When possible usernames are found, add them to the PromiscKernel aler…

…t summary (#1624)
mozilla · May 8, 2020 · e0008fb · e0008fb
1 parent 68fbf17
commit e0008fb
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/alerts/plugins/possible_usernames.py b/alerts/plugins/possible_usernames.py
@@ -77,6 +77,8 @@ def enrich(alert: dict, syslog_evts: types.List[dict]) -> dict:
     new `details.possible_usernames` field.
     '''
 
+    summary = alert.get('summary', '')
+
     details = alert.get('details', {})
 
     scan_results = [
@@ -94,6 +96,12 @@ def enrich(alert: dict, syslog_evts: types.List[dict]) -> dict:
 
     alert['details'] = details
 
+    if len(possible_usernames) > 0:
+        alert['summary'] = '{}; Possible users: {}'.format(
+            summary,
+            ', '.join(possible_usernames),
+        )
+
     return alert
 
 

diff --git a/tests/alerts/plugins/test_possible_usernames.py b/tests/alerts/plugins/test_possible_usernames.py
@@ -69,6 +69,7 @@ def test_enrichment(self):
         # Ensure possible users found and duplicates removed.
         assert len(enriched['details']['possible_usernames']) == 1
         assert enriched['details']['possible_usernames'][0] == 'tester1'
+        assert 'tester1' in enriched['summary']
 
     def test_hostname_detection(self):
         from alerts.plugins.possible_usernames import _most_common_hostname