def __init__(self): """Initializes a Windows service event format helper.""" super(WinRegistryServiceFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='error_control', output_attribute='error_control', values=( human_readable_service_enums.SERVICE_ENUMS['ErrorControl'])) self.helpers.append(helper) helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='service_type', output_attribute='service_type', values=(human_readable_service_enums.SERVICE_ENUMS['Type'])) self.helpers.append(helper) helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='start_type', output_attribute='start_type', values=(human_readable_service_enums.SERVICE_ENUMS['Start'])) self.helpers.append(helper)
def __init__(self): """Initializes a Trend Micro Virus Log event format helper.""" super(OfficeScanVirusDetectionLogEventFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='action', output_attribute='action', values=self._SCAN_RESULTS) self.helpers.append(helper) helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='scan_type', output_attribute='scan_type', values=self._SCAN_TYPES) self.helpers.append(helper)
def __init__(self): """Initializes a Windows Restore Point information event format helper.""" super(RestorePointInfoFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='restore_point_event_type', output_attribute='restore_point_event_type', values=self._RESTORE_POINT_EVENT_TYPES) self.helpers.append(helper) helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='restore_point_type', output_attribute='restore_point_type', values=self._RESTORE_POINT_TYPES) self.helpers.append(helper)
def __init__(self): """Initializes a Windows Scheduled Task (job) event format helper.""" super(WinJobFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='trigger_type', output_attribute='trigger_type', values=self._TRIGGER_TYPES) self.helpers.append(helper)
def __init__(self): """Initializes a BSM log entry format helper.""" super(BSMFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='event_type', output_attribute='event_type_string', values=bsmtoken.BSM_AUDIT_EVENT) self.helpers.append(helper)
def __init__(self): """Initializes a Trend Micro Virus Log event format helper.""" super(OfficeScanWebReputationLogEventFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='block_mode', output_attribute='block_mode', values=self._BLOCK_MODES) self.helpers.append(helper)
def __init__(self): """Initializes an iMessage chat event format helper.""" super(IMessageFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='message_type', output_attribute='message_type', values=self._MESSAGE_TYPES) self.helpers.append(helper) helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='read_receipt', output_attribute='read_receipt', values=self._READ_RECEIPTS) self.helpers.append(helper)
def __init__(self): """Initializes an iOS Kik message event format helper.""" super(KikIOSMessageFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='message_status', output_attribute='message_status', values=self._MESSAGE_STATUSES) self.helpers.append(helper) helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='message_type', output_attribute='message_type', values=self._MESSAGE_TYPES) self.helpers.append(helper)
def __init__(self): super(WinRecyclerFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='drive_number', output_attribute='drive_letter', values=self._DRIVE_LETTER) self.helpers.append(helper)
def __init__(self): """Initializes a Twitter for Android status event format helper.""" super(TwitterAndroidStatusFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='favorited', output_attribute='favorited', values=self._YES_NO_VALUES) self.helpers.append(helper) helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='retweeted', output_attribute='retweeted', values=self._YES_NO_VALUES) self.helpers.append(helper)
def __init__(self): """Initializes a Tango on Android message event format helper.""" super(TangoAndroidMessageFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='Unknown', input_attribute='direction', output_attribute='direction', values=self._DIRECTION) self.helpers.append(helper)
def __init__(self): """Initializes an UTMPX session event format helper.""" super(UtmpxSessionFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='type', output_attribute='status', values=self._STATUS_TYPES) self.helpers.append(helper)
def __init__(self): """Initializes an a MacOS Notification Center event format helper.""" super(MacNotificationCenterFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='presented', output_attribute='presented', values=self._PRESENTED_VALUES) self.helpers.append(helper)
def __init__(self): """Initializes a Twitter on iOS 8+ contact event format helper.""" super(TwitterIOSContactFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='following', output_attribute='following', values=self._YES_NO_VALUES) self.helpers.append(helper)
def __init__(self): """Initializes a Chrome extension activity format helper.""" super(ChromeExtensionActivityEventFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='unknown', input_attribute='action_type', output_attribute='action_type_string', values=self._CHROME_ACTION_TYPES) self.helpers.append(helper)
def __init__(self): """Initializes an iMessage chat event format helper.""" super(MacOSTCCFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='allowed', output_attribute='allowed', values=self._ALLOWED) self.helpers.append(helper)
def __init__(self): """Initializes a Windows Recycler/Recycle Bin file event format helper.""" super(WinRecyclerFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='UNKNOWN', input_attribute='drive_number', output_attribute='drive_letter', values=self._DRIVE_LETTER) self.helpers.append(helper)
def __init__(self): """Initializes a Symantec AV log file event format helper.""" super(SymantecAVFormatter, self).__init__() helper = interface.EnumerationEventFormatterHelper( default='Unknown', input_attribute='event', output_attribute='event_map', values=self._EVENT_NAMES) self.helpers.append(helper) helper = interface.EnumerationEventFormatterHelper( default='Unknown', input_attribute='cat', output_attribute='category_map', values=self._CATEGORY_NAMES) self.helpers.append(helper) helper = interface.EnumerationEventFormatterHelper( default='Unknown', input_attribute='action0', output_attribute='action0_map', values=self._ACTION_0_NAMES) self.helpers.append(helper) helper = interface.EnumerationEventFormatterHelper( default='Unknown', input_attribute='action1', output_attribute='action1_map', values=self._ACTION_1_2_NAMES) self.helpers.append(helper) helper = interface.EnumerationEventFormatterHelper( default='Unknown', input_attribute='action2', output_attribute='action2_map', values=self._ACTION_1_2_NAMES) self.helpers.append(helper)
def _ReadEnumerationHelpers(self, formatter, enumeration_helpers_definition_values): """Reads enumeration helper definitions from a list. Args: formatter (EventFormatter): an event formatter. enumeration_helpers_definition_values (list[dict[str, object]]): enumeration helpers definition values. Raises: ParseError: if the format of the enumeration helper definitions are incorrect. """ for enumeration_helper in enumeration_helpers_definition_values: input_attribute = enumeration_helper.get('input_attribute', None) if not input_attribute: raise errors.ParseError( 'Invalid enumeration helper missing input attribute.') output_attribute = enumeration_helper.get('output_attribute', None) if not output_attribute: raise errors.ParseError( 'Invalid enumeration helper missing output attribute.') values = enumeration_helper.get('values', None) if not values: raise errors.ParseError( 'Invalid enumeration helper missing values.') default_value = enumeration_helper.get('default_value', None) helper = interface.EnumerationEventFormatterHelper( default=default_value, input_attribute=input_attribute, output_attribute=output_attribute, values=values) formatter.AddHelper(helper)
def testInitialization(self): """Tests the initialization.""" event_formatter_helper = interface.EnumerationEventFormatterHelper() self.assertIsNotNone(event_formatter_helper)
def testFormatEventValues(self): """Tests the FormatEventValues function.""" event_formatter_helper = interface.EnumerationEventFormatterHelper() event_values = {} event_formatter_helper.FormatEventValues(event_values)