From ff20881548201c7aafbdde5e7b84760de1502d87 Mon Sep 17 00:00:00 2001
From: Phrozyn <asmith@mozilla.com>
Date: Tue, 9 Apr 2019 11:09:49 -0500
Subject: [PATCH] Modifying some of the type references.

---
 mq/esworker_cloudtrail.py     | 6 ++----
 mq/plugins/complianceitems.py | 5 ++---
 mq/plugins/squidFixup.py      | 2 +-
 3 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/mq/esworker_cloudtrail.py b/mq/esworker_cloudtrail.py
index 67419994..2e299943 100755
--- a/mq/esworker_cloudtrail.py
+++ b/mq/esworker_cloudtrail.py
@@ -221,6 +221,7 @@ def keyMapping(aDict):
 
             elif k in ('type', 'eventtype', 'category'):
                 returndict[u'category'] = toUnicode(v)
+                returndict[u'type'] = 'cloudtrail'
 
             # custom fields as a list/array
             elif k in ('fields', 'details'):
@@ -257,10 +258,7 @@ def keyMapping(aDict):
         if 'utctimestamp' not in returndict:
             # default in case we don't find a reasonable timestamp
             returndict['utctimestamp'] = toUTC(datetime.now()).isoformat()
-        if 'type' not in returndict:
-            # default replacement for old _type subcategory.
-            # to preserve filtering capabilities
-            returndict['type'] = 'cloudtrail'
+
     except Exception as e:
         logger.exception(e)
         logger.error('Malformed message: %r' % aDict)
diff --git a/mq/plugins/complianceitems.py b/mq/plugins/complianceitems.py
index d5d23e66..65c22d7a 100644
--- a/mq/plugins/complianceitems.py
+++ b/mq/plugins/complianceitems.py
@@ -64,9 +64,8 @@ class message(object):
         if not self.validate(message['details']):
             logger.error('Invalid format for complianceitem {0}'.format(message))
             return (None, None)
-        if 'type' not in message:
-            # add type subcategory for filtering
-            message['type'] = 'last_known_state'
+        # add type subcategory for filtering
+        message['type'] = 'last_known_state'
 
         item = self.cleanup_item(message['details'])
         docidstr = 'complianceitems'
diff --git a/mq/plugins/squidFixup.py b/mq/plugins/squidFixup.py
index 4beff500..184ffe95 100644
--- a/mq/plugins/squidFixup.py
+++ b/mq/plugins/squidFixup.py
@@ -77,7 +77,7 @@ class message(object):
         newmessage = dict()
 
         # Set NSM as type for categorical filtering of events.
-        newmessage["type"] = "nsm"
+        newmessage["type"] = "squid"
 
         newmessage[u"mozdefhostname"] = self.mozdefhostname
         newmessage["details"] = {}