pycadf/eventfactory.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

# Copyright 2013 IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.

from pycadf import cadftype
from pycadf import event

ERROR_UNKNOWN_EVENTTYPE = 'Unknown CADF EventType requested on factory method'


class EventFactory(object):
    """Factory class to create different required attributes for
       the following CADF event types:
       'activity': for tracking any interesting system activities for audit
       'monitor': Events that carry Metrics and Measurements and support
       standards such as NIST
       'control': For audit events that are based upon (security) policies
       and reflect some policy decision.
    """
    def new_event(self, eventType=cadftype.EVENTTYPE_ACTIVITY, **kwargs):
        """Create new event

        :param eventType: eventType of event. Defaults to 'activity'
        """

        # for now, construct a base ('activity') event as the default
        event_val = event.Event(**kwargs)

        if not cadftype.is_valid_eventType(eventType):
            raise ValueError(ERROR_UNKNOWN_EVENTTYPE)

        event_val.eventType = eventType

        # TODO(mrutkows): CADF is only being used for basic
        # 'activity' auditing (on APIs). An IF-ELIF will
        # become more meaningful as we add support for other
        # event types.
        # elif eventType == cadftype.EVENTTYPE_MONITOR:
        #    # TODO(mrutkows): If we add support for standard (NIST)
        #    # monitoring messages, we will would have a "monitor"
        #    # subclass of the CADF Event type and create it here
        #    event_val.set_eventType(cadftype.EVENTTYPE_MONITOR)
        # elif eventType == cadftype.EVENTTYPE_CONTROL:
        #    # TODO(mrutkows): If we add support for standard (NIST)
        #    # monitoring messages, we will would have a "control"
        #    # subclass of the CADF Event type and create it here
        #    event_val.set_eventType(cadftype.EVENTTYPE_CONTROL)
        return event_val