-
Notifications
You must be signed in to change notification settings - Fork 16
/
al-cwe-collector.js
113 lines (100 loc) · 3.59 KB
/
al-cwe-collector.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
'use strict';
const AlAwsCollector = require('@alertlogic/al-aws-collector-js').AlAwsCollector;
const m_packageJson = require('./package.json');
const parse = require('@alertlogic/al-collector-js').Parse
const async = require('async');
const typeIdPaths = [
{ path: ['detail', 'type'] }
];
const tsPaths = [
{ path: ['time'] }
];
class CweCollector extends AlAwsCollector {
constructor(context, aimsCreds, formatMessages, healthChecks = [], statsChecks = []) {
super(context,
"cwe",
AlAwsCollector.IngestTypes.SECMSGS,
m_packageJson.version,
aimsCreds,
formatMessages,
healthChecks,
statsChecks);
this.stack_name = process.env.stack_name;
}
getProperties(event) {
const baseProps = super.getProperties();
const stack_name = event && event.ResourceProperties.StackName ? event.ResourceProperties.StackName : this.stack_name;
const collectRule = event && event.ResourceProperties.CollectRule ? event.ResourceProperties.CollectRule : `aws.guardduty`;
let cweProps = {
cf_stack_name: stack_name,
collect_rule: collectRule
};
return Object.assign(cweProps, baseProps);
};
register(event, custom, callback) {
let collector = this;
let cweRegisterProps = this.getProperties(event);
AlAwsCollector.prototype.register.call(collector, event, cweRegisterProps, callback);
}
process(event, callback) {
const context = this._invokeContext;
var collector = this;
async.waterfall([
function (asyncCallback) {
collector._formatFun(event, context, asyncCallback);
},
function (formattedData, compress, asyncCallback) {
if (arguments.length === 2 && typeof compress === 'function') {
asyncCallback = compress;
compress = true;
}
collector.send(JSON.stringify(formattedData), compress, collector._ingestType, (err, res) => {
return asyncCallback(err, formattedData);
});
},
function (formattedData, asyncCallback) {
collector.processLog(formattedData.collected_batch.collected_messages, collector.formatLog.bind(collector), null, asyncCallback);
}
],
callback);
}
handleEvent(event, asyncCallback) {
let collector = this;
if (event.Records) {
return collector.process(event, asyncCallback);
} else {
if (!this.stack_name && event.StackName) {
this.stack_name = event.StackName;
}
return super.handleEvent(event);
}
};
/**
* Format the message to process logmessages
* @param {*} msg
*/
formatLog(msg) {
let collector = this;
const ts = parse.getMsgTs(msg, tsPaths);
const typeId = parse.getMsgTypeId(msg, typeIdPaths);
let formattedMsg = {
hostname: collector.collector_id,
messageTs: ts.sec,
priority: 11,
progName: 'CWECollector',
message: JSON.stringify(msg),
messageType: 'json/cwe',
applicationId: collector.application_id
};
if (typeId !== null && typeId !== undefined) {
formattedMsg.messageTypeId = `${typeId}`;
}
if (ts.usec) {
formattedMsg.messageTsUs = ts.usec;
}
return formattedMsg;
}
}
module.exports = {
cweCollector: CweCollector
};