lita-alertlogic 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +18 -0
- data/.rspec +1 -0
- data/.rubocop.yml +18 -0
- data/.travis.yml +8 -0
- data/Gemfile +6 -0
- data/LICENSE +19 -0
- data/README.md +100 -0
- data/Rakefile +6 -0
- data/lib/alertlogic_helper/agents.rb +107 -0
- data/lib/alertlogic_helper/api.rb +53 -0
- data/lib/alertlogic_helper/appliances.rb +27 -0
- data/lib/alertlogic_helper/common.rb +33 -0
- data/lib/alertlogic_helper/customer.rb +78 -0
- data/lib/alertlogic_helper/incidents.rb +29 -0
- data/lib/alertlogic_helper/log_manager.rb +121 -0
- data/lib/alertlogic_helper/threat_manager.rb +173 -0
- data/lib/lita-alertlogic.rb +20 -0
- data/lib/lita/handlers/alertlogic_customer.rb +60 -0
- data/lib/lita/handlers/alertlogic_incidents.rb +43 -0
- data/lib/lita/handlers/alertlogic_log_manager.rb +197 -0
- data/lib/lita/handlers/alertlogic_monitoring.rb +79 -0
- data/lib/lita/handlers/alertlogic_threat_manager.rb +264 -0
- data/lita-alertlogic.gemspec +26 -0
- data/locales/en.yml +69 -0
- data/spec/lita/handlers/alertlogic_customer_spec.rb +7 -0
- data/spec/lita/handlers/alertlogic_incidents_spec.rb +7 -0
- data/spec/lita/handlers/alertlogic_log_manager_spec.rb +11 -0
- data/spec/lita/handlers/alertlogic_monitoring_spec.rb +9 -0
- data/spec/lita/handlers/alertlogic_threat_manager_spec.rb +13 -0
- data/spec/spec_helper.rb +38 -0
- metadata +193 -0
@@ -0,0 +1,29 @@
|
|
1
|
+
require 'json'
|
2
|
+
|
3
|
+
# Alertlogic Helper
|
4
|
+
module AlertlogicHelper
|
5
|
+
# Incidents Helper
|
6
|
+
module Incidents
|
7
|
+
# rubocop:disable LineLength
|
8
|
+
def get_incidents(customer_id)
|
9
|
+
incidents_url = "#{config.incident_api_url}/v3/incidents?customer_id=#{customer_id}&create_date=>#{(Time.now - (24 * 60 * 60)).to_i}"
|
10
|
+
params = {
|
11
|
+
customer_id: customer_id,
|
12
|
+
url: "\"#{incidents_url}\""
|
13
|
+
}
|
14
|
+
resp = api_call(params)
|
15
|
+
parse_json(resp)
|
16
|
+
end
|
17
|
+
# rubocop:enable MethodLength
|
18
|
+
|
19
|
+
def get_incident_notes(customer_id, incident_id)
|
20
|
+
incidents_url = "#{config.incident_api_url}/v2/notes?customer_id=#{customer_id}&incident_id=>#{incident_id}"
|
21
|
+
params = {
|
22
|
+
customer_id: config.customer_id,
|
23
|
+
url: incidents_url
|
24
|
+
}
|
25
|
+
resp = api_call(params)
|
26
|
+
parse_json(resp)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,121 @@
|
|
1
|
+
# Alertlogic Helper
|
2
|
+
module AlertlogicHelper
|
3
|
+
# Log Manager Helper
|
4
|
+
module LogManager
|
5
|
+
# rubocop:disable MethodLength
|
6
|
+
# rubocop:disable Metrics/AbcSize
|
7
|
+
def process_lm_hosts(customer_id, hosts)
|
8
|
+
headers = [
|
9
|
+
'Host Name',
|
10
|
+
'Host Type',
|
11
|
+
'Host ID',
|
12
|
+
'IP Address',
|
13
|
+
'Host Status'
|
14
|
+
]
|
15
|
+
data = []
|
16
|
+
tables = []
|
17
|
+
hosts_list = hosts['hosts']
|
18
|
+
reply_head = "/code Log Hosts for customer: #{customer_id} \n"
|
19
|
+
|
20
|
+
hosts_list.each do |host|
|
21
|
+
if !host['host']['metadata'].nil?
|
22
|
+
ipv4 = host['host']['metadata']['local_ipv4']
|
23
|
+
else
|
24
|
+
ipv4 = ''
|
25
|
+
end
|
26
|
+
data << [
|
27
|
+
host['host']['name'],
|
28
|
+
host['host']['type'],
|
29
|
+
host['host']['id'],
|
30
|
+
ipv4,
|
31
|
+
host['host']['status']['status']
|
32
|
+
]
|
33
|
+
if check_msg_size?(build_table(data, headers))
|
34
|
+
tables << [data, headers]
|
35
|
+
data = []
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
summary = "\nTotal Sources: #{hosts['total_count']}"
|
40
|
+
if tables.length > 0
|
41
|
+
reply = [reply_head, tables, summary]
|
42
|
+
return reply
|
43
|
+
else
|
44
|
+
reply = reply_head
|
45
|
+
reply << build_table(data, headers)
|
46
|
+
reply << summary
|
47
|
+
return reply
|
48
|
+
end
|
49
|
+
end
|
50
|
+
# rubocop:enable MethodLength
|
51
|
+
# rubocop:enable Metrics/AbcSize
|
52
|
+
|
53
|
+
# rubocop:disable MethodLength
|
54
|
+
def process_lm_sources(customer_id, sources)
|
55
|
+
headers = [
|
56
|
+
'Source Name',
|
57
|
+
'Source Type',
|
58
|
+
'IP Address',
|
59
|
+
'Source ID',
|
60
|
+
'Source Status'
|
61
|
+
]
|
62
|
+
data = []
|
63
|
+
tables = []
|
64
|
+
sources_list = sources['sources']
|
65
|
+
reply_head = "/code Log Sources for customer: #{customer_id} \n"
|
66
|
+
|
67
|
+
sources_list.each do |source|
|
68
|
+
source.each do |type, info|
|
69
|
+
data << [
|
70
|
+
info['name'],
|
71
|
+
type,
|
72
|
+
info['metadata']['local_ipv4'],
|
73
|
+
info['id'],
|
74
|
+
info['status']['status']
|
75
|
+
]
|
76
|
+
if check_msg_size?(build_table(data, headers))
|
77
|
+
tables << [data, headers]
|
78
|
+
data = []
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
summary = "\nTotal Sources: #{sources['total_count']}"
|
84
|
+
if tables.length > 0
|
85
|
+
reply = [reply_head, tables, summary]
|
86
|
+
return reply
|
87
|
+
else
|
88
|
+
reply = reply_head
|
89
|
+
reply << build_table(data, headers)
|
90
|
+
reply << summary
|
91
|
+
return reply
|
92
|
+
end
|
93
|
+
end
|
94
|
+
# rubocop:enable MethodLength
|
95
|
+
|
96
|
+
def process_lm_policies(customer_id, policies)
|
97
|
+
headers = [
|
98
|
+
'Policy Type',
|
99
|
+
'Policy Name',
|
100
|
+
'Policy ID'
|
101
|
+
]
|
102
|
+
data = []
|
103
|
+
policy_list = policies['policies']
|
104
|
+
reply = "/code Log Policies for customer: #{customer_id} \n"
|
105
|
+
|
106
|
+
policy_list.each do |policy|
|
107
|
+
policy.each do |type, info|
|
108
|
+
data << [
|
109
|
+
type,
|
110
|
+
info['id'],
|
111
|
+
info['name']
|
112
|
+
]
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
reply << build_table(data, headers)
|
117
|
+
reply << "\nTotal Policies: #{policies['total_count']}"
|
118
|
+
reply
|
119
|
+
end
|
120
|
+
end
|
121
|
+
end
|
@@ -0,0 +1,173 @@
|
|
1
|
+
# Alertlogic Helper
|
2
|
+
module AlertlogicHelper
|
3
|
+
# Threat Manager Helper
|
4
|
+
module ThreatManager
|
5
|
+
# rubocop:disable MethodLength
|
6
|
+
# rubocop:disable Metrics/AbcSize
|
7
|
+
def process_tm_policies(customer_id, policies)
|
8
|
+
headers = [
|
9
|
+
'Policy ID',
|
10
|
+
'Name',
|
11
|
+
'Appliance Assignment',
|
12
|
+
'Type'
|
13
|
+
]
|
14
|
+
data = []
|
15
|
+
tables = []
|
16
|
+
reply_head = "/code Threat Policies for customer: #{customer_id} \n"
|
17
|
+
|
18
|
+
policies['policies'].each do |policy|
|
19
|
+
data << [
|
20
|
+
policy['policy']['id'],
|
21
|
+
policy['policy']['name'],
|
22
|
+
!policy['policy']['appliance_assignment'].nil? ? policy['policy']['appliance_assignment']['appliances'].join(',') : nil,
|
23
|
+
policy['policy']['type']
|
24
|
+
]
|
25
|
+
if check_msg_size?(build_table(data, headers))
|
26
|
+
tables << [data, headers]
|
27
|
+
data = []
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
summary = "\nTotal Policies: #{policies['total_count']}"
|
32
|
+
if tables.length > 0
|
33
|
+
reply = [reply_head, tables, summary]
|
34
|
+
return reply
|
35
|
+
else
|
36
|
+
reply = reply_head
|
37
|
+
reply << build_table(data, headers)
|
38
|
+
reply << summary
|
39
|
+
end
|
40
|
+
end
|
41
|
+
# rubocop:enable MethodLength
|
42
|
+
# rubocop:enable Metrics/AbcSize
|
43
|
+
|
44
|
+
# rubocop:disable MethodLength
|
45
|
+
# rubocop:disable Metrics/AbcSize
|
46
|
+
def process_tm_hosts(customer_id, hosts)
|
47
|
+
headers = [
|
48
|
+
'Host Name',
|
49
|
+
'Host ID',
|
50
|
+
'Type',
|
51
|
+
'IP Address',
|
52
|
+
'Status'
|
53
|
+
]
|
54
|
+
data = []
|
55
|
+
tables = []
|
56
|
+
reply_head = "/code Threat Hosts for customer: #{customer_id} \n"
|
57
|
+
|
58
|
+
hosts['hosts'].each do |host|
|
59
|
+
if !host['host']['metadata'].nil?
|
60
|
+
ipv4 = host['host']['metadata']['local_ipv4']
|
61
|
+
else
|
62
|
+
ipv4 = ''
|
63
|
+
end
|
64
|
+
data << [
|
65
|
+
host['host']['name'],
|
66
|
+
host['host']['id'],
|
67
|
+
host['host']['type'],
|
68
|
+
ipv4,
|
69
|
+
host['host']['status']['status']
|
70
|
+
]
|
71
|
+
if check_msg_size?(build_table(data, headers))
|
72
|
+
tables << [data, headers]
|
73
|
+
data = []
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
summary = "\nTotal Hosts: #{hosts['total_count']}"
|
78
|
+
if tables.length > 0
|
79
|
+
reply = [reply_head, tables, summary]
|
80
|
+
return reply
|
81
|
+
else
|
82
|
+
reply = reply_head
|
83
|
+
reply << build_table(data, headers)
|
84
|
+
reply << summary
|
85
|
+
end
|
86
|
+
end
|
87
|
+
# rubocop:enable Metrics/AbcSize
|
88
|
+
# rubocop:enable MethodLength
|
89
|
+
|
90
|
+
# rubocop:disable Metrics/AbcSize
|
91
|
+
def process_protectedhosts(customer_id, phosts)
|
92
|
+
phost_list = phosts['protectedhosts']
|
93
|
+
reply = "/code Protectedhosts Status for customer: #{customer_id} \n"
|
94
|
+
ok = 0
|
95
|
+
error = 0
|
96
|
+
new = 0
|
97
|
+
offline = 0
|
98
|
+
total = 0
|
99
|
+
other = 0
|
100
|
+
headers = %w(OK Error New Offline Unknown)
|
101
|
+
data = []
|
102
|
+
|
103
|
+
phost_list.each do |phost|
|
104
|
+
status = phost['protectedhost']['status']['status'].strip
|
105
|
+
ok += 1 if status == 'ok'
|
106
|
+
error += 1 if status == 'error'
|
107
|
+
new += 1 if status == 'new'
|
108
|
+
offline += 1 if status == 'offline'
|
109
|
+
other += 1 unless %w(ok error new offline).include? status
|
110
|
+
total += 1
|
111
|
+
end
|
112
|
+
|
113
|
+
data << [ok, error, new, offline, other]
|
114
|
+
reply << build_table(data, headers)
|
115
|
+
reply << "\nTotal Protected Hosts: #{total}"
|
116
|
+
end
|
117
|
+
# rubocop:enable Metrics/AbcSize
|
118
|
+
|
119
|
+
def search_phost_by_name(key, search_term, phosts)
|
120
|
+
phosts['protectedhosts'].each do |phost|
|
121
|
+
if search?(key, search_term, phost['protectedhost'])
|
122
|
+
return JSON.pretty_generate(phost['protectedhost'])
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
# rubocop:disable MethodLength
|
128
|
+
# rubocop:disable Metrics/AbcSize
|
129
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
130
|
+
def process_protectedhosts_list(customer_id, phosts)
|
131
|
+
phost_list = phosts['protectedhosts']
|
132
|
+
reply_head = "/code Protectedhosts Status for customer: #{customer_id} \n"
|
133
|
+
headers = %w(Name VPC Status)
|
134
|
+
data = []
|
135
|
+
tables = []
|
136
|
+
total = 0
|
137
|
+
phost_list.each do |phost|
|
138
|
+
total += 1
|
139
|
+
if phost['protectedhost'].key?('metadata')
|
140
|
+
if phost['protectedhost']['metadata'].key?('ec2_vpc')
|
141
|
+
vpc = phost['protectedhost']['metadata']['ec2_vpc'].join(',')
|
142
|
+
else
|
143
|
+
vpc = 'No VPC found'
|
144
|
+
end
|
145
|
+
else
|
146
|
+
vpc = 'No metadata was found'
|
147
|
+
end
|
148
|
+
data << [
|
149
|
+
phost['protectedhost']['name'].strip,
|
150
|
+
vpc,
|
151
|
+
phost['protectedhost']['status']['status'].strip
|
152
|
+
]
|
153
|
+
if check_msg_size?(build_table(data, headers))
|
154
|
+
tables << [data, headers]
|
155
|
+
data = []
|
156
|
+
end
|
157
|
+
end
|
158
|
+
|
159
|
+
summary = "/code Total Protected Hosts: #{total}"
|
160
|
+
if tables.length > 0
|
161
|
+
reply = [reply_head, tables, summary]
|
162
|
+
reply
|
163
|
+
else
|
164
|
+
reply = reply_head
|
165
|
+
reply << build_table(data, headers)
|
166
|
+
reply << summary
|
167
|
+
end
|
168
|
+
end
|
169
|
+
# rubocop:enable MethodLength
|
170
|
+
# rubocop:enable Metrics/AbcSize
|
171
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
172
|
+
end
|
173
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'lita'
|
2
|
+
|
3
|
+
Lita.load_locales Dir[File.expand_path(
|
4
|
+
File.join('..', '..', 'locales', '*.yml'), __FILE__
|
5
|
+
)]
|
6
|
+
|
7
|
+
require 'alertlogic_helper/api'
|
8
|
+
require 'alertlogic_helper/agents'
|
9
|
+
require 'alertlogic_helper/common'
|
10
|
+
require 'alertlogic_helper/customer'
|
11
|
+
require 'alertlogic_helper/incidents'
|
12
|
+
require 'alertlogic_helper/appliances'
|
13
|
+
require 'alertlogic_helper/log_manager'
|
14
|
+
require 'alertlogic_helper/threat_manager'
|
15
|
+
|
16
|
+
require 'lita/handlers/alertlogic_customer'
|
17
|
+
require 'lita/handlers/alertlogic_incidents'
|
18
|
+
require 'lita/handlers/alertlogic_monitoring'
|
19
|
+
require 'lita/handlers/alertlogic_log_manager'
|
20
|
+
require 'lita/handlers/alertlogic_threat_manager'
|
@@ -0,0 +1,60 @@
|
|
1
|
+
require 'lita'
|
2
|
+
# Lita Module
|
3
|
+
module Lita
|
4
|
+
# Plugin type Handler
|
5
|
+
module Handlers
|
6
|
+
# Alert Logic Customer Routes
|
7
|
+
class AlertlogicCustomer < Handler
|
8
|
+
config :api_auth
|
9
|
+
config :customer_api_url
|
10
|
+
config :customer_id
|
11
|
+
config :http_options, required: false, type: Hash, default: {}
|
12
|
+
|
13
|
+
namespace 'Alertlogic'
|
14
|
+
|
15
|
+
include ::AlertlogicHelper::Api
|
16
|
+
include ::AlertlogicHelper::Common
|
17
|
+
include ::AlertlogicHelper::Customer
|
18
|
+
|
19
|
+
# Route definitions
|
20
|
+
# Customer info route
|
21
|
+
route(
|
22
|
+
/a(?:lertlogic)? customerinfo( (.+))?/i,
|
23
|
+
:customer_info,
|
24
|
+
help: {
|
25
|
+
t('help.customerinfo.syntax') => t('help.customerinfo.desc')
|
26
|
+
}
|
27
|
+
)
|
28
|
+
|
29
|
+
# Customer Info Definition
|
30
|
+
def customer_info(response)
|
31
|
+
customer = response.match_data[1]
|
32
|
+
return response.reply(t('validation.customer_id')) if customer.nil?
|
33
|
+
response.reply(t('warn.standby'))
|
34
|
+
|
35
|
+
customers = []
|
36
|
+
customer_id = process_customer_id(customer.strip)
|
37
|
+
|
38
|
+
if customer_id.is_a? Array
|
39
|
+
customer_id.each do |cid|
|
40
|
+
params = {
|
41
|
+
customer_id: cid,
|
42
|
+
type: 'customer'
|
43
|
+
}
|
44
|
+
customers << api_call(params)
|
45
|
+
end
|
46
|
+
else
|
47
|
+
params = {
|
48
|
+
customer_id: customer_id,
|
49
|
+
type: 'customer'
|
50
|
+
}
|
51
|
+
customers = api_call(params)
|
52
|
+
end
|
53
|
+
|
54
|
+
reply_text = process_customers(customers)
|
55
|
+
response.reply(reply_text.to_s)
|
56
|
+
end
|
57
|
+
end
|
58
|
+
Lita.register_handler(AlertlogicCustomer)
|
59
|
+
end
|
60
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require 'lita'
|
2
|
+
# Lita Module
|
3
|
+
module Lita
|
4
|
+
# Plugin type Handler
|
5
|
+
module Handlers
|
6
|
+
# Alert Logic Incident routes
|
7
|
+
class AlertlogicIncidents < Handler
|
8
|
+
config :api_auth
|
9
|
+
config :lm_api_url
|
10
|
+
config :tm_api_url
|
11
|
+
config :customer_api_url
|
12
|
+
config :incident_api_url
|
13
|
+
config :customer_id
|
14
|
+
config :http_options, required: false, type: Hash, default: {}
|
15
|
+
|
16
|
+
namespace 'Alertlogic'
|
17
|
+
|
18
|
+
include ::AlertlogicHelper::Api
|
19
|
+
include ::AlertlogicHelper::Common
|
20
|
+
include ::AlertlogicHelper::Customer
|
21
|
+
include ::AlertlogicHelper::Incidents
|
22
|
+
|
23
|
+
# Route definitions
|
24
|
+
# Incidents list route
|
25
|
+
route(
|
26
|
+
/a(?:lertlogic)? incidents( (.+))?/i,
|
27
|
+
:incidents_list,
|
28
|
+
help: {
|
29
|
+
t('help.incidents.syntax') => t('help.incidents.desc')
|
30
|
+
}
|
31
|
+
)
|
32
|
+
|
33
|
+
# Customer Info Definition
|
34
|
+
def incidents_list(response)
|
35
|
+
customer = response.match_data[1]
|
36
|
+
return response.reply(t('validation.customer_id')) if customer.nil?
|
37
|
+
customer_id = process_customer_id(customer.strip)
|
38
|
+
response.reply get_incidents(customer_id)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
Lita.register_handler(AlertlogicIncidents)
|
42
|
+
end
|
43
|
+
end
|