def run(self, idmef):
if idmef.get("alert.analyzer(-1).manufacturer") != "OpenSSH":
return
if idmef.get("alert.assessment.impact.completion") != "succeeded":
return
data = idmef.get("alert.additional_data('Authentication method').data")
if not data:
return
data = data[0]
for username in idmef.get("alert.target(*).user.user_id(*).name"):
for target in idmef.get("alert.target(*).node.address(*).address"):
ctx = Context(("SSHAUTH", target, username), {
"expire": 30,
"alert_on_expire": alert
},
update=True,
ruleid=self.name)
if ctx.getUpdateCount() == 0:
ctx.authtype = {data: True}
ctx.addAlertReference(idmef)
elif data not in ctx.authtype:
ctx.authtype[data] = True
ctx.addAlertReference(idmef)
def run(self, idmef):
if idmef.get("alert.analyzer(-1).manufacturer") != "OpenSSH":
return
if idmef.get("alert.assessment.impact.completion") != "succeeded":
return
data = idmef.get("alert.additional_data('Authentication method').data")
if not data:
return
data = data[0]
for username in idmef.get("alert.target(*).user.user_id(*).name"):
for target in idmef.get("alert.target(*).node.address(*).address"):
ctx = Context(("SSHAUTH", target, username), { "expire": 30, "alert_on_expire": alert }, update=True)
if ctx.getUpdateCount() == 0:
ctx.authtype = { data: True }
ctx.addAlertReference(idmef)
elif not data in ctx.authtype:
ctx.authtype[data] = True
ctx.addAlertReference(idmef)
