Closed
Bug 958346
Opened 11 years ago
Closed 10 years ago
CEF log when an action occurs
Categories
(Marketplace Graveyard :: Integration, defect, P3)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: andy+bugzilla, Assigned: jason)
References
Details
(Whiteboard: [A4A])
There should be seperate CEF events sent to ArcSight for when:
- a key is generated
- a key is requested
Anything naughty happens e.g.:
- some tries to generate a key for an app that already exists
|
||
Updated•11 years ago
|
Priority: -- → P2
|
||
Updated•11 years ago
|
Component: FxA → Integration
|
Reporter | |
Updated•11 years ago
|
Assignee: nobody → jthomas
Priority: P2 → P3
|
|
||
Comment 1•11 years ago
|
||
there's an endpoint to test the signer here http://apk-signer.readthedocs.org/en/latest/api.html#get--system-cef
|
|
Reporter | |
Updated•11 years ago
|
Whiteboard: [A4A]
|
||
Comment 2•11 years ago
|
||
:jeff now that mozdef is up we can begin shipping these events to it. :jason prepared a PR here https://github.com/mozilla-services/puppet-config/pull/389 and once I have AMQP credentials for APK I can set it up.
Flags: needinfo?(jbryner)
|
||
Comment 3•11 years ago
|
||
Can't see the pull request for some reason, but sure no reason we can't send this to Mozdef. If the log format itself is CEF instead of json I'll need to re-organize the CEF parsing in Mozdef a bit (usually it happens pre-amqp) but that's no big deal. I'd just have you send to a CEF-specific queue and have my CEF parser work on that, then send it to the json queue.
Unfortunately for timing, I'm on PTO, back on 5/15. If this can't wait I'd have you work with Anthony (averez) who I think you know from firefox accounts work. I've copied him on this, and I'll be checking email/bugmail occasionally anyways.
Flags: needinfo?(jbryner)
|
|
Reporter | |
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•