fluent-plugin-jfrog-siem 2.0.3 → 2.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -1
- data/fluent-plugin-jfrog-siem.gemspec +1 -1
- data/lib/fluent/plugin/in_jfrog_siem.rb +3 -4
- data/lib/fluent/plugin/xray.rb +38 -16
- data/test/plugin/test_in_jfrog_siem.rb +3 -3
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 307868a474983029bc88e801672e271082888317c76a5004098fb5a5a96d632d
|
4
|
+
data.tar.gz: 7528bd2ac402a909542fd8538faf91d359f549ae878d871af70aa0181aafb5ed
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b58f40d97e2198fd597ab71ac5963fb16bd6acd8e765667bd5dce1be6ddda00f0a88a50f33891ed6267473586c228f0d48594916df1f8d34622ee4a1233c60f8
|
7
|
+
data.tar.gz: c7fbfe6e8bf62edd79d8775dc038cdf3411bdf3981a1253480659c954d7de0a4793e51f58b993d4f06d12e37f23bf2db6c3ab425df84bac7e84181070c4f2b39
|
data/README.md
CHANGED
@@ -87,7 +87,8 @@ wget https://raw.githubusercontent.com/jfrog/log-analytics-datadog/master/siem/d
|
|
87
87
|
Integration is done by setting up Xray. Obtain JPD url and access token for API. Configure the source directive parameters specified below
|
88
88
|
* **tag** (string) (required): The value is the tag assigned to the generated events.
|
89
89
|
* **jpd_url** (string) (required): JPD url required to pull Xray SIEM violations
|
90
|
-
* **apikey** (string)
|
90
|
+
* **apikey** (string): API Key is the [Artifactory API Key](https://www.jfrog.com/confluence/display/JFROG/User+Profile#UserProfile-APIKey) for authentication
|
91
|
+
* **token** (string): [Access token](https://www.jfrog.com/confluence/display/JFROG/Access+Tokens) to authenticate Xray
|
91
92
|
* **username** (string) (required): USER is the Artifactory username for authentication
|
92
93
|
* **pos_file** (string) (required): Position file to record last SIEM violation pulled
|
93
94
|
* **batch_size** (integer) (optional): Batch size for processing violations
|
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
3
3
|
|
4
4
|
Gem::Specification.new do |spec|
|
5
5
|
spec.name = "fluent-plugin-jfrog-siem"
|
6
|
-
spec.version = "2.0.
|
6
|
+
spec.version = "2.0.4"
|
7
7
|
spec.authors = ["Mahitha Byreddy", "Sudhindra Rao","Giridharan Ramasamy"]
|
8
8
|
spec.email = ["mahithab@jfrog.com", "sudhindrar@jfrog.com", "girir@jfrog.com"]
|
9
9
|
|
@@ -32,6 +32,7 @@ module Fluent
|
|
32
32
|
config_param :jpd_url, :string, default: ""
|
33
33
|
config_param :username, :string, default: ""
|
34
34
|
config_param :apikey, :string, default: "", :secret => true
|
35
|
+
config_param :token, :string, default: "", :secret => true
|
35
36
|
config_param :batch_size, :integer, default: 25
|
36
37
|
config_param :wait_interval, :integer, default: 60
|
37
38
|
config_param :from_date, :string, default: ""
|
@@ -54,9 +55,7 @@ module Fluent
|
|
54
55
|
raise Fluent::ConfigError, "Must define the username to use for authentication."
|
55
56
|
end
|
56
57
|
|
57
|
-
if @apikey ==
|
58
|
-
raise Fluent::ConfigError, "Must define the API Key to use for authentication."
|
59
|
-
end
|
58
|
+
raise Fluent::ConfigError, 'Must define the apikey or token for authentication.' if @token == '' && @apikey == ''
|
60
59
|
|
61
60
|
if @wait_interval < 1
|
62
61
|
raise Fluent::ConfigError, "Wait interval must be greater than 1 to wait between pulling new events."
|
@@ -94,7 +93,7 @@ module Fluent
|
|
94
93
|
end
|
95
94
|
date_since = last_created_date
|
96
95
|
puts "Getting queries from #{date_since}"
|
97
|
-
xray = Xray.new(@jpd_url, @username, @apikey, @wait_interval, @batch_size, @pos_file_path, router, @tag)
|
96
|
+
xray = Xray.new(@jpd_url, @username, @apikey, @token, @wait_interval, @batch_size, @pos_file_path, router, @tag)
|
98
97
|
violations_channel = xray.violations(date_since)
|
99
98
|
xray.violation_details(violations_channel)
|
100
99
|
sleep 100
|
data/lib/fluent/plugin/xray.rb
CHANGED
@@ -4,10 +4,11 @@ require 'json'
|
|
4
4
|
require "fluent/plugin/position_file"
|
5
5
|
|
6
6
|
class Xray
|
7
|
-
def initialize(jpd_url, username, api_key, wait_interval, batch_size, pos_file_path, router, tag)
|
7
|
+
def initialize(jpd_url, username, api_key, token, wait_interval, batch_size, pos_file_path, router, tag)
|
8
8
|
@jpd_url = jpd_url
|
9
9
|
@username = username
|
10
10
|
@api_key = api_key
|
11
|
+
@token = token
|
11
12
|
@wait_interval = wait_interval
|
12
13
|
@batch_size = batch_size
|
13
14
|
@pos_file_path = pos_file_path
|
@@ -48,6 +49,7 @@ class Xray
|
|
48
49
|
begin
|
49
50
|
detailResp_json = data_normalization(get_violations_detail(xray_violation_detail_url))
|
50
51
|
time = Fluent::Engine.now
|
52
|
+
puts detailResp_json
|
51
53
|
@router.emit(@tag, time, detailResp_json)
|
52
54
|
rescue => e
|
53
55
|
puts "error: #{e}"
|
@@ -56,18 +58,28 @@ class Xray
|
|
56
58
|
end
|
57
59
|
|
58
60
|
def get_violations_detail(xray_violation_detail_url)
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
61
|
+
if !@token.nil? && @token != ''
|
62
|
+
response = RestClient::Request.new(
|
63
|
+
:method => :get,
|
64
|
+
:url => @jpd_url + xray_violation_detail_url[xray_violation_detail_url.index('/xray/'),xray_violation_detail_url.length],
|
65
|
+
:headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
|
66
|
+
)
|
67
|
+
elsif !@api_key.nil? && @api_key != ''
|
68
|
+
response = RestClient::Request.new(
|
69
|
+
:method => :get,
|
70
|
+
:url => @jpd_url + xray_violation_detail_url[xray_violation_detail_url.index('/xray/'),xray_violation_detail_url.length],
|
71
|
+
:user => @username,
|
72
|
+
:password => @api_key
|
73
|
+
)
|
74
|
+
end
|
75
|
+
|
76
|
+
response.execute do |response, request, result|
|
65
77
|
case response.code
|
66
78
|
when 200
|
67
79
|
return JSON.parse(response.to_s)
|
68
80
|
else
|
69
81
|
puts "error: #{response.to_json}"
|
70
|
-
raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations."
|
82
|
+
raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations details."
|
71
83
|
end
|
72
84
|
end
|
73
85
|
end
|
@@ -138,14 +150,24 @@ class Xray
|
|
138
150
|
|
139
151
|
private
|
140
152
|
def get_violations(xray_json)
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
153
|
+
if !@token.nil? && @token != ''
|
154
|
+
response = RestClient::Request.new(
|
155
|
+
:method => :post,
|
156
|
+
:url => @jpd_url + "/xray/api/v1/violations",
|
157
|
+
:payload => xray_json.to_json,
|
158
|
+
:headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
|
159
|
+
)
|
160
|
+
elsif !@api_key.nil? && @api_key != ''
|
161
|
+
response = RestClient::Request.new(
|
162
|
+
:method => :post,
|
163
|
+
:url => @jpd_url + "/xray/api/v1/violations",
|
164
|
+
:payload => xray_json.to_json,
|
165
|
+
:user => @username,
|
166
|
+
:password => @api_key,
|
167
|
+
:headers => { :accept => :json, :content_type => :json }
|
168
|
+
)
|
169
|
+
end
|
170
|
+
response.execute do |response, request, result|
|
149
171
|
case response.code
|
150
172
|
when 200
|
151
173
|
return JSON.parse(response.to_str)
|
@@ -13,10 +13,10 @@ class JfrogSiemInputTest < Test::Unit::TestCase
|
|
13
13
|
# Default configuration for tests
|
14
14
|
CONFIG = %[
|
15
15
|
tag "jfrog.xray.siem.vulnerabilities"
|
16
|
-
jpd_url "
|
16
|
+
jpd_url "http://34.83.118.33"
|
17
17
|
username "admin"
|
18
|
-
apikey "
|
19
|
-
pos_file_path "
|
18
|
+
apikey "AKCp8nyNhxdAisCXoS5ktgrrcWkLGJbsCU8RkSS4xxMH5DQcxttm4k4G7KbkUhmcFxJizXLFF"
|
19
|
+
pos_file_path "/Users/mahithab/Jfrog/fluent-plugin-jfrog-siem/fluentd/plugins/input/fluent-plugin-jfrog-siem/"
|
20
20
|
wait_interval 10
|
21
21
|
from_date "2016-01-01"
|
22
22
|
batch_size 25
|
metadata
CHANGED
@@ -1,16 +1,16 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-jfrog-siem
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mahitha Byreddy
|
8
8
|
- Sudhindra Rao
|
9
9
|
- Giridharan Ramasamy
|
10
|
-
autorequire:
|
10
|
+
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2022-
|
13
|
+
date: 2022-12-05 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: bundler
|
@@ -202,7 +202,7 @@ homepage: https://github.com/jfrog/fluent-plugin-jfrog-siem
|
|
202
202
|
licenses:
|
203
203
|
- Apache-2.0
|
204
204
|
metadata: {}
|
205
|
-
post_install_message:
|
205
|
+
post_install_message:
|
206
206
|
rdoc_options: []
|
207
207
|
require_paths:
|
208
208
|
- lib
|
@@ -217,8 +217,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
217
217
|
- !ruby/object:Gem::Version
|
218
218
|
version: '0'
|
219
219
|
requirements: []
|
220
|
-
rubygems_version: 3.1
|
221
|
-
signing_key:
|
220
|
+
rubygems_version: 3.0.3.1
|
221
|
+
signing_key:
|
222
222
|
specification_version: 4
|
223
223
|
summary: JFrog SIEM fluent input plugin will send the SIEM events from JFrog Xray
|
224
224
|
to Fluentd
|