Skip to content

Instantly share code, notes, and snippets.

@gene1wood

gene1wood/how-to-test-mozdef.md

Created July 16, 2019 17:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gene1wood/e30b9ba61e0a42f5452883e11e34d882 to your computer and use it in GitHub Desktop.
Save gene1wood/e30b9ba61e0a42f5452883e11e34d882 to your computer and use it in GitHub Desktop.
Download ZIP
Instructions on how to test MozDef after making code changes
Raw
how-to-test-mozdef.md

Run tests

make test

Run MozDef and send events through to trigger an alert

sudo pip install mozdef_client mozdef_util
sudo service apache2 stop
make run
python test_mozdef.py
  • Next browse to the http://localhost/ MozDef web UI
  • Create a user
  • Login with that user
  • Browse to alerts
  • After a few minutes, an SSH Brute Force alert should appear from the 20 events you send in with test_mozdef.py

Cleanup

make clean
Raw
test_mozdef.py
import mozdef_client as mozdef
from datetime import datetime
import os
import sys
from mozdef_util.utilities.toUTC import toUTC
def json_to_mozmsg(input_json, mozmsg):
for key, value in input_json.items():
setattr(mozmsg, key, value)
mozmsg = mozdef.MozDefEvent('http://127.0.0.1:8080/events/')
event_dict = {
"tags": ["auth0"],
"category": "testcategory",
"summary": 'login invalid ldap_count_entries failed by 88.18.198.243',
"details": {
"program": "sshd",
"type": "Success Login",
"username": "bmyers",
"sourceipaddress": "88.18.198.243",
},
}
json_to_mozmsg(event_dict, mozmsg)
import time
for num in range(0, 20):
mozmsg.timestamp = toUTC(datetime.now()).isoformat()
print('Wrote event to loginput')
time.sleep(0.2)
mozmsg.send()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment