コード例 #1
0
 def test_normalize_api_call(self):
     """Test normalize_api_call"""
     # Ensure the numbers at the end are removed
     self.assertEquals(normalize_api_call('lambda', 'ListTags20170331'),
                       'lambda:listtags')
     # Ensure service renaming occurs
     self.assertEquals(normalize_api_call('monitoring', 'DescribeAlarms'),
                       'cloudwatch:describealarms')
コード例 #2
0
    def get_events_from_search(self, searchresults):
        """
        Given the results of a query for events, return these in a more usable fashion
        """
        event_names = {}

        for event in searchresults:
            event = event[0]
            # event is now a string like "{field0=s3.amazonaws.com, field1=GetBucketAcl}"
            # I parse out the field manually
            # TODO Find a smarter way to parse this data

            # Remove the '{' and '}'
            event = event[1 : len(event) - 1]

            # Split into 'field0=s3.amazonaws.com' and 'field1=GetBucketAcl'
            event = event.split(", ")
            # Get the eventsource 's3.amazonaws.com'
            service = event[0].split("=")[1]
            # Get the service 's3'
            service = service.split(".")[0]

            # Get the eventname 'GetBucketAcl'
            eventname = event[1].split("=")[1]

            event_names[normalize_api_call(service, eventname)] = True

        return event_names
コード例 #3
0
    def get_events_from_search(self, searchquery):
        """
        Given a started elasticsearch query, apply the remaining search filters, and
        return the API calls that exist for this query.
        s: search query
        """
        searchquery.aggs.bucket("event_names",
                                "terms",
                                field=self.get_field_name("eventName"),
                                size=5000).bucket(
                                    "service_names",
                                    "terms",
                                    field=self.get_field_name("eventSource"),
                                    size=5000,
                                )
        response = searchquery.execute()

        event_names = {}

        for event in response.aggregations.event_names.buckets:
            service = event.service_names.buckets[0].key
            service = service.split(".")[0]

            event_names[normalize_api_call(service, event.key)] = True

        return event_names