mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

standardize the field names

This commit is contained in:
Jeff Bryner 2014-06-24 09:13:18 -07:00
Родитель 23ddf455fb
Коммит 8bbbf387c5
2 изменённых файлов: 18 добавлений и 18 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

34
mq/plugins/rt_flow.py
Просмотреть файл

@ -29,33 +29,33 @@ class message(object):
deny_search = re.search(self.deny_regex, msg_unparsed)
if deny_search:
message['details']['action'] = 'denied'
message['details']['src'] = deny_search.group('src')
message['details']['srcport_int'] = deny_search.group('srcport')
message['details']['dst'] = deny_search.group('dst')
message['details']['dstport_int'] = deny_search.group('dstport')
message['details']['sourceipaddress'] = deny_search.group('src')
message['details']['sourceport'] = deny_search.group('srcport')
message['details']['destinationipaddress'] = deny_search.group('dst')
message['details']['destinationport'] = deny_search.group('dstport')
message['details']['service'] = deny_search.group('service')
message['details']['proto_int'] = deny_search.group('proto')
message['details']['prototype_int'] = deny_search.group('prototype')
message['details']['protocol'] = deny_search.group('proto')
message['details']['protocoltype'] = deny_search.group('prototype')
message['details']['policy'] = deny_search.group('policy')
message['details']['srczone'] = deny_search.group('srczone')
message['details']['dstzone'] = deny_search.group('dstzone')
message['details']['sourcezone'] = deny_search.group('srczone')
message['details']['destinationzone'] = deny_search.group('dstzone')
message['details']['interface'] = deny_search.group('interface')
if msg_unparsed.startswith('%-RT_FLOW_SESSION_CREATE:'):
create_search = re.search(self.create_regex, msg_unparsed)
if create_search:
message['details']['action'] = 'created'
message['details']['src'] = create_search.group('src')
message['details']['srcport_int'] = create_search.group('srcport')
message['details']['dst'] = create_search.group('dst')
message['details']['dstport_int'] = create_search.group('dstport')
message['details']['sourceipaddress'] = create_search.group('src')
message['details']['sourceport'] = create_search.group('srcport')
message['details']['destinationipaddress'] = create_search.group('dst')
message['details']['destinationport'] = create_search.group('dstport')
message['details']['service'] = create_search.group('service')
message['details']['srcnatrule'] = create_search.group('srcnatrule')
message['details']['dstnatrule'] = create_search.group('dstnatrule')
message['details']['sourcenatrule'] = create_search.group('srcnatrule')
message['details']['destinationnatrule'] = create_search.group('dstnatrule')
message['details']['protocol'] = create_search.group('protocol')
message['details']['policy'] = create_search.group('policy')
message['details']['srczone'] = create_search.group('srczone')
message['details']['dstzone'] = create_search.group('dstzone')
message['details']['sessionid_int'] = create_search.group('sessionid')
message['details']['sourcezone'] = create_search.group('srczone')
message['details']['destinationzone'] = create_search.group('dstzone')
message['details']['sessionid'] = create_search.group('sessionid')
message['details']['interface'] = create_search.group('interface')
return (message, metadata)

2
mq/plugins/snmptt.py
Просмотреть файл

@ -28,7 +28,7 @@ class message(object):
if search:
message['details']['trapname'] = search.group('trapname')
message['details']['trapseverity'] = search.group('trapseverity')
message['details']['source_host'] = search.group('source_host')
message['details']['sourcehostname'] = search.group('source_host')
message['details']['trappayload'] = search.group('trappayload')
message['details']['hostname'] = search.group('source_host')