fluent-plugin-jfrog-siem 0.1.7 → 0.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +8 -2
  3. data/fluent-plugin-jfrog-siem.gemspec +1 -1
  4. data/lib/fluent/plugin/in_jfrog_siem.rb +27 -17
  5. data/test/plugin/test_in_jfrog_siem.rb +3 -2
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1d5598c727b3f7567c6ca432c96b12252e45387787ed75ec55ce98024f936725
4
- data.tar.gz: e5d9aaed273061f7abbe7c41a337d6346bfac8896ffc88c182888b96770646d8
3
+ metadata.gz: 4e222c0afdaf25a0aa38e4167236c2f06b5c7f9c889ca544f3a05677609c2c1e
4
+ data.tar.gz: '097fd2e7d1b8b0b8394e11efa9abbcfa5d0e67412d3284bdd5c5fe47badde641'
5
5
  SHA512:
6
- metadata.gz: a1b43ff8df04ecf7e89a30632e2174c7a55724b1ae6357ef564d4719ebfec699601ac5dd1936c8275758196ad2c1bfc260262c4f7e3490658c132b5f456eb2ca
7
- data.tar.gz: 0a77aa48d288ad3ca06e3dfe2bef07fff81ad368fd834d686c55a3e39963ce332334389ff2f753692dcf06e65f97a83cc440f66c906f62093ba682fa7d55e232
6
+ metadata.gz: 18b38f238bef87f6e015aa6e6eda87ba58586e6e85ef5f29d58392b91ad1fc5c12da33777ce7b477f222d966df2c5eb7082d1cbe757cc712703adb4511945057
7
+ data.tar.gz: 49a13e9f1aeec783f9e7f35ca9750d3d3c4398d1e6facfa029dbfa6dec8a27d083941e995722cdb7ffa66937fb747bc079fe439e534e5dc23023e7543d56dc4b
data/README.md CHANGED
@@ -68,13 +68,19 @@ Splunk:
68
68
 
69
69
  Splunk setup can be found at [README.](https://github.com/jfrog/log-analytics-splunk/blob/master/README.md)
70
70
  ````text
71
- wget https://raw.githubusercontent.com/jfrog/log-analytics/master/fluentd/plugins/input/fluent-plugin-jfrog-siem/splunk.conf
71
+ wget https://raw.githubusercontent.com/jfrog/log-analytics-splunk/master/siem/splunk_siem.conf
72
72
  ````
73
73
  Elasticsearch:
74
74
 
75
75
  Elasticsearch Kibana setup can be found at [README.](https://github.com/jfrog/log-analytics-elastic/blob/master/README.md)
76
76
  ````text
77
- wget https://raw.githubusercontent.com/jfrog/log-analytics/master/fluentd/plugins/input/fluent-plugin-jfrog-siem/elastic.conf
77
+ wget https://raw.githubusercontent.com/jfrog/log-analytics-elastic/master/siem/elastic_siem.conf
78
+ ````
79
+ Datadog:
80
+
81
+ Datadog setup can be found at [README.](https://github.com/jfrog/log-analytics-datadog/blob/master/README.md)
82
+ ````text
83
+ wget https://raw.githubusercontent.com/jfrog/log-analytics-datadog/master/siem/datadog_siem.conf
78
84
  ````
79
85
 
80
86
  #### Configuration parameters
data/fluent-plugin-jfrog-siem.gemspec CHANGED
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
3
 
4
4
  Gem::Specification.new do |spec|
5
5
  spec.name = "fluent-plugin-jfrog-siem"
6
- spec.version = "0.1.7"
6
+ spec.version = "0.1.8"
7
7
  spec.authors = ["John Peterson", "Mahitha Byreddy"]
8
8
  spec.email = ["johnp@jfrog.com", "mahithab@jfrog.com"]
9
9
 
data/lib/fluent/plugin/in_jfrog_siem.rb CHANGED
@@ -30,7 +30,8 @@ module Fluent
30
30
  # `:default` means that the parameter is optional.
31
31
  config_param :tag, :string, default: ""
32
32
  config_param :jpd_url, :string, default: ""
33
- config_param :access_token, :string, default: ""
33
+ config_param :username, :string, default: ""
34
+ config_param :apikey, :string, default: ""
34
35
  config_param :pos_file, :string, default: ""
35
36
  config_param :batch_size, :integer, default: 25
36
37
  config_param :thread_count, :integer, default: 5
@@ -50,8 +51,12 @@ module Fluent
50
51
  raise Fluent::ConfigError, "Must define the JPD URL to pull Xray SIEM violations."
51
52
  end
52
53
 
53
- if @access_token == ""
54
- raise Fluent::ConfigError, "Must define the access token to use for authentication."
54
+ if @username == ""
55
+ raise Fluent::ConfigError, "Must define the username to use for authentication."
56
+ end
57
+
58
+ if @apikey == ""
59
+ raise Fluent::ConfigError, "Must define the API Key to use for authentication."
55
60
  end
56
61
 
