unauth_ssh_pyes: allow additional characters in username

2016-04-11 16:08:52 -05:00 · 2016-04-11 16:08:52 -05:00 · 1f4799eeb8
--- a/alerts/unauth_ssh_pyes.py
+++ b/alerts/unauth_ssh_pyes.py
@ -68,7 +68,7 @@ class AlertUnauthSSH(AlertTask):
                sourceipaddress = x['details']['sourceipaddress']

        targetuser = 'unknown'
-        expr = re.compile('Accepted publickey for ([A-Za-z0-9]+) from')
+        expr = re.compile('Accepted publickey for ([A-Za-z0-9@.\-]+) from')
        m = expr.match(event['_source']['summary'])
        groups = m.groups()
        if len(groups) > 0: