{ "info": { "author": "Guillaume Destuynder", "author_email": "gdestuynder@mozilla.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: System :: Logging" ], "description": "mozdef_client\n=============\n\nmozdef_client is a Python library for sending event information from Python\nsoftware to `MozDef`_.\n\n.. _MozDef: https://github.com/jeffbryner/MozDef/\n\nThis library performs functions such as message preformatting and validation,\nin addition to actually POSTing the events to MozDef using the provided event\ncollection URL.\n\nThe library supports submission of the following MozDef event types, with more\nto be added in the future.\n\n- Generic Events\n- Compliance Events\n- Vulnerability Events\n- Asset Hint Events\n\nThis library was previously known as mozdef_lib, but was renamed for clarity.\nThe previous version of the library can be found at `mozdef_lib`_.\n\n.. _mozdef_lib: https://github.com/gdestuynder/mozdef_lib/\n\nInstallation\n------------\n\nAs a Python Module\n~~~~~~~~~~~~~~~~~~\n\nTo install mozdef_client as a module using setup.py, the following\ncan be used.\n\n.. code::\n\n make install\n\nOr, to create an RPM/debian package and install that package:\n\n.. code::\n\n make rpm\n make deb\n rpm -i \n dpkg -i \n\nAs a Submodule\n~~~~~~~~~~~~~~\n\nAdd to your project with:\n\n.. code::\n\n git submodule add https://github.com/gdestuynder/mozdef_client\n git commit -a\n\nPython Dependencies\n~~~~~~~~~~~~~~~~~~~\n\n- requests_futures (Optional but recommended, otherwise events are synchronous)\n- pytz\n- boto3 (for AWS support)\n\nUsage\n-----\n\nThe following is an example for submitting generic MozDef events.\n\n.. code::\n\n import mozdef_client\n msg = mozdef_client.MozDefEvent('https://127.0.0.1:8443/events')\n msg.summary = 'a test message'\n msg.tags = ['tag1', 'tag2']\n msg.details = {'hostname': 'test', 'alert': True}\n msg.send()\n\nIt is also possible to additionally send the message to syslog, in this case\nit will be flattened.\n\n.. code::\n\n import mozdef_client\n msg = mozdef_client.MozDefEvent('https://127.0.0.1:8443/events')\n msg.summary = 'a test message'\n msg.tags = ['tag1', 'tag2']\n msg.details = {'hostname': 'test', 'alert': True}\n msg.set_send_to_syslog(True)\n msg.send()\n\n # Or optionally, if you only want to send to syslog.\n import mozdef_client\n msg = mozdef_client.MozDefEvent('https://127.0.0.1:8443/events')\n msg.summary = 'a test message'\n msg.tags = ['tag1', 'tag2']\n msg.details = {'hostname': 'test', 'alert': True}\n msg.set_send_to_syslog(True, only_syslog=True)\n msg.send()\n\n\nAnd here's how you send to an Sqs queue in AWS. Note that the URL is ignored for compatibility purposes.\n\n.. code::\n\n import mozdef_client\n msg = mozdef_client.MozDefEvent('https://127.0.0.1:8443/events')\n msg.summary = 'a test message'\n msg.tags = ['tag1', 'tag2']\n msg.details = {'hostname': 'test', 'alert': True}\n msg.set_send_to_sqs(True)\n msg.set_sqs_queue_name('my_queue')\n msg.set_sqs_region('us-west-1')\n msg.set_sqs_aws_account_id('012345678901') # Not required if the SQS queue is in the local AWS account\n # Note that unlike syslog this will NEVER send to MozDef HTTP (URL is ignored)\n msg.send()\n\nCompliance events (MozDefCompliance()) are sent the same way as\ngeneric events. Typically details and tags will be set. Details must\nadhere to the compliance event format or validation will fail.\n\nVulnerability events are submitted by setting the log\nattribute of the object to a dict representing the event. This dict is\nconverted in it's entirety to the event. The following is an example for\nvulnerability events.\n\n.. code::\n\n import mozdef_client\n msg = mozdef_client.MozDefVulnerability('https://127.0.0.1:8443/compliance')\n msg.log = vuln_msg\n msg.send()\n\nHint events operate like generic events, but set some default fields\nfor you.