MOON
Server: Apache
System: Linux server30c.hostingraja.org 3.10.0-962.3.2.lve1.5.63.el7.x86_64 #1 SMP Fri Oct 8 12:03:35 UTC 2021 x86_64
User: jibhires (1887)
PHP: 8.1.30
Disabled: show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen, symlink, escapeshellcmd, pcntl_exec
$ pwd: /opt/imunify360/venv/lib64/python3.11/site-packages/im360/plugins/resident/
Upload Files
File: //opt/imunify360/venv/lib64/python3.11/site-packages/im360/plugins/resident/ossec_alert.py
"""
Generates SensorAlert from ossec incidents with high severity
"""
from defence360agent.contracts.plugins import (
    MessageSink,
    MessageSource,
    expect,
)
from defence360agent.contracts.messages import MessageType


class OssecAlert(MessageSink, MessageSource):
    MIN_ALERT_LEVEL = 6
    FIELDS = ("plugin_id", "attackers_ip", "rule", "user", "timestamp")

    async def create_sink(self, loop):
        self._loop = loop

    async def create_source(self, loop, sink):
        self._loop = loop
        self._sink = sink

    @expect(MessageType.SensorIncident, plugin_id="ossec")
    async def generate_alert(self, msg):
        if (msg["severity"] >= self.MIN_ALERT_LEVEL) and (
            "attackers_ip" in msg
        ):
            alert = MessageType.SensorAlert(
                **{field: msg[field] for field in self.FIELDS if field in msg}
            )
            await self._sink.process_message(alert)
@ Telegram