nexpose_paloalto 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 14c752bd0571d6cb5572c01e07eef1ee27178c72
+  data.tar.gz: a1f4eca110f7765547a98e6b571d3e0c1bdd80b8
+SHA512:
+  metadata.gz: 6bebc678b2e03d9b01720fb84362f6f97927b5a44e464d3c49170304a68abca80ba114bbc09492145a6bcd99d38e2d23e9dc2ae6e3598925e641e0801b400763
+  data.tar.gz: ddb4b6a8a0e1456d46dd2b1b0f098892946f520cd6c428e0f39bbbb23fa88a76b2c382ad2f0eaa9947b1590f19129e99ed68d9ed2dcd8a7e8a261dcb4404db6c

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in nexpose_paloalto.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,27 @@
+PATH
+  remote: .
+  specs:
+    nexpose_paloalto (0.1.0)
+      curb (~> 0.8.7)
+      nexpose (~> 0.9)
+      nokogiri (~> 1.6)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    curb (0.8.7)
+    mini_portile (0.6.1)
+    nexpose (0.9.8)
+      rex (= 2.0.7)
+    nokogiri (1.6.4.1)
+      mini_portile (~> 0.6.0)
+    rake (10.3.2)
+    rex (2.0.7)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.8)
+  nexpose_paloalto!
+  rake (~> 10.0)

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Rapid7
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,63 @@
+# Paloalto
+
+Nexpose -> Palo Alto integration Gem.
+
+With this Gem an integration between Nexpose Dynamic Asset Groups and Palo Alto's PAN TAGs. By using this integration,
+dynamic asset groups could be setup in Nexpose that correspond to groups in PAN with applicable policies.
+
+For example:
+* Create a DAG in Nexpose which affects a particular vulnerability (Heartbleed).
+* Define a policy in PAN to block SSL (mitigates temporarily Heartbleed).
+* Run this Gem with the Hearbleed DAG in the configuration.
+* All assets identified by Nexpose will be registered in PAN.
+* Apply PAN Heartbleed Policy on the created group.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'paloalto'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install paloalto
+
+## Usage
+
+Follow these steps once installed:
+
+* Modify the file nexpose_paloalto.rb under the bin folder, and add the DAGs to report on.
+
+* Add the following Environment variables, with your respective information:
+
+NEXPOSE_URL
+
+NEXPOSE_USERNAME
+
+NEXPOSE_PASSWORD
+
+
+PAN_URL
+
+PAN_USERNAME
+
+PAN_PASSWORD
+
+
+For Linux systems, make sure they are added to the current environment where the gem is run.
+
+For Windows systems, make sure they are on the Environment Variables section in your Control Panel.
+
+* Run the command 'nexpose_paloalto' under the bin folder.
+
+* (Optional) Review the log file under the logs folder in the Gem path.
+
+
+For any support requests, please email integrations_support@rapid7.com with a description of the issue and any logs
+available.

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/lib/bin/nexpose_paloalto.rb

@@ -0,0 +1,37 @@
+require 'paloalto'
+
+# Obtain Nexpose settings from Environment Variables.
+nexpose_settings = Hash.new
+raise 'Must configure nexpose settings before starting' if ENV['NEXPOSE_URL'].nil? || ENV['NEXPOSE_USERNAME'].nil? || ENV['NEXPOSE_PASSWORD'].nil?
+nexpose_settings[:nexpose_url] = ENV['NEXPOSE_URL']
+nexpose_settings[:nexpose_username] = ENV['NEXPOSE_USERNAME']
+nexpose_settings[:nexpose_password] = ENV['NEXPOSE_PASSWORD']
+
+# Obtain PAN's info.
+pan_settings = Hash.new
+raise 'Must configure Palo Alto settings before starting' if ENV['PAN_URL'].nil? || ENV['PAN_USERNAME'].nil? || ENV['PAN_PASSWORD'].nil?
+pan_settings[:pan_url] = ENV['PAN_URL']
+pan_settings[:pan_username] = ENV['PAN_USERNAME']
+pan_settings[:pan_password] = ENV['PAN_PASSWORD']
+
+# Nexpose options
+# Dynamic Asset Groups to use, separated by commas:
+# dag = [1, 2]
+dag = []
+
+# Sites to use. We recommend using DAGs, separated by commas:
+# sites = [1, 2]
+sites = []
+
+# Report Time_out. Leave default value of 10800.
+report_timeout = 10800
+
+# Do not edit below this line.
+# Check that everything is in place before we start it.
+raise 'Must configure a site or a dag before starting' if dag.empty? && sites.empty?
+nexpose_settings[:dag] = dag
+nexpose_settings[:sites] = sites
+nexpose_settings[:timeout] = report_timeout
+
+# Start integration with all the parameters.
+Paloalto.start_integration(nexpose_settings, pan_settings)

