ALL_EVENTS_SEARCH_DICT = {"tag": "zentral"} # events class BaseZentralEvent(BaseEvent): namespace = "zentral" tags = ["zentral"] class LoginEvent(BaseZentralEvent): event_type = "zentral_login" register_event_type(LoginEvent) class LogoutEvent(BaseZentralEvent): event_type = "zentral_logout" register_event_type(LogoutEvent) class FailedLoginEvent(BaseZentralEvent): event_type = "zentral_failed_login" register_event_type(FailedLoginEvent)
import uuid from dateutil import parser from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, register_event_type logger = logging.getLogger('zentral.contrib.munki.events') ALL_EVENTS_SEARCH_DICT = {"tag": "munki"} class MunkiEnrollmentEvent(BaseEvent): event_type = "munki_enrollment" tags = ["munki"] register_event_type(MunkiEnrollmentEvent) class MunkiRequestEvent(BaseEvent): event_type = "munki_request" tags = ["munki", "heartbeat"] heartbeat_timeout = 2 * 3600 register_event_type(MunkiRequestEvent) class BaseMunkiEvent(BaseEvent): tags = ["munki"] namespace = "munki_event" payload_aggregations = [
import logging from zentral.core.events.base import BaseEvent, register_event_type from zentral.contrib.inventory.models import File from zentral.contrib.santa.models import Bundle, Target logger = logging.getLogger('zentral.contrib.santa.events') ALL_EVENTS_SEARCH_DICT = {"tag": "santa"} class SantaEnrollmentEvent(BaseEvent): event_type = "santa_enrollment" tags = ["santa"] register_event_type(SantaEnrollmentEvent) class SantaPreflightEvent(BaseEvent): event_type = "santa_preflight" tags = ["santa", "heartbeat"] heartbeat_timeout = 2 * 10 * 60 register_event_type(SantaPreflightEvent) class SantaEventEvent(BaseEvent): event_type = "santa_event" tags = ["santa"] payload_aggregations = [
import logging import uuid from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, register_event_type logger = logging.getLogger('zentral.contrib.monolith.events') ALL_EVENTS_SEARCH_DICT = {"tag": "monolith"} class MonolithEnrollmentEvent(BaseEvent): event_type = "monolith_enrollment" tags = ["monolith"] register_event_type(MonolithEnrollmentEvent) class MonolithMunkiRequestEvent(BaseEvent): event_type = "monolith_munki_request" tags = ["monolith", "heartbeat"] heartbeat_timeout = 2 * 3600 register_event_type(MonolithMunkiRequestEvent) class MonolithSyncCatalogsRequestEvent(BaseEvent): event_type = "monolith_sync_catalogs_request" tags = ["monolith"]
from django.contrib.auth.signals import user_logged_in, user_logged_out, user_login_failed from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, register_event_type ALL_EVENTS_SEARCH_DICT = {"event_type": ["zentral_login", "zentral_logout", "zentral_failed_login"]} # events class LoginEvent(BaseEvent): event_type = "zentral_login" tags = ["zentral"] register_event_type(LoginEvent) class LogoutEvent(BaseEvent): event_type = "zentral_logout" tags = ["zentral"] register_event_type(LogoutEvent) class FailedLoginEvent(BaseEvent): event_type = "zentral_failed_login" tags = ["zentral"] register_event_type(FailedLoginEvent)
from dateutil import parser from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, register_event_type logger = logging.getLogger('zentral.contrib.munki.events') ALL_EVENTS_SEARCH_DICT = {"tag": "munki"} class MunkiRequestEvent(BaseEvent): event_type = "munki_request" tags = ["munki", "heartbeat"] heartbeat_timeout = 2 * 3600 register_event_type(MunkiRequestEvent) class MunkiEvent(BaseEvent): event_type = "munki_event" tags = ["munki"] payload_aggregations = [ ("munki_version", {"type": "terms", "bucket_number": 10, "label": "Munki versions"}), ("run_type", {"type": "terms", "bucket_number": 10, "label": "Run types"}), ("type", {"type": "terms", "bucket_number": 10, "label": "Types"}), ("name", {"type": "table", "bucket_number": 50, "label": "Bundles", "columns": [("name", "Name"), ("version", "Version str.")]}), ]
from zentral.core.events.base import EventMetadata, EventRequest, BaseEvent, register_event_type class TestEvent1(BaseEvent): event_type = "event_type_1" register_event_type(TestEvent1) class TestEvent2(BaseEvent): event_type = "event_type_2" register_event_type(TestEvent2) def make_event(idx=0, first_type=True, with_request=True): if first_type: event_cls = TestEvent1 else: event_cls = TestEvent2 if with_request: request = EventRequest("python_unittest_useragent", "10.0.0.1") else: request = None return event_cls( EventMetadata(event_cls.event_type, machine_serial_number='012356789', request=request), {'idx': idx})
