ALL_EVENTS_SEARCH_DICT = {"tag": "zentral"}
# events
class BaseZentralEvent(BaseEvent):
namespace = "zentral"
tags = ["zentral"]
class LoginEvent(BaseZentralEvent):
event_type = "zentral_login"
register_event_type(LoginEvent)
class LogoutEvent(BaseZentralEvent):
event_type = "zentral_logout"
register_event_type(LogoutEvent)
class FailedLoginEvent(BaseZentralEvent):
event_type = "zentral_failed_login"
register_event_type(FailedLoginEvent)
import uuid
from dateutil import parser
from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, register_event_type
logger = logging.getLogger('zentral.contrib.munki.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "munki"}
class MunkiEnrollmentEvent(BaseEvent):
event_type = "munki_enrollment"
tags = ["munki"]
register_event_type(MunkiEnrollmentEvent)
class MunkiRequestEvent(BaseEvent):
event_type = "munki_request"
tags = ["munki", "heartbeat"]
heartbeat_timeout = 2 * 3600
register_event_type(MunkiRequestEvent)
class BaseMunkiEvent(BaseEvent):
tags = ["munki"]
namespace = "munki_event"
payload_aggregations = [
import logging
from zentral.core.events.base import BaseEvent, register_event_type
from zentral.contrib.inventory.models import File
from zentral.contrib.santa.models import Bundle, Target
logger = logging.getLogger('zentral.contrib.santa.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "santa"}
class SantaEnrollmentEvent(BaseEvent):
event_type = "santa_enrollment"
tags = ["santa"]
register_event_type(SantaEnrollmentEvent)
class SantaPreflightEvent(BaseEvent):
event_type = "santa_preflight"
tags = ["santa", "heartbeat"]
heartbeat_timeout = 2 * 10 * 60
register_event_type(SantaPreflightEvent)
class SantaEventEvent(BaseEvent):
event_type = "santa_event"
tags = ["santa"]
payload_aggregations = [
import logging
import uuid
from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, register_event_type
logger = logging.getLogger('zentral.contrib.monolith.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "monolith"}
class MonolithEnrollmentEvent(BaseEvent):
event_type = "monolith_enrollment"
tags = ["monolith"]
register_event_type(MonolithEnrollmentEvent)
class MonolithMunkiRequestEvent(BaseEvent):
event_type = "monolith_munki_request"
tags = ["monolith", "heartbeat"]
heartbeat_timeout = 2 * 3600
register_event_type(MonolithMunkiRequestEvent)
class MonolithSyncCatalogsRequestEvent(BaseEvent):
event_type = "monolith_sync_catalogs_request"
tags = ["monolith"]
from django.contrib.auth.signals import user_logged_in, user_logged_out, user_login_failed
from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, register_event_type
ALL_EVENTS_SEARCH_DICT = {"event_type": ["zentral_login", "zentral_logout", "zentral_failed_login"]}
# events
class LoginEvent(BaseEvent):
event_type = "zentral_login"
tags = ["zentral"]
register_event_type(LoginEvent)
class LogoutEvent(BaseEvent):
event_type = "zentral_logout"
tags = ["zentral"]
register_event_type(LogoutEvent)
class FailedLoginEvent(BaseEvent):
event_type = "zentral_failed_login"
tags = ["zentral"]
register_event_type(FailedLoginEvent)
from dateutil import parser
from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, register_event_type
logger = logging.getLogger('zentral.contrib.munki.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "munki"}
class MunkiRequestEvent(BaseEvent):
event_type = "munki_request"
tags = ["munki", "heartbeat"]
heartbeat_timeout = 2 * 3600
register_event_type(MunkiRequestEvent)
class MunkiEvent(BaseEvent):
event_type = "munki_event"
tags = ["munki"]
payload_aggregations = [
("munki_version", {"type": "terms", "bucket_number": 10, "label": "Munki versions"}),
("run_type", {"type": "terms", "bucket_number": 10, "label": "Run types"}),
("type", {"type": "terms", "bucket_number": 10, "label": "Types"}),
("name", {"type": "table", "bucket_number": 50, "label": "Bundles",
"columns": [("name", "Name"),
("version", "Version str.")]}),
]
from zentral.core.events.base import EventMetadata, EventRequest, BaseEvent, register_event_type
class TestEvent1(BaseEvent):
event_type = "event_type_1"
register_event_type(TestEvent1)
class TestEvent2(BaseEvent):
event_type = "event_type_2"
register_event_type(TestEvent2)
def make_event(idx=0, first_type=True, with_request=True):
if first_type:
event_cls = TestEvent1
else:
event_cls = TestEvent2
if with_request:
request = EventRequest("python_unittest_useragent", "10.0.0.1")
else:
request = None
return event_cls(
EventMetadata(event_cls.event_type,
machine_serial_number='012356789',
request=request), {'idx': idx})
from zentral.core.events.base import EventMetadata, EventRequest, BaseEvent, register_event_type
class TestEvent1(BaseEvent):
event_type = "event_type_1"
register_event_type(TestEvent1)
class TestEvent2(BaseEvent):
event_type = "event_type_2"
register_event_type(TestEvent2)
def make_event(idx=0, first_type=True, with_request=True):
if first_type:
event_cls = TestEvent1
else:
event_cls = TestEvent2
if with_request:
request = EventRequest("python_unittest_useragent",
"10.0.0.1")
else:
request = None
return event_cls(EventMetadata(event_cls.event_type,
machine_serial_number='012356789',
request=request),
{'idx': idx})
import logging
from dateutil import parser
from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, register_event_type
logger = logging.getLogger('zentral.contrib.munki.events')
ALL_EVENTS_SEARCH_DICT = {"event_type": "munki_event"}
class MunkiEvent(BaseEvent):
event_type = "munki_event"
register_event_type(MunkiEvent)
def post_munki_events(msn, user_agent, ip, data):
for report in data:
events = report.pop('events')
metadata = EventMetadata(MunkiEvent.event_type,
machine_serial_number=msn,
request=EventRequest(user_agent, ip),
tags=MunkiEvent.tags)
for index, (created_at, payload) in enumerate(events):
metadata.index = index
metadata.created_at = parser.parse(created_at)
payload.update(report)
event = MunkiEvent(metadata, payload)
event.post()
from datetime import datetime
import logging
from zentral.core.events.base import BaseEvent, register_event_type
logger = logging.getLogger('zentral.contrib.jamf_protect.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "jamf_protect"}
class JamfProtectEnrollmentEvent(BaseEvent):
event_type = "jamf_protect_enrollment"
tags = ["jamf_protect"]
register_event_type(JamfProtectEnrollmentEvent)
class JamfProtectEvent(BaseEvent):
event_type = "jamf_protect_event"
tags = ["jamf_protect"]
payload_aggregations = [
("eventType", {
"type": "terms",
"bucket_number": 10,
"label": "Event types"
}),
]
register_event_type(JamfProtectEvent)
import logging
from zentral.core.events.base import BaseEvent, register_event_type
logger = logging.getLogger('zentral.contrib.xnumon.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "xnumon"}
class XnumonOpsEvent(BaseEvent):
event_type = "xnumon_ops"
tags = ["xnumon"]
xnumon_eventcode = 0
register_event_type(XnumonOpsEvent)
class XnumonStatsEvent(BaseEvent):
event_type = "xnumon_stats"
tags = ["xnumon"]
xnumon_eventcode = 1
register_event_type(XnumonStatsEvent)
class XnumonImageExecEvent(BaseEvent):
event_type = "xnumon_image_exec"
tags = ["xnumon"]
xnumon_eventcode = 2
payload_aggregations = [
import logging
from zentral.core.events.base import BaseEvent, register_event_type
logger = logging.getLogger('zentral.contrib.audit.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "audit"}
class AuditEvent(BaseEvent):
event_type = "audit"
tags = ["audit"]
payload_aggregations = [
("event_id", {
"type": "terms",
"bucket_number": 10,
"label": "Event IDs"
}),
]
register_event_type(AuditEvent)
from django.test import TestCase
from zentral.contrib.inventory.models import MachineSnapshotCommit
from zentral.core.events.base import EventMetadata, EventRequest, BaseEvent, register_event_type
class TestEvent3(BaseEvent):
event_type = "event_type_3"
register_event_type(TestEvent3)
def make_event(ip=None, ua=None, with_msn=True):
msn = request = None
if with_msn:
msn = "0123456789"
if ip or ua:
request = EventRequest(user_agent=ua, ip=ip)
else:
request = None
return TestEvent3(
EventMetadata(TestEvent3.event_type,
machine_serial_number=msn,
request=request), {"godzilla": "yo"})
class EventSerializationTestCase(TestCase):
@classmethod
def setUpTestData(cls):
source = {"module": "tests.zentral.io", "name": "Zentral Tests"}
tree = {
from zentral.contrib.osquery.models import parse_pack_query_configuration_key, Pack, PackQuery
logger = logging.getLogger('zentral.contrib.osquery.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "osquery"}
class OsqueryEvent(BaseEvent):
tags = ["osquery"]
class OsqueryEnrollmentEvent(OsqueryEvent):
event_type = "osquery_enrollment"
register_event_type(OsqueryEnrollmentEvent)
class OsqueryRequestEvent(OsqueryEvent):
event_type = "osquery_request"
tags = ['osquery', 'heartbeat']
heartbeat_timeout = 2 * 60
def get_linked_objects_keys(self):
keys = {}
enrollment = self.payload.get("enrollment")
if enrollment:
enrollment_pk = enrollment.get("pk")
if enrollment_pk:
keys["osquery_enrollment"] = [(enrollment_pk, )]
configuration = enrollment.get("configuration")
import logging
from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, register_event_type
logger = logging.getLogger('zentral.contrib.monolith.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "monolith"}
class MonolithMunkiRequestEvent(BaseEvent):
event_type = "monolith_munki_request"
tags = ["monolith", "heartbeat"]
register_event_type(MonolithMunkiRequestEvent)
class MonolithSyncCatalogsRequestEvent(BaseEvent):
event_type = "monolith_sync_catalogs_request"
tags = ["monolith"]
register_event_type(MonolithSyncCatalogsRequestEvent)
class MonolithRepositoryUpdateEvent(BaseEvent):
event_type = "monolith_repository_update"
tags = ["monolith"]
register_event_type(MonolithRepositoryUpdateEvent)
from zentral.core.events.base import BaseEvent, register_event_type
logger = logging.getLogger('zentral.contrib.osquery.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "osquery"}
class OsqueryEvent(BaseEvent):
tags = ["osquery"]
class OsqueryEnrollmentEvent(OsqueryEvent):
event_type = "osquery_enrollment"
register_event_type(OsqueryEnrollmentEvent)
class OsqueryRequestEvent(OsqueryEvent):
event_type = "osquery_request"
tags = ['osquery', 'heartbeat']
heartbeat_timeout = 2 * 60
register_event_type(OsqueryRequestEvent)
class OsqueryResultEvent(OsqueryEvent):
event_type = "osquery_result"
def get_notification_context(self, probe):
ALL_EVENTS_SEARCH_DICT = {"tag": "santa"}
class SantaEnrollmentEvent(BaseEvent):
event_type = "santa_enrollment"
tags = ["santa"]
def get_linked_objects_keys(self):
keys = {}
configuration = self.payload.get("configuration")
if configuration:
keys["santa_configuration"] = [(configuration.get("pk"), )]
return keys
register_event_type(SantaEnrollmentEvent)
class SantaPreflightEvent(BaseEvent):
event_type = "santa_preflight"
tags = ["santa", "heartbeat"]
heartbeat_timeout = 2 * 10 * 60
register_event_type(SantaPreflightEvent)
class SantaEventEvent(BaseEvent):
event_type = "santa_event"
tags = ["santa"]
payload_aggregations = [
from zentral.core.events.base import BaseEvent, register_event_type
logger = logging.getLogger('zentral.contrib.santa.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "santa"}
class SantaBaseEvent(BaseEvent):
tags = ["santa"]
class SantaPreflightEvent(SantaBaseEvent):
event_type = "santa_preflight"
register_event_type(SantaPreflightEvent)
class SantaEventEvent(SantaBaseEvent):
event_type = "santa_event"
def get_notification_context(self, probe):
ctx = super().get_notification_context(probe)
if 'decision' in self.payload:
ctx['decision'] = self.payload['decision']
if 'file_name' in self.payload:
ctx['file_name'] = self.payload['file_name']
if 'file_path' in self.payload:
ctx['file_path'] = self.payload['file_path']
return ctx
from zentral.core.events.base import BaseEvent, register_event_type
from zentral.contrib.santa.models import CollectedApplication
logger = logging.getLogger('zentral.contrib.santa.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "santa"}
class SantaPreflightEvent(BaseEvent):
event_type = "santa_preflight"
tags = ["santa", "heartbeat"]
heartbeat_timeout = 2 * 10 * 60
register_event_type(SantaPreflightEvent)
class SantaEventEvent(BaseEvent):
event_type = "santa_event"
tags = ["santa"]
payload_aggregations = [
("decision", {"type": "terms", "bucket_number": 10, "label": "Decisions"}),
("file_bundle_name", {"type": "terms", "bucket_number": 10, "label": "Bundle names"}),
("bundles", {"type": "table", "bucket_number": 100, "label": "Bundles",
"columns": [("file_bundle_name", "Name"),
("file_bundle_id", "ID"),
("file_bundle_path", "File path"),
("file_bundle_version_string", "Version str.")]}),
]
import logging
from zentral.core.events.base import BaseEvent, register_event_type
logger = logging.getLogger('zentral.contrib.filebeat.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "filebeat"}
class FilebeatEnrollmentEvent(BaseEvent):
event_type = "filebeat_enrollment"
tags = ["filebeat"]
register_event_type(FilebeatEnrollmentEvent)
def post_enrollment_event(msn, user_agent, ip, data):
FilebeatEnrollmentEvent.post_machine_request_payloads(
msn, user_agent, ip, [data])
from django.contrib.auth.signals import user_logged_in, user_logged_out, user_login_failed
from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, EventRequestUser, register_event_type
ALL_EVENTS_SEARCH_DICT = {
"event_type": ["zentral_login", "zentral_logout", "zentral_failed_login"]
}
# events
class LoginEvent(BaseEvent):
event_type = "zentral_login"
tags = ["zentral"]
register_event_type(LoginEvent)
class LogoutEvent(BaseEvent):
event_type = "zentral_logout"
tags = ["zentral"]
register_event_type(LogoutEvent)
class FailedLoginEvent(BaseEvent):
event_type = "zentral_failed_login"
tags = ["zentral"]
from django.test import TestCase
from zentral.contrib.inventory.models import MachineSnapshotCommit
from zentral.core.events.base import EventMetadata, EventRequest, BaseEvent, register_event_type
class TestEvent3(BaseEvent):
event_type = "event_type_3"
register_event_type(TestEvent3)
def make_event(ip=None, ua=None, with_msn=True):
msn = request = None
if with_msn:
msn = "0123456789"
if ip or ua:
request = EventRequest(user_agent=ua, ip=ip)
else:
request = None
return TestEvent3(EventMetadata(TestEvent3.event_type,
machine_serial_number=msn,
request=request),
{"godzilla": "yo"})
class EventSerializationTestCase(TestCase):
@classmethod
def setUpTestData(cls):
source = {"module": "tests.zentral.io", "name": "Zentral Tests"}
tree = {
logger = logging.getLogger('zentral.contrib.zendesk.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "zendesk"}
class BaseZendeskEvent(BaseEvent):
tags = ["zendesk"]
class ZendeskTicketCreationEvent(BaseZendeskEvent):
event_type = "zendesk_ticket_creation"
register_event_type(ZendeskTicketCreationEvent)
class ZendeskCommentCreationEvent(BaseZendeskEvent):
event_type = "zendesk_comment_creation"
register_event_type(ZendeskCommentCreationEvent)
def post_zendesk_event(user_agent, ip, data):
data_type = data['type']
data = data['data']
if data_type == 'ticket':
event_class = ZendeskTicketCreationEvent
elif data_type == 'comment':
logger = logging.getLogger('zentral.contrib.osquery.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "osquery"}
class OsqueryEvent(BaseEvent):
tags = ["osquery"]
class OsqueryEnrollmentEvent(OsqueryEvent):
event_type = "osquery_enrollment"
register_event_type(OsqueryEnrollmentEvent)
class OsqueryRequestEvent(OsqueryEvent):
event_type = "osquery_request"
tags = ['osquery', 'heartbeat']
heartbeat_timeout = 2 * 60
register_event_type(OsqueryRequestEvent)
class OsqueryResultEvent(OsqueryEvent):
event_type = "osquery_result"
def get_notification_context(self, probe):
from django.contrib.auth.signals import user_logged_in, user_logged_out, user_login_failed
from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, EventRequestUser, register_event_type
ALL_EVENTS_SEARCH_DICT = {
"event_type": ["zentral_login", "zentral_logout", "zentral_failed_login"]
}
# events
class LoginEvent(BaseEvent):
event_type = "zentral_login"
tags = ["zentral"]
register_event_type(LoginEvent)
class LogoutEvent(BaseEvent):
event_type = "zentral_logout"
tags = ["zentral"]
register_event_type(LogoutEvent)
class FailedLoginEvent(BaseEvent):
event_type = "zentral_failed_login"
tags = ["zentral"]
from zentral.core.events.base import BaseEvent, register_event_type, post_command_events
logger = logging.getLogger('zentral.contrib.zendesk.events')
ALL_EVENTS_SEARCH_DICT = {"tag": "zendesk"}
class BaseZendeskEvent(BaseEvent):
tags = ["zendesk"]
class ZendeskTicketCreationEvent(BaseZendeskEvent):
event_type = "zendesk_ticket_creation"
register_event_type(ZendeskTicketCreationEvent)
class ZendeskCommentCreationEvent(BaseZendeskEvent):
event_type = "zendesk_comment_creation"
register_event_type(ZendeskCommentCreationEvent)
def post_zendesk_event(user_agent, ip, data):
data_type = data['type']
data = data['data']
if data_type == 'ticket':
event_class = ZendeskTicketCreationEvent
elif data_type == 'comment':
