зеркало из https://github.com/mozilla/MozDef.git
Modifying some of the type references.
This commit is contained in:
Родитель
4ea91f7ac0
Коммит
ff20881548
|
@ -221,6 +221,7 @@ def keyMapping(aDict):
|
||||||
|
|
||||||
elif k in ('type', 'eventtype', 'category'):
|
elif k in ('type', 'eventtype', 'category'):
|
||||||
returndict[u'category'] = toUnicode(v)
|
returndict[u'category'] = toUnicode(v)
|
||||||
|
returndict[u'type'] = 'cloudtrail'
|
||||||
|
|
||||||
# custom fields as a list/array
|
# custom fields as a list/array
|
||||||
elif k in ('fields', 'details'):
|
elif k in ('fields', 'details'):
|
||||||
|
@ -257,10 +258,7 @@ def keyMapping(aDict):
|
||||||
if 'utctimestamp' not in returndict:
|
if 'utctimestamp' not in returndict:
|
||||||
# default in case we don't find a reasonable timestamp
|
# default in case we don't find a reasonable timestamp
|
||||||
returndict['utctimestamp'] = toUTC(datetime.now()).isoformat()
|
returndict['utctimestamp'] = toUTC(datetime.now()).isoformat()
|
||||||
if 'type' not in returndict:
|
|
||||||
# default replacement for old _type subcategory.
|
|
||||||
# to preserve filtering capabilities
|
|
||||||
returndict['type'] = 'cloudtrail'
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logger.exception(e)
|
logger.exception(e)
|
||||||
logger.error('Malformed message: %r' % aDict)
|
logger.error('Malformed message: %r' % aDict)
|
||||||
|
|
|
@ -64,9 +64,8 @@ class message(object):
|
||||||
if not self.validate(message['details']):
|
if not self.validate(message['details']):
|
||||||
logger.error('Invalid format for complianceitem {0}'.format(message))
|
logger.error('Invalid format for complianceitem {0}'.format(message))
|
||||||
return (None, None)
|
return (None, None)
|
||||||
if 'type' not in message:
|
# add type subcategory for filtering
|
||||||
# add type subcategory for filtering
|
message['type'] = 'last_known_state'
|
||||||
message['type'] = 'last_known_state'
|
|
||||||
|
|
||||||
item = self.cleanup_item(message['details'])
|
item = self.cleanup_item(message['details'])
|
||||||
docidstr = 'complianceitems'
|
docidstr = 'complianceitems'
|
||||||
|
|
|
@ -77,7 +77,7 @@ class message(object):
|
||||||
newmessage = dict()
|
newmessage = dict()
|
||||||
|
|
||||||
# Set NSM as type for categorical filtering of events.
|
# Set NSM as type for categorical filtering of events.
|
||||||
newmessage["type"] = "nsm"
|
newmessage["type"] = "squid"
|
||||||
|
|
||||||
newmessage[u"mozdefhostname"] = self.mozdefhostname
|
newmessage[u"mozdefhostname"] = self.mozdefhostname
|
||||||
newmessage["details"] = {}
|
newmessage["details"] = {}
|
||||||
|
|
Загрузка…
Ссылка в новой задаче