fluent-plugin-jfrog-siem 2.0.3 → 2.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 76d23b95fd222cac88bfbd167fbf6d493b9aae3430c16cf130b4ed58416cdeb8
-  data.tar.gz: 98e8252cf0d65c4334b263d4d06deec94f9813c442da6b9eed1e1c50aa899add
+  metadata.gz: 602f632100f31aa06677f7f5ce98def8d1e51aa43d883cc18e6c8495f80b79dc
+  data.tar.gz: 8d28142729182b919f69ce6893928477e605aa658ae09f816f0d3f6e5dedace6
 SHA512:
-  metadata.gz: d2944a1d52eedc69d7a681cd4121f42f8e5bb963339186bfa71b57da5eacae2268d12123fa7b2a4fc20998e81354f1b63ad86d0d80f891873ad7abe9ceff890e
-  data.tar.gz: 28223be2c6646a5878330df60c4f6803c7ed534b13c12204af11804dc68494a97af18d6a95fc5c5c8d70679867b0ad35f71a2a2cb01a0024be0e7b8129d56cd6
+  metadata.gz: 3b1e9b8c84c67e39bcc5eb935ff498bda659f1ee360caf2967b062e3b24a1874308beb831f9fcd57b985c0eb7dd865b286064eeba1ccc7f93b70f2864a87dc51
+  data.tar.gz: 4955cc838617021f7c3c84268af0840cee892ce17fdeafbaa41e67127fd08685cb0d20961c57d47c9b96a76b3d6371ad6ddb9b7ec5de27439a402439c97ff5b1

data/README.md

@@ -87,7 +87,8 @@ wget https://raw.githubusercontent.com/jfrog/log-analytics-datadog/master/siem/d
 Integration is done by setting up Xray. Obtain JPD url and access token for API. Configure the source directive parameters specified below
 * **tag** (string) (required): The value is the tag assigned to the generated events.
 * **jpd_url** (string) (required): JPD url required to pull Xray SIEM violations
-* **apikey** (string) (required): API Key is the [Artifactory API Key](https://www.jfrog.com/confluence/display/JFROG/User+Profile#UserProfile-APIKey) for authentication
+* **apikey** (string): API Key is the [Artifactory API Key](https://www.jfrog.com/confluence/display/JFROG/User+Profile#UserProfile-APIKey) for authentication
+* **token** (string): [Access token](https://www.jfrog.com/confluence/display/JFROG/Access+Tokens) to authenticate Xray
 * **username** (string) (required): USER is the Artifactory username for authentication
 * **pos_file** (string) (required): Position file to record last SIEM violation pulled
 * **batch_size** (integer) (optional): Batch size for processing violations

data/fluent-plugin-jfrog-siem.gemspec

@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name    = "fluent-plugin-jfrog-siem"
-  spec.version = "2.0.3"
+  spec.version = "2.0.5"
   spec.authors = ["Mahitha Byreddy", "Sudhindra Rao","Giridharan Ramasamy"]
   spec.email   = ["mahithab@jfrog.com", "sudhindrar@jfrog.com", "girir@jfrog.com"]
 
@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rake", "~> 12.0"
   spec.add_development_dependency "test-unit", "~> 3.0"
   spec.add_development_dependency "rest-client", "~> 2.0"
-  spec.add_development_dependency "concurrent-ruby", "~> 1.1.8"
+  spec.add_development_dependency "concurrent-ruby", "~> 1.1.8" , "< 1.1.10"
   spec.add_development_dependency "concurrent-ruby-edge", '>= 0'
   spec.add_development_dependency 'rspec', '~> 3.10.0'
 

data/lib/fluent/plugin/in_jfrog_siem.rb

@@ -32,6 +32,7 @@ module Fluent
       config_param :jpd_url, :string, default: ""
       config_param :username, :string, default: ""
       config_param :apikey, :string, default: "", :secret => true
+      config_param :token, :string, default: "", :secret => true
       config_param :batch_size, :integer, default: 25
       config_param :wait_interval, :integer, default: 60
       config_param :from_date, :string, default: ""
@@ -54,9 +55,7 @@ module Fluent
           raise Fluent::ConfigError, "Must define the username to use for authentication."
         end
 
