fluent-plugin-jfrog-siem 2.0.3 → 2.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -1
- data/fluent-plugin-jfrog-siem.gemspec +2 -2
- data/lib/fluent/plugin/in_jfrog_siem.rb +3 -4
- data/lib/fluent/plugin/xray.rb +38 -16
- data/test/plugin/test_in_jfrog_siem.rb +1 -1
- metadata +12 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 602f632100f31aa06677f7f5ce98def8d1e51aa43d883cc18e6c8495f80b79dc
|
|
4
|
+
data.tar.gz: 8d28142729182b919f69ce6893928477e605aa658ae09f816f0d3f6e5dedace6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3b1e9b8c84c67e39bcc5eb935ff498bda659f1ee360caf2967b062e3b24a1874308beb831f9fcd57b985c0eb7dd865b286064eeba1ccc7f93b70f2864a87dc51
|
|
7
|
+
data.tar.gz: 4955cc838617021f7c3c84268af0840cee892ce17fdeafbaa41e67127fd08685cb0d20961c57d47c9b96a76b3d6371ad6ddb9b7ec5de27439a402439c97ff5b1
|
data/README.md
CHANGED
|
@@ -87,7 +87,8 @@ wget https://raw.githubusercontent.com/jfrog/log-analytics-datadog/master/siem/d
|
|
|
87
87
|
Integration is done by setting up Xray. Obtain JPD url and access token for API. Configure the source directive parameters specified below
|
|
88
88
|
* **tag** (string) (required): The value is the tag assigned to the generated events.
|
|
89
89
|
* **jpd_url** (string) (required): JPD url required to pull Xray SIEM violations
|
|
90
|
-
* **apikey** (string)
|
|
90
|
+
* **apikey** (string): API Key is the [Artifactory API Key](https://www.jfrog.com/confluence/display/JFROG/User+Profile#UserProfile-APIKey) for authentication
|
|
91
|
+
* **token** (string): [Access token](https://www.jfrog.com/confluence/display/JFROG/Access+Tokens) to authenticate Xray
|
|
91
92
|
* **username** (string) (required): USER is the Artifactory username for authentication
|
|
92
93
|
* **pos_file** (string) (required): Position file to record last SIEM violation pulled
|
|
93
94
|
* **batch_size** (integer) (optional): Batch size for processing violations
|
|
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
3
3
|
|
|
4
4
|
Gem::Specification.new do |spec|
|
|
5
5
|
spec.name = "fluent-plugin-jfrog-siem"
|
|
6
|
-
spec.version = "2.0.
|
|
6
|
+
spec.version = "2.0.5"
|
|
7
7
|
spec.authors = ["Mahitha Byreddy", "Sudhindra Rao","Giridharan Ramasamy"]
|
|
8
8
|
spec.email = ["mahithab@jfrog.com", "sudhindrar@jfrog.com", "girir@jfrog.com"]
|
|
9
9
|
|
|
@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
spec.add_development_dependency "rake", "~> 12.0"
|
|
25
25
|
spec.add_development_dependency "test-unit", "~> 3.0"
|
|
26
26
|
spec.add_development_dependency "rest-client", "~> 2.0"
|
|
27
|
-
spec.add_development_dependency "concurrent-ruby", "~> 1.1.8"
|
|
27
|
+
spec.add_development_dependency "concurrent-ruby", "~> 1.1.8" , "< 1.1.10"
|
|
28
28
|
spec.add_development_dependency "concurrent-ruby-edge", '>= 0'
|
|
29
29
|
spec.add_development_dependency 'rspec', '~> 3.10.0'
|
|
30
30
|
|
|
@@ -32,6 +32,7 @@ module Fluent
|
|
|
32
32
|
config_param :jpd_url, :string, default: ""
|
|
33
33
|
config_param :username, :string, default: ""
|
|
34
34
|
config_param :apikey, :string, default: "", :secret => true
|
|
35
|
+
config_param :token, :string, default: "", :secret => true
|
|
35
36
|
config_param :batch_size, :integer, default: 25
|
|
36
37
|
config_param :wait_interval, :integer, default: 60
|
|
37
38
|
config_param :from_date, :string, default: ""
|
|
@@ -54,9 +55,7 @@ module Fluent
|
|
|
54
55
|
raise Fluent::ConfigError, "Must define the username to use for authentication."
