change syslog parset to event handler

inverse-inc · Jun 12, 2024 · 20ea415 · 20ea415
1 parent 6a037c3
commit 20ea415
Show file tree

Hide file tree

Showing 10 changed files with 24 additions and 24 deletions.
diff --git a/docs/installation/intrusion_detection_system_integration.asciidoc b/docs/installation/intrusion_detection_system_integration.asciidoc
@@ -55,13 +55,13 @@ Action -
 
 === Suricata IDS
 
-PacketFence already contains a syslog parser for Suricata. This is an example to raise a security event from a syslog alert on the Suricata SID.
+PacketFence already contains a event handler for Suricata. This is an example to raise a security event from a syslog alert on the Suricata SID.
 
 The first step is to create the syslog regex parser and then create the security event.
 
 ==== Syslog regex parser configuration
 
-To create the syslog regex parser you will need to go to _Configuration -> Integration -> Syslog Parsers -> Add a Syslog Parser -> regex_
+To create the syslog regex parser you will need to go to _Configuration -> Integration -> Event Handlers -> Add a Event Handler -> regex_
 
 Here is the configuration of the syslog regex parser:
 

diff --git a/docs/installation/performing_compliance_checks.asciidoc b/docs/installation/performing_compliance_checks.asciidoc
@@ -318,11 +318,11 @@ At this point PacketFence must be able to get the Rapid7 audit results via syslo
 
 TIP: You can see if the Nexpose server is sending to the right server by monitoring the traffic using `tcpdump -i any dst host YOUR_PACKETFENCE_SERVER_IP` on your Rapid7 Nexpose server and `tcpdump -i any src host YOUR_RAPID7_IP` on the PacketFence server.
 
-===== Creating the syslog parser
+===== Creating the event handler
 
-In the Packetfence administration interface, go to _Configuration -> Integration -> Syslog parsers_ and add a new Nexpose syslog parser
+In the Packetfence administration interface, go to _Configuration -> Integration -> Event Handlers_ and add a new Nexpose event handler
 
-image::rapid7/rapid7-syslog-parser.png[scaledwidth="100%",alt="Rapid7 syslog parser"]
+image::rapid7/rapid7-syslog-parser.png[scaledwidth="100%",alt="Rapid7 event handler"]
 
 [options="compact"]
 * As Detector, put the name of your choice for this parser.

diff --git a/go/api-frontend/aaa/authorization.go b/go/api-frontend/aaa/authorization.go
@@ -131,8 +131,8 @@ var pathAdminRolesMap = []adminRoleMapping{
 	adminRoleMapping{prefix: configApiPrefix + "/switches", role: "SWITCHES"},
 	adminRoleMapping{prefix: configApiPrefix + "/syslog_forwarder/", role: "SYSLOG"},
 	adminRoleMapping{prefix: configApiPrefix + "/syslog_forwarders", role: "SYSLOG"},
-	adminRoleMapping{prefix: configApiPrefix + "/syslog_parser/", role: "PFDETECT"},
-	adminRoleMapping{prefix: configApiPrefix + "/syslog_parsers", role: "PFDETECT"},
+	adminRoleMapping{prefix: configApiPrefix + "/event_handler/", role: "PFDETECT"},
+	adminRoleMapping{prefix: configApiPrefix + "/event_handlers", role: "PFDETECT"},
 }
 
 var methodSuffixMap = map[string]string{

diff --git a/html/pfappserver/root/src/views/Configuration/_components/TheSectionIntegration.vue b/html/pfappserver/root/src/views/Configuration/_components/TheSectionIntegration.vue
@@ -6,10 +6,10 @@
         </h4>
         <p v-t="'PacketFence integrates with many 3rd party solutions. Among the solutions, there are:'"></p>
         <dl>
+            <dt v-t="'Event Handlers:'"></dt> <dd v-t="'PacketFence can receive security event information from multiple solutions over syslog. You can configure which data input you want to accept from this module.'"></dd>
             <dt v-t="'Firewall SSO:'"></dt> <dd v-t="'This allows PacketFence to let the firewall know who is using a particular IP address on the network. The firewall can then apply per-user or per-role policies.'"></dd>
             <dt v-t="'Web Services:'"></dt> <dd v-t="'This allows PacketFence to expose some of its APIs through Web Services. See the PacketFence Developers Guide for API documentation.'"></dd>
             <dt v-t="'Switch Templates:'"></dt> <dd v-t="'PacketFence supports a wide range of networking equipment. From this module, you can also support any standards-compliant networking equipment by creating an associated switch template for it and use it after in PacketFence to secure wired or WiFi accesses.'"></dd>
-            <dt v-t="'Syslog Parsers:'"></dt> <dd v-t="'PacketFence can receive security event information from multiple solutions over syslog. You can configure which data input you want to accept from this module.'"></dd>
             <dt v-t="'Syslog Forwarding:'"></dt> <dd v-t="'From this module, you can configure PacketFence to send syslog-based information to remote syslog servers like SIEM-based solutions.'"></dd>
             <dt v-t="'WRIX:'"></dt> <dd v-t="'This allows PacketFence to define Wireless Roaming Intermediary eXchange (WRIX) information on access points it manages.'"></dd>
             <dt v-t="'PKI:'"></dt> <dd v-t="'PacketFence integrates a fully-featured Public Key Infrastructure (PKI) solution allowing you to manage certificates for EAP-TLS clients.'"></dd>

diff --git a/html/pfappserver/root/src/views/Configuration/index.vue b/html/pfappserver/root/src/views/Configuration/index.vue
@@ -74,12 +74,12 @@ const setup = () => {
       collapsable: true,
       items: [
         { name: i18n.t('Cloud Services'), path: '/configuration/clouds' },
+        { name: i18n.t('Event Loggers'), path: '/configuration/event_loggers' },
         { name: i18n.t('Firewall SSO'), path: '/configuration/firewalls' },
         { name: i18n.t('Web Services'), path: '/configuration/webservices' },
         { name: i18n.t('Switch Templates'), path: '/configuration/switch_templates' },
-        { name: i18n.t('Syslog Parsers'), path: '/configuration/pfdetect' },
+        { name: i18n.t('Event Handlers'), path: '/configuration/pfdetect' },
         { name: i18n.t('Syslog Forwarding'), path: '/configuration/syslog' },
-        { name: i18n.t('Event Loggers'), path: '/configuration/event_loggers' },
         { name: i18n.t('WRIX'), path: '/configuration/wrix' },
         { name: i18n.t('PKI'),
           items: [

diff --git a/html/pfappserver/root/src/views/Configuration/syslogParsers/_components/TheForm.vue b/html/pfappserver/root/src/views/Configuration/syslogParsers/_components/TheForm.vue
@@ -11,7 +11,7 @@
     />
 
     <base-container-loading v-else
-      :title="$i18n.t('Unhandled syslog parser type')"
+      :title="$i18n.t('Unhandled event handler type')"
       icon="question-circle"
     />
   </b-container>

diff --git a/html/pfappserver/root/src/views/Configuration/syslogParsers/_components/TheSearch.vue b/html/pfappserver/root/src/views/Configuration/syslogParsers/_components/TheSearch.vue
@@ -1,11 +1,11 @@
 <template>
   <b-card no-body>
     <b-card-header>
-      <h4 class="mb-0">{{ $t('Syslog Parsers') }}</h4>
+      <h4 class="mb-0">{{ $t('Event Handlers') }}</h4>
     </b-card-header>
     <div class="card-body">
       <base-search :use-search="useSearch">
-        <b-dropdown :text="$t('New Syslog Parser')" variant="outline-primary">
+        <b-dropdown :text="$t('New Event Handler')" variant="outline-primary">
           <b-dropdown-item v-for="({ text, value }) in typeOptions" :key="value"
             :to="{ name: 'newSyslogParser', params: { syslogParserType: value } }"
           >{{ text }}</b-dropdown-item>
@@ -72,7 +72,7 @@
             <base-button-confirm v-if="!item.not_deletable"
               size="sm" variant="outline-danger" class="my-1 mr-1" reverse
               :disabled="isLoading"
-              :confirm="$t('Delete Syslog Parser?')"
+              :confirm="$t('Delete Event Handler?')"
               @click="onRemove(item.id)"
             >{{ $t('Delete') }}</base-button-confirm>
             <b-button

diff --git a/html/pfappserver/root/src/views/Configuration/syslogParsers/_components/ToggleStatus.js b/html/pfappserver/root/src/views/Configuration/syslogParsers/_components/ToggleStatus.js
@@ -17,12 +17,12 @@ export const props = {
           const { item } = toRefs(props)
           return store.dispatch('$_syslog_parsers/disableSyslogParser', item.value)
             .then(() => {
-              store.dispatch('notification/info', { message: i18n.t('Syslog Parser <code>{id}</code> disabled.', item.value) })
+              store.dispatch('notification/info', { message: i18n.t('Event Handler <code>{id}</code> disabled.', item.value) })
               context.emit('input', 'disabled')
             })
             .catch(err => {
               const { response: { data: { message: errMsg } = {} } = {} } = err
-              let message = i18n.t('Syslog Parser <code>{id}</code> was not disabled.', item.value)
+              let message = i18n.t('Event Handler <code>{id}</code> was not disabled.', item.value)
               if (errMsg) message += ` (${errMsg})`
               store.dispatch('notification/danger', { message })
             })
@@ -35,12 +35,12 @@ export const props = {
           const { item } = toRefs(props)
           return store.dispatch('$_syslog_parsers/enableSyslogParser', item.value)
             .then(() => {
-              store.dispatch('notification/info', { message: i18n.t('Syslog Parser <code>{id}</code> enabled.', item.value) })
+              store.dispatch('notification/info', { message: i18n.t('Event Handler <code>{id}</code> enabled.', item.value) })
               context.emit('input', 'enabled')
             })
             .catch(err => {
               const { response: { data: { message: errMsg } = {} } = {} } = err
-              let message = i18n.t('Syslog Parser <code>{id}</code> was not enabled.', item.value)
+              let message = i18n.t('Event Handler <code>{id}</code> was not enabled.', item.value)
               if (errMsg) message += ` (${errMsg})`
               store.dispatch('notification/danger', { message })
             })

diff --git a/html/pfappserver/root/src/views/Configuration/syslogParsers/_composables/useCollection.js b/html/pfappserver/root/src/views/Configuration/syslogParsers/_composables/useCollection.js
@@ -28,11 +28,11 @@ export const useItemTitle = (props) => {
   return computed(() => {
     switch (true) {
       case !isNew.value && !isClone.value:
-        return i18n.t('Syslog Parser <code>{id}</code>', { id: id.value })
+        return i18n.t('Event Handler <code>{id}</code>', { id: id.value })
       case isClone.value:
-        return i18n.t('Clone Syslog Parser <code>{id}</code>', { id: id.value })
+        return i18n.t('Clone Event Handler <code>{id}</code>', { id: id.value })
       default:
-        return i18n.t('New Syslog Parser')
+        return i18n.t('New Event Handler')
     }
   })
 }

diff --git a/html/pfappserver/root/src/views/Configuration/syslogParsers/schema.js b/html/pfappserver/root/src/views/Configuration/syslogParsers/schema.js
@@ -2,9 +2,9 @@ import store from '@/store'
 import i18n from '@/utils/locale'
 import yup from '@/utils/yup'
 
-yup.addMethod(yup.string, 'syslogParserIdExistsExcept', function (exceptId = '', message) {
+yup.addMethod(yup.string, 'eventHandlerIdExistsExcept', function (exceptId = '', message) {
   return this.test({
-    name: 'syslogParserIdExistsExcept',
+    name: 'eventHandlerIdExistsExcept',
     message: message || i18n.t('Detector exists.'),
     test: (value) => {
       if (!value || value.toLowerCase() === exceptId.toLowerCase()) return true
@@ -43,7 +43,7 @@ export const schema = (props) => {
     id: yup.string()
       .nullable()
       .required(i18n.t('Detector required.'))
-      .syslogParserIdExistsExcept((!isNew && !isClone) ? id : undefined, i18n.t('Detector exists.')),
+      .eventHandlerIdExistsExcept((!isNew && !isClone) ? id : undefined, i18n.t('Detector exists.')),
     path: yup.string()
       .nullable()
       .label(i18n.t('Alert pipe'))