-        if @apikey == ""
-          raise Fluent::ConfigError, "Must define the API Key to use for authentication."
-        end
+        raise Fluent::ConfigError, 'Must define the apikey or token for authentication.' if @token == '' &&  @apikey == ''
 
         if @wait_interval < 1
           raise Fluent::ConfigError, "Wait interval must be greater than 1 to wait between pulling new events."
@@ -94,7 +93,7 @@ module Fluent
         end
         date_since = last_created_date
         puts "Getting queries from #{date_since}"
-        xray = Xray.new(@jpd_url, @username, @apikey, @wait_interval, @batch_size, @pos_file_path, router, @tag)
+        xray = Xray.new(@jpd_url, @username, @apikey, @token, @wait_interval, @batch_size, @pos_file_path, router, @tag)
         violations_channel = xray.violations(date_since)
         xray.violation_details(violations_channel)
         sleep 100

data/lib/fluent/plugin/xray.rb

@@ -4,10 +4,11 @@ require 'json'
 require "fluent/plugin/position_file"
 
 class Xray
-  def initialize(jpd_url, username, api_key, wait_interval, batch_size, pos_file_path, router, tag)
+  def initialize(jpd_url, username, api_key, token, wait_interval, batch_size, pos_file_path, router, tag)
     @jpd_url = jpd_url
     @username = username
     @api_key = api_key
+    @token = token
     @wait_interval = wait_interval
     @batch_size = batch_size
     @pos_file_path = pos_file_path
@@ -48,6 +49,7 @@ class Xray
     begin
       detailResp_json = data_normalization(get_violations_detail(xray_violation_detail_url))
       time = Fluent::Engine.now
+      puts detailResp_json
       @router.emit(@tag, time, detailResp_json)
     rescue => e
       puts "error: #{e}"
@@ -56,18 +58,28 @@ class Xray
   end
 
   def get_violations_detail(xray_violation_detail_url)
-    response = RestClient::Request.new(
-        :method => :get,
-        :url => @jpd_url + xray_violation_detail_url[xray_violation_detail_url.index('/xray/'),xray_violation_detail_url.length],
-        :user => @username,
-        :password => @api_key
-    ).execute do |response, request, result|
+    if !@token.nil? && @token != ''
+      response = RestClient::Request.new(
+          :method => :get,
+          :url => @jpd_url + xray_violation_detail_url[xray_violation_detail_url.index('/xray/'),xray_violation_detail_url.length],
+          :headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
+      )
+    elsif !@api_key.nil? && @api_key != ''
+      response = RestClient::Request.new(
+          :method => :get,
+          :url => @jpd_url + xray_violation_detail_url[xray_violation_detail_url.index('/xray/'),xray_violation_detail_url.length],
+          :user => @username,
+          :password => @api_key
+      )
+    end
+
+    response.execute do |response, request, result|
       case response.code
       when 200
         return JSON.parse(response.to_s)
       else
         puts "error: #{response.to_json}"
-        raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations."
+        raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations details."
       end
     end
   end
@@ -138,14 +150,24 @@ class Xray
 
   private
   def get_violations(xray_json)
-    response = RestClient::Request.new(
-        :method => :post,
-        :url => @jpd_url + "/xray/api/v1/violations",
-        :payload => xray_json.to_json,
-        :user => @username,
-        :password => @api_key,
-        :headers => { :accept => :json, :content_type => :json }
-    ).execute do |response, request, result|
+    if !@token.nil? && @token != ''
+      response = RestClient::Request.new(
+          :method => :post,
+          :url => @jpd_url + "/xray/api/v1/violations",
+          :payload => xray_json.to_json,
+          :headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
+      )
+    elsif !@api_key.nil? && @api_key != ''
+      response = RestClient::Request.new(
+          :method => :post,
+          :url => @jpd_url + "/xray/api/v1/violations",
+          :payload => xray_json.to_json,
+          :user => @username,
+          :password => @api_key,
+          :headers => { :accept => :json, :content_type => :json }
+      )
+    end
+    response.execute do |response, request, result|
       case response.code
       when 200
         return JSON.parse(response.to_str)

data/test/plugin/test_in_jfrog_siem.rb

@@ -38,4 +38,4 @@ class JfrogSiemInputTest < Test::Unit::TestCase
       end
     end
   end
-end
+end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-jfrog-siem
 version: !ruby/object:Gem::Version
-  version: 2.0.3
+  version: 2.0.5
 platform: ruby
 authors:
 - Mahitha Byreddy
 - Sudhindra Rao
 - Giridharan Ramasamy
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-03-16 00:00:00.000000000 Z
+date: 2022-12-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -75,6 +75,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.1.8
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.1.10
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -82,6 +85,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.1.8
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.1.10
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby-edge
   requirement: !ruby/object:Gem::Requirement
@@ -202,7 +208,7 @@ homepage: https://github.com/jfrog/fluent-plugin-jfrog-siem
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -217,8 +223,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
-signing_key:
+rubygems_version: 3.0.3.1
+signing_key: 
 specification_version: 4
 summary: JFrog SIEM fluent input plugin will send the SIEM events from JFrog Xray
   to Fluentd