|
|
55
56
|
end
|
|
56
57
|
|
|
57
|
-
if @apikey ==
|
|
58
|
-
raise Fluent::ConfigError, "Must define the API Key to use for authentication."
|
|
59
|
-
end
|
|
58
|
+
raise Fluent::ConfigError, 'Must define the apikey or token for authentication.' if @token == '' && @apikey == ''
|
|
60
59
|
|
|
61
60
|
if @wait_interval < 1
|
|
62
61
|
raise Fluent::ConfigError, "Wait interval must be greater than 1 to wait between pulling new events."
|
|
@@ -94,7 +93,7 @@ module Fluent
|
|
|
94
93
|
end
|
|
95
94
|
date_since = last_created_date
|
|
96
95
|
puts "Getting queries from #{date_since}"
|
|
97
|
-
xray = Xray.new(@jpd_url, @username, @apikey, @wait_interval, @batch_size, @pos_file_path, router, @tag)
|
|
96
|
+
xray = Xray.new(@jpd_url, @username, @apikey, @token, @wait_interval, @batch_size, @pos_file_path, router, @tag)
|
|
98
97
|
violations_channel = xray.violations(date_since)
|
|
99
98
|
xray.violation_details(violations_channel)
|
|
100
99
|
sleep 100
|
data/lib/fluent/plugin/xray.rb
CHANGED
|
@@ -4,10 +4,11 @@ require 'json'
|
|
|
4
4
|
require "fluent/plugin/position_file"
|
|
5
5
|
|
|
6
6
|
class Xray
|
|
7
|
-
def initialize(jpd_url, username, api_key, wait_interval, batch_size, pos_file_path, router, tag)
|
|
7
|
+
def initialize(jpd_url, username, api_key, token, wait_interval, batch_size, pos_file_path, router, tag)
|
|
8
8
|
@jpd_url = jpd_url
|
|
9
9
|
@username = username
|
|
10
10
|
@api_key = api_key
|
|
11
|
+
@token = token
|
|
11
12
|
@wait_interval = wait_interval
|
|
12
13
|
@batch_size = batch_size
|
|
13
14
|
@pos_file_path = pos_file_path
|
|
@@ -48,6 +49,7 @@ class Xray
|
|
|
48
49
|
begin
|
|
49
50
|
detailResp_json = data_normalization(get_violations_detail(xray_violation_detail_url))
|
|
50
51
|
time = Fluent::Engine.now
|
|
52
|
+
puts detailResp_json
|
|
51
53
|
@router.emit(@tag, time, detailResp_json)
|
|
52
54
|
rescue => e
|
|
53
55
|
puts "error: #{e}"
|
|
@@ -56,18 +58,28 @@ class Xray
|
|
|
56
58
|
end
|
|
57
59
|
|
|
58
60
|
def get_violations_detail(xray_violation_detail_url)
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
61
|
+
if !@token.nil? && @token != ''
|
|
62
|
+
response = RestClient::Request.new(
|
|
63
|
+
:method => :get,
|
|
64
|
+
:url => @jpd_url + xray_violation_detail_url[xray_violation_detail_url.index('/xray/'),xray_violation_detail_url.length],
|
|
65
|
+
:headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
|
|
66
|
+
)
|
|
67
|
+
elsif !@api_key.nil? && @api_key != ''
|
|
68
|
+
response = RestClient::Request.new(
|
|
69
|
+
:method => :get,
|
|
70
|
+
:url => @jpd_url + xray_violation_detail_url[xray_violation_detail_url.index('/xray/'),xray_violation_detail_url.length],
|
|
71
|
+
:user => @username,
|
|
72
|
+
:password => @api_key
|
|
73
|
+
)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
response.execute do |response, request, result|
|
|
65
77
|
case response.code
|
|
66
78
|
when 200
|
|
67
79
|
return JSON.parse(response.to_s)
|
|
68
80
|
else
|
|
69
81
|
puts "error: #{response.to_json}"
|
|
70
|
-
raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations."
|
|
82
|
+
raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations details."
|
|
71
83
|
end
|
|
72
84
|
end
|
|
73
85
|
end
|
|
@@ -138,14 +150,24 @@ class Xray
|
|
|
138
150
|
|
|
139
151
|
private
|
|
140
152
|
def get_violations(xray_json)
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
153
|
+
if !@token.nil? && @token != ''
|
|
154
|
+
response = RestClient::Request.new(
|
|
155
|
+
:method => :post,
|
|
156
|
+
:url => @jpd_url + "/xray/api/v1/violations",
|
|
157
|
+
:payload => xray_json.to_json,
|
|
158
|
+
:headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
|
|
159
|
+
)
|
|
160
|
+
elsif !@api_key.nil? && @api_key != ''
|
|
161
|
+
response = RestClient::Request.new(
|
|
162
|
+
:method => :post,
|
|
163
|
+
:url => @jpd_url + "/xray/api/v1/violations",
|
|
164
|
+
:payload => xray_json.to_json,
|
|
165
|
+
:user => @username,
|
|
166
|
+
:password => @api_key,
|
|
167
|
+
:headers => { :accept => :json, :content_type => :json }
|
|
168
|
+
)
|
|
169
|
+
end
|
|
170
|
+
response.execute do |response, request, result|
|
|
149
171
|
case response.code
|
|
150
172
|
when 200
|
|
151
173
|
return JSON.parse(response.to_str)
|
metadata
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-jfrog-siem
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mahitha Byreddy
|
|
8
8
|
- Sudhindra Rao
|
|
9
9
|
- Giridharan Ramasamy
|
|
10
|
-
autorequire:
|
|
10
|
+
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2022-
|
|
13
|
+
date: 2022-12-06 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: bundler
|
|
@@ -75,6 +75,9 @@ dependencies:
|
|
|
75
75
|
- - "~>"
|
|
76
76
|
- !ruby/object:Gem::Version
|
|
77
77
|
version: 1.1.8
|
|
78
|
+
- - "<"
|
|
79
|
+
- !ruby/object:Gem::Version
|
|
80
|
+
version: 1.1.10
|
|
78
81
|
type: :development
|
|
79
82
|
prerelease: false
|
|
80
83
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -82,6 +85,9 @@ dependencies:
|
|
|
82
85
|
- - "~>"
|
|
83
86
|
- !ruby/object:Gem::Version
|
|
84
87
|
version: 1.1.8
|
|
88
|
+
- - "<"
|
|
89
|
+
- !ruby/object:Gem::Version
|
|
90
|
+
version: 1.1.10
|
|
85
91
|
- !ruby/object:Gem::Dependency
|
|
86
92
|
name: concurrent-ruby-edge
|
|
87
93
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -202,7 +208,7 @@ homepage: https://github.com/jfrog/fluent-plugin-jfrog-siem
|
|
|
202
208
|
licenses:
|
|
203
209
|
- Apache-2.0
|
|
204
210
|
metadata: {}
|
|
205
|
-
post_install_message:
|
|
211
|
+
post_install_message:
|
|
206
212
|
rdoc_options: []
|
|
207
213
|
require_paths:
|
|
208
214
|
- lib
|
|
@@ -217,8 +223,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
217
223
|
- !ruby/object:Gem::Version
|
|
218
224
|
version: '0'
|
|
219
225
|
requirements: []
|
|
220
|
-
rubygems_version: 3.1
|
|
221
|
-
signing_key:
|
|
226
|
+
rubygems_version: 3.0.3.1
|
|
227
|
+
signing_key:
|
|
222
228
|
specification_version: 4
|
|
223
229
|
summary: JFrog SIEM fluent input plugin will send the SIEM events from JFrog Xray
|
|
224
230
|
to Fluentd
|