def user_login_failed_callback(sender, credentials, **kwargs):
request = kwargs.get("request") # introduced in django 1.11
if request:
request = EventRequest.build_from_request(request)
metadata = EventMetadata(request=request)
event = FailedLoginEvent(metadata, {"user": {k: str(v) for k, v in credentials.items() if k in ("username",)}})
event.post()
def post_group_membership_updates(request, added_groups, removed_groups, user=None):
event_request = EventRequest.build_from_request(request)
created_at = datetime.utcnow()
event_uuid = uuid.uuid4()
event_index = 0
base_payload = {}
if user:
base_payload["user"] = {
"pk": user.pk, "username": user.username,
"is_service_account": user.is_service_account
}
if added_groups:
for added_group in added_groups:
event_metadata = EventMetadata(request=event_request,
uuid=event_uuid, index=event_index,
created_at=created_at)
payload = base_payload.copy()
payload["group"] = {"pk": added_group.pk, "name": added_group.name}
event = AddUserToGroupEvent(event_metadata, payload)
event.post()
event_index += 1
if removed_groups:
for removed_group in removed_groups:
event_metadata = EventMetadata(request=event_request,
uuid=event_uuid, index=event_index,
created_at=created_at)
payload = base_payload.copy()
payload["group"] = {"pk": removed_group.pk, "name": removed_group.name}
event = RemoveUserFromGroupEvent(event_metadata, payload)
event.post()
event_index += 1
def post_event(event_cls, request, user, payload=None):
if payload is None:
payload = {}
metadata = EventMetadata(request=EventRequest.build_from_request(request))
if user and user != request.user:
payload["user"] = {"pk": user.pk, "username": user.username}
event = event_cls(metadata, payload)
event.post()
def user_login_failed_callback(sender, credentials, **kwargs):
request = kwargs.get("request") # introduced in django 1.11
if request:
request = EventRequest.build_from_request(request)
metadata = EventMetadata(FailedLoginEvent.event_type,
request=request,
tags=FailedLoginEvent.tags)
event = FailedLoginEvent(metadata, credentials)
event.post()
def post_monolith_repository_updates(repository, payloads, request=None):
event_class = MonolithRepositoryUpdateEvent
repository_serialized_info = repository.serialize_for_event()
if request:
request = EventRequest.build_from_request(request)
event_uuid = uuid.uuid4()
for index, payload in enumerate(payloads):
metadata = EventMetadata(uuid=event_uuid, index=index, request=request)
payload.update({"repository": repository_serialized_info})
event = event_class(metadata, payload)
event.post()
def post(self, request, *args, **kwargs):
instance = get_object_or_404(Instance, pk=self.kwargs["pk"])
event_request = EventRequest.build_from_request(request)
result = sync_inventory.apply_async(
(instance.pk, event_request.serialize()))
return Response(
{
"task_id":
result.id,
"task_result_url":
reverse("base_api:task_result", args=(result.id, ))
},
status=status.HTTP_201_CREATED)
def post_event(event_cls, request, user):
request = EventRequest.build_from_request(request)
payload = {}
# TODO: check if user can be different than request.user
# remove the following bit if not
eru = EventRequestUser.build_from_user(user)
if eru:
payload["user"] = eru.serialize()
metadata = EventMetadata(event_cls.event_type,
request=request,
tags=event_cls.tags)
event = event_cls(metadata, payload)
event.post()
def post_event(event_cls, request, user, payload=None):
if payload is None:
payload = {}
# TODO: check if user can be different than request.user
# remove the following bit if not
eru = EventRequestUser.build_from_user(user)
if eru:
payload["user"] = eru.serialize()
seabc = request.session.get_expire_at_browser_close()
payload["session"] = {"expire_at_browser_close": seabc}
if not seabc:
payload["session"].update(
{"expiry_age": request.session.get_expiry_age()})
# realm user
payload["realm_session"] = False
ras_uuid = request.session.get("_realm_authentication_session")
if ras_uuid:
try:
ras = RealmAuthenticationSession.objects.select_related(
"realm", "user").get(uuid=ras_uuid)
except RealmAuthenticationSession.DoesNotExist:
logger.error("Could not find realm authentication session %s",
ras_uuid)
else:
realm = ras.realm
payload["realm_session"] = True
payload["realm_user"] = {
"realm": {
"uuid": realm.uuid,
"name": str(realm),
"backend": realm.backend
},
"session": {
"uuid": ras.uuid,
"created_at": ras.created_at,
"updated_at": ras.updated_at,
"expires": ras.expires_at is not None,
"expires_at": ras.expires_at
},
"uuid": ras.user.uuid
}
event_request = EventRequest.build_from_request(request)
metadata = EventMetadata(event_cls.event_type,
request=event_request,
tags=event_cls.tags)
event = event_cls(metadata, payload)
event.post()
def post_santa_ruleset_update_events(request, ruleset_data, rules_data):
