def test_get_value_from_keys_bad_keys(self):
dictionary = {'house': {'bedrooms': 2}}
value_one = Config.get_value_from_keys(dictionary, ('hoose'))
value_two = Config.get_value_from_keys(dictionary,
('house', 'badrooms'))
self.assertEqual(value_one, None)
self.assertEqual(value_two, None)
def test_get_value_from_keys_normal(self):
dictionary = {
'level_one': '2FA',
'access_device': {
'ip': '192.168.0.1'
}
}
value_one = Config.get_value_from_keys(dictionary, ('level_one', ))
value_two = Config.get_value_from_keys(dictionary,
('access_device', 'ip'))
self.assertEqual(value_one, '2FA')
self.assertEqual(value_two, '192.168.0.1')
def _construct_extension(log, keys_to_labels):
"""
Create the extension for a CEF message using the given log and dictionary.
@param log The log to convert into a CEF message
@param keys_to_labels Dictionary of keys used for retrieving values and
the associated labels those values should be given
@return the extension field for a CEF message
"""
# List of additional fields to add to the CEF message beyond whats required
extensions = []
# Keep track of the number for the custom string being created
custom_string = 1
for keys, label in keys_to_labels.items():
value = Config.get_value_from_keys(log, keys)
label_name = label['name']
# Need to generate a custom label
if label['is_custom']:
custom_label = f"cs{custom_string}"
custom_extension = custom_label + 'Label' + '=' + label_name
extensions.append(custom_extension)
custom_string += 1
label_name = custom_label
extension = label_name + '=' + str(value)
extensions.append(extension)
extensions = ' '.join(extensions)
return extensions
def _construct_extension(log, keys_to_labels):
"""
Create the extension for a CEF message using the given log and dictionary.
@param log The log to convert into a CEF message
@param keys_to_labels Dictionary of keys used for retrieving values and
the associated labels those values should be given
@return the extension field for a CEF message
"""
# List of additional fields to add to the CEF message beyond whats required
extensions = []
# Keep track of the number for the custom string being created
custom_string = 1
for keys, label in keys_to_labels.items():
value = Config.get_value_from_keys(log, keys)
label_name = label['name']
# cef format expects timestamp to be in milliseconds and not seconds. if length is 10 the ts is in seconds.
# this value should be an integer as that is what the cef's expectation is for the `rt` field
if label_name == 'rt' and value and len(str(value)) == 10:
value = value * 1000
# Need to generate a custom label
if label['is_custom']:
custom_label = f"cs{custom_string}"
custom_extension = custom_label + 'Label' + '=' + label_name
extensions.append(custom_extension)
custom_string += 1
label_name = custom_label
extension = label_name + '=' + str(value)
extensions.append(extension)
extensions = ' '.join(extensions)
return extensions
