From 0d9e63895d7ea463fa268c7f199baf3baab86427 Mon Sep 17 00:00:00 2001 From: Jonathan Claudius Date: Thu, 11 Oct 2018 15:32:22 -0400 Subject: [PATCH] Standardize some proxy drop summary verbiage --- alerts/proxy_drop_non_standard_port.py | 2 +- tests/alerts/test_proxy_drop_non_standard_port.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/alerts/proxy_drop_non_standard_port.py b/alerts/proxy_drop_non_standard_port.py index 59d33cea..da48fbe4 100644 --- a/alerts/proxy_drop_non_standard_port.py +++ b/alerts/proxy_drop_non_standard_port.py @@ -53,7 +53,7 @@ class AlertProxyDropNonStandardPort(AlertTask): for event in aggreg['allevents']: destinations.add(event['_source']['details']['destination']) - summary = 'Suspicious Proxy DROP events detected from {0} to the following non-std port(s): {1}'.format( + summary = 'Suspicious Proxy DROP events detected from {0} to the following non-std port desintation(s): {1}'.format( aggreg['value'], ",".join(sorted(destinations)) ) diff --git a/tests/alerts/test_proxy_drop_non_standard_port.py b/tests/alerts/test_proxy_drop_non_standard_port.py index 41e9d0c0..98b498e8 100644 --- a/tests/alerts/test_proxy_drop_non_standard_port.py +++ b/tests/alerts/test_proxy_drop_non_standard_port.py @@ -52,12 +52,12 @@ class TestAlertProxyDropNonStandardPort(AlertTestSuite): "category": "squid", "tags": ['squid', 'proxy'], "severity": "WARNING", - "summary": 'Suspicious Proxy DROP events detected from 1.2.3.4 to the following non-std port(s): evil.com:6667' + "summary": 'Suspicious Proxy DROP events detected from 1.2.3.4 to the following non-std port destination(s): evil.com:6667' } default_alert_aggregated = AlertTestSuite.copy(default_alert) default_alert_aggregated[ - "summary"] = 'Suspicious Proxy DROP events detected from 1.2.3.4 to the following non-std port(s): evil.com:1337,evil.com:6667' + "summary"] = 'Suspicious Proxy DROP events detected from 1.2.3.4 to the following non-std port destination(s): evil.com:1337,evil.com:6667' test_cases = []