Modifying some of the type references.

mq/esworker_cloudtrail.py

@@ -221,6 +221,7 @@ def keyMapping(aDict):
 
             elif k in ('type', 'eventtype', 'category'):
                 returndict[u'category'] = toUnicode(v)
+                returndict[u'type'] = 'cloudtrail'
 
             # custom fields as a list/array
             elif k in ('fields', 'details'):
@@ -257,10 +258,7 @@ def keyMapping(aDict):
         if 'utctimestamp' not in returndict:
             # default in case we don't find a reasonable timestamp
             returndict['utctimestamp'] = toUTC(datetime.now()).isoformat()
-        if 'type' not in returndict:
-            # default replacement for old _type subcategory.
-            # to preserve filtering capabilities
-            returndict['type'] = 'cloudtrail'
+
     except Exception as e:
         logger.exception(e)
         logger.error('Malformed message: %r' % aDict)

mq/plugins/complianceitems.py

@@ -64,7 +64,6 @@ class message(object):
         if not self.validate(message['details']):
             logger.error('Invalid format for complianceitem {0}'.format(message))
             return (None, None)
-        if 'type' not in message:
         # add type subcategory for filtering
         message['type'] = 'last_known_state'
 

mq/plugins/squidFixup.py

@@ -77,7 +77,7 @@ class message(object):
         newmessage = dict()
 
         # Set NSM as type for categorical filtering of events.
-        newmessage["type"] = "nsm"
+        newmessage["type"] = "squid"
 
         newmessage[u"mozdefhostname"] = self.mozdefhostname
         newmessage["details"] = {}