Python ModularAction.result2stash Beispiele

Beispiel #1

Datei: send2uba.py Projekt: reza/es_eventgens

            raise ValueError('server undefined for ubaroute')
        ## add status info
        modaction.addinfo()
        ## index
        index = 'ubaroute'

        ## process results
        with gzip.open(modaction.results_file, 'rb') as fh:
            events = []
            for num, result in enumerate(csv.DictReader(fh)):
                ## set rid to row # (0->n) if unset
                result.setdefault('rid', str(num))
                modaction.update(result)
                modaction.invoke()
                modaction.addevent(modaction.result2stash(make_uba_alarm(
                    modaction, result),
                                                          dropexp=None,
                                                          mapexp=None),
                                   'stash',
                                   cam_header=False)

        if modaction.writeevents(index=index, fext='uba_ubaroute'):
            modaction.message('Successfully created splunk event',
                              status='success',
                              rids=modaction.rids)
        else:
            modaction.message('Failed to create splunk event',
                              status='failure',
                              rids=modaction.rids,
                              level=logging.ERROR)

    except Exception as e:

Beispiel #2

Datei: risk.py Projekt: reza/es_eventgens

            events = []
            for num, result in enumerate(csv.DictReader(fh)):
                ## set rid to row # (0->n) if unset
                result.setdefault('rid', str(num))
                ## risk params
                result['risk_score']       = normalize_risk_param(modaction, 'risk_score', default='1')
                result['risk_object']      = normalize_risk_param(modaction, 'risk_object')
                result['risk_object_type'] = normalize_risk_param(modaction, 'risk_object_type', default='other')
                
                ## for adhoc risk modifiers from incident review, change search_name to event's search_name if available.
                if search_name == 'AdHoc Risk Score' and result.get('search_name'):
                    search_name = result.get('search_name')

                modaction.update(result)
                modaction.invoke()
                modaction.addevent(modaction.result2stash(result, addinfo=True), 'stash')
        
        if modaction.writeevents(index=index, source=search_name):
            modaction.message('Successfully created splunk event', status='success', rids=modaction.rids)
        else:
            modaction.message('Failed to create splunk event', status='failure', rids=modaction.rids, level=logging.ERROR)
        
    except Exception as e:
        ## adding additional logging since adhoc search invocations do not write to stderr
        try:
            modaction.message(e, status='failure', level=logging.CRITICAL)
        except Exception as e:
            logger.critical(e)
        print >> sys.stderr, "ERROR Unexpected error: %s" % e
        sys.exit(3)