moving plugins into mozdef data class (#1659)

mozilla · Jul 16, 2020 · d1b66ec · d1b66ec
1 parent 08b0ae2
commit d1b66ec
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 4 deletions.
diff --git a/mozdef_util/mozdef_util/event.py b/mozdef_util/mozdef_util/event.py
@@ -39,7 +39,9 @@ def add_required_fields(self):
             self['source'] = self.DEFAULT_STRING
         if 'summary' not in self:
             self['summary'] = self.DEFAULT_STRING
-        if 'plugins' not in self:
-            self['plugins'] = []
+        if 'mozdef' not in self:
+            self['mozdef'] = {}
+        if 'plugins' not in self['mozdef']:
+            self['mozdef']['plugins'] = []
         if 'details' not in self:
             self['details'] = {}
diff --git a/mq/lib/plugins.py b/mq/lib/plugins.py
@@ -51,7 +51,9 @@ def sendEventToPlugins(anevent, metadata, pluginList):
             plugin_name = plugin[0].__module__.replace('plugins.', '')
             executed_plugins.append(plugin_name)
     # Tag all events with what plugins ran on it
-    anevent['plugins'] = executed_plugins
+    if 'mozdef' not in anevent:
+        anevent['mozdef'] = {}
+        anevent['mozdef']['plugins'] = executed_plugins
 
     return (anevent, metadata)
 

diff --git a/tests/mq/test_esworker_sns_sqs.py b/tests/mq/test_esworker_sns_sqs.py
@@ -75,7 +75,7 @@ def test_syslog_event(self):
             'tags': ['example-logs-mozdef'],
             'timestamp': '2017-05-25T07:14:15+00:00',
             'utctimestamp': '2017-05-25T07:14:15+00:00',
-            'plugins': [],
+            'mozdef': {'plugins': []},
             'type': 'event'
         }
         self.search_and_verify_event(expected_event)