Python lib for MozDef clients.
Manually: .. code:
make install
As a rpm/deb package .. code:
make rpm make deb rpm -i <package.rpm> dpkg -i <package.deb>
Add to your project with:
git submodule add https://github.com/gdestuynder/mozdef_lib mozdef git commit -a
- requests_futures for python2 (optional but highly recommended, else messages are synchronous)
- pytz
Note
If you can, it is recommended to fill-in details={}, category='' and severity='' even thus those are optional.
These are also the 'internal attributes' which you can modify.
{ "category": "authentication", "details": { "uid": 0, "username": "kang" }, "hostname": "blah.private.scl3.mozilla.com", "processid": 14619, "processname": "./mozdef.py", "severity": "CRITICAL", "summary": "new test msg", "tags": [ "bro", "auth" ], "timestamp": "2014-03-18T23:20:31.013344+00:00" }
During testing with self-signed certificates, it may be useful to disable certificate checking while connecting to MozDef. It may also just be that you have a custom CA file that you want to point to.
That's how you do all this:
msg.verify_certificate = False # not recommended, security issue. msg.verify_certificate = True # uses default certs from /etc/ssl/certs msg.verify_certificate = '/etc/path/to/custom/cert'
Note
Disabling certificate checking introduce a security issue and is generally not recommended, specially for production.