Пример #1
0
    def __init__(
            self,
            events,
            message,
            category='',
            acknowledged=False,
            ack_user='',
            ack_timestamp=None,
            ack_message='',
            creation_timestamp=None
            ):

        if not isinstance(events, (tuple, list, set)):
            events = list(events)

        if any(not isinstance(event, AuditEvent) for event in events):
            raise TypeError("Expected events as %s, but got %s" % (AuditEvent, repr([event.__class__ for event in events])))

        if ack_timestamp is None:
            ack_timestamp = datetime.now()

        if creation_timestamp is None:
            creation_timestamp = datetime.now()

        theoretical_len = len(events)
        real_len = len(frozenset(events))

        if theoretical_len != real_len:
            raise ValueError("Some events are not unique: you pretend to give me %s events, but they are only %s. ids: %s" % (theoretical_len, real_len, [id(event) for event in events]))

#        if any(event.used for event in events):
#            raise ValueError("At least one event already belong to an alert")

        for event in events:
            event.used = True

        Entity.__init__(self)
        BaseAuditEvent.__init__(self, events[0].category,
            PRIORITY_ALERT, message)

        self.events = events
        self.message = unicode(message)
        self.category = unicode(category)
        self.acknowledged = acknowledged
        self.ack_user = unicode(ack_user)
        self.ack_timestamp = ack_timestamp
        self.ack_message = unicode(ack_message)
        self.creation_timestamp = creation_timestamp

        status = 'ACK' if self.acknowledged else 'PENDING'
        self.text = u"[%s]%s: %s" % (status, self.category, self.message)

        assert isinstance(self.acknowledged, bool)
Пример #2
0
    def __init__(
            self,
            source_key,
            category='',
            message='',
            uniqueid=None,
            ip_src=None,
            ip_dst=None,
            port_src = None,
            port_dst = None,
            user='',
            timestamp=None,
            used=False,
            ):

        Entity.__init__(self)
        BaseAuditEvent.__init__(
            self, category, PRIORITY_EVENT, message
            )

        if ip_src is None:
            self.ip_src = ''
        else:
            self.ip_src = ip_src
        if ip_dst is None:
            self.ip_dst = ''
        else:
            self.ip_dst = ip_dst
        if port_src is None:
            self.port_src = 0
        else:
            self.port_src = port_src
        if port_dst is None:
            self.port_dst = 0
        else:
            self.port_dst = port_dst

        if timestamp is None:
             timestamp = datetime.now()
        self.timestamp = timestamp

        self.user = unicode(user)
        self.uniqueid = uniqueid
        self.category = unicode(category)
        self.used = False
        self.source_key = unicode(source_key)
        self.message = unicode(message)
        self.weight = WEIGHT[category]
Пример #3
0
 def __init__(self):
     Entity.__init__(self)