lita-alertlogic 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,197 @@
1
+ require 'lita'
2
+ # Lita Module
3
+ module Lita
4
+ # Plugin type Handler
5
+ module Handlers
6
+ # Alert Logic Log Manager Routes
7
+ class AlertlogicLogManager < Handler
8
+ config :api_auth
9
+ config :lm_api_url
10
+ config :tm_api_url
11
+ config :customer_api_url
12
+ config :incident_api_url
13
+ config :customer_id
14
+ config :http_options, required: false, type: Hash, default: {}
15
+
16
+ namespace 'Alertlogic'
17
+
18
+ include ::AlertlogicHelper::Api
19
+ include ::AlertlogicHelper::Common
20
+ include ::AlertlogicHelper::Customer
21
+ include ::AlertlogicHelper::Appliances
22
+ include ::AlertlogicHelper::LogManager
23
+
24
+ # LM appliance routes
25
+ route(
26
+ /a(?:lertlogic)? lm appliances( (.+))?/i,
27
+ :lm_appliance_list,
28
+ help: {
29
+ t('help.lm.appliances.syntax') => t('help.lm.appliances.desc')
30
+ }
31
+ )
32
+ route(
33
+ /a(?:lertlogic)? lm applianceinfo? (.+)? (.+)?/i,
34
+ :lm_appliance_info,
35
+ help: {
36
+ t('help.lm.applianceinfo.syntax') => t('help.lm.applianceinfo.desc')
37
+ }
38
+ )
39
+
40
+ # Log Policies route
41
+ route(
42
+ /a(?:lertlogic)? lm policies? (.+)?/i,
43
+ :lm_policies_list,
44
+ help: {
45
+ t('help.lm.policies.syntax') => t('help.lm.policies.desc')
46
+ }
47
+ )
48
+
49
+ # Log Sources route
50
+ route(
51
+ /a(?:lertlogic)? lm sources? (.+)?/i,
52
+ :lm_sources_list,
53
+ help: {
54
+ t('help.lm.sources.syntax') => t('help.lm.sources.desc')
55
+ }
56
+ )
57
+
58
+ # Log Hosts route
59
+ route(
60
+ /a(?:lertlogic)? lm hosts? (.+)?/i,
61
+ :lm_hosts_list,
62
+ help: {
63
+ t('help.lm.hosts.syntax') => t('help.lm.hosts.desc')
64
+ }
65
+ )
66
+
67
+ # LM Data Definitions
68
+ def lm_appliance_list(response)
69
+ customer_id = valid_cid(response.match_data[1])
70
+ return response.reply(t('validation.customer_id')) if customer_id.nil?
71
+ appliance_list = []
72
+ customers = get_customer_ids(customer_id)
73
+ return response.reply(customers) unless customers.is_a? Array
74
+ response.reply(t('warn.standby'))
75
+
76
+ customers.each do |cid|
77
+ params = {
78
+ customer_id: cid,
79
+ type: 'lm',
80
+ source: 'appliances'
81
+ }
82
+ resp = api_call(params)
83
+ appliance_list << process_appliances(resp, cid)
84
+ end
85
+
86
+ reply_text = appliance_list
87
+ response.reply(reply_text)
88
+ end
89
+
90
+ def lm_appliance_info(response)
91
+ customer_id = valid_cid(response.match_data[1])
92
+ uuid = response.match_data[2]
93
+ return response.reply(t('validation.customer_id')) if customer_id.nil?
94
+ return response.reply(t('validation.uuid')) if uuid.nil?
95
+
96
+ url_params = {
97
+ customer_id: customer_id,
98
+ api_type: 'lm',
99
+ source_type: 'appliances'
100
+ }
101
+
102
+ url = construct_api_url(url_params)
103
+ url = "#{url}/#{uuid}"
104
+ params = {
105
+ customer_id: customer_id,
106
+ url: url
107
+ }
108
+
109
+ appliance_info = pretty_json(
110
+ parse_json(
111
+ api_call(params)
112
+ )
113
+ )
114
+
115
+ reply_text = "/code #{appliance_info}"
116
+ response.reply(reply_text)
117
+ end
118
+
119
+ def lm_hosts_list(response)
120
+ customer_id = valid_cid(response.match_data[1])
121
+ return response.reply(t('validation.customer_id')) if customer_id.nil?
