fluent-plugin-jfrog-siem 0.1.7 → 0.1.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +8 -2
  3. data/fluent-plugin-jfrog-siem.gemspec +1 -1
  4. data/lib/fluent/plugin/in_jfrog_siem.rb +27 -17
  5. data/test/plugin/test_in_jfrog_siem.rb +3 -2
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1d5598c727b3f7567c6ca432c96b12252e45387787ed75ec55ce98024f936725
4
- data.tar.gz: e5d9aaed273061f7abbe7c41a337d6346bfac8896ffc88c182888b96770646d8
3
+ metadata.gz: 4e222c0afdaf25a0aa38e4167236c2f06b5c7f9c889ca544f3a05677609c2c1e
4
+ data.tar.gz: '097fd2e7d1b8b0b8394e11efa9abbcfa5d0e67412d3284bdd5c5fe47badde641'
5
5
  SHA512:
6
- metadata.gz: a1b43ff8df04ecf7e89a30632e2174c7a55724b1ae6357ef564d4719ebfec699601ac5dd1936c8275758196ad2c1bfc260262c4f7e3490658c132b5f456eb2ca
7
- data.tar.gz: 0a77aa48d288ad3ca06e3dfe2bef07fff81ad368fd834d686c55a3e39963ce332334389ff2f753692dcf06e65f97a83cc440f66c906f62093ba682fa7d55e232
6
+ metadata.gz: 18b38f238bef87f6e015aa6e6eda87ba58586e6e85ef5f29d58392b91ad1fc5c12da33777ce7b477f222d966df2c5eb7082d1cbe757cc712703adb4511945057
7
+ data.tar.gz: 49a13e9f1aeec783f9e7f35ca9750d3d3c4398d1e6facfa029dbfa6dec8a27d083941e995722cdb7ffa66937fb747bc079fe439e534e5dc23023e7543d56dc4b
data/README.md CHANGED
@@ -68,13 +68,19 @@ Splunk:
68
68
 
69
69
  Splunk setup can be found at [README.](https://github.com/jfrog/log-analytics-splunk/blob/master/README.md)
70
70
  ````text
71
- wget https://raw.githubusercontent.com/jfrog/log-analytics/master/fluentd/plugins/input/fluent-plugin-jfrog-siem/splunk.conf
71
+ wget https://raw.githubusercontent.com/jfrog/log-analytics-splunk/master/siem/splunk_siem.conf
72
72
  ````
73
73
  Elasticsearch:
74
74
 
75
75
  Elasticsearch Kibana setup can be found at [README.](https://github.com/jfrog/log-analytics-elastic/blob/master/README.md)
76
76
  ````text
77
- wget https://raw.githubusercontent.com/jfrog/log-analytics/master/fluentd/plugins/input/fluent-plugin-jfrog-siem/elastic.conf
77
+ wget https://raw.githubusercontent.com/jfrog/log-analytics-elastic/master/siem/elastic_siem.conf
78
+ ````
79
+ Datadog:
80
+
81
+ Datadog setup can be found at [README.](https://github.com/jfrog/log-analytics-datadog/blob/master/README.md)
82
+ ````text
83
+ wget https://raw.githubusercontent.com/jfrog/log-analytics-datadog/master/siem/datadog_siem.conf
78
84
  ````
79
85
 
80
86
  #### Configuration parameters
data/fluent-plugin-jfrog-siem.gemspec CHANGED
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
3
 
4
4
  Gem::Specification.new do |spec|
5
5
  spec.name = "fluent-plugin-jfrog-siem"
6
- spec.version = "0.1.7"
6
+ spec.version = "0.1.8"
7
7
  spec.authors = ["John Peterson", "Mahitha Byreddy"]
8
8
  spec.email = ["johnp@jfrog.com", "mahithab@jfrog.com"]
9
9
 
data/lib/fluent/plugin/in_jfrog_siem.rb CHANGED
@@ -30,7 +30,8 @@ module Fluent
30
30
  # `:default` means that the parameter is optional.
31
31
  config_param :tag, :string, default: ""
32
32
  config_param :jpd_url, :string, default: ""
33
- config_param :access_token, :string, default: ""
33
+ config_param :username, :string, default: ""
34
+ config_param :apikey, :string, default: ""
34
35
  config_param :pos_file, :string, default: ""
35
36
  config_param :batch_size, :integer, default: 25
36
37
  config_param :thread_count, :integer, default: 5
@@ -50,8 +51,12 @@ module Fluent
50
51
  raise Fluent::ConfigError, "Must define the JPD URL to pull Xray SIEM violations."
51
52
  end
52
53
 
53
- if @access_token == ""
54
- raise Fluent::ConfigError, "Must define the access token to use for authentication."
54
+ if @username == ""
55
+ raise Fluent::ConfigError, "Must define the username to use for authentication."
56
+ end
57
+
58
+ if @apikey == ""
59
+ raise Fluent::ConfigError, "Must define the API Key to use for authentication."
55
60
  end
56
61
 
57
62
  if @pos_file == ""
@@ -89,7 +94,7 @@ module Fluent
89
94
 
90
95
 
91
96
  def run
92
- call_home(@jpd_url, @access_token)
97
+ call_home(@jpd_url)
93
98
  # runs the violation pull
94
99
  last_created_date_string = get_last_item_create_date()
95
100
  begin
@@ -104,7 +109,7 @@ module Fluent
104
109
 
105
110
  while true
106
111
  # Grab the batch of records
107
- resp=get_xray_violations(xray_json, @jpd_url, @access_token)
112
+ resp=get_xray_violations(xray_json, @jpd_url)
108
113
  number_of_violations = JSON.parse(resp)['total_violations']
109
114
  if left_violations <= 0
110
115
  left_violations = number_of_violations
@@ -159,7 +164,7 @@ module Fluent
159
164
  thread_pool = Thread.pool(thread_count)
160
165
  thread_pool.process {
161
166
  for xray_violation_url in xray_violation_urls_list do
162
- pull_violation_details(xray_violation_url, @access_token)
167
+ pull_violation_details(xray_violation_url)
163
168
  end
164
169
  }
165
170
  thread_pool.shutdown
@@ -188,48 +193,53 @@ module Fluent
188
193
  end
189
194
 
190
195
  #call home functionality
191
- def call_home(jpd_url, access_token)
196
+ def call_home(jpd_url)
192
197
  call_home_json = { "productId": "jfrogLogAnalytics/v0.5.1", "features": [ { "featureId": "Platform/Xray" }, { "featureId": "Channel/xrayeventsiem" } ] }
193
198
  response = RestClient::Request.new(
194
199
  :method => :post,
195
200
  :url => jpd_url + "/artifactory/api/system/usage",
196
201
  :payload => call_home_json.to_json,
197
- :headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + access_token }
202
+ :user => @username,
203
+ :password => @apikey,
204
+ :headers => { :accept => :json, :content_type => :json}
198
205
  ).execute do |response, request, result|
199
206
  puts "Posting call home information"
200
207
  end
201
208
  end
202
209
 
203
210
  # queries the xray API for violations based upon the input json
204
- def get_xray_violations_detail(xray_violation_detail_url, access_token)
211
+ def get_xray_violations_detail(xray_violation_detail_url)
205
212
  response = RestClient::Request.new(
206
213
  :method => :get,
207
214
  :url => xray_violation_detail_url,
208
- headers: {Authorization:'Bearer ' + access_token}
215
+ :user => @username,
216
+ :password => @apikey
209
217
  ).execute do |response, request, result|
210
218
  case response.code
211
219
  when 200
212
220
  return response.to_str
213
221
  else
214
- raise Fluent::StandardError, "Cannot reach Artifactory URL to pull Xray SIEM violations."
222
+ raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations."
215
223
  end
216
224
  end
217
225
  end
218
226
 
219
227
 
220
228
  # queries the xray API for violations based upon the input json
221
- def get_xray_violations(xray_json, jpd_url, access_token)
229
+ def get_xray_violations(xray_json, jpd_url)
222
230
  response = RestClient::Request.new(
223
231
  :method => :post,
224
232
  :url => jpd_url + "/xray/api/v1/violations",
225
233
  :payload => xray_json.to_json,
226
- :headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + access_token }
234
+ :user => @username,
235
+ :password => @apikey,
236
+ :headers => { :accept => :json, :content_type => :json}
227
237
  ).execute do |response, request, result|
228
238
  case response.code
229
239
  when 200
230
240
  return response.to_str
231
241
  else
232
- raise Fluent::StandardError, "Cannot reach Artifactory URL to pull Xray SIEM violations."
242
+ raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations."
233
243
  end
234
244
  end
235
245
  end
@@ -295,14 +305,14 @@ module Fluent
295
305
  return detailResp_json
296
306
  end
297
307
 
298
- def pull_violation_details(xray_violation_detail_url, access_token)
308
+ def pull_violation_details(xray_violation_detail_url)
299
309
  begin
300
- detailResp=get_xray_violations_detail(xray_violation_detail_url, access_token)
310
+ detailResp=get_xray_violations_detail(xray_violation_detail_url)
301
311
  time = Fluent::Engine.now
302
312
  detailResp_json = data_normalization(detailResp)
303
313
  router.emit(@tag, time, detailResp_json)
304
314
  rescue
305
- raise Fluent::StandardError, "Error pulling violation details url #{xray_violation_detail_url}"
315
+ raise Fluent::ConfigError, "Error pulling violation details url #{xray_violation_detail_url}"
306
316
  end
307
317
  end
308
318
 
data/test/plugin/test_in_jfrog_siem.rb CHANGED
@@ -13,8 +13,9 @@ class JfrogSiemInputTest < Test::Unit::TestCase
13
13
  # Default configuration for tests
14
14
  CONFIG = %[
15
15
  tag "test_tag"
16
- jpd_url <jpd_url>
17
- access_token <access_token>
16
+ jpd_url JPD_URL
17
+ username USER
18
+ apikey API_KEY
18
19
  pos_file "test_pos.txt"
19
20
  ]
20
21
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-jfrog-siem
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.7
4
+ version: 0.1.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Peterson
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-04-21 00:00:00.000000000 Z
12
+ date: 2021-05-10 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler