def generate_event(self):
if not self.rule.has_key('event_type'):
logger.error("Event has no type, check plugin configuration!")
return None
if self.rule['event_type'] == Event.EVENT_TYPE:
event = Event()
elif self.rule['event_type'] == EventOS.EVENT_TYPE:
event = EventOS()
elif self.rule['event_type'] == EventMac.EVENT_TYPE:
event = EventMac()
elif self.rule['event_type'] == EventService.EVENT_TYPE:
event = EventService()
elif self.rule['event_type'] == EventHids.EVENT_TYPE:
event = EventHids()
elif self.rule['event_type'] == EventIdm.EVENT_TYPE:
event = EventIdm()
else:
logger.error("Bad event_type (%s) in rule (%s)" % \
(self.rule["event_type"], self.name))
return None
for key, value in self.rule.iteritems():
if key not in ["regexp", "precheck"]:
event[key] = self.plugin.get_replace_value(
value.encode('utf-8'), self.groups,
self._replace_assessment[key])
# if log field is present in the plugin,
# use it as a custom log field (event['log'])
# else,
# use original event has log attribute (self.log)
if self.log and not event['log'] and "log" in event.EVENT_ATTRS:
event['log'] = self.log.encode('utf-8')
return event
def generate(self, groups):
if self.__idm:
event = EventIdm()
else:
event = Event()
rules = self._plugin.rules()
for key, value in rules['query'].iteritems():
if key != "query" and key != "regexp" and key != "ref":
data = None
data = self._plugin.get_replace_array_value(value.encode('utf-8'), groups)
if data is not None:
event[key] = data
if event is not None:
self.send_message(event)
def generate(self, groups):
if self.__idm:
event = EventIdm()
else:
event = Event()
rules = self._plugin.rules()
for key, value in rules['query'].iteritems():
if key != "query" and key != "regexp" and key != "ref":
#logger.info("Request")
data = None
data = self._plugin.get_replace_array_value(value, groups)
if data is not None:
event[key] = data
#event[key] = self.get_replace_value(value, groups)
#self.plugin.get_replace_value
if event is not None:
self.send_message(event)
def generate_event(self):
if not self.rule.has_key('event_type'):
logger.error("Event has no type, check plugin configuration!")
return None
if self.rule['event_type'] == Event.EVENT_TYPE:
event = Event()
elif self.rule['event_type'] == EventIdm.EVENT_TYPE:
event = EventIdm()
else:
logger.error("Bad event_type (%s) in rule (%s)" % \
(self.rule["event_type"], self.name))
return None
for key, value in self.rule.iteritems():
if key not in ["regexp", "precheck"]:
event[key] = self.plugin.get_replace_value(value.encode('utf-8'), self.groups, self._replace_assessment[key])
if self.log and not event['log'] and "log" in event.EVENT_ATTRS:
event['log'] = self.log.encode('utf-8')
return event