nexpose_paloalto 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 14c752bd0571d6cb5572c01e07eef1ee27178c72
-  data.tar.gz: a1f4eca110f7765547a98e6b571d3e0c1bdd80b8
+  metadata.gz: 4031017be8639d09edbb9fef2ffb3ec43b21330e
+  data.tar.gz: f75c2a16d0ce151d132a77eaf11c9e3b377b2cbb
 SHA512:
-  metadata.gz: 6bebc678b2e03d9b01720fb84362f6f97927b5a44e464d3c49170304a68abca80ba114bbc09492145a6bcd99d38e2d23e9dc2ae6e3598925e641e0801b400763
-  data.tar.gz: ddb4b6a8a0e1456d46dd2b1b0f098892946f520cd6c428e0f39bbbb23fa88a76b2c382ad2f0eaa9947b1590f19129e99ed68d9ed2dcd8a7e8a261dcb4404db6c
+  metadata.gz: 410ba9dfbe608b1465fdc6bd5967f561537e1ef3b36799ff9454d9440de7a3d708f68a80ba82112b68f88ac7196a6c5941d9f9ed6c0fea48a36a88980b4a9034
+  data.tar.gz: 3495a3363873daa1faa9fc2956262907d37f6e7122e1ae269094c41c01cce8f12f5d910df0cda6dc579b076d271699de2252779dee83b7be5935525f79c9866c

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    nexpose_paloalto (0.1.0)
+    nexpose_paloalto (0.1.1)
       curb (~> 0.8.7)
       nexpose (~> 0.9)
       nokogiri (~> 1.6)

data/README.md

@@ -59,5 +59,5 @@ For Windows systems, make sure they are on the Environment Variables section in
 * (Optional) Review the log file under the logs folder in the Gem path.
 
 
-For any support requests, please email integrations_support@rapid7.com with a description of the issue and any logs
+For any support requests, please email support@rapid7.com with a description of the issue and any logs
 available.

data/{lib/bin/nexpose_paloalto.rb → bin/nexpose_paloalto}

@@ -1,3 +1,4 @@
+#!/usr/bin/env ruby
 require 'paloalto'
 
 # Obtain Nexpose settings from Environment Variables.
@@ -6,6 +7,8 @@ raise 'Must configure nexpose settings before starting' if ENV['NEXPOSE_URL'].ni
 nexpose_settings[:nexpose_url] = ENV['NEXPOSE_URL']
 nexpose_settings[:nexpose_username] = ENV['NEXPOSE_USERNAME']
 nexpose_settings[:nexpose_password] = ENV['NEXPOSE_PASSWORD']
+# User can change the port if Nexpose does not use port 3780
+nexpose_settings[:nexpose_port] = 3780
 
 # Obtain PAN's info.
 pan_settings = Hash.new

data/lib/paloalto.rb

@@ -16,6 +16,7 @@ module Paloalto
     nexpose_url = nexpose_settings[:nexpose_url]
     nexpose_username = nexpose_settings[:nexpose_username]
     nexpose_password = nexpose_settings[:nexpose_password]
+    nexpose_port = nexpose_settings[:nexpose_port]
 
     pan_url = pan_settings[:pan_url]
     pan_username = pan_settings[:pan_username]
@@ -24,7 +25,11 @@ module Paloalto
     report_timeout = nexpose_settings[:timeout]
 
     #Setup logging
-    @log = Paloalto::NXLogger.new
+    @log = Paloalto::NxLogger.instance
+    @log.setup_statistics_collection(Paloalto::VENDOR, 
+                                     Paloalto::PRODUCT, 
+                                     Paloalto::VERSION)
+    @log.setup_logging(true, 'info')
 
     #Nexpose sites and DAGs to import. Uses Site Id and DAG ID e.g. 'sites = [1,2,3,4]'. