mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge pull request #995 from mozilla/add_port_details_root 

Move source port and destination port to details root
This commit is contained in:
Brandon Myers 2018-12-18 12:48:56 -06:00 коммит произвёл GitHub
Родитель 5c0ad15d8a 4e28602162
Коммит 97409a248c
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
2 изменённых файлов: 9 добавлений и 14 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

15
mq/plugins/filterlog.py
Просмотреть файл

@ -71,9 +71,9 @@ class message(object):
if 'tcp' not in message['details']: if 'tcp' not in message['details']:
message['details']['tcp'] = {} message['details']['tcp'] = {}
message['details']['tcp']['source_port'] = summary_items[last_index + 4] message['details']['source_port'] = summary_items[last_index + 4]
message['details']['tcp']['destination_port'] = summary_items[last_index + 5] message['details']['destination_port'] = summary_items[last_index + 5]
message['details']['tcp']['data_length'] = summary_items[last_index + 6] message['details']['data_length'] = summary_items[last_index + 6]
message['details']['tcp']['flags'] = summary_items[last_index + 7] message['details']['tcp']['flags'] = summary_items[last_index + 7]
message['details']['tcp']['seq_number'] = summary_items[last_index + 8] message['details']['tcp']['seq_number'] = summary_items[last_index + 8]
message['details']['tcp']['ack_number'] = summary_items[last_index + 9] message['details']['tcp']['ack_number'] = summary_items[last_index + 9]
@ -81,11 +81,8 @@ class message(object):
message['details']['tcp']['urg'] = summary_items[last_index + 11] message['details']['tcp']['urg'] = summary_items[last_index + 11]
message['details']['tcp']['options'] = summary_items[last_index + 12] message['details']['tcp']['options'] = summary_items[last_index + 12]
elif proto_id == 17: elif proto_id == 17:
if 'udp' not in message['details']: message['details']['source_port'] = summary_items[last_index + 4]
message['details']['udp'] = {} message['details']['destination_port'] = summary_items[last_index + 5]
message['details']['data_length'] = summary_items[last_index + 6]
message['details']['udp']['source_port'] = summary_items[last_index + 4]
message['details']['udp']['destination_port'] = summary_items[last_index + 5]
message['details']['udp']['data_length'] = summary_items[last_index + 6]
return (message, metadata) return (message, metadata)

8
tests/mq/plugins/test_filterlog.py
Просмотреть файл

@ -45,11 +45,9 @@ class TestFilterlog():
'sourceipaddress': '175.41.7.2', 'sourceipaddress': '175.41.7.2',
'sub_rule_number': '', 'sub_rule_number': '',
'trackor': '1000000103', 'trackor': '1000000103',
'udp': { 'data_length': '72',
'data_length': '72', 'destination_port': '33443',
'destination_port': '33443', 'source_port': '57434'
'source_port': '57434'
}
}, },
'summary': '9,,,1000000103,igb0,match,block,in,4,0x0,,6,60624,0,DF,17,udp,92,175.41.7.2,21.143.56.109,57434,33443,72' 'summary': '9,,,1000000103,igb0,match,block,in,4,0x0,,6,60624,0,DF,17,udp,92,175.41.7.2,21.143.56.109,57434,33443,72'
} }