122
+ response.reply(t('warn.standby'))
123
+
124
+ params = {
125
+ customer_id: customer_id,
126
+ type: 'lm',
127
+ source: 'hosts'
128
+ }
129
+ resp = parse_json(
130
+ api_call(params)
131
+ )
132
+
133
+ reply_text = process_lm_hosts(customer_id, resp)
134
+ if reply_text.length == 3
135
+ head = reply_text[0]
136
+ tables = reply_text[1]
137
+ summary = reply_text[2]
138
+ response.reply(head)
139
+ tables.each do |data, headers|
140
+ response.reply("/code #{build_table(data, headers)}")
141
+ end
142
+ response.reply(summary)
143
+ else
144
+ response.reply(reply_text)
145
+ end
146
+ end
147
+
148
+ def lm_policies_list(response)
149
+ customer_id = valid_cid(response.match_data[1])
150
+ return response.reply(t('validation.customer_id')) if customer_id.nil?
151
+ response.reply(t('warn.standby'))
152
+
153
+ params = {
154
+ customer_id: customer_id,
155
+ type: 'lm',
156
+ source: 'policies'
157
+ }
158
+ resp = parse_json(
159
+ api_call(params)
160
+ )
161
+
162
+ reply_text = process_lm_policies(customer_id, resp)
163
+ response.reply(reply_text)
164
+ end
165
+
166
+ def lm_sources_list(response)
167
+ customer_id = valid_cid(response.match_data[1])
168
+ return response.reply(t('validation.customer_id')) if customer_id.nil?
169
+ response.reply(t('warn.standby'))
170
+
171
+ params = {
172
+ customer_id: customer_id,
173
+ type: 'lm',
174
+ source: 'sources'
175
+ }
176
+ resp = parse_json(
177
+ api_call(params)
178
+ )
179
+
180
+ reply_text = process_lm_sources(customer_id, resp)
181
+ if reply_text.length == 3
182
+ head = reply_text[0]
183
+ tables = reply_text[1]
184
+ summary = reply_text[2]
185
+ response.reply(head)
186
+ tables.each do |data, headers|
187
+ response.reply("/code #{build_table(data, headers)}")
188
+ end
189
+ response.reply(summary)
190
+ else
191
+ response.reply(reply_text)
192
+ end
193
+ end
194
+ end
195
+ Lita.register_handler(AlertlogicLogManager)
196
+ end
197
+ end
@@ -0,0 +1,79 @@
1
+ require 'lita'
2
+ # Lita Module
3
+ module Lita
4
+ # Plugin type Handler
5
+ module Handlers
6
+ # Alert Logic Monitoring routes
7
+ class AlertlogicMonitoring < Handler
8
+ config :api_auth
9
+ config :tm_api_url
10
+ config :monitoring_api_url
11
+ config :customer_id
12
+ config :http_options, required: false, type: Hash, default: {}
13
+
14
+ namespace 'Alertlogic'
15
+
16
+ include ::AlertlogicHelper::Api
17
+ include ::AlertlogicHelper::Common
18
+ include ::AlertlogicHelper::Customer
19
+ include ::AlertlogicHelper::Agents
20
+
21
+ # Monitoring routes
22
+ route(
23
+ /a(?:lertlogic)? appliance agent counts( (.+))?/i,
24
+ :agent_counts_by_appliance,
25
+ help: {
26
+ t('help.monitoring.appliance_agent_counts.syntax') => t('help.monitoring.appliance_agent_counts.desc')
27
+ }
28
+ )
29
+ route(
30
+ /a(?:lertlogic)? policies agent counts( (.+))?/i,
31
+ :agent_counts_by_policy,
32
+ help: {
33
+ t('help.monitoring.policy_agent_counts.syntax') => t('help.monitoring.policy_agent_counts.desc')
34
+ }
35
+ )
36
+ route(
37
+ /a(?:lertlogic)? agent ip counts( (.+))?/i,
38
+ :agent_ip_counts,
39
+ help: {
40
+ t('help.monitoring.agent_ip_counts.syntax') => t('help.monitoring.agent_ip_counts.desc')
41
+ }
42
+ )
43
+
44
+ def agent_counts_by_appliance(response)
45
+ customer_id = valid_cid(response.match_data[1])
46
+ return response.reply(t('validation.customer_id')) if customer_id.nil?
47
+ response.reply(t('warn.standby'))
48
+
49
+ agent_info = agent_appliance_summary(customer_id)
50
+
51
+ reply_text = agent_info
52
+ response.reply(reply_text)
53
+ end
54
+
55
+ def agent_counts_by_policy(response)
56
+ customer_id = valid_cid(response.match_data[1])
57
+ return response.reply(t('validation.customer_id')) if customer_id.nil?
58
+ response.reply(t('warn.standby'))
59
+
60
+ agent_info = agent_policy_summary(customer_id)
61
+
62
+ reply_text = agent_info
63
+ response.reply(reply_text)
64
+ end
65
+
66
+ def agent_ip_counts(response)
67
+ customer_id = valid_cid(response.match_data[1])
68
+ return response.reply(t('validation.customer_id')) if customer_id.nil?
