mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Working on separating health stats from events index.

This commit is contained in:
Phrozyn 2018-07-12 12:58:30 -05:00
Родитель 1bbb4565da
Коммит 4c1864f735
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: DBCDDDC9CF758282
3 изменённых файлов: 292 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
cron/healthAndStatus.conf
Просмотреть файл

@ -3,3 +3,4 @@ esservers=http://localhost:9200
mqservers=localhost
mquser=guest
mqpassword=guest
mozdefindex=mozdefstate

13
cron/healthAndStatus.py
Просмотреть файл

@ -52,6 +52,15 @@ def getDocID(servername):
hash.update('{0}.mozdefhealth.latest'.format(servername))
return hash.hexdigest()
def esIndexExists():
try:
es = ElasticsearchClient((list('{0}'.format(s) for s in options.esservers)))
if not es.indices.exists(index=options.mozdefindex):
try:
logger.debug('Creating %s index' % options.mozdefindex)
es.create_index(options.mozdefindex, default_mapping_contents)
def main():
'''
@ -156,6 +165,10 @@ def initConfig():
options.esservers = list(getConfig('esservers',
'http://localhost:9200',
options.configfile).split(','))
# configure the index to save events to
options.mozdefindex = getConfig('mozdefindex', 'mozdefstate', options.configfile)
# point to mapping json for the index
default_mapping_location = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'mozdefStateMappingTemplate.json')
if __name__ == '__main__':
parser = OptionParser()

278
cron/mozdefStateMappingTemplate.json Normal file
Просмотреть файл

@ -0,0 +1,278 @@
{
"order": 0,
"template": "mozdefstate",
"settings": {
"number_of_shards": 1,
"number_of_replicas": 0
},
"mappings": {
"mozdefstats": {
"_all": {
"enabled": true
},
"dynamic_templates": [
{
"string_fields": {
"match": "*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"double_fields": {
"match": "*",
"match_mapping_type": "double",
"mapping": {
"type": "keyword"
}
}
},
{
"long_fields": {
"match": "*",
"match_mapping_type": "long",
"mapping": {
"type": "keyword"
}
}
}
],
"properties": {
"category": {
"type": "keyword"
},
"details": {
"properties": {
"counts": {
"properties": {
"AUDIT_FAILURE": {
"type": "keyword"
},
"AUDIT_SUCCESS": {
"type": "keyword"
},
"AwsApiCall": {
"type": "keyword"
},
"AwsServiceEvent": {
"type": "keyword"
},
"ERROR": {
"type": "keyword"
},
"General": {
"type": "keyword"
},
"INFO": {
"type": "keyword"
},
"Provider Lifecycle": {
"type": "keyword"
},
"UNKNOWN": {
"type": "keyword"
},
"VERBOSE": {
"type": "keyword"
},
"WARNING": {
"type": "keyword"
},
"allowedEmailDomains": {
"properties": {
"refresh": {
"type": "keyword"
}
}
},
"allowedIPs": {
"properties": {
"refresh": {
"type": "keyword"
},
"validate": {
"properties": {
"err": {
"type": "keyword"
}
}
}
}
},
"allowedPhoneNumbers": {
"properties": {
"refresh": {
"type": "keyword"
}
}
},
"auditd": {
"type": "keyword"
},
"bro": {
"type": "keyword"
},
"event": {
"type": "keyword"
},
"execve": {
"type": "keyword"
},
"fxa": {
"properties": {
"customs": {
"properties": {
"blocklist": {
"properties": {
"check": {
"type": "keyword"
},
"hit": {
"type": "keyword"
}
}
}
}
}
}
},
"fxa:request": {
"properties": {
"check": {
"properties": {
"block": {
"properties": {
"accountCreate": {
"properties": {
"sendViolation": {
"type": "keyword"
}
}
},
"accountLogin": {
"properties": {
"sendViolation": {
"type": "keyword"
}
}
},
"passwordForgotSendCode": {
"properties": {
"sendViolation": {
"type": "keyword"
}
}
},
"sendUnblockCode": {
"properties": {
"sendViolation": {
"type": "keyword"
}
}
}
}
}
}
}
}
},
"limits": {
"properties": {
"refresh": {
"type": "keyword"
},
"validate": {
"properties": {
"err": {
"type": "keyword"
}
}
}
}
},
"mozdef": {
"type": "keyword"
},
"request": {
"properties": {
"check": {
"type": "keyword"
},
"checkAuthenticated": {
"type": "keyword"
},
"checkIpOnly": {
"type": "keyword"
},
"failedLoginAttempt": {
"type": "keyword"
},
"passwordReset": {
"type": "keyword"
}
}
},
"requestChecks": {
"properties": {
"refresh": {
"type": "keyword"
}
}
},
"suricata_event_log": {
"type": "keyword"
},
"syslog": {
"type": "keyword"
},
"write": {
"type": "keyword"
}
}
}
}
},
"hostname": {
"type": "keyword"
},
"mozdefhostname": {
"type": "keyword"
},
"processid": {
"type": "keyword"
},
"processname": {
"type": "keyword"
},
"receivedtimestamp": {
"type": "date",
"format": "dateOptionalTime"
},
"severity": {
"type": "keyword"
},
"source": {
"type": "keyword"
},
"summary": {
"type": "text"
},
"tags": {
"type": "keyword"
},
"timestamp": {
"type": "date"
},
"utctimestamp": {
"type": "date",
"format": "dateOptionalTime"
},
"version": {
"type": "keyword"
}
}
}
}
}