Source code for honeycomb.decoymanager.models

# -*- coding: utf-8 -*-
"""Honeycomb defs and constants."""

from __future__ import unicode_literals, absolute_import

import platform
from uuid import uuid4

from attr import attrs, attrib, validators, Factory
from datetime import datetime

from honeycomb.servicemanager.models import ServiceType


[docs]@attrs(slots=True) class AlertType(object): """Alert Type.""" name = attrib(type=str) label = attrib(type=str) service_type = attrib(type=ServiceType)
[docs]@attrs(slots=True) class Alert(object): """Alert object.""" STATUS_IGNORED = 0 STATUS_MUTED = 1 STATUS_ALERT = 2 ALERT_STATUS = ( (STATUS_IGNORED, "Ignore"), # == Generate alert in logs but don't send to integrations (STATUS_MUTED, "Mute"), # Generate alert but send only to integrations that accept muted alerts (STATUS_ALERT, "Alert") # Generate alert and send to all integrations ) alert_type = attrib(type=AlertType) id = attrib(type=str, default=Factory(uuid4)) status = attrib(type=int, default=STATUS_ALERT, validator=validators.in_([_[0] for _ in ALERT_STATUS])) timestamp = attrib(type=datetime, default=Factory(datetime.now)) event_type = attrib(init=False, type=str) manufacturer = attrib(init=False, type=str) event_description = attrib(init=False, type=str, default=Factory(lambda self: self.alert_type.label, takes_self=True)) request = attrib(init=False, type=str) dest_ip = attrib(init=False) dest_port = attrib(init=False) file_accessed = attrib(init=False) originating_ip = attrib(init=False) originating_port = attrib(init=False) transport_protocol = attrib(init=False) originating_hostname = attrib(init=False) originating_mac_address = attrib(init=False) domain = attrib(init=False) username = attrib(init=False) password = attrib(init=False) image_md5 = attrib(init=False) image_path = attrib(init=False) image_file = attrib(init=False) image_sha256 = attrib(init=False) cmd = attrib(init=False) pid = attrib(init=False) uid = attrib(init=False) ppid = attrib(init=False) address = attrib(init=False) end_timestamp = attrib(init=False) # decoy (service) fields: decoy_os = attrib(init=False, default=Factory(platform.system)) decoy_ipv4 = attrib(init=False) decoy_name = attrib(init=False) decoy_hostname = attrib(init=False) # Extra fields: additional_fields = attrib(init=False)