raise ValueError('server undefined for ubaroute') ## add status info modaction.addinfo() ## index index = 'ubaroute' ## process results with gzip.open(modaction.results_file, 'rb') as fh: events = [] for num, result in enumerate(csv.DictReader(fh)): ## set rid to row # (0->n) if unset result.setdefault('rid', str(num)) modaction.update(result) modaction.invoke() modaction.addevent(modaction.result2stash(make_uba_alarm( modaction, result), dropexp=None, mapexp=None), 'stash', cam_header=False) if modaction.writeevents(index=index, fext='uba_ubaroute'): modaction.message('Successfully created splunk event', status='success', rids=modaction.rids) else: modaction.message('Failed to create splunk event', status='failure', rids=modaction.rids, level=logging.ERROR) except Exception as e:
events = [] for num, result in enumerate(csv.DictReader(fh)): ## set rid to row # (0->n) if unset result.setdefault('rid', str(num)) ## risk params result['risk_score'] = normalize_risk_param(modaction, 'risk_score', default='1') result['risk_object'] = normalize_risk_param(modaction, 'risk_object') result['risk_object_type'] = normalize_risk_param(modaction, 'risk_object_type', default='other') ## for adhoc risk modifiers from incident review, change search_name to event's search_name if available. if search_name == 'AdHoc Risk Score' and result.get('search_name'): search_name = result.get('search_name') modaction.update(result) modaction.invoke() modaction.addevent(modaction.result2stash(result, addinfo=True), 'stash') if modaction.writeevents(index=index, source=search_name): modaction.message('Successfully created splunk event', status='success', rids=modaction.rids) else: modaction.message('Failed to create splunk event', status='failure', rids=modaction.rids, level=logging.ERROR) except Exception as e: ## adding additional logging since adhoc search invocations do not write to stderr try: modaction.message(e, status='failure', level=logging.CRITICAL) except Exception as e: logger.critical(e) print >> sys.stderr, "ERROR Unexpected error: %s" % e sys.exit(3)