newrelic_security 0.1.0

data/lib/newrelic_security/instrumentation-security/kernel/chain.rb

@@ -0,0 +1,65 @@
+module NewRelic::Security
+  module Instrumentation
+    module Kernel
+      module Chain
+        def self.instrument!
+          ::Object.class_eval do
+            include NewRelic::Security::Instrumentation::Kernel
+
+            private
+
+            # TODO: This hook is useful for applying instrumentation on dynamically loaded modules, dynamic loading of module is unsupported for now.
+            # alias_method :require_without_security, :require
+
+            # def require(name)
+            #   retval = nil
+            #   event = require_on_enter(name) { retval = require_without_security(name) }
+            #   require_on_exit(event, retval, name) { return retval }
+            # end
+            
+            alias_method :system_without_security, :system
+
+            def system(*var)
+              retval = nil
+              event = system_on_enter(*var) { retval = system_without_security(*var) }
+              system_on_exit(event, retval) { return retval }
+            end
+
+            alias_method :backtick_without_security, :`
+
+            def `(cmd)
+              retval = nil
+              event = backtick_on_enter(cmd) { retval = backtick_without_security(cmd) }
+              backtick_on_exit(event) { return retval }
+            end
+
+            alias_method :spawn_without_security, :spawn
+
+            def spawn(*var)
+              retval = nil
+              event = spawn_on_enter(*var) { retval = spawn_without_security(*var) }
+              spawn_on_exit(event, retval) { return retval }
+            end
+
+            alias_method :exec_without_security, :exec
+
+            def exec(*var)
+              retval = nil
+              event = exec_on_enter(*var) { retval = exec_without_security(*var) }
+              exec_on_exit(event) { return retval }
+            end
+
+            alias_method :open_without_security, :open
+
+            def open(*args, **kwargs)
+              retval = nil
+              event = open_on_enter(*args, **kwargs) { retval = open_without_security(*args, **kwargs) }
+              open_on_exit(event, retval) { return retval }
+            end
+            
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/kernel/instrumentation.rb

@@ -0,0 +1,167 @@
+require_relative 'prepend'
+require_relative 'chain'
+
+module NewRelic::Security
+  module Instrumentation
+    module Kernel
+
+      def require_on_enter(name)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def require_on_exit(event, retval, name)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        if retval
+          NewRelic::Security::Agent.logger.info "Dynamic loading of #{name} module observed, TODO: Call Instrumentation API"
+           # TODO: Call Instrumentation API here (Dynamic loading of module observed)
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def system_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        ic_args = []
+        var.each { |arg| 
+          ic_args << arg if arg.is_a? String
+        }
+        event = NewRelic::Security::Agent::Control::Collector.collect(SYSTEM_COMMAND, ic_args)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def system_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def backtick_on_enter(cmd)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        event = NewRelic::Security::Agent::Control::Collector.collect(SYSTEM_COMMAND, Array(cmd))
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def backtick_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if $? && $?.exitstatus == 0
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def spawn_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        ic_args = []
+        var.each { |arg| 
+          ic_args << arg if arg.is_a? String
+        }
+        event = NewRelic::Security::Agent::Control::Collector.collect(SYSTEM_COMMAND, ic_args)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def spawn_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(Integer)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def exec_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        event = NewRelic::Security::Agent::Control::Collector.collect(SYSTEM_COMMAND, var)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def exec_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent.logger.debug "Exit event : #{event}"
+        # TODO: Add exit event if required
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def open_on_enter(*args, **kwargs)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = ::File.path(args[0]) #some times it is 'String' or 'Path' class
+        if fname.start_with?(PIPE)
+          event = NewRelic::Security::Agent::Control::Collector.collect(SYSTEM_COMMAND, args)
+        else
+          abs_path = ::File.expand_path(fname)
+          if args.length == 2
+            fmode = args[1]
+            event_category = NewRelic::Security::Instrumentation::InstrumentationUtils::OPEN_MODES.include?(fmode) ? READ : WRITE
+            if NewRelic::Security::Instrumentation::InstrumentationUtils.notify_app_integrity_open?(fname, abs_path, fmode)
+              event = NewRelic::Security::Agent::Control::Collector.collect(FILE_INTEGRITY, Array(fname), event_category)
+            else
+              if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+                NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{fname} #{fmode}"
+              else
+                event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, Array(fname), event_category)
+              end
+            end
+          else
+            if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+              NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{args}"
+            else
+              event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, Array(fname), READ)
+            end
+          end
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def open_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(Integer)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+    end
+  end
+end
+
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:kernel, ::Object, ::NewRelic::Security::Instrumentation::Kernel)

data/lib/newrelic_security/instrumentation-security/kernel/prepend.rb

@@ -0,0 +1,50 @@
+module NewRelic::Security
+  module Instrumentation
+    module Kernel
+      module Prepend
+        include NewRelic::Security::Instrumentation::Kernel
+
+        private
+
+        # TODO: This hook is useful for applying instrumentation on dynamically loaded modules, dynamic loading of module is unsupported for now.
+        # def require(name)
+        #   retval = nil
+        #   event = require_on_enter(name) { retval = super }
+        #   require_on_exit(event, retval, name) { return retval }
+        # end
+
+        def system(*var)
+          retval = nil
+          event = system_on_enter(*var) { retval = super }
+          system_on_exit(event, retval) { return retval }
+        end
+
+        def `(cmd)
+          retval = nil
+          event = backtick_on_enter(cmd) { retval = super }
+          backtick_on_exit(event) { return retval }
+        end
+
+        def spawn(*var)
+          retval = nil
+          event = spawn_on_enter(*var) { retval = super }
+          spawn_on_exit(event, retval) { return retval }
+        end
+        
+        # TODO: Add fork hook if required
+        def exec(*var)
+          retval = nil
+          event = exec_on_enter(*var) { retval = super }
+          exec_on_exit(event) { return retval }
+        end
+
+        def open(*args, **kwargs)
+          retval = nil
+          event = open_on_enter(*args, **kwargs) { retval = super }
+          open_on_exit(event, retval) { return retval }
+        end
+
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/mongo/chain.rb

@@ -0,0 +1,106 @@
+module NewRelic::Security
+  module Instrumentation
+    module Mongo
+      module Collection
+        module Chain
+          def self.instrument!
+            ::Mongo::Collection.class_eval do
+              include NewRelic::Security::Instrumentation::Mongo::Collection
+  
+              alias_method :find_without_security, :find
+    
+              def find(filter = nil, options = {})
+                retval = nil
+                event = find_on_enter(filter, options) { retval = find_without_security(filter, options) }
+                find_on_exit(event) { return retval }
+              end
+
+              alias_method :insert_one_without_security, :insert_one
+    
+              def insert_one(document, opts = {})
+                retval = nil
+                event = insert_one_on_enter(document, opts) { retval = insert_one_without_security(document, opts) }
+                insert_one_on_exit(event) { return retval }
+              end
+
+              alias_method :insert_many_without_security, :insert_many
+    
+              def insert_many(documents, options = {})
+                retval = nil
+                event = insert_many_on_enter(documents, options) { retval = insert_many_without_security(documents, options) }
+                insert_many_on_exit(event) { return retval }
+              end
+            end
+          end
+        end
+
+        module View
+          module Chain
+            def self.instrument!
+              ::Mongo::Collection::View.class_eval do
+                include NewRelic::Security::Instrumentation::Mongo::Collection::View
+    
+                alias_method :update_one_without_security, :update_one
+  
+                def update_one(spec, opts = {})
+                  retval = nil
+                  event = update_one_on_enter(spec, opts) { retval = update_one_without_security(spec, opts) }
+                  update_one_on_exit(event) { return retval }
+                end
+
+                alias_method :update_many_without_security, :update_many
+    
+                def update_many(spec, opts = {})
+                  retval = nil
+                  event = update_many_on_enter(spec, opts) { retval = update_many_without_security(spec, opts) }
+                  update_many_on_exit(event) { return retval }
+                end
+
+                alias_method :delete_one_without_security, :delete_one
+    
+                def delete_one(opts = {})
+                  retval = nil
+                  event = delete_one_on_enter(opts) { retval = delete_one_without_security(opts) }
+                  delete_one_on_exit(event) { return retval }
+                end
+
+                alias_method :find_one_and_delete_without_security, :find_one_and_delete
+    
+                def find_one_and_delete(opts = {})
+                  retval = nil
+                  event = find_one_and_delete_on_enter(opts) { retval = find_one_and_delete_without_security(opts) }
+                  find_one_and_delete_on_exit(event) { return retval }
+                end
+
+                alias_method :delete_many_without_security, :delete_many
+    
+                def delete_many(opts = {})
+                  retval = nil
+                  event = delete_many_on_enter(opts) { retval = delete_many_without_security(opts) }
+                  delete_many_on_exit(event) { return retval }
+                end
+
+                alias_method :replace_one_without_security, :replace_one
+    
+                def replace_one(replacement, opts = {})
+                  retval = nil
+                  event = replace_one_on_enter(replacement, opts) { retval = replace_one_without_security(replacement, opts) }
+                  replace_one_on_exit(event) { return retval }
+                end
+
+                alias_method :find_one_and_update_without_security, :find_one_and_update
+                
+                def find_one_and_update(document, opts = {})
+                  retval = nil
+                  event = find_one_and_update_on_enter(document, opts) { retval = find_one_and_update_without_security(document, opts) }
+                  find_one_and_update_on_exit(event) { return retval }
+                end
+  
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/mongo/instrumentation.rb

