File size: 1,741 Bytes
7c89ed7 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 | #!/usr/bin/env python
from datetime import datetime
import optparse
import random
import socket
import time
from mozdef_util.utilities.toUTC import toUTC
from mozdef_util.elasticsearch_client import ElasticsearchClient
# A utility function to generate random ips to fill into event
def random_ip():
return str(random.randint(1, 255)) + "." + str(random.randint(1, 255)) + \
"." + str(random.randint(1, 255)) + "." + str(random.randint(1, 255))
parser = optparse.OptionParser()
parser.add_option('--elasticsearch_host', help='Elasticsearch host (default: http://localhost:9200)', default='http://localhost:9200')
options, arguments = parser.parse_args()
# Placeholders for variables from kibana -> python
# NO NEED TO MODIFY
true = True
false = False
null = None
# Fill in with events you want to write to elasticsearch
# NEED TO MODIFY
events = [
{
"category": "testcategory",
"details": {
"program": "sshd",
"type": "Success Login",
"username": "ttesterson",
"sourceipaddress": random_ip(),
},
"hostname": "i-99999999",
"mozdefhostname": socket.gethostname(),
"processid": "1337",
"processname": "auth0_cron",
"severity": "INFO",
"source": "auth0",
"summary": "login invalid ldap_count_entries failed",
"tags": ["auth0"],
}
]
es_client = ElasticsearchClient(options.elasticsearch_host)
for event in events:
timestamp = toUTC(datetime.now()).isoformat()
event['utctimestamp'] = timestamp
event['timestamp'] = timestamp
event['receivedtimestamp'] = timestamp
es_client.save_event(body=event)
print("Wrote event to elasticsearch")
time.sleep(0.2)
|