def getUserName(self):
try:
return self.item['related_events'][0]['user_email']
except:
_print('could not extract user email from item id: ' +
self.item['id'])
return 'USER_NAME_EXTRACT_FAIL'
def getCloudServiceName(self):
try:
return self.item['related_events'][0]['cloud_service']
except:
_print('could not extract cloud service name from item ' +
self.item['id'])
return 'CLOUD_SERVICE_EXTRACT_FAIL'
def __init__(self,
options,
state=None,
api_adaptor=None,
extension_name='extension_name'):
_print('init: Paginator')
if (state is None):
self.state = State()
else:
self.state = state
self.extension_name = extension_name
self.reset()
try:
self.max_pages = int(options['max_pages'])
_print('about to load formatters')
self.formatter = self.loadFormatter(options)
except Exception as ex:
_print(ex)
_print('could not initialize Paginator.')
raise
if api_adaptor is not None:
self.api_adaptor = api_adaptor
else:
_print('about to load api adaptor for extension ' +
self.extension_name)
api_adaptor_class = self.loadClass(options, 'api_adaptor')
self.api_adaptor = api_adaptor_class(options)
def getThreat(self):
try:
return self.item['related_events'][0]['event_classification'][
'threat']
except:
_print("could not extract the related event's threat from item " +
self.item['id'])
return 'THREAT_EXTRACT_FAIL'
def run(self): # mandatory
while not self.exit:
try:
time.sleep(self.interval)
self.doWork()
except Exception as e:
_print('Error while trying to fetch alerts.')
_print(e)
def getSubClassification(self):
try:
return self.item['related_events'][0]['event_classification'][
'sub_category']
except:
_print(
"could not extract the related event's sub category from item "
+ self.item['id'])
return 'SUB_CLASSIFICATION_EXTRACT_FAIL'
def buildBody(self, leef_attributes):
try:
leef_body = ''
for (key, val) in leef_attributes.items():
leef_body += (key + '=' + val + '\t')
return leef_body
except Exception as ex:
_print(ex)
return ''
def __init__(self,name,options, paginator = None, send_items_func = _print):
_print('init Extension ' + name)
self.name = name
self.sendItems = send_items_func
if paginator is None:
_print('about to load paginator for extension ' + name)
self.paginator = Paginator(options = options,extension_name = name)
else:
self.paginator = paginator
def fetchPageItems(self):
if self.is_end: return None
response_json = self.api_adaptor.fetchItems(self.page_num)
if response_json is not None:
try:
items = self.formatter.wrapItems(response_json)
except Exception as ex:
_print(ex)
items = None
return self.filterItems(items)
else:
return None
def __init__(self, last_item_id = '', persit_path = DEFAULT_PERSIST_PATH):
_print('initializing State')
self.persist_path = persit_path
try:
with open(self.persist_path, 'rb') as f:
restored_state = pickle.load(f)
if restored_state is not None:
_print('loaded from disk the following last record: ' + restored_state.last_item_id)
self.last_item_id = restored_state.last_item_id
else:
_print('restored state was empty.')
except Exception as e:
_print('No REST2Syslog State. Creating a new instance.'+ str(e))
self.last_item_id = last_item_id
def loadClass(self, options, type_name):
_print('about to load ' + type_name + ' class...')
module_name = options[self.extension_name + '.' + type_name +
'_module']
class_name = options[self.extension_name + '.' + type_name + '_class']
_print('about to load from module:' + module_name)
_print('about to load class:' + class_name)
module = __import__(module_name, fromlist=[class_name])
_class = getattr(module, class_name)
return _class
def doWork(self):
while self.paginator.next():
page_items = self.paginator.fetchPageItems()
if page_items is not None:
if len(page_items) > 0:
self.sendItems(page_items)
_print('Extension: ' + self.name + ' returned ' + str(len(page_items)) + ' new items.')
else:
_print('Extension: ' + self.name + ' finished pagination.')
else:
_print('Extension: ' + self.name + ' finished pagination.')
break
self.paginator.reset()
def init(self, options): # optional
_print("REST2Syslog Source init")
try:
self.interval = int(options['interval'])
self.extensions = []
for extension_name in options['extensions'].split(','):
_print('found extension: ' + extension_name)
self.extensions.append(
Extension(name=extension_name,
options=options,
send_items_func=self.sendItems))
self.exit = False
return True
except:
_print(
'configuration of REST2Syslog Source (R2S) is incomplete or malformed. Please reffer to the R2S Wiki for more details.'
)
return False
def persist(self):
try:
with open(self.persist_path, 'wb') as f:
pickle.dump(self, f)
except Exception as e:
_print('Error while trying to store REST2Syslog State: ' + str(e))
def request_exit(self): # mandatory
_print("R2S Source exit")
self.exit = True
def loadFormatter(self, options):
_print('about to load formatter for extension ' + self.extension_name)
formatter_class = self.loadClass(options, 'formatter')
formatter_class.options = options
return formatter_class