django-restit 4.2.79__py3-none-any.whl → 4.2.80__py3-none-any.whl

{django_restit-4.2.79.dist-info → django_restit-4.2.80.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: django-restit
-Version: 4.2.79
+Version: 4.2.80
 Summary: A Rest Framework for DJANGO
 License: MIT
 Author: Ian Starnes

{django_restit-4.2.79.dist-info → django_restit-4.2.80.dist-info}/RECORD

@@ -114,10 +114,9 @@ incident/models/ossec.py,sha256=eUDRGawzuLWobKEVGKfdZisDnyjS_Hlxi0T_GCSLCCI,2252
 incident/models/rules.py,sha256=SMlDRw_r3fGv-vmRojRLmsklqRRxDcjrSLVBIz-gadA,6884
 incident/models/ticket.py,sha256=S3kqGQpYLE6Y4M9IKu_60sgW-f592xNr8uufqHnvDoU,2302
 incident/parsers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-incident/parsers/ossec.py,sha256=8SUma8wb2KmrcgACc6jESD_gXklCsMnKVyY7GrXYrtY,10812
+incident/parsers/ossec.py,sha256=ZUGycC6jn07ltQR6_wjr80BeVa2m12rpfTUgGktNsww,11093
 incident/periodic.py,sha256=eX1rQK6v65A9ugofTvJPSmAWei6C-3EYgzCMuGZ03jM,381
 incident/rpc.py,sha256=viJt873b8T8SiAq10EM57lF8g7ghyj3ymdkaXzh2Ass,8181
-incident/server.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 incident/templates/email/incident_change.html,sha256=tQYphypwLukkVdwH0TB2Szz2VEJ7GnsfRS3_ZJ-MYeE,13895
 incident/templates/email/incident_msg.html,sha256=MZdKhTddUF2MpiH8Z3RTQEmW_ko1n3ajeZ11KLtiLlU,13780
 incident/templates/email/incident_new.html,sha256=W6nwFQROnyDfMlXub8s02ws4hGnJp16pfgp9xTm_aEc,15185
@@ -503,7 +502,7 @@ ws4redis/servers/uwsgi.py,sha256=VyhoCI1DnVFqBiJYHoxqn5Idlf6uJPHvfBKgkjs34mo,172
 ws4redis/settings.py,sha256=K0yBiLUuY81iDM4Yr-k8hbvjn5VVHu5zQhmMK8Dtz0s,1536
 ws4redis/utf8validator.py,sha256=S0OlfjeGRP75aO6CzZsF4oTjRQAgR17OWE9rgZdMBZA,5122
 ws4redis/websocket.py,sha256=R0TUyPsoVRD7Y_oU7w2I6NL4fPwiz5Vl94-fUkZgLHA,14848
-django_restit-4.2.79.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
-django_restit-4.2.79.dist-info/METADATA,sha256=7Hya_J4qnHewCMwlz5m2Y2JLnN2b4TpVX2pVekbpjCw,7645
-django_restit-4.2.79.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-django_restit-4.2.79.dist-info/RECORD,,
+django_restit-4.2.80.dist-info/LICENSE.md,sha256=VHN4hhEeVOoFjtG-5fVv4jesA4SWi0Z-KgOzzN6a1ps,1068
+django_restit-4.2.80.dist-info/METADATA,sha256=KDR2gMFLnE6SpovRuWjJVXm8hleYQ7j2PNs2wqh2FlA,7645
+django_restit-4.2.80.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+django_restit-4.2.80.dist-info/RECORD,,

incident/parsers/ossec.py

@@ -131,8 +131,12 @@ def parse_alert_metadata(alert):
         if match:
             return dict(filename=match.group(1), action="added")
     elif alert.rule_id == "5402":
-        match = re.search(r'(?P<username>\w+) : PWD=(?P<pwd>\S+) ; USER=(?P<user>\w+) ; COMMAND=(?P<command>.+)', alert.text)
-        return match.groupdict()
+        match = re.search(r'(?P<username>[\w-]+) : PWD=(?P<pwd>\S+) ; USER=(?P<user>\w+) ; COMMAND=(?P<command>.+)', alert.text)
+        if match:
+            return match.groupdict()
+        match = re.search(r'(?P<username>[\w-]+) : TTY=(?P<tty>\S+) ; PWD=(?P<pwd>\S+) ; USER=(?P<user>\w+) ; COMMAND=(?P<command>.+)', alert.text)
+        if match:
+            return match.groupdict()
     elif alert.rule_id in ["5501", "5502"]:
         match = re.search(r"session (?P<action>\S+) for user (?P<username>\S+)*", alert.text)
         if match:
@@ -239,7 +243,8 @@ def update_by_rule(data, geoip=None):
     elif data.rule_id == "533":
         data.title = f"Network Open Port Change Detected on {data.hostname}"
     elif data.rule_id == "5402":
-        data.title = f"Sudo(user: {data.user}) executed on {data.hostname}"
+        cmd = truncate_str(data.command, 50)
+        data.title = f"Sudo(user: {data.user}) executed '{cmd}' on {data.hostname}"
     elif data.rule_id in ["551", "554"] and data.filename:
         name = truncate_str(data.filename, 50)
         data.title = f"File {data.action.capitalize()} on {data.hostname}: {name}"