Add plugins field to events and populate with mq plugins ran

mozdef_util/mozdef_util/event.py

@@ -36,5 +36,7 @@ def add_required_fields(self):
             self['source'] = self.DEFAULT_STRING
         if 'summary' not in self:
             self['summary'] = self.DEFAULT_STRING
+        if 'plugins' not in self:
+            self['plugins'] = []
         if 'details' not in self:
             self['details'] = {}

mq/lib/plugins.py

@@ -39,6 +39,10 @@ def sendEventToPlugins(anevent, metadata, pluginList):
                 logger.error('TypeError on set intersection for dict {0}'.format(anevent))
                 return (anevent, metadata)
         if send:
+            if 'plugins' not in anevent:
+                anevent['plugins'] = []
+            plugin_name = plugin[0].__module__.replace('plugins.', '')
+            anevent['plugins'].append(plugin_name)
             (anevent, metadata) = plugin[0].onMessage(anevent, metadata)
             if anevent is None:
                 # plug-in is signalling to drop this message

tests/mq/test_esworker_sns_sqs.py

@@ -71,7 +71,8 @@ def test_syslog_event(self):
             u'summary': u'DHCPREQUEST of 1.2.3.4 on eth0 to 5.6.7.8 port 67 (xid=0x123456)',
             u'tags': [u'example-logs-mozdef'],
             u'timestamp': u'2017-05-25T07:14:15+00:00',
-            u'utctimestamp': u'2017-05-25T07:14:15+00:00'
+            u'utctimestamp': u'2017-05-25T07:14:15+00:00',
+            u'plugins': []
         }
         self.search_and_verify_event(expected_event)
 
@@ -140,6 +141,7 @@ def test_sso_event(self):
             u'summary': u'UNKNOWN',
             u'tags': [u'example-logs-mozdef'],
             u'timestamp': u'2018-04-26T00:11:23.479771+00:00',
-            u'utctimestamp': u'2018-04-26T00:11:23.479771+00:00'
+            u'utctimestamp': u'2018-04-26T00:11:23.479771+00:00',
+            u'plugins': []
         }
         self.search_and_verify_event(expected_event)