Modify mozdefbot to handle events without _source

jeffbryner · Dec 23, 2019 · 2bdffb9 · 2bdffb9
1 parent 089d415
commit 2bdffb9
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/bot/irc/mozdefbot.py b/bot/irc/mozdefbot.py
@@ -303,7 +303,10 @@ def on_message(self, body, message):
                     "alertworker exception: unknown body type received %r" % body)
                 return
 
-            body_dict = full_body['_source']
+            body_dict = full_body
+            # Handle messages that have full ES dict
+            if '_source' in full_body:
+                body_dict = full_body['_source']
 
             if 'notify_mozdefbot' in body_dict and body_dict['notify_mozdefbot'] is False:
                 # If the alert tells us to not notify, then don't post to IRC

diff --git a/bot/slack/mozdefbot.py b/bot/slack/mozdefbot.py
@@ -59,7 +59,11 @@ def on_message(self, body, message):
             else:
                 logger.exception("mozdefbot_slack exception: unknown body type received %r" % body)
                 return
-            body_dict = full_body['_source']
+
+            body_dict = full_body
+            # Handle messages that have full ES dict
+            if '_source' in full_body:
+                body_dict = full_body['_source']
 
             if 'notify_mozdefbot' in body_dict and body_dict['notify_mozdefbot'] is False:
                 # If the alert tells us to not notify, then don't post message