data/lib/paloalto.rb

@@ -0,0 +1,147 @@
+require 'paloalto/version'
+require 'paloalto/nexpose_helper'
+require 'paloalto/ngfw'
+require 'paloalto/nx_logger'
+
+module Paloalto
+  def self.start_integration(nexpose_settings, pan_settings)
+  # Asset query.
+  asset_query = "select asset_id, da.ip_address, string_agg(DISTINCT '<' || dt.tag_name, '>') || '>' as tags
+    from dim_site_asset
+    LEFT OUTER JOIN dim_asset da USING (asset_id)
+    LEFT OUTER JOIN dim_tag_asset dta using (asset_id)
+    LEFT OUTER JOIN dim_tag dt using (tag_id)
+    GROUP BY asset_id, da.ip_address"
+
+    nexpose_url = nexpose_settings[:nexpose_url]
+    nexpose_username = nexpose_settings[:nexpose_username]
+    nexpose_password = nexpose_settings[:nexpose_password]
+
+    pan_url = pan_settings[:pan_url]
+    pan_username = pan_settings[:pan_username]
+    pan_password = pan_settings[:pan_password]
+
+    report_timeout = nexpose_settings[:timeout]
+
+    #Setup logging
+    @log = Paloalto::NXLogger.new
+
+    #Nexpose sites and DAGs to import. Uses Site Id and DAG ID e.g. 'sites = [1,2,3,4]'. Leave as nil to run on all sites and DAGs the user has access to or
+    # set as an empty array e.g. 'dags=[]' to not run on any sites/dags.
+    sites = nexpose_settings[:sites]
+    dags = nexpose_settings[:dag]
+
+    @log.log_message("Running with user configured site IDs <#{sites}> and dynamic asset group IDs #{dags}.")
+
+    # Log in to nexpose.
+    nsc = Paloalto::NexposeHelper.login(nexpose_url, nexpose_username, nexpose_password)
+
+    #Gather the sites
+    all_sites = nsc.sites
+    all_sites.delete_if {|site| !(sites.include? site.id)} unless sites.nil?
+    all_sites_names = []
+    all_sites.each { |site|  (all_sites_names ||= []) << site.name.to_s }
+
+    # Handle any Nexpose Dynamic Asset Groups
+    # These will have a single tag (The Nexpose group name) with a Dynamic group name the same.
+    nexpose_dag_query_results = Paloalto::NexposeHelper.generate_dag_asset_groups({timeout: report_timeout}, nsc)
+    all_nexpose_dag_details  = Paloalto::NexposeHelper.parse_dag_details(nexpose_dag_query_results)
+    all_nexpose_dag_details.delete_if {|dag_details| !(dags.include? dag_details[0].to_i)} unless dags.nil?
+
+    @log.log_message("User has access to the following site IDs <#{all_sites.each {|site| site.id}}> and dynamic asset group IDs #{all_nexpose_dag_details.each {|dag| dag[0]}}.")
+
+    # Login to PAN.
+    pan_key = Paloalto::Ngfw.login(pan_url, pan_username, pan_password)
+
+    #Get the device config
+    device_config_xml = Paloalto::Ngfw.retrieve_device_config(pan_url, pan_key)
+
+    #Get the device names
+    device_name = Paloalto::Ngfw.parse_device_name(device_config_xml)
+    vsys_name = Paloalto::Ngfw.parse_vsys_name(device_config_xml)
+
+    @log.log_message("Found device configuration. Name <#{device_name}> and vsys <#{vsys_name}>.")
+
+    #Get this device's config
+    vsys_config = Paloalto::Ngfw.retrieve_device_config(pan_url, pan_key, device_name, vsys_name)
+
+    #Get the existing tags
+    existing_tags = Paloalto::Ngfw.parse_existing_tags(vsys_config)
+
+    #Gather the tags we want to create
+    wanted_tags = []
+    all_sites_names.each {|site_name| wanted_tags << site_name.gsub(/[()]/, "")}
+    wanted_tags << 'Nexpose'
+    all_nexpose_dag_details.each {|details| wanted_tags << details[1].gsub(/[()']/, "")}
