MAINHACK

Viewing / Editing File: ossec_alert.py

File is not writable. Editing disabled.

"""
Generates SensorAlert from ossec incidents with high severity
"""
from defence360agent.contracts.plugins import MessageSink, MessageSource, \
    expect
from defence360agent.contracts.messages import MessageType


class OssecAlert(MessageSink, MessageSource):

    MIN_ALERT_LEVEL = 6
    FIELDS = ('plugin_id', 'attackers_ip', 'rule', 'user', 'timestamp')

    async def create_sink(self, loop):
        self._loop = loop

    async def create_source(self, loop, sink):
        self._loop = loop
        self._sink = sink

    @expect(MessageType.SensorIncident, plugin_id='ossec')
    async def generate_alert(self, msg):
        if (msg['severity'] >= self.MIN_ALERT_LEVEL) \
                and ('attackers_ip' in msg):
            alert = MessageType.SensorAlert(
                **{field: msg[field] for field in self.FIELDS if field in msg}
            )
            await self._sink.process_message(alert)

Cancel / Back

[ MAINHACK ]

Viewing / Editing File: ossec_alert.py

Server Info

System Features

User Info