cloudmarker.events package¶
A package for event plugins packaged with this project.
This package contains event plugins that are packaged as part of this
project. The event plugins implement a function named eval that
accepts one record as parameter, evaluates the record, and generates
zero or more event records for each input record. The event plugins also
implement and a function named done that perform cleanup work when
called.
Submodules¶
cloudmarker.events.azvmdatadiskencryptionevent module¶
Microsoft Azure VM Data disk encryption event.
This module defines the AzVMDataDiskEncryptionEvent class that
identifies an unencrypted Azure VM data disk. This plugin works on the
virtual machine properties found in the com bucket of
virtual_machine records.
-
class
cloudmarker.events.azvmdatadiskencryptionevent.AzVMDataDiskEncryptionEvent¶ Bases:
objectAz VM Data disk encryption event plugin.
Create an instance of
AzVMDataDiskEncryptionEvent.-
done()¶ Perform cleanup work.
Currently, this method does nothing. This may change in future.
-
cloudmarker.events.azvmosdiskencryptionevent module¶
Microsoft Azure VM OS disk encryption event.
This module defines the AzVMOSDiskEncryptionEvent class that
identifies an unencrypted Azure OS disk. This plugin works on the
virtual machine properties found in the com bucket of
virtual_machine records.
-
class
cloudmarker.events.azvmosdiskencryptionevent.AzVMOSDiskEncryptionEvent¶ Bases:
objectAz VM OS disk encryption event plugin.
Create an instance of
AzVMOSDiskEncryptionEvent.-
done()¶ Perform cleanup work.
Currently, this method does nothing. This may change in future.
-
cloudmarker.events.firewallruleevent module¶
Firewall rule event.
This module defines the FirewallRuleEvent class that identifies
weak firewall rules. This plugin works on the firewall properties found
in the com bucket of firewall rule records.
-
class
cloudmarker.events.firewallruleevent.FirewallRuleEvent(ports=None)¶ Bases:
objectFirewall rule event plugin.
Create an instance of
FirewallRuleEventplugin.Parameters: ports (list) – A list of strings that represent the ports to be checked for insecure exposure to the Internet. If Noneis specified or if unspecified, then this plugin defaults to checking ports 22, 3389, 1433, 1521, 3306, and 5432 for insecure exposure.-
done()¶ Perform cleanup work.
Currently, this method does nothing. This may change in future.
-
cloudmarker.events.mockevent module¶
Mock event plugin for testing purpose.
-
class
cloudmarker.events.mockevent.MockEvent(n=3)¶ Bases:
objectMock event plugin for testing purpose.
Create an instance of
MockEventplugin.This plugin events if the
datafield of a mock record is a multiple ofn.Parameters: n (int) – A number that the record data value in mock record must be a multiple of in order to generate an event record. -
done()¶ Perform cleanup work.
Since this is a mock plugin, this method does nothing. However, a typical event plugin may or may not need to perform cleanup work in this method depending on its nature of work.
-
eval(record)¶ Evaluate record to check for multiples of
n.If
record['raw']['data']is a multiple ofn(the parameter with which this plugin was initialized with), then generate an event record. Otherwise, do nothing.If
record['raw']['data]is missing, i.e., the key namedrawordatadoes not exist, then its record number is assumed to be1.This is a mock example of a event plugin. In actual event plugins, this method would typically check for security issues in the
record.Parameters: record (dict) – Record to evaluate. Yields: dict – Event record if evaluation rule matches the input record.
-