Beispiel #1
0
func keyAlert(metadata ssh.ConnMetadata, key ssh.PublicKey) string {
	meta := baseAlertMap(metadata)
	meta["authtype"] = "publickey"
	meta["key"] = string(ssh.MarshalAuthorizedKey(key))

	return alert.NewSplunkAlertMessage(meta)
}
Beispiel #2
0
func passwdAlert(metadata ssh.ConnMetadata, passwd []byte) string {
	meta := baseAlertMap(metadata)
	meta["authtype"] = "password"
	meta["password"] = string(passwd)

	return alert.NewSplunkAlertMessage(meta)
}
Beispiel #3
0
func makeAlert(r *http.Request) string {
	meta := make(map[string]string)

	meta["service"] = "web"
	meta["remote"] = r.RemoteAddr
	meta["local"] = r.Host
	meta["url"] = r.URL.String()
	meta["user-agent"] = r.Header.Get("User-Agent")
	meta["cookie"] = r.Header.Get("Cookie")
	meta["referer"] = r.Header.Get("Referer")
	meta["method"] = r.Method
	err := r.ParseForm()
	if err == nil {
		meta["username"] = r.Form.Get("username")
		meta["password"] = r.Form.Get("password")
	}

	return alert.NewSplunkAlertMessage(meta)
}