REDROOM
PHP 8.2.31
Path:
Logout
Edit File
Size: 5.35 KB
Close
/opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/wordpress/incident_sender.py
Text
Base64
"""Send WordPress incidents to the correlation server.""" import json import logging from datetime import datetime from typing import Any from defence360agent.contracts.messages import SensorWordpressIncidentList from defence360agent.contracts.plugins import MessageSink logger = logging.getLogger(__name__) class IncidentSender: """ Send WordPress incidents to the correlation server. WordPress incidents are already in the Incident table (visible to UI). This class sends them to correlation via Reportable messages, which are automatically handled by SendToServer/SendToServerFGW plugins. """ def _prepare_incident_for_correlation( self, incident: dict ) -> dict[str, Any]: """ Prepare an incident for sending to the correlation server. WordPress incidents use extra_info JSON field to store plugin-specific data. Args: incident: WordpressIncident dictionary (with extra_info populated) Returns: Dictionary formatted for correlation server """ logger.info("Preparing incident for correlation: %s", incident) # JSONField automatically deserializes to dict, fallback to empty dict if None extra: dict = incident.get("extra_info") or {} # Convert timestamp to int and format date timestamp_value: float = float(incident.get("timestamp") or 0) timestamp = int(timestamp_value) dt = ( datetime.fromtimestamp(timestamp_value).strftime("%Y-%m-%d") if timestamp_value else "" ) return { "timestamp": timestamp, "dt": dt, "plugin_id": incident.get("plugin"), "rule": incident.get("rule") or "unknown", "name": incident.get("name"), "message": incident.get("description"), "severity": incident.get("severity"), "attackers_ip": incident.get("abuser") or "", "domain": incident.get("domain") or "", "retries": incident.get("retries") or 1, "uri": extra.get("request_uri") or "", "user_agent": extra.get("http_user_agent") or "", "http_method": extra.get("request_method") or "", "user_logged_in": extra.get("user_logged_in") == "true" if extra.get("user_logged_in") else None, "file_path": extra.get("site_path") or "", "user": extra.get("username") or "", "tag": self._build_tags(extra), # Include WordPress-specific fields "target": extra.get("target") or "", "slug": extra.get("slug") or "", "version": extra.get("version") or "", "mode": extra.get("mode") or "", "details": extra, } def _build_tags(self, extra: dict) -> list[str]: tags = ["wordpress", "cve"] if extra.get("cve"): tags.append(extra["cve"]) if extra.get("target"): tags.append(f"target_{extra['target']}") if extra.get("mode"): tags.append(f"mode_{extra['mode']}") return tags async def send_incidents( self, sink: MessageSink | None, incidents: list[dict] ) -> int: """ Send WordPress incidents to the correlation server. Since incidents are already in the WordpressIncident table (visible to UI), we just need to send them to correlation. Args: incidents: List of incidents to send Returns: Number of incidents sent """ if sink is None: logger.warning("No sink provided, skipping incident sending") return 0 if len(incidents) == 0: logger.debug("No incidents to send, skipping") return 0 logger.info( "Sending %d incidents to correlation server", len(incidents) ) correlation_batch = [ self._prepare_incident_for_correlation(incident) for incident in incidents ] await self._send_batch(sink, correlation_batch) return len(correlation_batch) async def _send_batch( self, sink: MessageSink, correlation_batch: list[dict] ): """ Send a batch of incidents to correlation server. Uses SensorIncidentList Reportable message which is automatically sent to correlation via SendToServer/SendToServerFGW plugins. Args: sink: MessageSink to send the batch to correlation_batch: Incidents formatted for correlation server """ logger.info( "Sending batch of %d incidents to correlation server", len(correlation_batch), ) logger.info( "Correlation batch json: %s", json.dumps(correlation_batch, indent=2), ) try: # Send as a Reportable message # The SendToServer/SendToServerFGW plugin will handle actual delivery await sink.process_message( SensorWordpressIncidentList(correlation_batch) ) logger.info( "Queued %d wordpress incident(s) for correlation server", len(correlation_batch), ) except Exception as e: logger.error( "Failed to queue incident batch: %s", e, ) raise
Save
Close
Exit & Reset
Text mode: syntax highlighting auto-detects file type.
Directory Contents
Dirs: 1 × Files: 14
Delete Selected
Select All
Select None
Sort:
Name
Size
Modified
Enable drag-to-move
Name
Size
Perms
Modified
Actions
__pycache__
DIR
-
drwxr-xr-x
2026-06-08 20:24:30
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
changelog_processor.py
12.14 KB
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
cli.py
10.51 KB
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
constants.py
346 B
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
exception.py
94 B
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
incident_collector.py
16.23 KB
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
incident_parser.py
4.03 KB
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
incident_sender.py
5.35 KB
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
plugin.py
66.39 KB
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
proxy_auth.py
5.07 KB
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
site_repository.py
17.26 KB
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
telemetry.py
541 B
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
utils.py
20.89 KB
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
wp_rules.py
3.44 KB
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
__init__.py
1.23 KB
lrw-r--r--
2026-05-26 21:20:44
Edit
Download
Rename
Chmod
Change Date
Delete
OK
Cancel
recursive
OK
Cancel
recursive
OK
Cancel
Zip Selected
If ZipArchive is unavailable, a
.tar
will be created (no compression).