from zentral.core.events.base import EventMetadata, EventRequest, BaseEvent, register_event_type class TestEvent1(BaseEvent): event_type = "event_type_1" register_event_type(TestEvent1) class TestEvent2(BaseEvent): event_type = "event_type_2" register_event_type(TestEvent2) def make_event(idx=0, first_type=True, with_request=True): if first_type: event_cls = TestEvent1 else: event_cls = TestEvent2 if with_request: request = EventRequest("python_unittest_useragent", "10.0.0.1") else: request = None return event_cls(EventMetadata(event_cls.event_type, machine_serial_number='012356789', request=request), {'idx': idx})
import logging from dateutil import parser from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, register_event_type logger = logging.getLogger('zentral.contrib.munki.events') ALL_EVENTS_SEARCH_DICT = {"event_type": "munki_event"} class MunkiEvent(BaseEvent): event_type = "munki_event" register_event_type(MunkiEvent) def post_munki_events(msn, user_agent, ip, data): for report in data: events = report.pop('events') metadata = EventMetadata(MunkiEvent.event_type, machine_serial_number=msn, request=EventRequest(user_agent, ip), tags=MunkiEvent.tags) for index, (created_at, payload) in enumerate(events): metadata.index = index metadata.created_at = parser.parse(created_at) payload.update(report) event = MunkiEvent(metadata, payload) event.post()
from datetime import datetime import logging from zentral.core.events.base import BaseEvent, register_event_type logger = logging.getLogger('zentral.contrib.jamf_protect.events') ALL_EVENTS_SEARCH_DICT = {"tag": "jamf_protect"} class JamfProtectEnrollmentEvent(BaseEvent): event_type = "jamf_protect_enrollment" tags = ["jamf_protect"] register_event_type(JamfProtectEnrollmentEvent) class JamfProtectEvent(BaseEvent): event_type = "jamf_protect_event" tags = ["jamf_protect"] payload_aggregations = [ ("eventType", { "type": "terms", "bucket_number": 10, "label": "Event types" }), ] register_event_type(JamfProtectEvent)
import logging from zentral.core.events.base import BaseEvent, register_event_type logger = logging.getLogger('zentral.contrib.xnumon.events') ALL_EVENTS_SEARCH_DICT = {"tag": "xnumon"} class XnumonOpsEvent(BaseEvent): event_type = "xnumon_ops" tags = ["xnumon"] xnumon_eventcode = 0 register_event_type(XnumonOpsEvent) class XnumonStatsEvent(BaseEvent): event_type = "xnumon_stats" tags = ["xnumon"] xnumon_eventcode = 1 register_event_type(XnumonStatsEvent) class XnumonImageExecEvent(BaseEvent): event_type = "xnumon_image_exec" tags = ["xnumon"] xnumon_eventcode = 2 payload_aggregations = [
import logging from zentral.core.events.base import BaseEvent, register_event_type logger = logging.getLogger('zentral.contrib.audit.events') ALL_EVENTS_SEARCH_DICT = {"tag": "audit"} class AuditEvent(BaseEvent): event_type = "audit" tags = ["audit"] payload_aggregations = [ ("event_id", { "type": "terms", "bucket_number": 10, "label": "Event IDs" }), ] register_event_type(AuditEvent)
from django.test import TestCase from zentral.contrib.inventory.models import MachineSnapshotCommit from zentral.core.events.base import EventMetadata, EventRequest, BaseEvent, register_event_type class TestEvent3(BaseEvent): event_type = "event_type_3" register_event_type(TestEvent3) def make_event(ip=None, ua=None, with_msn=True): msn = request = None if with_msn: msn = "0123456789" if ip or ua: request = EventRequest(user_agent=ua, ip=ip) else: request = None return TestEvent3( EventMetadata(TestEvent3.event_type, machine_serial_number=msn, request=request), {"godzilla": "yo"}) class EventSerializationTestCase(TestCase): @classmethod def setUpTestData(cls): source = {"module": "tests.zentral.io", "name": "Zentral Tests"} tree = {
