Permalink
Browse files

Merge pull request #1071 from mozilla/add_plugins_field_events

Add plugins field to events and populate with mq plugins ran
  • Loading branch information...
pwnbus committed Jan 30, 2019
2 parents 86a2fd5 + 4a8118d commit 25488a483b5075f11cb6e70e7a43a105382a64ba
Showing with 10 additions and 2 deletions.
  1. +2 −0 mozdef_util/mozdef_util/event.py
  2. +4 −0 mq/lib/plugins.py
  3. +4 −2 tests/mq/test_esworker_sns_sqs.py
@@ -36,5 +36,7 @@ def add_required_fields(self):
self['source'] = self.DEFAULT_STRING
if 'summary' not in self:
self['summary'] = self.DEFAULT_STRING
if 'plugins' not in self:
self['plugins'] = []
if 'details' not in self:
self['details'] = {}
@@ -39,6 +39,10 @@ def sendEventToPlugins(anevent, metadata, pluginList):
logger.error('TypeError on set intersection for dict {0}'.format(anevent))
return (anevent, metadata)
if send:
if 'plugins' not in anevent:
anevent['plugins'] = []
plugin_name = plugin[0].__module__.replace('plugins.', '')
anevent['plugins'].append(plugin_name)
(anevent, metadata) = plugin[0].onMessage(anevent, metadata)
if anevent is None:
# plug-in is signalling to drop this message
@@ -71,7 +71,8 @@ def test_syslog_event(self):
u'summary': u'DHCPREQUEST of 1.2.3.4 on eth0 to 5.6.7.8 port 67 (xid=0x123456)',
u'tags': [u'example-logs-mozdef'],
u'timestamp': u'2017-05-25T07:14:15+00:00',
u'utctimestamp': u'2017-05-25T07:14:15+00:00'
u'utctimestamp': u'2017-05-25T07:14:15+00:00',
u'plugins': []
}
self.search_and_verify_event(expected_event)

@@ -140,6 +141,7 @@ def test_sso_event(self):
u'summary': u'UNKNOWN',
u'tags': [u'example-logs-mozdef'],
u'timestamp': u'2018-04-26T00:11:23.479771+00:00',
u'utctimestamp': u'2018-04-26T00:11:23.479771+00:00'
u'utctimestamp': u'2018-04-26T00:11:23.479771+00:00',
u'plugins': []
}
self.search_and_verify_event(expected_event)

0 comments on commit 25488a4

Please sign in to comment.