def __init__(self):
"""Initializes a Windows service event format helper."""
super(WinRegistryServiceFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='error_control',
output_attribute='error_control',
values=(
human_readable_service_enums.SERVICE_ENUMS['ErrorControl']))
self.helpers.append(helper)
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='service_type',
output_attribute='service_type',
values=(human_readable_service_enums.SERVICE_ENUMS['Type']))
self.helpers.append(helper)
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='start_type',
output_attribute='start_type',
values=(human_readable_service_enums.SERVICE_ENUMS['Start']))
self.helpers.append(helper)
def __init__(self):
"""Initializes a Trend Micro Virus Log event format helper."""
super(OfficeScanVirusDetectionLogEventFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN', input_attribute='action',
output_attribute='action', values=self._SCAN_RESULTS)
self.helpers.append(helper)
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN', input_attribute='scan_type',
output_attribute='scan_type', values=self._SCAN_TYPES)
self.helpers.append(helper)
def __init__(self):
"""Initializes a Windows Restore Point information event format helper."""
super(RestorePointInfoFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN', input_attribute='restore_point_event_type',
output_attribute='restore_point_event_type',
values=self._RESTORE_POINT_EVENT_TYPES)
self.helpers.append(helper)
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN', input_attribute='restore_point_type',
output_attribute='restore_point_type', values=self._RESTORE_POINT_TYPES)
self.helpers.append(helper)
def __init__(self):
"""Initializes a Windows Scheduled Task (job) event format helper."""
super(WinJobFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN', input_attribute='trigger_type',
output_attribute='trigger_type', values=self._TRIGGER_TYPES)
self.helpers.append(helper)
def __init__(self):
"""Initializes a BSM log entry format helper."""
super(BSMFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN', input_attribute='event_type',
output_attribute='event_type_string', values=bsmtoken.BSM_AUDIT_EVENT)
self.helpers.append(helper)
def __init__(self):
"""Initializes a Trend Micro Virus Log event format helper."""
super(OfficeScanWebReputationLogEventFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN', input_attribute='block_mode',
output_attribute='block_mode', values=self._BLOCK_MODES)
self.helpers.append(helper)
def __init__(self):
"""Initializes an iMessage chat event format helper."""
super(IMessageFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='message_type',
output_attribute='message_type',
values=self._MESSAGE_TYPES)
self.helpers.append(helper)
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='read_receipt',
output_attribute='read_receipt',
values=self._READ_RECEIPTS)
self.helpers.append(helper)
def __init__(self):
"""Initializes an iOS Kik message event format helper."""
super(KikIOSMessageFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='message_status',
output_attribute='message_status',
values=self._MESSAGE_STATUSES)
self.helpers.append(helper)
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='message_type',
output_attribute='message_type',
values=self._MESSAGE_TYPES)
self.helpers.append(helper)
def __init__(self):
super(WinRecyclerFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='drive_number',
output_attribute='drive_letter',
values=self._DRIVE_LETTER)
self.helpers.append(helper)
def __init__(self):
"""Initializes a Twitter for Android status event format helper."""
super(TwitterAndroidStatusFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='favorited',
output_attribute='favorited',
values=self._YES_NO_VALUES)
self.helpers.append(helper)
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='retweeted',
output_attribute='retweeted',
values=self._YES_NO_VALUES)
self.helpers.append(helper)
def __init__(self):
"""Initializes a Tango on Android message event format helper."""
super(TangoAndroidMessageFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='Unknown',
input_attribute='direction',
output_attribute='direction',
values=self._DIRECTION)
self.helpers.append(helper)
def __init__(self):
"""Initializes an UTMPX session event format helper."""
super(UtmpxSessionFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='type',
output_attribute='status',
values=self._STATUS_TYPES)
self.helpers.append(helper)
def __init__(self):
"""Initializes an a MacOS Notification Center event format helper."""
super(MacNotificationCenterFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='presented',
output_attribute='presented',
values=self._PRESENTED_VALUES)
self.helpers.append(helper)
def __init__(self):
"""Initializes a Twitter on iOS 8+ contact event format helper."""
super(TwitterIOSContactFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='following',
output_attribute='following',
values=self._YES_NO_VALUES)
self.helpers.append(helper)
def __init__(self):
"""Initializes a Chrome extension activity format helper."""
super(ChromeExtensionActivityEventFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='unknown',
input_attribute='action_type',
output_attribute='action_type_string',
values=self._CHROME_ACTION_TYPES)
self.helpers.append(helper)
def __init__(self):
"""Initializes an iMessage chat event format helper."""
super(MacOSTCCFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='allowed',
output_attribute='allowed',
values=self._ALLOWED)
self.helpers.append(helper)
def __init__(self):
"""Initializes a Windows Recycler/Recycle Bin file event format helper."""
super(WinRecyclerFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='UNKNOWN',
input_attribute='drive_number',
output_attribute='drive_letter',
values=self._DRIVE_LETTER)
self.helpers.append(helper)
def __init__(self):
"""Initializes a Symantec AV log file event format helper."""
super(SymantecAVFormatter, self).__init__()
helper = interface.EnumerationEventFormatterHelper(
default='Unknown',
input_attribute='event',
output_attribute='event_map',
values=self._EVENT_NAMES)
self.helpers.append(helper)
helper = interface.EnumerationEventFormatterHelper(
default='Unknown',
input_attribute='cat',
output_attribute='category_map',
values=self._CATEGORY_NAMES)
self.helpers.append(helper)
helper = interface.EnumerationEventFormatterHelper(
default='Unknown',
input_attribute='action0',
output_attribute='action0_map',
values=self._ACTION_0_NAMES)
self.helpers.append(helper)
helper = interface.EnumerationEventFormatterHelper(
default='Unknown',
input_attribute='action1',
output_attribute='action1_map',
values=self._ACTION_1_2_NAMES)
self.helpers.append(helper)
helper = interface.EnumerationEventFormatterHelper(
default='Unknown',
input_attribute='action2',
output_attribute='action2_map',
values=self._ACTION_1_2_NAMES)
self.helpers.append(helper)
def _ReadEnumerationHelpers(self, formatter,
enumeration_helpers_definition_values):
"""Reads enumeration helper definitions from a list.
Args:
formatter (EventFormatter): an event formatter.
enumeration_helpers_definition_values (list[dict[str, object]]):
enumeration helpers definition values.
Raises:
ParseError: if the format of the enumeration helper definitions are
incorrect.
"""
for enumeration_helper in enumeration_helpers_definition_values:
input_attribute = enumeration_helper.get('input_attribute', None)
if not input_attribute:
raise errors.ParseError(
'Invalid enumeration helper missing input attribute.')
output_attribute = enumeration_helper.get('output_attribute', None)
if not output_attribute:
raise errors.ParseError(
'Invalid enumeration helper missing output attribute.')
values = enumeration_helper.get('values', None)
if not values:
raise errors.ParseError(
'Invalid enumeration helper missing values.')
default_value = enumeration_helper.get('default_value', None)
helper = interface.EnumerationEventFormatterHelper(
default=default_value,
input_attribute=input_attribute,
output_attribute=output_attribute,
values=values)
formatter.AddHelper(helper)
def testInitialization(self):
"""Tests the initialization."""
event_formatter_helper = interface.EnumerationEventFormatterHelper()
self.assertIsNotNone(event_formatter_helper)
def testFormatEventValues(self):
"""Tests the FormatEventValues function."""
event_formatter_helper = interface.EnumerationEventFormatterHelper()
event_values = {}
event_formatter_helper.FormatEventValues(event_values)
