com.mozilla.secops.parser

Class Cloudtrail

java.lang.Object

com.mozilla.secops.parser.PayloadBase

com.mozilla.secops.parser.SourcePayloadBase

com.mozilla.secops.parser.Cloudtrail

All Implemented Interfaces:

Serializable

public class Cloudtrail
extends SourcePayloadBase
implements Serializable

Payload parser for Cloudtrail events

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
Cloudtrail() Construct matcher object.
Cloudtrail(String input, Event e, com.mozilla.secops.parser.ParserState state) Construct parser object.

Method Summary

Modifier and Type	Method and Description
String	eventStringValue(EventFilterPayload.StringProperty property) Return a given String payload field value based on the supplied field identifier
String	getEventID() Returns the event id of the cloudtrail event
String	getResource(String resource) Utility method for returning the resource the event was acting on, used for adding context to an Alert.
String	getSharedEventID() Returns the shared event id of the cloudtrail event
Payload.PayloadType	getType() Get payload type.
String	getUser() Get username
Boolean	matcher(String input, com.mozilla.secops.parser.ParserState state) Apply matcher.

Methods inherited from class com.mozilla.secops.parser.SourcePayloadBase

getSourceAddress, getSourceAddressAsn, getSourceAddressAsOrg, getSourceAddressCity, getSourceAddressCountry, getSourceAddressIsp, getSourceAddressLatitude, getSourceAddressLongitude, getSourceAddressTimeZone, setSourceAddress, setSourceAddress

Methods inherited from class com.mozilla.secops.parser.PayloadBase

eventIntegerValue

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Cloudtrail

public Cloudtrail()

Construct matcher object.

Cloudtrail

public Cloudtrail(String input,
                  Event e,
                  com.mozilla.secops.parser.ParserState state)

Construct parser object.

Parameters:

input - Input string.

e - Parent Event.

state - State

Method Detail

matcher

public Boolean matcher(String input,
                       com.mozilla.secops.parser.ParserState state)

Description copied from class: PayloadBase

Apply matcher.

Overrides:

matcher in class PayloadBase

Parameters:

input - Input string.

state - ParserState

Returns:

True if matcher matches.

getType

public Payload.PayloadType getType()

Description copied from class: PayloadBase

Get payload type.

Overrides:

getType in class PayloadBase

Returns:

Payload.PayloadType

getUser

public String getUser()

Get username

Returns:

Username

eventStringValue

public String eventStringValue(EventFilterPayload.StringProperty property)

Description copied from class: PayloadBase

Return a given String payload field value based on the supplied field identifier

Overrides:

eventStringValue in class PayloadBase

Parameters:

property - EventFilterPayload.StringProperty

Returns:

String value or null

getSharedEventID

public String getSharedEventID()

Returns the shared event id of the cloudtrail event

Returns:

value of sharedEventID field

getEventID

public String getEventID()

Returns the event id of the cloudtrail event

Returns:

value of eventID field

getResource

public String getResource(String resource)

Utility method for returning the resource the event was acting on, used for adding context to an Alert.

Parameters:

resource - Resource selector.

Returns:

Value of the resource selector.