%nJdZddlZddlZddlmZddlmZddlmZddlm Z ej e Z GddZ dS) z3Send WordPress incidents to the correlation server.N)datetime)Any)SensorWordpressIncidentList) MessageSinkceZdZdZdedeeeffdZdedeefdZ de dzd eede fd Z de d eefd Z dS) IncidentSendera Send WordPress incidents to the correlation server. WordPress incidents are already in the Incident table (visible to UI). This class sends them to correlation via Reportable messages, which are automatically handled by SendToServer/SendToServerFGW plugins. incidentreturnctd||dpi}t|dpd}t |}|r't j|dnd}id|d|d|d d |d pd d |d d |dd|dd|dpdd|dpdd|dpdd|dpdd|dpdd|dpdd|dr|ddkndd|dpdd |d!pdd"|||d#pd|d$pd|d%pd|d&pd|d'S)(aJ Prepare an incident for sending to the correlation server. WordPress incidents use extra_info JSON field to store plugin-specific data. Args: incident: WordpressIncident dictionary (with extra_info populated) Returns: Dictionary formatted for correlation server z&Preparing incident for correlation: %s extra_info timestamprz%Y-%m-%ddt plugin_idpluginruleunknownnamemessage descriptionseverity attackers_ipabuserdomainretriesuri request_uri user_agenthttp_user_agent http_methodrequest_methoduser_logged_intrueN file_path site_pathuserusernametagtargetslugversionmode)r*r+r,r-details) loggerinfogetfloatintr fromtimestampstrftime _build_tags)selfr extratimestamp_valuer rs ^/opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/wordpress/incident_sender.py!_prepare_incident_for_correlationz0IncidentSender._prepare_incident_for_correlations  z1IncidentSender.send_incidents..us7     2 28 < <   r<)r/warninglendebugr0 _send_batch)r7rDrEcorrelation_batchs` r:send_incidentszIncidentSender.send_incidentsZs < NNH I I I1 y>>Q   LL9 : : :1 8#i..       %    t%6777777777$%%%r<rOcKtdt|tdtj|d |t |d{Vtdt|dS#t$r!}td|d}~wwxYw)a_ Send a batch of incidents to correlation server. Uses SensorIncidentList Reportable message which is automatically sent to correlation via SendToServer/SendToServerFGW plugins. Args: sink: MessageSink to send the batch to correlation_batch: Incidents formatted for correlation server z3Sending batch of %d incidents to correlation serverzCorrelation batch json: %s)indentNz6Queued %d wordpress incident(s) for correlation serverz"Failed to queue incident batch: %s) r/r0rLjsondumpsprocess_messager Exceptionerror)r7rDrOes r:rNzIncidentSender._send_batch~s  A ! " "     ( J( 3 3 3    &&+,=>>        KKH%&&          LL4      sAB-- C7CC)__name__ __module__ __qualname____doc__dictstrrr;listr6rr3rPrNrHr<r:rrs5 5 c3h5 5 5 5 n  $s)    "&$&"&37:"& "&"&"&"&H&&48J&&&&&&r<r)r]rTloggingrtypingr"defence360agent.contracts.messagesr!defence360agent.contracts.pluginsr getLoggerrZr/rrHr<r:rfs99 JJJJJJ999999  8 $ $VVVVVVVVVVr<