from zentral.contrib.osquery.models import parse_pack_query_configuration_key, Pack, PackQuery logger = logging.getLogger('zentral.contrib.osquery.events') ALL_EVENTS_SEARCH_DICT = {"tag": "osquery"} class OsqueryEvent(BaseEvent): tags = ["osquery"] class OsqueryEnrollmentEvent(OsqueryEvent): event_type = "osquery_enrollment" register_event_type(OsqueryEnrollmentEvent) class OsqueryRequestEvent(OsqueryEvent): event_type = "osquery_request" tags = ['osquery', 'heartbeat'] heartbeat_timeout = 2 * 60 def get_linked_objects_keys(self): keys = {} enrollment = self.payload.get("enrollment") if enrollment: enrollment_pk = enrollment.get("pk") if enrollment_pk: keys["osquery_enrollment"] = [(enrollment_pk, )] configuration = enrollment.get("configuration")
import logging from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, register_event_type logger = logging.getLogger('zentral.contrib.monolith.events') ALL_EVENTS_SEARCH_DICT = {"tag": "monolith"} class MonolithMunkiRequestEvent(BaseEvent): event_type = "monolith_munki_request" tags = ["monolith", "heartbeat"] register_event_type(MonolithMunkiRequestEvent) class MonolithSyncCatalogsRequestEvent(BaseEvent): event_type = "monolith_sync_catalogs_request" tags = ["monolith"] register_event_type(MonolithSyncCatalogsRequestEvent) class MonolithRepositoryUpdateEvent(BaseEvent): event_type = "monolith_repository_update" tags = ["monolith"] register_event_type(MonolithRepositoryUpdateEvent)
from zentral.core.events.base import BaseEvent, register_event_type logger = logging.getLogger('zentral.contrib.osquery.events') ALL_EVENTS_SEARCH_DICT = {"tag": "osquery"} class OsqueryEvent(BaseEvent): tags = ["osquery"] class OsqueryEnrollmentEvent(OsqueryEvent): event_type = "osquery_enrollment" register_event_type(OsqueryEnrollmentEvent) class OsqueryRequestEvent(OsqueryEvent): event_type = "osquery_request" tags = ['osquery', 'heartbeat'] heartbeat_timeout = 2 * 60 register_event_type(OsqueryRequestEvent) class OsqueryResultEvent(OsqueryEvent): event_type = "osquery_result" def get_notification_context(self, probe):
ALL_EVENTS_SEARCH_DICT = {"tag": "santa"} class SantaEnrollmentEvent(BaseEvent): event_type = "santa_enrollment" tags = ["santa"] def get_linked_objects_keys(self): keys = {} configuration = self.payload.get("configuration") if configuration: keys["santa_configuration"] = [(configuration.get("pk"), )] return keys register_event_type(SantaEnrollmentEvent) class SantaPreflightEvent(BaseEvent): event_type = "santa_preflight" tags = ["santa", "heartbeat"] heartbeat_timeout = 2 * 10 * 60 register_event_type(SantaPreflightEvent) class SantaEventEvent(BaseEvent): event_type = "santa_event" tags = ["santa"] payload_aggregations = [
from zentral.core.events.base import BaseEvent, register_event_type logger = logging.getLogger('zentral.contrib.santa.events') ALL_EVENTS_SEARCH_DICT = {"tag": "santa"} class SantaBaseEvent(BaseEvent): tags = ["santa"] class SantaPreflightEvent(SantaBaseEvent): event_type = "santa_preflight" register_event_type(SantaPreflightEvent) class SantaEventEvent(SantaBaseEvent): event_type = "santa_event" def get_notification_context(self, probe): ctx = super().get_notification_context(probe) if 'decision' in self.payload: ctx['decision'] = self.payload['decision'] if 'file_name' in self.payload: ctx['file_name'] = self.payload['file_name'] if 'file_path' in self.payload: ctx['file_path'] = self.payload['file_path'] return ctx
from zentral.core.events.base import BaseEvent, register_event_type from zentral.contrib.santa.models import CollectedApplication logger = logging.getLogger('zentral.contrib.santa.events') ALL_EVENTS_SEARCH_DICT = {"tag": "santa"} class SantaPreflightEvent(BaseEvent): event_type = "santa_preflight" tags = ["santa", "heartbeat"] heartbeat_timeout = 2 * 10 * 60 register_event_type(SantaPreflightEvent) class SantaEventEvent(BaseEvent): event_type = "santa_event" tags = ["santa"] payload_aggregations = [ ("decision", {"type": "terms", "bucket_number": 10, "label": "Decisions"}), ("file_bundle_name", {"type": "terms", "bucket_number": 10, "label": "Bundle names"}), ("bundles", {"type": "table", "bucket_number": 100, "label": "Bundles", "columns": [("file_bundle_name", "Name"), ("file_bundle_id", "ID"), ("file_bundle_path", "File path"), ("file_bundle_version_string", "Version str.")]}), ]