event_request = EventRequest.build_from_request(request)
ruleset_update_event_metadata = EventMetadata(request=event_request)
ruleset_update_event = SantaRuleSetUpdateEvent(
ruleset_update_event_metadata, ruleset_data)
ruleset_update_event.post()
for idx, rule_data in enumerate(rules_data):
rule_update_event_metadata = EventMetadata(
request=event_request,
uuid=ruleset_update_event_metadata.uuid,
index=idx + 1)
rule_update_event = SantaRuleUpdateEvent(rule_update_event_metadata,
rule_data)
rule_update_event.post()
def post_osquery_pack_update_events(request, pack_data, pack_queries_data):
event_request = EventRequest.build_from_request(request)
pack_update_event_metadata = EventMetadata(request=event_request)
pack_update_event = OsqueryPackUpdateEvent(pack_update_event_metadata,
pack_data)
pack_update_event.post()
for idx, pack_query_data in enumerate(pack_queries_data):
pack_query_update_event_metadata = EventMetadata(
request=event_request,
uuid=pack_update_event_metadata.uuid,
index=idx + 1)
pack_query_update_event = OsqueryPackQueryUpdateEvent(
pack_query_update_event_metadata, pack_query_data)
pack_query_update_event.post()
def post_monolith_cache_server_update_request(request,
cache_server=None,
errors=None):
event_class = MonolithUpdateCacheServerRequestEvent
event_request = EventRequest.build_from_request(request)
metadata = EventMetadata(request=event_request)
if cache_server:
payload = cache_server.serialize()
payload["status"] = 0
else:
# flatten errors
payload = {
"errors": {attr: ", ".join(err)
for attr, err in errors.items()}
}
payload["status"] = 1
event = event_class(metadata, payload)
event.post()
def post(self, request, *args, **kwargs):
serializer = CleanupInventorySerializer(data=request.data)
if serializer.is_valid():
event_request = EventRequest.build_from_request(request)
result = cleanup_inventory.apply_async((
serializer.data["days"],
event_request.serialize(),
))
return Response(
{
"task_id":
result.id,
"task_result_url":
reverse("base_api:task_result", args=(result.id, ))
},
status=status.HTTP_201_CREATED)
else:
return Response(serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
def update_incident_status(incident, new_status, request):
incident = Incident.objects.select_for_update().get(pk=incident.pk)
if new_status not in incident.get_next_statuses():
return incident, None
previous_status = {
"status": incident.status,
"status_time": incident.status_time
}
incident.status = new_status.value
incident.status_time = datetime.utcnow()
incident.save()
# build event
event_payload = incident.serialize_for_event()
event_payload["previous_status"] = previous_status
event = IncidentStatusUpdatedEvent(
EventMetadata(request=EventRequest.build_from_request(request)),
event_payload)
return incident, event
def update_machine_incident_status(machine_incident, new_status, request):
machine_incident = (MachineIncident.objects.select_for_update().
select_related("incident").get(pk=machine_incident.pk))
if new_status not in machine_incident.get_next_statuses():
return machine_incident, None
previous_status = {
"status": machine_incident.status,
"status_time": machine_incident.status_time
}
machine_incident.status = new_status.value
machine_incident.status_time = datetime.utcnow()
machine_incident.save()
# build event
event_payload = machine_incident.serialize_for_event()
event_payload["machine_incident"]["previous_status"] = previous_status
event = MachineIncidentStatusUpdatedEvent(
EventMetadata(request=EventRequest.build_from_request(request)),
event_payload)
return machine_incident, event
def post_instance_created_event(instance, request):
metadata = EventMetadata(request=EventRequest.build_from_request(request))
event = WSOneInstanceCreated(metadata,
{"instance": instance.serialize_for_event()})
event.post()
def post_monolith_sync_catalogs_request(request):
event_class = MonolithSyncCatalogsRequestEvent
event_request = EventRequest.build_from_request(request)
metadata = EventMetadata(request=event_request)
event = event_class(metadata, {})
event.post()
def post_santa_rule_update_event(request, data):
metadata = EventMetadata(request=EventRequest.build_from_request(request))
event = SantaRuleUpdateEvent(metadata, data)
event.post()
def post_instance_deleted_event(serialized_instance, request):
metadata = EventMetadata(request=EventRequest.build_from_request(request))
event = WSOneInstanceDeleted(metadata, {"instance": serialized_instance})
event.post()
def build_from_request_and_object(cls, request, jmespath_check):
payload = jmespath_check.compliance_check.serialize_for_event()
payload["inventory_jmespath_check"] = jmespath_check.serialize_for_event()
return cls(EventMetadata(request=EventRequest.build_from_request(request)), payload)