57
62
  if @pos_file == ""
@@ -89,7 +94,7 @@ module Fluent
89
94
 
90
95
 
91
96
  def run
92
- call_home(@jpd_url, @access_token)
97
+ call_home(@jpd_url)
93
98
  # runs the violation pull
94
99
  last_created_date_string = get_last_item_create_date()
95
100
  begin
@@ -104,7 +109,7 @@ module Fluent
104
109
 
105
110
  while true
106
111
  # Grab the batch of records
107
- resp=get_xray_violations(xray_json, @jpd_url, @access_token)
112
+ resp=get_xray_violations(xray_json, @jpd_url)
108
113
  number_of_violations = JSON.parse(resp)['total_violations']
109
114
  if left_violations <= 0
110
115
  left_violations = number_of_violations
@@ -159,7 +164,7 @@ module Fluent
159
164
  thread_pool = Thread.pool(thread_count)
160
165
  thread_pool.process {
161
166
  for xray_violation_url in xray_violation_urls_list do
162
- pull_violation_details(xray_violation_url, @access_token)
167
+ pull_violation_details(xray_violation_url)
163
168
  end
164
169
  }
165
170
  thread_pool.shutdown
@@ -188,48 +193,53 @@ module Fluent
188
193
  end
189
194
 
190
195
  #call home functionality
191
- def call_home(jpd_url, access_token)
196
+ def call_home(jpd_url)
192
197
  call_home_json = { "productId": "jfrogLogAnalytics/v0.5.1", "features": [ { "featureId": "Platform/Xray" }, { "featureId": "Channel/xrayeventsiem" } ] }
193
198
  response = RestClient::Request.new(
194
199
  :method => :post,
195
200
  :url => jpd_url + "/artifactory/api/system/usage",
196
201
  :payload => call_home_json.to_json,
197
- :headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + access_token }
202
+ :user => @username,
203
+ :password => @apikey,
204
+ :headers => { :accept => :json, :content_type => :json}
198
205
  ).execute do |response, request, result|
199
206
  puts "Posting call home information"
200
207
  end
201
208
  end
202
209
 
203
210
  # queries the xray API for violations based upon the input json
204
- def get_xray_violations_detail(xray_violation_detail_url, access_token)
211
+ def get_xray_violations_detail(xray_violation_detail_url)
205
212
  response = RestClient::Request.new(
206
213
  :method => :get,
207
214
  :url => xray_violation_detail_url,
208
- headers: {Authorization:'Bearer ' + access_token}
215
+ :user => @username,
216
+ :password => @apikey
209
217
  ).execute do |response, request, result|
210
218
  case response.code
211
219
  when 200
212
220
  return response.to_str
213
221
  else
214
- raise Fluent::StandardError, "Cannot reach Artifactory URL to pull Xray SIEM violations."
222
+ raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations."
215
223
  end
216
224
  end
217
225
  end
218
226
 
219
227
 
220
228
  # queries the xray API for violations based upon the input json
221
- def get_xray_violations(xray_json, jpd_url, access_token)
229
+ def get_xray_violations(xray_json, jpd_url)
222
230
  response = RestClient::Request.new(
223
231
  :method => :post,
224
232
  :url => jpd_url + "/xray/api/v1/violations",
225
233
  :payload => xray_json.to_json,
226
- :headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + access_token }
234
+ :user => @username,
235
+ :password => @apikey,
236
+ :headers => { :accept => :json, :content_type => :json}
227
237
  ).execute do |response, request, result|
228
238
  case response.code
229
239
  when 200
230
240
  return response.to_str
231
241
  else
232
- raise Fluent::StandardError, "Cannot reach Artifactory URL to pull Xray SIEM violations."
242
+ raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations."
233
243
  end
234
244
  end
235
245
  end
@@ -295,14 +305,14 @@ module Fluent
295
305
  return detailResp_json
296
306
  end
297
307
 
298
- def pull_violation_details(xray_violation_detail_url, access_token)
308
+ def pull_violation_details(xray_violation_detail_url)
299
309
  begin
300
- detailResp=get_xray_violations_detail(xray_violation_detail_url, access_token)
310
+ detailResp=get_xray_violations_detail(xray_violation_detail_url)
301
311
  time = Fluent::Engine.now
302
312
  detailResp_json = data_normalization(detailResp)
303
313
  router.emit(@tag, time, detailResp_json)
304
314
  rescue
305
- raise Fluent::StandardError, "Error pulling violation details url #{xray_violation_detail_url}"
315
+ raise Fluent::ConfigError, "Error pulling violation details url #{xray_violation_detail_url}"
306
316
  end
307
317
  end
308
318
 
data/test/plugin/test_in_jfrog_siem.rb CHANGED
@@ -13,8 +13,9 @@ class JfrogSiemInputTest < Test::Unit::TestCase
13
13
  # Default configuration for tests
14
14
  CONFIG = %[
15
15
  tag "test_tag"
16
- jpd_url <jpd_url>
17
- access_token <access_token>
16
+ jpd_url JPD_URL
17
+ username USER
18
+ apikey API_KEY
18
19
  pos_file "test_pos.txt"
19
20
  ]
20
21
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-jfrog-siem
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.7
4
+ version: 0.1.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Peterson
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-04-21 00:00:00.000000000 Z
12
+ date: 2021-05-10 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler