Last active
January 30, 2017 17:56
-
-
Save adamrneary/c8467efb8fac2235850ddde0af1cd6fc to your computer and use it in GitHub Desktop.
StreamAlert Python Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @rule('production_sudo', | |
| logs=['osquery'], | |
| matchers=['pci'], | |
| outputs=['s3', 'pagerduty', 'slack']) | |
| def production_sudo(record): | |
| table_name = record['name'] | |
| tag = record['columns']['tag'] | |
| return ( | |
| table_name == 'linux_syslog_auth' and | |
| fnmatch(tag, 'sudo*') | |
| ) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment