def handler(event, _):
"""Main Lambda handler function"""
try:
records = [json.loads(record['body']) for record in event.get('Records', [])]
RulesEngine().run(records)
except Exception:
logger.get_logger(__name__).error('Invocation event: %s', json.dumps(event))
raise
def handler(event, _):
"""Main Lambda handler function"""
try:
Classifier().run(event.get('Records', []))
except Exception:
logger.get_logger(__name__).exception('Invocation event: %s',
json.dumps(event))
raise
def handler(event, _):
"""Main Lambda handler function"""
try:
records = []
for record in event.get('Records', []):
body = json.loads(record['body'])
if isinstance(body, list):
records.extend(body)
else:
records.append(body)
RulesEngine().run(records)
except Exception:
logger.get_logger(__name__).error('Invocation event: %s',
json.dumps(event))
raise
def test_get_logger_env_level():
"""Shared - Get Logger, Environment Level"""
level = 'DEBUG'
with patch.dict(os.environ, {'LOGGER_LEVEL': level}):
logger = get_logger('test')
assert_equal(logging.getLevelName(logger.getEffectiveLevel()), level)
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""
from abc import ABCMeta, abstractmethod, abstractproperty
import json
import logging
import os
from stream_alert.shared.logger import get_logger
LOGGER = get_logger(__name__)
LOGGER_DEBUG_ENABLED = LOGGER.isEnabledFor(logging.DEBUG)
class PayloadRecord(object):
"""PayloadRecord for extracted records from within a payload
Attributes:
data (str|dict): Raw payload record data being parsed
parser: Instance of classifier.parsers.ParserBase used to properly parse the data
log_schema_type (str): Fully qualified log type (ie: osquery:diff)
log_type (str): Top-level log type (ie: 'osquery' in osquery:diff)
log_subtype (str): Log sub-type, if defined (ie: 'diff' in osquery:diff)
parsed_records (list): List of successfully parsed records from this payload record
invalid_records (list): If some records from this payload record parsed successfully,
but others failed, this contains the list of failed records
def test_get_logger_bad_level(log_mock):
"""Shared - Get Logger, Bad Level"""
logger = get_logger('test', 'foo')
assert_equal(logging.getLevelName(logger.getEffectiveLevel()), 'INFO')
log_mock.assert_called_with('Defaulting to INFO logging: %s',
'Unknown level: \'FOO\'')
def test_get_logger_user_level():
"""Shared - Get Logger, User Defined Level"""
level = 'CRITICAL'
logger = get_logger('test', level)
assert_equal(logging.getLevelName(logger.getEffectiveLevel()), level)
def test_get_logger():
"""Shared - Get Logger, Defaults"""
logger_name = 'unittest'
logger = get_logger(logger_name)
assert_equal(logger.name, logger_name)
assert_equal(logging.getLevelName(logger.getEffectiveLevel()), 'INFO')
See the License for the specific language governing permissions and
limitations under the License.
"""
import logging
import json
from stream_alert.rule_processor import FUNCTION_NAME
from stream_alert.rule_processor.alert_forward import AlertForwarder
from stream_alert.rule_processor.classifier import StreamClassifier
from stream_alert.rule_processor.firehose import FirehoseClient
from stream_alert.rule_processor.payload import load_stream_payload
from stream_alert.rule_processor.rules_engine import RulesEngine
from stream_alert.shared import config, logger, stats
from stream_alert.shared.metrics import MetricLogger
LOGGER = logger.get_logger(__name__)
LOGGER_DEBUG_ENABLED = LOGGER.isEnabledFor(logging.DEBUG)
class StreamAlert(object):
"""Wrapper class for handling StreamAlert classification and processing"""
config = {}
def __init__(self, context):
"""Initializer
Args:
context (dict): An AWS context object which provides metadata on the currently
executing lambda function.
"""
# Load the config. Validation occurs during load, which will
