def handler(cls, options, config):
table_name = options.table
key = options.key
print('==== LookupTables; Get Key ====')
LookupTables.get_instance(config=config)
print(' Table: {}'.format(table_name))
print(' Key: {}'.format(key))
value = LookupTables.get(table_name, key)
print()
print(' Type: {}'.format(type(value)))
if isinstance(value, (list, dict)):
# Render lists and dicts a bit better to make them easier to read
print(' Value:')
print(json.dumps(value, indent=2, sort_keys=True))
else:
print(' Value: {}'.format(value))
print()
return True
def duo_lookup_tables_example(rec):
"""
description: Alert on Duo auth logs from blacklisted browsers, as defined by a lookup table
note: This is purely for example purposes in testing, and is not meant to be used as-is
"""
# The 'global' fixture file at rules/test_fixtures/lookup_tables/dynamo-backed-table.json
# creates the 'dynamo-backed-table' containing the 'duo_blacklisted_browsers' value
blacklisted_browsers = LookupTables.get('dynamo-backed-table',
'duo_blacklisted_browsers', [])
# The test event contains a browser of 'Netscape', which is
# included in the lookup table blacklist
return rec['access_device'].get('browser') in set(blacklisted_browsers)