-23T00:00:00") AND (("Source.IP4.min" >= "27.254.67.0" AND "Source.IP4.max" <= "27.254.67.255") OR ("Target.IP4.min" >= "79.0.43.0" AND "Target.IP4.max" <= "79.0.43.255"));
Popis: Zobraz záznamy z časového rozsahu (2 dny) kde zdrojová IPv4 adresa lezi v subnetu 27.254.67.0/24 nebo cilova IPv4 adresa lezi v subnetu 79.0.43.0/24.
JSON:
{ "$and": [
{
"$and": [
{
"DetectTime": {
"$gte": "{gte}"
}
},
{
"DetectTime": {
"$lte": "{lte}"
}
}
]
},
{
"$or": [
{
"$and": [
{
"Source.IP4.min": {
"$gte": "{net_min1}"
}
},
{
"Source.IP4.max": {
"$lte": "{net_max1}"
}
}
]
},
{
"$and": [
{
"Target.IP4.min": {
"$gte": "{net_min2}"
}
},
{
"Target.IP4.max": {
"$lte": "{net_max2}"
}
}
]
}
]
}
]}
Dotaz 21¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-03-21T00:00:00" AND "DetectTime" <= "2016-03-23T00:00:00") AND ("Source.IP4.ip" = "27.254.67.139" OR "Target.IP4.ip" = "27.254.67.139" OR "Source.IP4.ip" = "158.196.0.0" OR "Target.IP4.ip" = "158.196.0.0");
Popis: Zobraz záznamy z časového rozsahu (2 dny) kde zdrojová nebo cilova IPv4 adresa je 27.254.67.139 nebo 158.196.0.0.
JSON:
{ "$and": [
{
"$and": [
{
"DetectTime": {
"$gte": "{gte}"
}
},
{
"DetectTime": {
"$lte": "{lte}"
}
}
]
},
{
"$or": [
{
"Source.IP4.ip": "{ip_s}"
},
{
"Target.IP4.ip": "{ip_s}"
},
{
"Source.IP4.ip": "{ip_t}"
},
{
"Target.IP4.ip": "{ip_t}"
}
]
}
]}
Dotaz 22¶
Testcase:
SQL Statement:
SELECT ... WHERE ("DetectTime" >= "2016-03-21T00:00:00" AND "DetectTime" <= "2016-03-23T00:00:00" AND "Source.IP4.ip" = "27.254.67.139" AND "Target.IP4.ip" = "158.196.0.0" AND "Category" = "Attempt.Login" AND "Node.SW" = "Mentat" AND "Node.Name" = "cz.cesnet.mentat.warden_filer");
Popis: Zobraz záznamy z časového rozsahu (2 dny) kde zdrojová IPv4 adresa je 27.254.67.139 a cilova IPv4 adresa je 158.196.0.0, kategorie je nastavena na Attempt.Login, Node.Sw je Mentat a Node.Name je cz.cesnet.mentat.warden_filer.
JSON:
{"$and": [
{
"Source.IP4.ip": "{ip_s}"
},
{
"Target.IP4.ip": "{ip_t}"
},
{
"DetectTime": {
"$gte": "{gte}"
}
},
{
"DetectTime": {
"$lte": "{lte}"
}
},
{
"Category": "{category1}"
},
{
"Node.SW": "{node.sw1}"
},
{
"Node.Name": "{node.name1}"
}
]}