+
+    #Find which new tags need to be created
+    tags_to_create = wanted_tags - existing_tags
+
+    @log.log_message("New tags to be created <#{tags_to_create}>.")
+
+    #Find the existing DAGs
+    existing_dags = Paloalto::Ngfw.parse_existing_dags(vsys_config)
+
+    #Gather the dags we want to create
+    wanted_dags = []
+    all_sites_names.each {|site_name| wanted_dags << site_name.gsub(/[()]/, "")}
+    wanted_dags << 'Nexpose'
+    all_nexpose_dag_details.each {|details| wanted_dags << details[1].gsub(/[()']/, "")}
+
+    #Find which new dags need to be created
+    dags_to_create = wanted_dags - existing_dags
+
+    @log.log_message("New DAGs to be created <#{dags_to_create}>.")
+
+    #Create the new tags
+    @log.log_message("Creating tags...")
+    tags_element=''
+    tags_to_create.each {|tag_to_create| tags_element << Paloalto::Ngfw.generate_tag_xml(tag_to_create, 'color3', "Nexpose tag for asset grouping: #{tag_to_create}")}
+    response = Paloalto::Ngfw.create_tags(pan_url, pan_key, device_name, vsys_name, tags_element) unless tags_element.empty?
+
+    #Create the new dags
+    @log.log_message("Creating DAGs...")
+    dags_element=''
+    dags_to_create.each {|dag_to_create| dags_element << Paloalto::Ngfw.generate_dag_xml(dag_to_create, "'Nexpose' AND '#{dag_to_create}'", dag_to_create)}
+    Paloalto::Ngfw.create_dags(pan_url, pan_key, device_name, vsys_name, dags_element) unless dags_element.empty?
+
+    @log.log_message('Committing the changes...')
+
+    #Commit the changes
+    response = Paloalto::Ngfw.commit(pan_url, pan_key)
+
+    @log.log_message("Commit response <#{response}>")
+
+    all_sites.each do |site|
+      #Fetch this site's details
+      @log.log_message("Getting asset details for site <#{site.id}>.")
+      report_output = Paloalto::NexposeHelper.generate_report({timeout: report_timeout, site: site.id.to_s, query: asset_query}, nsc)
+      asset_details =  Paloalto::NexposeHelper.parse_asset_query_details(report_output, site.name)
+
+      @log.log_message("Unregistering assets for site <#{site.id}>.")
+      # Unregister devices. Note have to do this because any "add" updates will append instead of overwriting.
+      Paloalto::Ngfw.unregister_devices(pan_url, pan_key, asset_details, site.id)
+
+      @log.log_message("Registering asset details for site <#{site.id}>.")
+      # Register the new devices
+      Paloalto::Ngfw.register_devices(pan_url, pan_key, asset_details, site.id)
+
+    end
+
+    #Repeat for Nexpose DAGs
+    all_nexpose_dag_details.each do |dag_details|
+      #Fetch this DAG's details
+      @log.log_message("Getting DAG details details for DAG <#{dag_details[0]}>.")
+      report_output = Paloalto::NexposeHelper.generate_report({timeout: report_timeout, query: Paloalto::NexposeHelper.generate_dag_assets_query(dag_details[0])}, nsc)
+      dag_parsed_details =  Paloalto::NexposeHelper.parse_dag_query_details(report_output, dag_details[1].gsub(/[()']/, ""))
+
+      @log.log_message("Registering asset details for DAG <#{dag_details[0]}>.")
+      #Add devices. Note we do not remove these devices first as it will clean wipe the site configuration
+      Paloalto::Ngfw.register_devices(pan_url, pan_key, dag_parsed_details, "dag_#{dag_details[0]}")
+    end
+
+    @log.log_message('Exiting..')
+  end
+
+
+end

data/lib/paloalto/nexpose_helper.rb

@@ -0,0 +1,104 @@
+module Paloalto
+  module NexposeHelper
+    require 'nexpose'
+    require 'csv'
+    require 'paloalto/nx_logger'
+
+    # Logs in to Nexpose using the url, username and password.
+    def self.login(url=nil, username=nil, password=nil)
+      raise 'Nexpose connection must be set in environment variables.' if url.nil? || username.nil? || password.nil?
+      nsc = Nexpose::Connection.new(url, username, password)
+      nsc.login
+      nsc
+    end
+
+    # Generates the ReportConfig with the parameters necessary.
+    # Report Params is a hash with the following hashes set:
+    # 'site' = Site to report on.
+    # 'query' = SQL Query.
+    # 'timeout' = Timeout in ms.
+    # 'filename' = File name to save to disk.
+    def self.generate_report(report_params=nil, nsc=nil)
+      raise 'Report options must be set in the config file.' if report_params.nil? || nsc.nil?
+      report_config = Nexpose::AdhocReportConfig.new(nil, 'sql')
+      report_config.add_filter('site', report_params[:site]) unless report_params[:site].nil?
+      report_config.add_filter('version', '1.2.0')
+      report_config.add_filter('query', report_params[:query])
+      report_output = report_config.generate(nsc, report_params[:timeout])
+      return report_output
+    end
+
+    def self.generate_dag_asset_groups(report_params=nil, nsc=nil)
+      report_params[:query] = 'select asset_group_id, name from dim_asset_group'
+      return generate_report(report_params, nsc)
+    end
+
+    # Parses a generated asset query.
+    # Returns an array of arrays with an entry containing an assets IP and Nexpose TAGs
+    def self.parse_asset_query_details(report_output, site_name)
+      raise 'Need to pass asset query report output to parse!' if report_output.nil?
+      csv_output = CSV.parse(report_output.chomp,  headers: :first_row)
+      asset_details =[]
+      csv_output.each  do |row|
+        ip_details = []
+        ip_details << row[1].to_s
+        ip_details << "#{row[2].to_s}<Nexpose><#{site_name}>"
+        asset_details << ip_details
+      end
+      return asset_details
+    end
+
+    # Parses a generated dag query.
+    # Returns an array of arrays with an entry containg an assets IP and Nexpose DAG name.
+    def self.parse_dag_query_details(report_output, dag_name)
+      raise 'Need to pass dag query report output to parse!' if report_output.nil?
+      csv_output = CSV.parse(report_output.chomp,  headers: :first_row)
+      asset_details =[]
+      csv_output.each  do |row|
+        ip_details = []
+        ip_details << row[1].to_s
+        ip_details << "<Nexpose><#{dag_name}>"
+        asset_details << ip_details
+      end
+      return asset_details
+    end
+
+    def self.parse_dag_names(report_output)
+      csv_output = CSV.parse(report_output.chomp,  headers: :first_row)
+      nexpose_group_names = []
+      csv_output.each  do |row|
+        nexpose_group_names << row[1].to_s
+      end
+      return nexpose_group_names
+    end
+
+    def self.parse_dag_group_ids(report_output)
+      csv_output = CSV.parse(report_output.chomp,  headers: :first_row)
+      nexpose_group_ids = []
+      csv_output.each  do |row|
+        nexpose_group_ids << row[0].to_s
+      end
+      return nexpose_group_ids
+    end
+
+    def self.parse_dag_details(report_output)
+      csv_output = CSV.parse(report_output.chomp,  headers: :first_row)
+      nexpose_group_details = []
+      csv_output.each  do |row|
+        row_details = []
+        row_details << row[0].to_s
+        row_details << row[1].to_s
+        nexpose_group_details << row_details
+      end
+      return nexpose_group_details
+    end
+
+    def self.generate_dag_assets_query(nexpose_dag_id)
+      return "select asset_id, da.ip_address, dag.name
+        from dim_asset_group_asset daga
+        LEFT OUTER JOIN dim_asset da USING (asset_id)
+        LEFT OUTER JOIN dim_asset_group dag USING (asset_group_id)
+        where asset_group_id = #{nexpose_dag_id}"
+    end
+  end
+end

data/lib/paloalto/ngfw.rb

@@ -0,0 +1,268 @@
+module Paloalto
+  module Ngfw
+    require 'curb'
+    require 'nokogiri'
+    require 'fileutils'
+
+    #Curls a request to a specified URL.
+    #Returns Nokogiri::XML::Document
+    def self.curlRequest(url)
+      raise 'Need a URL to curl a request' if url.nil?
+
+      log_message("Sending request to URL")
+
+      curlReq = Curl::Easy.new(url)
+      curlReq.multipart_form_post = true
+      curlReq.ssl_verify_peer = false
+      curlReq.ssl_verify_host = false
+      curlReq.perform
+
+      log_message("Request response <#{curlReq.body}>")
+
+      return  Nokogiri::XML(curlReq.body)
+    end
+
+    def self.curlRequestWithFile(url, filename)
+      raise 'Need a URL and a file to curl a request' if url.nil? || filename.nil?
+
+      log_message("Sending request to URL <#{url}> with file <#{filename}>")
+
+      curlReq = Curl::Easy.new(url)
+      curlReq.multipart_form_post = true
+      curlReq.ssl_verify_peer = false
+      curlReq.ssl_verify_host = false
+      curlReq.http_post(Curl::PostField.file("fileupload",filename))
+
+      log_message("Request response <#{curlReq.body}>")
+
+      return  Nokogiri::XML(curlReq.body)
+    end
+
+    # Logs a message
+    def self.log_message(message)
+      require 'logger'
+      logger_file = File.join(File.dirname(__FILE__), './logs/rapid7_palo_alto.log')
+      directory = File.dirname(logger_file)
+      FileUtils.mkdir_p(directory) unless File.directory?(directory)
+      @log = Logger.new(logger_file, 'monthly')
+      @log.level = Logger::INFO
+      @log.info(message)
+    end
+
+    # Performs login using URL, pan_username, pan_password.
+    # Returns Nokogiri::XML::Element
+    # TODO: Handle invalid login.
+    def self.login(url=nil, pan_username=nil, pan_password=nil)
+      raise 'URL, Username and Password must be set in environment variables.' if url.nil? || pan_username.nil? || pan_password.nil?
+
+      url="https://#{url}/api/?type=keygen&user=#{pan_username}&password=#{pan_password}"
+      response_xml = curlRequest(url)
+      return response_xml.at_xpath('//key').child
+    end
+
+    # Commits a candidate configuration.
+    # TODO: Handle invalid command/key. Validate before commit and check commit job status.
+    def self.commit(pan_address=nil, key=nil)
+      raise 'Need to login first.' if key.nil?
+      raise 'Need to define a PAN URL.' if pan_address.nil?
+
+      url="https://#{pan_address}/api/?type=commit&key=#{key}&cmd=<commit></commit>"
+      response_xml = curlRequest(url)
+
+      #Get job id
+      job_id=response_xml.at_xpath('//job').child
+      url = "https://#{pan_address}/api/?type=op&key=#{key}&cmd=<show><jobs><id>#{job_id}</id></jobs></show>"
+      6.times do
+        response = curlRequest(url)
+        complete = response.at_xpath('/response[@status="success"]/result/job/result')
+        if complete.nil?
+          log_message("Commit response <#{response}>")
+          raise 'Error trying to parse commit response! See log for details.'
+        end
+        complete = complete.child
+        log_message("Current commit status <#{complete}>")
+        (complete.to_s == 'OK') ? break : sleep(20)
+      end
+      return response_xml
+    end
+
+    # Queries the Firewall for it's configuration (device and vsys names etc)
+    # Returns Nokogiri::XML::Document
+    def self.retrieve_device_config(pan_address=nil, key=nil, device_name=nil,vsys_name=nil)
+      raise 'Need to login first.' if key.nil?
+      raise 'Need to define a PAN URL.' if pan_address.nil?
+
+      if (!device_name.nil?)
+          if(!vsys_name.nil?)
+            url="https://#{pan_address}/api/?type=config&action=show&key=#{key}&xpath=/config/devices/entry[@name='#{device_name}']/vsys/entry[@name='#{vsys_name}']"
+          else
+            url="https://#{pan_address}/api/?type=config&action=show&key=#{key}&xpath=/config/devices/entry[@name='#{device_name}']"
+          end
+      else
+        url="https://#{pan_address}/api/?type=config&action=show&key=#{key}&xpath=/config/devices"
+      end
+      response_xml = curlRequest(url)
+      return response_xml
+    end
+
+    # Parse the device config and return the device name.
+    # Returns device name
+    def self.parse_device_name(device_config_xml=nil)
+      raise 'Need to pass device config to parse device name!' if device_config_xml.nil?
+      return device_config_xml.at_xpath('/response/result/devices/entry').values.first
+    end
+
+    # Parse the device config and return the vsys name.
+    # Returns device vsys name
+    def self.parse_vsys_name(device_config_xml=nil)
+      raise 'Need to pass device config to parse vsys name!' if device_config_xml.nil?
+      return device_config_xml.at_xpath('/response/result/devices/entry/vsys/entry').values.first
+    end
+
+    # Parse the device config and return the existing tags.
+    # Returns an array containing existing tags
+    def self.parse_existing_tags(device_config_xml=nil)
+      raise 'Need to pass device config to parse existing tags!' if device_config_xml.nil?
+      existing_tags=[]
+      device_config_xml.xpath('//tag/entry').each {|tag| existing_tags << tag.values}
+      return existing_tags
+    end
+
+    # Parse the device config and return the existing DAGs.
+    # Returns an array containing existing DAGs
+    def self.parse_existing_dags(device_config_xml=nil)
+      raise 'Need to pass device config to parse existing DAGs!' if device_config_xml.nil?
+      existing_dags=[]
+      device_config_xml.xpath('//address-group/entry').each {|tag| existing_dags << tag.values if tag.to_s.include?("<dynamic")}
+      return existing_dags
+    end
+
+    # Generates PAN API formatted XML for adding a TAG.
+    # Returns PAN API formatted XML String ready for sending
+    def self.generate_tag_xml(tag_name, tag_colour, tag_comments)
+      return URI.escape("<entry name=\"#{tag_name}\"><color>#{tag_colour}</color><comments>#{tag_comments}</comments></entry>")
+    end
+
+    # Generates PAN API formatted XML for adding a DAG.
+    # Returns PAN API formatted XML String ready for sending
+    def self.generate_dag_xml(dag_name, dag_filter, dag_tag_member)
+       return URI.escape("<entry name=\"#{dag_name}\"><dynamic><filter>#{dag_filter}</filter></dynamic><tag><member>#{dag_tag_member}</member></tag></entry>")
+    end
+
+    # Posts a XML formatted file to PAN.
+    # Options is a hash with:
+    # 'pan_address' : PAN URL.
+    # 'filename' : File with XML to post.
+    # TODO: Handle error codes.
+    def self.post_dag_file(pan_address = nil, filename = nil, key=nil)
+      raise 'Options and key must be set' if pan_address.nil? || key.nil? || filename.nil?
+
+      c = Curl::Easy.new("https://#{pan_address}/api/?type=user-id&key=#{key}&action=set")
+      c.multipart_form_post = true
+      c.ssl_verify_peer = false
+      c.ssl_verify_host = false
+      c.http_post(Curl::PostField.file('thing[file]', filename))
+    end
+
+    def self.create_tags(pan_address=nil, key=nil, device_name, vsys_name, tags_element)
+      raise 'Options and key must be set' if pan_address.nil? || key.nil? || device_name.nil? || vsys_name.nil? || tags_element.nil?
+      url="https://#{pan_address}/api/?type=config&action=set&key=#{key}&xpath=/config/devices/entry[@name='#{device_name}']/vsys/entry[@name='#{vsys_name}']/tag&element=#{tags_element}"
+      return curlRequest(url)
+    end
+
+    def self.create_dags(pan_address=nil, key=nil, device_name=nil, vsys_name=nil, tags_element=nil)
+      raise 'Options and key must be set' if pan_address.nil? || key.nil? || device_name.nil? || vsys_name.nil? || tags_element.nil?
+      url="https://#{pan_address}/api/?type=config&action=set&key=#{key}&xpath=/config/devices/entry[@name='#{device_name}']/vsys/entry[@name='#{vsys_name}']/address-group&element=#{tags_element}"
+      return curlRequest(url)
+    end
+
+    def self.generate_add_asset_xml(ip_addresses_details = [])
+      raise 'Need asset details to generate add asset xml.' if ip_addresses_details.nil?
+
+      xml = ''
+      ip_addresses_details.each do |ip_address, tags_string|
+        xml << "<entry ip=\"#{ip_address}\"><tag>"
+        tags_string.split(/<(.*?)>/).each do |tag|
+          xml << "<member>#{tag}</member>" unless tag.empty?
+        end
+        xml << "</tag></entry>"
+      end
+      #return URI.escape(xml)
+      return xml
+    end
+
+    def self.generate_remove_asset_xml(ip_addresses_details = [])
+      raise 'Need asset details to generate remove asset xml.' if ip_addresses_details.nil?
+
+      xml = ''
+      ip_addresses_details.each do |ip_address|
+        xml << "<entry ip=\"#{ip_address}\"></entry>"
+      end
+      return xml
+    end
+
+    def self.unregister_devices(pan_address=nil, key=nil, asset_details=nil, site_id=nil)
+      raise 'Options and key must be set' if pan_address.nil? || key.nil? || asset_details.nil? || site_id.nil?
+
+      #Extract a list of IPs from the asset details
+      ip_list=[]
+      asset_details.each {|ip_addess, tags| ip_list << ip_addess}
+
+      #Createa  folder to hold the files
+      folder = "./paloalto/logs"
+      FileUtils.mkdir_p(folder) unless File.directory?(folder)
+
+      remove_file_list=[]
+      xml="<uid-message><version>1.0</version><type>update</type><payload><unregister>#{generate_remove_asset_xml(ip_list)}</unregister></payload></uid-message>"
+      remove_file = File.open("#{folder}/#{site_id}_remove.xml", 'w')
+      remove_file.puts(xml)
+      remove_file_list << remove_file.path
+      remove_file.close
+
+      remove_file_list.each do |filename|
+        curlRequestWithFile("https://#{pan_address}/api/?type=user-id&action=set&key=#{key}&client=wget&file-name=\"#{filename}\"", filename)
+      end
+    end
+
+    def self.register_devices(pan_address=nil, key=nil, asset_details=nil, site_id=nil)
+      raise 'Options and key must be set' if pan_address.nil? || key.nil? || asset_details.nil? || site_id.nil?
+
+      #Createa  folder to hold the files
+      folder = "./paloalto/logs"
+      FileUtils.mkdir_p(folder) unless File.directory?(folder)
+
+      add_file_list=[]
+      #Add devices
+      xml="<uid-message><version>1.0</version><type>update</type><payload><register>#{generate_add_asset_xml(asset_details)}</register></payload></uid-message>"
+      add_file =File.open("#{folder}/#{site_id}_add.xml", 'w')
+      add_file.puts(xml)
+      add_file_list << add_file.path
+      add_file.close
+
+      add_file_list.each do |filename|
+        curlRequestWithFile("https://#{pan_address}/api/?type=user-id&action=set&key=#{key}&client=wget&&file-name=\"#{filename}\"", filename)
+      end
+    end
+
+    def self.register_dag_devices(pan_address=nil, key=nil, dag_parsed_details=nil)
+      raise 'Options and key must be set' if pan_address.nil? || key.nil? || dag_parsed_details.nil?
+
+      #Createa  folder to hold the files
+      folder = "./paloalto/logs"
+      FileUtils.mkdir_p(folder) unless File.directory?(folder)
+
+      add_file_list=[]
+      #Add devices
+      xml="<uid-message><version>1.0</version><type>update</type><payload><register>#{generate_add_asset_xml(asset_details)}</register></payload></uid-message>"
+      add_file =File.open("#{folder}/dag_#{dag_details[0]}_add.xml", 'w')
+      add_file.puts(xml)
+      add_file_list << add_file.path
+      add_file.close
+
+      add_file_list.each do |filename|
+        puts  curlRequestWithFile("https://#{pan_address}/api/?type=user-id&action=set&key=#{key}&client=wget&&file-name=\"#{filename}\"", filename)
+      end
+    end
+
+  end
+end

