in source/lambda/es_loader/siem/__init__.py [0:0]
def transform_to_ecs(self):
ecs_dict = {'ecs': {'version': self.logconfig['ecs_version']}}
if self.logconfig['cloud_provider']:
ecs_dict['cloud'] = {'provider': self.logconfig['cloud_provider']}
ecs_dict = self.get_value_and_input_into_ecs_dict(ecs_dict)
if 'cloud' in ecs_dict:
# Set AWS Account ID
if ('account' in ecs_dict['cloud']
and 'id' in ecs_dict['cloud']['account']):
if ecs_dict['cloud']['account']['id'] in ('unknown', ):
# for vpcflowlogs
ecs_dict['cloud']['account'] = {'id': self.accountid}
elif self.accountid:
ecs_dict['cloud']['account'] = {'id': self.accountid}
else:
ecs_dict['cloud']['account'] = {'id': 'unknown'}
# Set AWS Region
if 'region' in ecs_dict['cloud']:
pass
elif self.region:
ecs_dict['cloud']['region'] = self.region
else:
ecs_dict['cloud']['region'] = 'unknown'
# get info from firelens metadata of Elastic Container Serivce
if 'ecs_task_arn' in self.logmeta:
ecs_task_arn_taple = self.logmeta['ecs_task_arn'].split(':')
ecs_dict['cloud']['account']['id'] = ecs_task_arn_taple[4]
ecs_dict['cloud']['region'] = ecs_task_arn_taple[3]
if 'ec2_instance_id' in self.logmeta:
ecs_dict['cloud']['instance'] = {
'id': self.logmeta['ec2_instance_id']}
ecs_dict['container'] = {
'id': self.logmeta['container_id'],
'name': self.logmeta['container_name']}
if '__error_message' in self.logmeta:
self.__logdata_dict['error'] = {
'message': self.logmeta['__error_message']}
del self.logmeta['__error_message']
static_ecs_keys = self.logconfig['static_ecs']
for static_ecs_key in static_ecs_keys:
v = copy.copy(self.logconfig[static_ecs_key])
new_ecs_dict = utils.put_value_into_nesteddict(static_ecs_key, v)
ecs_dict = utils.merge_dicts(ecs_dict, new_ecs_dict)
self.__logdata_dict = utils.merge_dicts(self.__logdata_dict, ecs_dict)