diff --git a/config.json b/config.json index 48cc63a..a03f278 100644 --- a/config.json +++ b/config.json @@ -37,8 +37,8 @@ "reason", "version" ], - "last_module_update": "2023-05-24 00:00:00", - "last_update": "2023-05-24 00:00:00" + "last_module_update": "2023-05-25 00:00:00", + "last_update": "2023-05-25 00:00:00" }, { "group_id": "", @@ -427,8 +427,8 @@ "subject.process.parent.id", "subject.process.path" ], - "last_module_update": "2023-05-24 00:00:00", - "last_update": "2023-05-24 00:00:00" + "last_module_update": "2023-05-25 00:00:00", + "last_update": "2023-05-25 00:00:00" }, { "group_id": "", @@ -488,8 +488,8 @@ "subject.process.name", "subject.process.path" ], - "last_module_update": "2023-05-24 00:00:00", - "last_update": "2023-05-24 00:00:00" + "last_module_update": "2023-05-25 00:00:00", + "last_update": "2023-05-25 00:00:00" }, { "group_id": "", diff --git a/correlator/1.0.0/cmodule/engines/acts_engine.lua b/correlator/1.0.0/cmodule/engines/acts_engine.lua index c6f529e..df88182 100644 --- a/correlator/1.0.0/cmodule/engines/acts_engine.lua +++ b/correlator/1.0.0/cmodule/engines/acts_engine.lua @@ -20,7 +20,7 @@ function CActsEngine:init(cfg) self.super:init(cfg) self.correlator = CCorrEngine( - function(event) + function (event) self:push_result(event) end ) @@ -28,7 +28,7 @@ function CActsEngine:init(cfg) if not self.correlator.valid then __log.info("try to restore correlator instance") self.correlator = CCorrEngine( - function(event) + function (event) self:push_result(event) end, true diff --git a/correlator/1.0.0/cmodule/engines/base_engine.lua b/correlator/1.0.0/cmodule/engines/base_engine.lua index 8155c71..a80305f 100644 --- a/correlator/1.0.0/cmodule/engines/base_engine.lua +++ b/correlator/1.0.0/cmodule/engines/base_engine.lua @@ -156,7 +156,7 @@ function CBaseEngine:commit_success(src, action_name, action_data) -- case to notify other side about action execution result if type(action_data.retaddr) == "string" and action_data.retaddr ~= "" then - local data = cjson.encode(glue.merge({status = "success"}, action_data)) + local data = cjson.encode(glue.merge({ status = "success" }, action_data)) __api.send_data_to(src, data) end end @@ -174,7 +174,7 @@ function CBaseEngine:commit_failed(src, action_name, action_data) -- case to notify other side about action execution result if type(action_data.retaddr) == "string" and action_data.retaddr ~= "" then - local data = cjson.encode(glue.merge({status = "error"}, action_data)) + local data = cjson.encode(glue.merge({ status = "error" }, action_data)) __api.send_data_to(src, data) end end @@ -200,7 +200,7 @@ end -- out: string -- destination token (string) it'll be empty if agent disconnected function CBaseEngine:get_server_token() - local tablelength = function(t) + local tablelength = function (t) local count = 0 for _ in pairs(t) do count = count + 1 end return count diff --git a/correlator/1.0.0/cmodule/engines/corr_engine.lua b/correlator/1.0.0/cmodule/engines/corr_engine.lua index 886bc6d..2eef1da 100644 --- a/correlator/1.0.0/cmodule/engines/corr_engine.lua +++ b/correlator/1.0.0/cmodule/engines/corr_engine.lua @@ -85,7 +85,7 @@ end function CCorrEngine:init(receiveEvents, restore) zip.unzip(__tmpdir .. "\\data\\graphs.zip", "-d", __tmpdir .. "\\data\\") self.callbacks = { - receive = function(type, data, size) + receive = function (type, data, size) if type == 1 and receiveEvents then receiveEvents(ffi.string(data, size)) elseif type == 2 then diff --git a/correlator/1.0.0/cmodule/main.lua b/correlator/1.0.0/cmodule/main.lua index 880fa6a..0f1bf12 100644 --- a/correlator/1.0.0/cmodule/main.lua +++ b/correlator/1.0.0/cmodule/main.lua @@ -2,7 +2,7 @@ require("engines.acts_engine") -- base config to actions engine local cfg = { - config = {} + config = {}, } -- actions engine initialize @@ -12,24 +12,22 @@ local acts_engine = CActsEngine(cfg) __api.set_recv_timeout(5000) -- 5s __api.add_cbs({ - data = function(src, data) + data = function (src, data) __log.debugf("receive data from '%s' with data", src) assert(acts_engine ~= nil, "actions engine instance is not initialized") return acts_engine:recv_data(src, data) end, - - file = function(src, path, name) + file = function (src, path, name) __log.infof("receive file from '%s' with name '%s' path '%s'", src, name, path) assert(acts_engine ~= nil, "actions engine instance is not initialized") return acts_engine:recv_file(src, path, name) end, - -- text = function(src, text, name) -- msg = function(src, msg, mtype) - action = function(src, data, name) + action = function (src, data, name) __log.infof("receive action '%s' from '%s' with data %s", name, src, data) assert(acts_engine ~= nil, "actions engine instance is not initialized") @@ -37,8 +35,7 @@ __api.add_cbs({ __log.infof("requested action '%s' was executed: %s", name, action_result) return action_result end, - - control = function(cmtype, data) + control = function (cmtype, data) __log.debugf("receive control msg '%s' with data %s", cmtype, data) assert(acts_engine ~= nil, "actions engine instance is not initialized") diff --git a/correlator/1.0.0/cmodule/module.lua b/correlator/1.0.0/cmodule/module.lua index fd18492..b9c8eee 100644 --- a/correlator/1.0.0/cmodule/module.lua +++ b/correlator/1.0.0/cmodule/module.lua @@ -100,7 +100,7 @@ function CModule:register(profile, callbacks) self.functions = {} - self.functions["receive"] = function(transport, type, data, size) + self.functions["receive"] = function (transport, type, data, size) if callbacks and transport == self.transport and callbacks["receive"] then return callbacks["receive"](type, data, size) end diff --git a/correlator/1.0.0/smodule/main.lua b/correlator/1.0.0/smodule/main.lua index a4f28e4..4822d11 100644 --- a/correlator/1.0.0/smodule/main.lua +++ b/correlator/1.0.0/smodule/main.lua @@ -1,13 +1,11 @@ - __api.add_cbs({ - -- data = function(src, data) -- file = function(src, path, name) -- text = function(src, text, name) -- msg = function(src, msg, mtype) -- action = function(src, data, name) - control = function(cmtype, data) + control = function (cmtype, data) __log.debugf("receive control msg '%s' with payload: %s", cmtype, data) -- cmtype: "quit" diff --git a/correlator_linux/1.0.0/cmodule/engines/acts_engine.lua b/correlator_linux/1.0.0/cmodule/engines/acts_engine.lua index 4412ace..69a306b 100644 --- a/correlator_linux/1.0.0/cmodule/engines/acts_engine.lua +++ b/correlator_linux/1.0.0/cmodule/engines/acts_engine.lua @@ -20,7 +20,7 @@ function CActsEngine:init(cfg) self.super:init(cfg) self.correlator = CCorrEngine( - function(event) + function (event) self:push_result(event) end ) @@ -28,7 +28,7 @@ function CActsEngine:init(cfg) if not self.correlator.valid then __log.info("try to restore correlator instance") self.correlator = CCorrEngine( - function(event) + function (event) self:push_result(event) end, true @@ -292,11 +292,11 @@ function CActsEngine:push_result(event) if event_name == nil or event_name == "" then return end - local config_events = self.config["events"] or {events={}} - local config_event = config_events[event_name] or {fields={}} - local config_fields = self.config["fields"] or {properties={}} + local config_events = self.config["events"] or { events = {} } + local config_event = config_events[event_name] or { fields = {} } + local