import logging from zentral.core.events.base import BaseEvent, register_event_type logger = logging.getLogger('zentral.contrib.filebeat.events') ALL_EVENTS_SEARCH_DICT = {"tag": "filebeat"} class FilebeatEnrollmentEvent(BaseEvent): event_type = "filebeat_enrollment" tags = ["filebeat"] register_event_type(FilebeatEnrollmentEvent) def post_enrollment_event(msn, user_agent, ip, data): FilebeatEnrollmentEvent.post_machine_request_payloads( msn, user_agent, ip, [data])
from django.contrib.auth.signals import user_logged_in, user_logged_out, user_login_failed from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, EventRequestUser, register_event_type ALL_EVENTS_SEARCH_DICT = { "event_type": ["zentral_login", "zentral_logout", "zentral_failed_login"] } # events class LoginEvent(BaseEvent): event_type = "zentral_login" tags = ["zentral"] register_event_type(LoginEvent) class LogoutEvent(BaseEvent): event_type = "zentral_logout" tags = ["zentral"] register_event_type(LogoutEvent) class FailedLoginEvent(BaseEvent): event_type = "zentral_failed_login" tags = ["zentral"]
from django.test import TestCase from zentral.contrib.inventory.models import MachineSnapshotCommit from zentral.core.events.base import EventMetadata, EventRequest, BaseEvent, register_event_type class TestEvent3(BaseEvent): event_type = "event_type_3" register_event_type(TestEvent3) def make_event(ip=None, ua=None, with_msn=True): msn = request = None if with_msn: msn = "0123456789" if ip or ua: request = EventRequest(user_agent=ua, ip=ip) else: request = None return TestEvent3(EventMetadata(TestEvent3.event_type, machine_serial_number=msn, request=request), {"godzilla": "yo"}) class EventSerializationTestCase(TestCase): @classmethod def setUpTestData(cls): source = {"module": "tests.zentral.io", "name": "Zentral Tests"} tree = {
logger = logging.getLogger('zentral.contrib.zendesk.events') ALL_EVENTS_SEARCH_DICT = {"tag": "zendesk"} class BaseZendeskEvent(BaseEvent): tags = ["zendesk"] class ZendeskTicketCreationEvent(BaseZendeskEvent): event_type = "zendesk_ticket_creation" register_event_type(ZendeskTicketCreationEvent) class ZendeskCommentCreationEvent(BaseZendeskEvent): event_type = "zendesk_comment_creation" register_event_type(ZendeskCommentCreationEvent) def post_zendesk_event(user_agent, ip, data): data_type = data['type'] data = data['data'] if data_type == 'ticket': event_class = ZendeskTicketCreationEvent elif data_type == 'comment':
logger = logging.getLogger('zentral.contrib.osquery.events') ALL_EVENTS_SEARCH_DICT = {"tag": "osquery"} class OsqueryEvent(BaseEvent): tags = ["osquery"] class OsqueryEnrollmentEvent(OsqueryEvent): event_type = "osquery_enrollment" register_event_type(OsqueryEnrollmentEvent) class OsqueryRequestEvent(OsqueryEvent): event_type = "osquery_request" tags = ['osquery', 'heartbeat'] heartbeat_timeout = 2 * 60 register_event_type(OsqueryRequestEvent) class OsqueryResultEvent(OsqueryEvent): event_type = "osquery_result" def get_notification_context(self, probe):
from django.contrib.auth.signals import user_logged_in, user_logged_out, user_login_failed from zentral.core.events.base import BaseEvent, EventMetadata, EventRequest, EventRequestUser, register_event_type ALL_EVENTS_SEARCH_DICT = { "event_type": ["zentral_login", "zentral_logout", "zentral_failed_login"] } # events class LoginEvent(BaseEvent): event_type = "zentral_login" tags = ["zentral"] register_event_type(LoginEvent) class LogoutEvent(BaseEvent): event_type = "zentral_logout" tags = ["zentral"] register_event_type(LogoutEvent) class FailedLoginEvent(BaseEvent): event_type = "zentral_failed_login" tags = ["zentral"]
from zentral.core.events.base import BaseEvent, register_event_type, post_command_events logger = logging.getLogger('zentral.contrib.zendesk.events') ALL_EVENTS_SEARCH_DICT = {"tag": "zendesk"} class BaseZendeskEvent(BaseEvent): tags = ["zendesk"] class ZendeskTicketCreationEvent(BaseZendeskEvent): event_type = "zendesk_ticket_creation" register_event_type(ZendeskTicketCreationEvent) class ZendeskCommentCreationEvent(BaseZendeskEvent): event_type = "zendesk_comment_creation" register_event_type(ZendeskCommentCreationEvent) def post_zendesk_event(user_agent, ip, data): data_type = data['type'] data = data['data'] if data_type == 'ticket': event_class = ZendeskTicketCreationEvent elif data_type == 'comment':