@@ -0,0 +1,273 @@
+require_relative 'prepend'
+require_relative 'chain'
+
+module NewRelic::Security
+  module Instrumentation
+    module Mongo::Collection
+
+      def find_on_enter(filter, options)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:payload] = {}
+        hash[:payload][:filter] = filter
+        hash[:payload][:options] = options
+        hash[:payloadType] = :find #bind params
+        event = NewRelic::Security::Agent::Control::Collector.collect(NOSQL_DB_COMMAND, [hash], MONGO)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def find_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def insert_one_on_enter(document, opts)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        if caller_locations[1].label.to_s == "insert_one_with_clear_cache"
+          NewRelic::Security::Agent.logger.debug "Filtered to break the loop calling #{self.class}.#{__method__} from 'insert_one_with_clear_cache'"
+          return
+        end
+        hash = {}
+        hash[:payload] = {}
+        hash[:payload][:document] = document
+        hash[:payload][:opts] = opts
+        hash[:payloadType] = :insert
+        event = NewRelic::Security::Agent::Control::Collector.collect(NOSQL_DB_COMMAND, [hash], MONGO)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def insert_one_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def insert_many_on_enter(documents, options)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:payload] = {}
+        hash[:payload][:documents] = documents
+        hash[:payload][:options] = options
+        hash[:payloadType] = :insert
+        event = NewRelic::Security::Agent::Control::Collector.collect(NOSQL_DB_COMMAND, [hash], MONGO)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def insert_many_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
+
+    module Mongo::Collection::View
+      def update_one_on_enter(spec, opts)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:payload] = {}
+        hash[:payload][:filter] = instance_variable_get(:@filter)
+        hash[:payload][:spec] = spec
+        hash[:payload][:opts] = opts
+        hash[:payloadType] = :update
+        event = NewRelic::Security::Agent::Control::Collector.collect(NOSQL_DB_COMMAND, [hash], MONGO)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def update_one_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def update_many_on_enter(spec, opts)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:payload] = {}
+        hash[:payload][:filter] = instance_variable_get(:@filter)
+        hash[:payload][:spec] = spec
+        hash[:payload][:opts] = opts
+        hash[:payloadType] = :update
+        event = NewRelic::Security::Agent::Control::Collector.collect(NOSQL_DB_COMMAND, [hash], MONGO)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def update_many_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def delete_one_on_enter(opts)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:payload] = {}
+        hash[:payload][:filter] = instance_variable_get(:@filter)
+        hash[:payload][:opts] = opts
+        hash[:payloadType] = :delete
+        event = NewRelic::Security::Agent::Control::Collector.collect(NOSQL_DB_COMMAND, [hash], MONGO)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def delete_one_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def find_one_and_delete_on_enter(opts)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:payload] = {}
+        hash[:payload][:filter] = instance_variable_get(:@filter)
+        hash[:payload][:opts] = opts
+        hash[:payloadType] = :delete
+        event = NewRelic::Security::Agent::Control::Collector.collect(NOSQL_DB_COMMAND, [hash], MONGO)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def find_one_and_delete_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def delete_many_on_enter(opts)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:payload] = {}
+        hash[:payload][:filter] = instance_variable_get(:@filter)
+        hash[:payload][:opts] = opts
+        hash[:payloadType] = :delete
+        event = NewRelic::Security::Agent::Control::Collector.collect(NOSQL_DB_COMMAND, [hash], MONGO)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def delete_many_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def replace_one_on_enter(replacement, opts)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:payload] = {}
+        hash[:payload][:filter] = instance_variable_get(:@filter)
+        hash[:payload][:replacement] = replacement
+        hash[:payload][:opts] = opts
+        hash[:payloadType] = :update
+        event = NewRelic::Security::Agent::Control::Collector.collect(NOSQL_DB_COMMAND, [hash], MONGO)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def replace_one_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def find_one_and_update_on_enter(document, opts)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:payload] = {}
+        hash[:payload][:filter] = instance_variable_get(:@filter)
+        hash[:payload][:document] = document
+        hash[:payload][:opts] = opts
+        hash[:payloadType] = :update
+        event = NewRelic::Security::Agent::Control::Collector.collect(NOSQL_DB_COMMAND, [hash], MONGO)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def find_one_and_update_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+    end
+  end
+end
+
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:mongo, ::Mongo::Collection, ::NewRelic::Security::Instrumentation::Mongo::Collection)
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:mongo, ::Mongo::Collection::View, ::NewRelic::Security::Instrumentation::Mongo::Collection::View)