config_fields = self.config["fields"] or { properties = {} } local _fields = config_event["fields"] or {} - local defaults = {string = "", number = 0, integer = 0, object = {}, array = {}, boolean = false, null = nil} + local defaults = { string = "", number = 0, integer = 0, object = {}, array = {}, boolean = false, null = nil } for _, v in ipairs(self.proc_id_fields) do result[v] = tonumber(result[v]) diff --git a/correlator_linux/1.0.0/cmodule/engines/base_engine.lua b/correlator_linux/1.0.0/cmodule/engines/base_engine.lua index 8155c71..a80305f 100644 --- a/correlator_linux/1.0.0/cmodule/engines/base_engine.lua +++ b/correlator_linux/1.0.0/cmodule/engines/base_engine.lua @@ -156,7 +156,7 @@ function CBaseEngine:commit_success(src, action_name, action_data) -- case to notify other side about action execution result if type(action_data.retaddr) == "string" and action_data.retaddr ~= "" then - local data = cjson.encode(glue.merge({status = "success"}, action_data)) + local data = cjson.encode(glue.merge({ status = "success" }, action_data)) __api.send_data_to(src, data) end end @@ -174,7 +174,7 @@ function CBaseEngine:commit_failed(src, action_name, action_data) -- case to notify other side about action execution result if type(action_data.retaddr) == "string" and action_data.retaddr ~= "" then - local data = cjson.encode(glue.merge({status = "error"}, action_data)) + local data = cjson.encode(glue.merge({ status = "error" }, action_data)) __api.send_data_to(src, data) end end @@ -200,7 +200,7 @@ end -- out: string -- destination token (string) it'll be empty if agent disconnected function CBaseEngine:get_server_token() - local tablelength = function(t) + local tablelength = function (t) local count = 0 for _ in pairs(t) do count = count + 1 end return count diff --git a/correlator_linux/1.0.0/cmodule/engines/corr_engine.lua b/correlator_linux/1.0.0/cmodule/engines/corr_engine.lua index 17c875a..6715850 100644 --- a/correlator_linux/1.0.0/cmodule/engines/corr_engine.lua +++ b/correlator_linux/1.0.0/cmodule/engines/corr_engine.lua @@ -87,7 +87,7 @@ function CCorrEngine:init(receiveEvents, restore) local tmpdir_data = luapath.combine(__tmpdir, "data") zip.unzip(luapath.combine(tmpdir_data, "graphs.zip"), "-d", tmpdir_data) self.callbacks = { - receive = function(type, data, size) + receive = function (type, data, size) if type == 1 and receiveEvents then receiveEvents(ffi.string(data, size)) elseif type == 2 then diff --git a/correlator_linux/1.0.0/cmodule/main.lua b/correlator_linux/1.0.0/cmodule/main.lua index 880fa6a..0f1bf12 100644 --- a/correlator_linux/1.0.0/cmodule/main.lua +++ b/correlator_linux/1.0.0/cmodule/main.lua @@ -2,7 +2,7 @@ require("engines.acts_engine") -- base config to actions engine local cfg = { - config = {} + config = {}, } -- actions engine initialize @@ -12,24 +12,22 @@ local acts_engine = CActsEngine(cfg) __api.set_recv_timeout(5000) -- 5s __api.add_cbs({ - data = function(src, data) + data = function (src, data) __log.debugf("receive data from '%s' with data", src) assert(acts_engine ~= nil, "actions engine instance is not initialized") return acts_engine:recv_data(src, data) end, - - file = function(src, path, name) + file = function (src, path, name) __log.infof("receive file from '%s' with name '%s' path '%s'", src, name, path) assert(acts_engine ~= nil, "actions engine instance is not initialized") return acts_engine:recv_file(src, path, name) end, - -- text = function(src, text, name) -- msg = function(src, msg, mtype) - action = function(src, data, name) + action = function (src, data, name) __log.infof("receive action '%s' from '%s' with data %s", name, src, data) assert(acts_engine ~= nil, "actions engine instance is not initialized") @@ -37,8 +35,7 @@ __api.add_cbs({ __log.infof("requested action '%s' was executed: %s", name, action_result) return action_result end, - - control = function(cmtype, data) + control = function (cmtype, data) __log.debugf("receive control msg '%s' with data %s", cmtype, data) assert(acts_engine ~= nil, "actions engine instance is not initialized") diff --git a/correlator_linux/1.0.0/cmodule/module.lua b/correlator_linux/1.0.0/cmodule/module.lua index 53532db..1e95f4b 100644 --- a/correlator_linux/1.0.0/cmodule/module.lua +++ b/correlator_linux/1.0.0/cmodule/module.lua @@ -52,7 +52,7 @@ function CModule:init(moduleName) end end - self.wrap_load(function() + self.wrap_load(function () self.module = ffi.load(moduleName) end) @@ -111,7 +111,7 @@ function CModule:register(profile, callbacks) self.functions = {} - self.functions["receive"] = function(transport, type, data, size) + self.functions["receive"] = function (transport, type, data, size) if callbacks and transport == self.transport and callbacks["receive"] then return callbacks["receive"](type, data, size) end @@ -123,7 +123,7 @@ function CModule:register(profile, callbacks) self.module_i = self.api.create(self.transport, 0, nil) self.profile = ffi.new("const char[?]", #profile + 1, profile) - self.wrap_load(function() + self.wrap_load(function () self.api.is_inited = self.module_i.init(self.transport, self.profile, #profile) end) diff --git a/correlator_linux/1.0.0/smodule/main.lua b/correlator_linux/1.0.0/smodule/main.lua index a4f28e4..4822d11 100644 --- a/correlator_linux/1.0.0/smodule/main.lua +++ b/correlator_linux/1.0.0/smodule/main.lua @@ -1,13 +1,11 @@ - __api.add_cbs({ - -- data = function(src, data) -- file = function(src, path, name) -- text = function(src, text, name) -- msg = function(src, msg, mtype) -- action = function(src, data, name) - control = function(cmtype, data) + control = function (cmtype, data) __log.debugf("receive control msg '%s' with payload: %s", cmtype, data) -- cmtype: "quit" diff --git a/sysmon/1.0.0/cmodule/main.lua b/sysmon/1.0.0/cmodule/main.lua index 8410987..bfac1b1 100644 --- a/sysmon/1.0.0/cmodule/main.lua +++ b/sysmon/1.0.0/cmodule/main.lua @@ -565,14 +565,13 @@ end __api.set_recv_timeout(5000) -- 5s __api.add_cbs({ - -- data = function(src, data) -- file = function(src, path, name) -- text = function(src, text, name) -- msg = function(src, msg, mtype) -- action = function(src, data, name) - control = function(cmtype, data) + control = function (cmtype, data) __log.debugf("receive control msg '%s' with payload: %s", cmtype, data) if cmtype == "update_config" then -- update current action and event list from new config diff --git a/sysmon/1.0.0/smodule/main.lua b/sysmon/1.0.0/smodule/main.lua index a4f28e4..4822d11 100644 --- a/sysmon/1.0.0/smodule/main.lua +++ b/sysmon/1.0.0/smodule/main.lua @@ -1,13 +1,11 @@ - __api.add_cbs({ - -- data = function(src, data) -- file = function(src, path, name) -- text = function(src, text, name) -- msg = function(src, msg, mtype) -- action = function(src, data, name) - control = function(cmtype, data) + control = function (cmtype, data) __log.debugf("receive control msg '%s' with payload: %s", cmtype, data) -- cmtype: "quit" diff --git a/tools/gen_correlator_config.py b/tools/gen_correlator_config.py index 463395b..5132c5d 100644 --- a/tools/gen_correlator_config.py +++ b/tools/gen_correlator_config.py @@ -45,12 +45,6 @@ def_actions = [ "name": "log_to_db", "priority": 10 }, - { - "fields": [], - "module_name": "pt_siem", - "name": "send_to_siem", - "priority": 10 - }, { "fields": [], "module_name": "syslog",