def __init__(self, auth: MPSIEMAuth, settings: Settings):
ModuleInterface.__init__(self, auth, settings)
LoggingHandler.__init__(self)
self.__core_session = auth.connect(MPComponents.CORE)
self.__core_hostname = auth.creds.core_hostname
self.__tables_cache = {}
self.log.debug('status=success, action=prepare, msg="Table Module init"')
def get_module(self, module_name: ModuleNames, creds: Creds = None):
self.__module_name = module_name
if creds is not None:
self.creds = creds
auth = MPSIEMAuth(self.creds, self.settings)
if self.__module_name == ModuleNames.AUTH:
return auth
if self.__module_name == ModuleNames.EVENTS:
return Events(auth, self.settings)
if self.__module_name == ModuleNames.TABLES:
return Tables(auth, self.settings)
if self.__module_name == ModuleNames.URM:
return UsersAndRoles(auth, self.settings)
if self.__module_name == ModuleNames.KB:
return KnowledgeBase(auth, self.settings)
if self.__module_name == ModuleNames.INCIDENTS:
return Incidents(auth, self.settings)
if self.__module_name == ModuleNames.HEALTH:
return HealthMonitor(auth, self.settings)
if self.__module_name == ModuleNames.FILTERS:
return Filters(auth, self.settings)
if self.__module_name == ModuleNames.TASKS:
return Tasks(auth, self.settings)
if self.__module_name == ModuleNames.SOURCE_MONITOR:
return SourceMonitor(auth, self.settings)
def __init__(self, auth: MPSIEMAuth, settings: Settings):
ModuleInterface.__init__(self, auth, settings)
LoggingHandler.__init__(self)
self.__ms_session = auth.connect(MPComponents.MS)
self.__ms_hostname = auth.creds.core_hostname
self.__applications = {}
self.__roles = {}
self.__privileges = {}
self.__users = {}
def __init__(self, auth: MPSIEMAuth, settings: Settings):
ModuleInterface.__init__(self, auth, settings)
LoggingHandler.__init__(self)
self.__storage_version = auth.get_storage_version()
self.__storage_hostname = auth.get_creds().storage_hostname
auth.disconnect(
) # не будем пользоваться стандартной сессией, у нас есть модуль ElasticSearch-py
self.__storage_session = Elasticsearch(
hosts=self.__storage_hostname,
port=self.__storage_port,
timeout=self.settings.connection_timeout)
self.QueryBuilder = ElasticQueryBuilder(
self.__storage_version, self.settings.storage_events_timezone,
self.settings.storage_bucket_size)
self.log.debug(
'status=success, action=prepare, msg="Events Module init"')
def __init__(self, auth: MPSIEMAuth, settings: Settings):
ModuleInterface.__init__(self, auth, settings)
LoggingHandler.__init__(self)
self.__kb_session = auth.connect(MPComponents.KB)
self.__kb_hostname = auth.creds.core_hostname
self.__rules_mapping = {}
self.__groups = {}
self.__folders = {}
self.__packs = {}
self.log.debug('status=success, action=prepare, msg="KB Module init"')
def __init__(self, auth: MPSIEMAuth, settings: Settings):
ModuleInterface.__init__(self, auth, settings)
LoggingHandler.__init__(self)
self.__core_session = auth.connect(MPComponents.CORE)
self.__core_hostname = auth.creds.core_hostname
self.__agents = {}
self.__modules = {}
self.__profiles = {}
self.__transports = {}
self.__credentials = {}
self.__tasks = {}
self.log.debug(
'status=success, action=prepare, msg="Tasks Module init"')
def __init__(self, auth: MPSIEMAuth, settings: Settings):
ModuleInterface.__init__(self, auth, settings)
LoggingHandler.__init__(self)
self.__core_session = auth.connect(MPComponents.CORE)
self.__core_hostname = auth.creds.core_hostname