Beispiel #1
0
// Send a vulnerability event to MozDef
func sendVulnerability(item gozdef.VulnEvent) (err error) {
	ac := gozdef.ApiConf{Url: conf.MozDef.URL}
	pub, err := gozdef.InitApi(ac)
	if err != nil {
		return
	}
	err = pub.Send(item)
	return
}
Beispiel #2
0
func sendAlert(d genericAlert) (err error) {
	defer func() {
		if e := recover(); e != nil {
			err = fmt.Errorf("sendAlert() -> %v", e)
		}
	}()

	hname, err := os.Hostname()
	if err != nil {
		panic(err)
	}

	ac := gozdef.ApiConf{Url: cfg.MozDef.MozDefURL}
	pub, err := gozdef.InitApi(ac)
	if err != nil {
		panic(err)
	}
	newev := gozdef.Event{}
	newev.Notice()
	newev.Timestamp = time.Now().UTC()
	newev.Category = "geomodelnotice"
	newev.ProcessName = os.Args[0]
	newev.ProcessID = float64(os.Getpid())
	newev.Hostname = hname
	newev.Source = "geomodel"
	newev.Tags = append(newev.Tags, "geomodel")
	newev.Details = d
	newev.Summary, err = d.makeSummary()
	if err != nil {
		panic(err)
	}

	err = pub.Send(newev)
	if err != nil {
		panic(err)
	}

	return nil
}
Beispiel #3
0
// Send a compliance item to MozDef
func sendItem(item gozdef.ComplianceItem) (err error) {
	ev, err := gozdef.NewEvent()
	if err != nil {
		return
	}
	ev.Category = "complianceitems"
	ev.Source = "mig"
	cverb := "fails"
	if item.Compliance {
		cverb = "passes"
	}
	ev.Summary = fmt.Sprintf("%s %s compliance with %s", item.Target, cverb, item.Check.Ref)
	ev.Tags = append(ev.Tags, "mig")
	ev.Tags = append(ev.Tags, "compliance")
	ev.Info()
	ev.Details = item
	ac := gozdef.ApiConf{Url: conf.MozDef.URL}
	pub, err := gozdef.InitApi(ac)
	if err != nil {
		return
	}
	err = pub.Send(ev)
	return
}