data/lib/paloalto/nx_logger.rb

@@ -0,0 +1,27 @@
+module Paloalto
+  class NXLogger
+    LOGGER_FILE = File.join(File.dirname(__FILE__), './logs/rapid7_palo_alto.log')
+    
+    attr_accessor :options
+    
+    def initialize
+      setup_logging()
+    end 
+    
+    def setup_logging(enabled = true)
+      if enabled
+        require 'logger'
+        directory = File.dirname(LOGGER_FILE)
+        FileUtils.mkdir_p(directory) unless File.directory?(directory)
+        @log = Logger.new(LOGGER_FILE, 'monthly')
+        @log.level = Logger::INFO
+        log_message('Logging enabled for helper.')
+      end
+    end
+
+    # Logs a message
+    def log_message(message)
+      @log.info(message)
+    end
+  end
+end

data/lib/paloalto/version.rb

@@ -0,0 +1,3 @@
+module Paloalto
+  VERSION = "0.1.1"
+end

data/nexpose_paloalto.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'paloalto/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "nexpose_paloalto"
+  spec.version       = Paloalto::VERSION
+  spec.authors       = ['Damian Finol', 'JJ Cassidy']
+  spec.email         = ['integrations_support@rapid7.com']
+
+  spec.summary       = 'Nexpose Palo Alto Gem Integration'
+  spec.description   = 'This Gem allows usage of Nexpose Dynamic Asset groups with Palo Alto TAGs.'
+  spec.homepage      = "http://www.rapid7.com"
+  spec.license       = "MIT"
+
+  spec.files         = Dir['[A-Z]*'] + Dir['lib/**/*'] + Dir['bin/**']
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.8"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_runtime_dependency 'nexpose', "~> 0.9"
+  spec.add_runtime_dependency 'curb', "~> 0.8.7"
+  spec.add_runtime_dependency 'nokogiri', "~> 1.6"
+  spec.required_ruby_version = '~> 2.0'
+end

metadata

@@ -0,0 +1,128 @@
+--- !ruby/object:Gem::Specification
+name: nexpose_paloalto
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Damian Finol
+- JJ Cassidy
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-04-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: nexpose
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: curb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.7
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+description: This Gem allows usage of Nexpose Dynamic Asset groups with Palo Alto
+  TAGs.
+email:
+- integrations_support@rapid7.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/bin/nexpose_paloalto.rb
+- lib/paloalto.rb
+- lib/paloalto/nexpose_helper.rb
+- lib/paloalto/ngfw.rb
+- lib/paloalto/nx_logger.rb
+- lib/paloalto/version.rb
+- nexpose_paloalto.gemspec
+homepage: http://www.rapid7.com
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.4
+signing_key: 
+specification_version: 4
+summary: Nexpose Palo Alto Gem Integration
+test_files: []