def handler(event, _): """Main Lambda handler function""" try: records = [json.loads(record['body']) for record in event.get('Records', [])] RulesEngine().run(records) except Exception: logger.get_logger(__name__).error('Invocation event: %s', json.dumps(event)) raise
def handler(event, _): """Main Lambda handler function""" try: Classifier().run(event.get('Records', [])) except Exception: logger.get_logger(__name__).exception('Invocation event: %s', json.dumps(event)) raise
def handler(event, _): """Main Lambda handler function""" try: records = [] for record in event.get('Records', []): body = json.loads(record['body']) if isinstance(body, list): records.extend(body) else: records.append(body) RulesEngine().run(records) except Exception: logger.get_logger(__name__).error('Invocation event: %s', json.dumps(event)) raise
def test_get_logger_env_level(): """Shared - Get Logger, Environment Level""" level = 'DEBUG' with patch.dict(os.environ, {'LOGGER_LEVEL': level}): logger = get_logger('test') assert_equal(logging.getLevelName(logger.getEffectiveLevel()), level)
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. """ from abc import ABCMeta, abstractmethod, abstractproperty import json import logging import os from stream_alert.shared.logger import get_logger LOGGER = get_logger(__name__) LOGGER_DEBUG_ENABLED = LOGGER.isEnabledFor(logging.DEBUG) class PayloadRecord(object): """PayloadRecord for extracted records from within a payload Attributes: data (str|dict): Raw payload record data being parsed parser: Instance of classifier.parsers.ParserBase used to properly parse the data log_schema_type (str): Fully qualified log type (ie: osquery:diff) log_type (str): Top-level log type (ie: 'osquery' in osquery:diff) log_subtype (str): Log sub-type, if defined (ie: 'diff' in osquery:diff) parsed_records (list): List of successfully parsed records from this payload record invalid_records (list): If some records from this payload record parsed successfully, but others failed, this contains the list of failed records
def test_get_logger_bad_level(log_mock): """Shared - Get Logger, Bad Level""" logger = get_logger('test', 'foo') assert_equal(logging.getLevelName(logger.getEffectiveLevel()), 'INFO') log_mock.assert_called_with('Defaulting to INFO logging: %s', 'Unknown level: \'FOO\'')
def test_get_logger_user_level(): """Shared - Get Logger, User Defined Level""" level = 'CRITICAL' logger = get_logger('test', level) assert_equal(logging.getLevelName(logger.getEffectiveLevel()), level)
def test_get_logger(): """Shared - Get Logger, Defaults""" logger_name = 'unittest' logger = get_logger(logger_name) assert_equal(logger.name, logger_name) assert_equal(logging.getLevelName(logger.getEffectiveLevel()), 'INFO')
See the License for the specific language governing permissions and limitations under the License. """ import logging import json from stream_alert.rule_processor import FUNCTION_NAME from stream_alert.rule_processor.alert_forward import AlertForwarder from stream_alert.rule_processor.classifier import StreamClassifier from stream_alert.rule_processor.firehose import FirehoseClient from stream_alert.rule_processor.payload import load_stream_payload from stream_alert.rule_processor.rules_engine import RulesEngine from stream_alert.shared import config, logger, stats from stream_alert.shared.metrics import MetricLogger LOGGER = logger.get_logger(__name__) LOGGER_DEBUG_ENABLED = LOGGER.isEnabledFor(logging.DEBUG) class StreamAlert(object): """Wrapper class for handling StreamAlert classification and processing""" config = {} def __init__(self, context): """Initializer Args: context (dict): An AWS context object which provides metadata on the currently executing lambda function. """ # Load the config. Validation occurs during load, which will