69
+ response.reply(t('warn.standby'))
70
+
71
+ agent_info = agent_ip_summary(customer_id)
72
+
73
+ reply_text = agent_info
74
+ response.reply(reply_text)
75
+ end
76
+ end
77
+ Lita.register_handler(AlertlogicMonitoring)
78
+ end
79
+ end
@@ -0,0 +1,264 @@
1
+ require 'lita'
2
+ # Lita Module
3
+ module Lita
4
+ # Plugin type Handler
5
+ module Handlers
6
+ # Alert Logic Threat Manager Routes
7
+ class AlertlogicThreatManager < Handler
8
+ config :api_auth
9
+ config :lm_api_url
10
+ config :tm_api_url
11
+ config :customer_api_url
12
+ config :incident_api_url
13
+ config :monitoring_api_url
14
+ config :customer_id
15
+ config :http_options, required: false, type: Hash, default: {}
16
+
17
+ namespace 'Alertlogic'
18
+
19
+ include ::AlertlogicHelper::Api
20
+ include ::AlertlogicHelper::Common
21
+ include ::AlertlogicHelper::Customer
22
+ include ::AlertlogicHelper::Appliances
23
+ include ::AlertlogicHelper::ThreatManager
24
+
25
+ # TM appliance routes
26
+ route(
27
+ /a(?:lertlogic)? tm appliances( (.+))?/i,
28
+ :tm_appliance_list,
29
+ help: {
30
+ t('help.tm.appliances.syntax') => t('help.tm.appliances.desc')
31
+ }
32
+ )
33
+ route(
34
+ /a(?:lertlogic)? tm applianceinfo? (.+)? (.+)?/i,
35
+ :tm_appliance_info,
36
+ help: {
37
+ t('help.tm.applianceinfo.syntax') => t('help.tm.applianceinfo.desc')
38
+ }
39
+ )
40
+
41
+ # Threat Policies route
42
+ route(
43
+ /a(?:lertlogic)? tm policies? (.+)?/i,
44
+ :tm_policies_list,
45
+ help: {
46
+ t('help.tm.policies.syntax') => t('help.tm.policies.desc')
47
+ }
48
+ )
49
+
50
+ # Threat hosts route
51
+ route(
52
+ /a(?:lertlogic)? tm hosts? (.+)?/i,
53
+ :tm_hosts_list,
54
+ help: {
55
+ t('help.tm.hosts.syntax') => t('help.tm.hosts.desc')
56
+ }
57
+ )
58
+
59
+ # Threat Protected hosts route
60
+ route(
61
+ /a(?:lertlogic)? protectedhosts status( (.+))?/i,
62
+ :protectedhosts_status,
63
+ help: {
64
+ t('help.tm.protectedhosts.status.syntax') => t('help.tm.protectedhosts.status.desc')
65
+ }
66
+ )
67
+
68
+ route(
69
+ /a(?:lertlogic)? protectedhosts list( (.+))?/i,
70
+ :protectedhosts_list,
71
+ help: {
72
+ t('help.tm.protectedhosts.list.syntax') => t('help.tm.protectedhosts.list.desc')
73
+ }
74
+ )
75
+
76
+ route(
77
+ /a(?:lertlogic)? protectedhosts search? (.+)? (.+)?/i,
78
+ :protectedhosts_search,
79
+ help: {
80
+ t('help.tm.protectedhosts.search.syntax') => t('help.tm.protectedhosts.search.desc')
81
+ }
82
+ )
83
+
84
+ # TM Data Definitions
85
+ def tm_appliance_info(response)
86
+ customer_id = valid_cid(response.match_data[1])
87
+ uuid = response.match_data[2]
88
+ return response.reply(t('validation.customer_id')) if customer_id.nil?
89
+ return response.reply(t('validation.uuid')) if uuid.nil?
90
+ response.reply(t('warn.standby'))
91
+
92
+ url_params = {
93
+ customer_id: customer_id,
94
+ api_type: 'tm',
95
+ source_type: 'appliances'
96
+ }
97
+ url = construct_api_url(url_params)
98
+ url = "#{url}/#{uuid}"
99
+
100
+ params = {
101
+ customer_id: customer_id,
102
+ url: url
103
+ }
104
+ appliance_info = pretty_json(
105
+ parse_json(
106
+ api_call(params)
107
+ )
108
+ )
109
+
110
+ reply_text = "/code #{appliance_info}"
111
+ response.reply(reply_text)
112
+ end
113
+
114
+ def tm_appliance_list(response)
115
+ customer_id = valid_cid(response.match_data[1])
116
+ return response.reply(t('validation.customer_id')) if customer_id.nil?
117
+ appliance_list = []
118
+ customers = get_customer_ids(customer_id)
119
+ return response.reply(customers) unless customers.is_a? Array
120
+ response.reply(t('warn.standby'))
121
+
122
+ customers.each do |cid|
123
+ params = {
124
+ customer_id: cid,
125
+ type: 'tm',
126
+ source: 'appliances'
127
+ }
128
+ resp = api_call(params)
129
+ appliance_list << process_appliances(resp, cid)
130
+ end
131
+
132
+ reply_text = appliance_list
133
+ response.reply(reply_text)
134
+ end
135
+
136
+ def tm_hosts_list(response)
137
+ customer_id = valid_cid(response.match_data[1])
138
+ response.reply(t('warn.standby'))
139
+
140
+ params = {
141
+ customer_id: customer_id,
142
+ type: 'tm',
143
+ source: 'hosts'
144
+ }
145
+ resp = parse_json(
146
+ api_call(params)
147
+ )
148
+
149
+ reply_text = process_tm_hosts(customer_id, resp)
150
+ if reply_text.length == 3
151
+ head = reply_text[0]
152
+ tables = reply_text[1]
153
+ summary = reply_text[2]
154
+ response.reply(head)
155
+ tables.each do |data, headers|
156
+ response.reply("/code #{build_table(data, headers)}")
157
+ end
158
+ response.reply(summary)
159
+ else
160
+ response.reply(reply_text)
161
+ end
162
+ end
163
+
164
+ def tm_policies_list(response)
165
+ customer_id = valid_cid(response.match_data[1])
166
+ response.reply(t('warn.standby'))
167
+
168
+ params = {
169
+ customer_id: customer_id,
170
+ type: 'tm',
171
+ source: 'policies'
172
+ }
173
+ resp = parse_json(
174
+ api_call(params)
175
+ )
176
+
177
+ reply_text = process_tm_policies(customer_id, resp)
178
+ if reply_text.length == 3
179
+ head = reply_text[0]
180
+ tables = reply_text[1]
181
+ summary = reply_text[2]
182
+ response.reply(head)
183
+ tables.each do |data, headers|
184
+ response.reply("/code #{build_table(data, headers)}")
185
+ end
186
+ response.reply(summary)
187
+ else
188
+ response.reply(reply_text)
189
+ end
190
+ end
191
+
192
+ def protectedhosts_list(response)
193
+ customer_id = valid_cid(response.match_data[1])
194
+ return response.reply(t('validation.customer_id')) if customer_id.nil?
195
+ response.reply(t('warn.standby'))
196
+
197
+ params = {
198
+ customer_id: customer_id,
199
+ type: 'tm',
200
+ source: 'protectedhosts'
201
+ }
202
+ resp = parse_json(api_call(params))
203
+
204
+ reply_text = process_protectedhosts_list(customer_id, resp)
205
+ if reply_text.length == 3
206
+ head = reply_text[0]
207
+ tables = reply_text[1]
208
+ summary = reply_text[2]
209
+ response.reply(head)
210
+ tables.each do |data, headers|
211
+ response.reply("/code #{build_table(data, headers)}")
212
+ end
213
+ response.reply(summary)
214
+ else
215
+ response.reply(reply_text)
216
+ end
217
+ end
218
+
219
+ def protectedhosts_status(response)
220
+ customer_id = valid_cid(response.match_data[1])
221
+ response.reply(t('warn.standby'))
222
+
223
+ params = {
224
+ customer_id: customer_id,
225
+ type: 'tm',
226
+ source: 'protectedhosts'
227
+ }
228
+ resp = parse_json(api_call(params))
229
+ return response.reply(t('validation.customer_id')) if customer_id.nil?
230
+
231
+ if resp['total_count'] == 0
232
+ reply_text = pretty_json(resp)
233
+ response.reply("/code #{reply_text}")
234
+ else
235
+ reply_text = process_protectedhosts(customer_id, resp)
236
+ response.reply(reply_text)
237
+ end
238
+ end
239
+
240
+ def protectedhosts_search(response)
241
+ customer_id = valid_cid(response.match_data[1])
242
+ term = response.match_data[2]
243
+ return response.reply(t('validation.customer_id')) if customer_id.nil?
244
+ response.reply(t('warn.standby'))
245
+
246
+ if valid_uuid?(term)
247
+ key = 'id'
248
+ else
249
+ key = 'name'
250
+ end
251
+ params = {
252
+ customer_id: customer_id,
253
+ type: 'tm',
254
+ source: 'protectedhosts'
255
+ }
256
+ resp = parse_json(api_call(params))
257
+
258
+ reply_text = search_phost_by_name(key, term, resp)
259
+ response.reply("/code #{reply_text}")
260
+ end
261
+ end
262
+ Lita.register_handler(AlertlogicThreatManager)
263
+ end
264
+ end