fluent-plugin-jfrog-siem 2.0.2 → 2.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -1
- data/fluent-plugin-jfrog-siem.gemspec +1 -1
- data/lib/fluent/plugin/in_jfrog_siem.rb +4 -5
- data/lib/fluent/plugin/xray.rb +38 -16
- data/test/plugin/test_in_jfrog_siem.rb +3 -3
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 307868a474983029bc88e801672e271082888317c76a5004098fb5a5a96d632d
|
|
4
|
+
data.tar.gz: 7528bd2ac402a909542fd8538faf91d359f549ae878d871af70aa0181aafb5ed
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b58f40d97e2198fd597ab71ac5963fb16bd6acd8e765667bd5dce1be6ddda00f0a88a50f33891ed6267473586c228f0d48594916df1f8d34622ee4a1233c60f8
|
|
7
|
+
data.tar.gz: c7fbfe6e8bf62edd79d8775dc038cdf3411bdf3981a1253480659c954d7de0a4793e51f58b993d4f06d12e37f23bf2db6c3ab425df84bac7e84181070c4f2b39
|
data/README.md
CHANGED
|
@@ -87,7 +87,8 @@ wget https://raw.githubusercontent.com/jfrog/log-analytics-datadog/master/siem/d
|
|
|
87
87
|
Integration is done by setting up Xray. Obtain JPD url and access token for API. Configure the source directive parameters specified below
|
|
88
88
|
* **tag** (string) (required): The value is the tag assigned to the generated events.
|
|
89
89
|
* **jpd_url** (string) (required): JPD url required to pull Xray SIEM violations
|
|
90
|
-
* **apikey** (string)
|
|
90
|
+
* **apikey** (string): API Key is the [Artifactory API Key](https://www.jfrog.com/confluence/display/JFROG/User+Profile#UserProfile-APIKey) for authentication
|
|
91
|
+
* **token** (string): [Access token](https://www.jfrog.com/confluence/display/JFROG/Access+Tokens) to authenticate Xray
|
|
91
92
|
* **username** (string) (required): USER is the Artifactory username for authentication
|
|
92
93
|
* **pos_file** (string) (required): Position file to record last SIEM violation pulled
|
|
93
94
|
* **batch_size** (integer) (optional): Batch size for processing violations
|
|
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
3
3
|
|
|
4
4
|
Gem::Specification.new do |spec|
|
|
5
5
|
spec.name = "fluent-plugin-jfrog-siem"
|
|
6
|
-
spec.version = "2.0.
|
|
6
|
+
spec.version = "2.0.4"
|
|
7
7
|
spec.authors = ["Mahitha Byreddy", "Sudhindra Rao","Giridharan Ramasamy"]
|
|
8
8
|
spec.email = ["mahithab@jfrog.com", "sudhindrar@jfrog.com", "girir@jfrog.com"]
|
|
9
9
|
|
|
@@ -31,7 +31,8 @@ module Fluent
|
|
|
31
31
|
config_param :tag, :string, default: ""
|
|
32
32
|
config_param :jpd_url, :string, default: ""
|
|
33
33
|
config_param :username, :string, default: ""
|
|
34
|
-
config_param :apikey, :string, default: ""
|
|
34
|
+
config_param :apikey, :string, default: "", :secret => true
|
|
35
|
+
config_param :token, :string, default: "", :secret => true
|
|
35
36
|
config_param :batch_size, :integer, default: 25
|
|
36
37
|
config_param :wait_interval, :integer, default: 60
|
|
37
38
|
config_param :from_date, :string, default: ""
|
|
@@ -54,9 +55,7 @@ module Fluent
|
|
|
54
55
|
raise Fluent::ConfigError, "Must define the username to use for authentication."
|
|
55
56
|
end
|
|
56
57
|
|
|
57
|
-
if @apikey ==
|
|
58
|
-
raise Fluent::ConfigError, "Must define the API Key to use for authentication."
|
|
59
|
-
end
|
|
58
|
+
raise Fluent::ConfigError, 'Must define the apikey or token for authentication.' if @token == '' && @apikey == ''
|
|
60
59
|
|
|
61
60
|
if @wait_interval < 1
|
|
62
61
|
raise Fluent::ConfigError, "Wait interval must be greater than 1 to wait between pulling new events."
|
|
@@ -94,7 +93,7 @@ module Fluent
|
|
|
94
93
|
end
|
|
95
94
|
date_since = last_created_date
|
|
96
95
|
puts "Getting queries from #{date_since}"
|
|
97
|
-
xray = Xray.new(@jpd_url, @username, @apikey, @wait_interval, @batch_size, @pos_file_path, router, @tag)
|
|
96
|
+
xray = Xray.new(@jpd_url, @username, @apikey, @token, @wait_interval, @batch_size, @pos_file_path, router, @tag)
|
|
98
97
|
violations_channel = xray.violations(date_since)
|
|
99
98
|
xray.violation_details(violations_channel)
|
|
100
99
|
sleep 100
|
data/lib/fluent/plugin/xray.rb
CHANGED
|
@@ -4,10 +4,11 @@ require 'json'
|
|
|
4
4
|
require "fluent/plugin/position_file"
|
|
5
5
|
|
|
6
6
|
class Xray
|
|
7
|
-
def initialize(jpd_url, username, api_key, wait_interval, batch_size, pos_file_path, router, tag)
|
|
7
|
+
def initialize(jpd_url, username, api_key, token, wait_interval, batch_size, pos_file_path, router, tag)
|
|
8
8
|
@jpd_url = jpd_url
|
|
9
9
|
@username = username
|
|
10
10
|
@api_key = api_key
|
|
11
|
+
@token = token
|
|
11
12
|
@wait_interval = wait_interval
|
|
12
13
|
@batch_size = batch_size
|
|
13
14
|
@pos_file_path = pos_file_path
|
|
@@ -48,6 +49,7 @@ class Xray
|
|
|
48
49
|
begin
|
|
49
50
|
detailResp_json = data_normalization(get_violations_detail(xray_violation_detail_url))
|
|
50
51
|
time = Fluent::Engine.now
|
|
52
|
+
puts detailResp_json
|
|
51
53
|
@router.emit(@tag, time, detailResp_json)
|
|
52
54
|
rescue => e
|
|
53
55
|
puts "error: #{e}"
|
|
@@ -56,18 +58,28 @@ class Xray
|
|
|
56
58
|
end
|
|
57
59
|
|
|
58
60
|
def get_violations_detail(xray_violation_detail_url)
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
61
|
+
if !@token.nil? && @token != ''
|
|
62
|
+
response = RestClient::Request.new(
|
|
63
|
+
:method => :get,
|
|
64
|
+
:url => @jpd_url + xray_violation_detail_url[xray_violation_detail_url.index('/xray/'),xray_violation_detail_url.length],
|
|
65
|
+
:headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
|
|
66
|
+
)
|
|
67
|
+
elsif !@api_key.nil? && @api_key != ''
|
|
68
|
+
response = RestClient::Request.new(
|
|
69
|
+
:method => :get,
|
|
70
|
+
:url => @jpd_url + xray_violation_detail_url[xray_violation_detail_url.index('/xray/'),xray_violation_detail_url.length],
|
|
71
|
+
:user => @username,
|
|
72
|
+
:password => @api_key
|
|
73
|
+
)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
response.execute do |response, request, result|
|
|
65
77
|
case response.code
|
|
66
78
|
when 200
|
|
67
79
|
return JSON.parse(response.to_s)
|
|
68
80
|
else
|
|
69
81
|
puts "error: #{response.to_json}"
|
|
70
|
-
raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations."
|
|
82
|
+
raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations details."
|
|
71
83
|
end
|
|
72
84
|
end
|
|
73
85
|
end
|
|
@@ -138,14 +150,24 @@ class Xray
|
|
|
138
150
|
|
|
139
151
|
private
|
|
140
152
|
def get_violations(xray_json)
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
153
|
+
if !@token.nil? && @token != ''
|
|
154
|
+
response = RestClient::Request.new(
|
|
155
|
+
:method => :post,
|
|
156
|
+
:url => @jpd_url + "/xray/api/v1/violations",
|
|
157
|
+
:payload => xray_json.to_json,
|
|
158
|
+
:headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
|
|
159
|
+
)
|
|
160
|
+
elsif !@api_key.nil? && @api_key != ''
|
|
161
|
+
response = RestClient::Request.new(
|
|
162
|
+
:method => :post,
|
|
163
|
+
:url => @jpd_url + "/xray/api/v1/violations",
|
|
164
|
+
:payload => xray_json.to_json,
|
|
165
|
+
:user => @username,
|
|
166
|
+
:password => @api_key,
|
|
167
|
+
:headers => { :accept => :json, :content_type => :json }
|
|
168
|
+
)
|
|
169
|
+
end
|
|
170
|
+
response.execute do |response, request, result|
|
|
149
171
|
case response.code
|
|
150
172
|
when 200
|
|
151
173
|
return JSON.parse(response.to_str)
|
|
@@ -13,10 +13,10 @@ class JfrogSiemInputTest < Test::Unit::TestCase
|
|
|
13
13
|
# Default configuration for tests
|
|
14
14
|
CONFIG = %[
|
|
15
15
|
tag "jfrog.xray.siem.vulnerabilities"
|
|
16
|
-
jpd_url "
|
|
16
|
+
jpd_url "http://34.83.118.33"
|
|
17
17
|
username "admin"
|
|
18
|
-
apikey "
|
|
19
|
-
pos_file_path "
|
|
18
|
+
apikey "AKCp8nyNhxdAisCXoS5ktgrrcWkLGJbsCU8RkSS4xxMH5DQcxttm4k4G7KbkUhmcFxJizXLFF"
|
|
19
|
+
pos_file_path "/Users/mahithab/Jfrog/fluent-plugin-jfrog-siem/fluentd/plugins/input/fluent-plugin-jfrog-siem/"
|
|
20
20
|
wait_interval 10
|
|
21
21
|
from_date "2016-01-01"
|
|
22
22
|
batch_size 25
|
metadata
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-jfrog-siem
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mahitha Byreddy
|
|
8
8
|
- Sudhindra Rao
|
|
9
9
|
- Giridharan Ramasamy
|
|
10
|
-
autorequire:
|
|
10
|
+
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2022-
|
|
13
|
+
date: 2022-12-05 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: bundler
|
|
@@ -202,7 +202,7 @@ homepage: https://github.com/jfrog/fluent-plugin-jfrog-siem
|
|
|
202
202
|
licenses:
|
|
203
203
|
- Apache-2.0
|
|
204
204
|
metadata: {}
|
|
205
|
-
post_install_message:
|
|
205
|
+
post_install_message:
|
|
206
206
|
rdoc_options: []
|
|
207
207
|
require_paths:
|
|
208
208
|
- lib
|
|
@@ -217,8 +217,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
217
217
|
- !ruby/object:Gem::Version
|
|
218
218
|
version: '0'
|
|
219
219
|
requirements: []
|
|
220
|
-
rubygems_version: 3.1
|
|
221
|
-
signing_key:
|
|
220
|
+
rubygems_version: 3.0.3.1
|
|
221
|
+
signing_key:
|
|
222
222
|
specification_version: 4
|
|
223
223
|
summary: JFrog SIEM fluent input plugin will send the SIEM events from JFrog Xray
|
|
224
224
|
to Fluentd
|