\n\n.. code::\n\n import mozdef_client\n msg = mozdef_client.MozDefAssetHint('https://127.0.0.1:8443/events')\n msg.summary = 'new host detected'\n msg.details = {'hostname': 'test'}\n msg.send()\n\nWith generic event messages, the summary field is the only mandatory field\nthat must be set on the event before submission. Compliance and vulnerability\nevents have a specific format and require a number of default fields to exist\nbefore submission. The validation functions in the library will raise a\nMozDefError exception if an error condition occurs (such as submission of an\ninvalid message).\n\nWith a generic event message, the members of the object you will generally\nmodify before calling send() include:\n\n* .details (dict)\n* .summary (string)\n* .tags (list)\n\nAlso, for event messages the set_severity() and set_category() methods can be\nused to change the message severity and category. The category argument is a\nstring value, the severity can be one of the following.\n\n* MozDefEvent.SEVERITY_INFO\n* MozDefEvent.SEVERITY_WARNING\n* MozDefEvent.SEVERITY_CRITICAL\n* MozDefEvent.SEVERITY_ERROR\n* MozDefEvent.SEVERITY_DEBUG\n\nWith compliance and vulnerability events, you will generally operate on the\n.log member of the object, which is a dict.\n\nNotes on Syslog Compatibility\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nWhen using the syslog compatibility mode, the JSON message is flattened into\na single line. The severity associated with the message will also be converted\ninto a syslog severity when the message is sent to syslog.\n\n.. code::\n\n import mozdef_client\n msg = mozdef_client.MozDefEvent('https://127.0.0.1:8443/events')\n msg.summary = 'a test event'\n msg.tags = ['generic', 'test']\n msg.details = {'one': 1, 'two': 'two'}\n msg.set_severity(MozDefEvent.SEVERITY_CRIT)\n msg.set_send_to_syslog(True, only_syslog=True)\n msg.send()\n\n::\n\n Mar 6 09:05:48 hostname mozdef_client.py: {\"category\": \"event\", \"processid\": 8095, \"severity\": \"CRIT\", \"tags\": [\"generic\", \"test\"], \"timestamp\": \"2015-03-06T15:05:48.226939+00:00\", \"hostname\": \"hostname\", \"summary\": \"a test event\", \"processname\": \"mozdef_client.py\", \"details\": {\"two\": \"two\", \"one\": 1}}\n\nCertificate Handling\n--------------------\n\nDuring testing with self-signed certificates, it may be useful to not validate\ncertificates. Certificate validation should be enabled in production; this can\nbe done by calling the set_verify() method on the event with a boolean argument.\n\nCertificates are validated using the default certificate path on the system. If\nyou want to specify a certificate to use, pass it with the set_verify_path()\nmethod on the event object before calling send().\n\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/gdestuynder/mozdef_client", "keywords": "mozdef client library", "license": "MPL", "maintainer": "", "maintainer_email": "", "name": "mozdef_client", "package_url": "https://pypi.org/project/mozdef_client/", "platform": "", "project_url": "https://pypi.org/project/mozdef_client/", "project_urls": { "Homepage": "https://github.com/gdestuynder/mozdef_client" }, "release_url": "https://pypi.org/project/mozdef_client/1.0.11/", "requires_dist": null, "requires_python": "", "summary": "A client library to send messages/events using MozDef", "version": "1.0.11" }, "last_serial": 2767185, "releases": { "1.0.10": [ { "comment_text": "", "digests": { "md5": "53e3923a65e15b131145e4e9bc02956d", "sha256": "669932cc1c0b183564393ca8fad44413c4d86cd84a3a2bc539f7aa1bef7124da" }, "downloads": -1, "filename": "mozdef_client-1.0.10.tar.gz", "has_sig": true, "md5_digest": "53e3923a65e15b131145e4e9bc02956d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8486, "upload_time": "2017-02-17T21:30:05", "url": "https://files.pythonhosted.org/packages/d3/b3/fb162bd78b4151c9cdabd1e7a3e1f3a0576d0b9bc1416ce737f964f3356b/mozdef_client-1.0.10.tar.gz" } ], "1.0.11": [ { "comment_text": "", "digests": { "md5": "85aa2780e408afdbe52e4e23c7da95f5", "sha256": "86b8c7065c21ce07d3095b5772f70fa152fe97258cde22311e5db4e34f5be26d" }, "downloads": -1, "filename": "mozdef_client-1.0.11.tar.gz", "has_sig": true, "md5_digest": "85aa2780e408afdbe52e4e23c7da95f5", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10124, "upload_time": "2017-04-10T18:23:49", "url": "https://files.pythonhosted.org/packages/cd/9b/d783ba277e2120add2709e45db926f8e916c5933df2db9725b7787884ae5/mozdef_client-1.0.11.tar.gz" } ], "1.0.3": [], "1.0.4": [ { "comment_text": "", "digests": { "md5": "2b88aa8be36d4690bb567ae5eec94810", "sha256": "3aff9af526a5595cef242f104b265e2718a683277ad4a3cd6bbe2ae42b30bf5c" }, "downloads": -1, "filename": "mozdef_client-1.0.4.tar.gz", "has_sig": true, "md5_digest": "2b88aa8be36d4690bb567ae5eec94810", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13637, "upload_time": "2015-06-19T23:47:34", "url": "https://files.pythonhosted.org/packages/72/74/ef4fe8911c41763c6dc6c11e9de3a2aa1c7774ebfb2750b277f2f4808765/mozdef_client-1.0.4.tar.gz" } ], "1.0.5": [ { "comment_text": "", "digests": { "md5": "8a086af4d1614f5d4bedbaa9b0e84350", "sha256": "a9834ae9d08eab625dec4e39e111ac1daf0e155f9a5fdc3d0a9fdd22fe2b0b93" }, "downloads": -1, "filename": "mozdef_client-1.0.5.tar.gz", "has_sig": false, "md5_digest": "8a086af4d1614f5d4bedbaa9b0e84350", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14284, "upload_time": "2015-12-31T21:54:10", "url": "https://files.pythonhosted.org/packages/68/c1/7409f4ba27193f377cf37ec4bc54987ad0b42e7e04bfe29e67a8a0077edc/mozdef_client-1.0.5.tar.gz" } ], "1.0.6": [ { "comment_text": "", "digests": { "md5": "f94add7200cb6acf5cc4134f44fecf1e", "sha256": "b9c1ba148bdd5c34867f4c2b77fdc42600a08f161edf246f962e0d41a2a68ff4" }, "downloads": -1, "filename": "mozdef_client-1.0.6.tar.gz", "has_sig": false, "md5_digest": "f94add7200cb6acf5cc4134f44fecf1e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14373, "upload_time": "2016-01-05T19:45:16", "url": "https://files.pythonhosted.org/packages/ae/fb/f54e71ee3ee3bfc8889d0586564b26e3e7686eae46083a9aaa9f3b516880/mozdef_client-1.0.6.tar.gz" } ], "1.0.7": [ { "comment_text": "", "digests": { "md5": "9209dcbb1d8a0b80b610de594e64870a", "sha256": "3540e630d889563499ba34fa96d4b2aa54d85d9147ac3e76cced052bd74be2e7" }, "downloads": -1, "filename": "mozdef_client-1.0.7.tar.gz", "has_sig": true, "md5_digest": "9209dcbb1d8a0b80b610de594e64870a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8469, "upload_time": "2016-08-12T20:19:12", "url": "https://files.pythonhosted.org/packages/ba/25/e6910b3f3051e6ec1ea10266e8228389b88580ae0aef8c379121a7aa4287/mozdef_client-1.0.7.tar.gz" } ], "1.0.8": [ { "comment_text": "", "digests": { "md5": "817b23fe26f9e14ff5c73838ea0dba5a", "sha256": "99d3b98164f2918c4076b81a98c4a66717504218118006239e972d7053b642eb" }, "downloads": -1, "filename": "mozdef_client-1.0.8.tar.gz", "has_sig": true, "md5_digest": "817b23fe26f9e14ff5c73838ea0dba5a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8471, "upload_time": "2017-01-13T23:56:03", "url": "https://files.pythonhosted.org/packages/3a/0a/abaaf6a5b486cfade61e3457fd1d984630acbe9301a83d57212203125949/mozdef_client-1.0.8.tar.gz" } ], "1.0.9": [ { "comment_text": "", "digests": { "md5": "3777e83890f4054595b9a3c9fa85d58e", "sha256": "16ba566f2e02efb1f2f1bb1d26a469f2b8fc81254bafa6e2366bb5833b8a6e83" }, "downloads": -1, "filename": "mozdef_client-1.0.9.tar.gz", "has_sig": true, "md5_digest": "3777e83890f4054595b9a3c9fa85d58e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8479, "upload_time": "2017-01-14T00:14:22", "url": "https://files.pythonhosted.org/packages/a7/c7/b6c51a00fdbcf52215f3f50e611af4a7bce308a4bc2cc80ded3e8c26b4b9/mozdef_client-1.0.9.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "85aa2780e408afdbe52e4e23c7da95f5", "sha256": "86b8c7065c21ce07d3095b5772f70fa152fe97258cde22311e5db4e34f5be26d" }, "downloads": -1, "filename": "mozdef_client-1.0.11.tar.gz", "has_sig": true, "md5_digest": "85aa2780e408afdbe52e4e23c7da95f5", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10124, "upload_time": "2017-04-10T18:23:49", "url": "https://files.pythonhosted.org/packages/cd/9b/d783ba277e2120add2709e45db926f8e916c5933df2db9725b7787884ae5/mozdef_client-1.0.11.tar.gz" } ] }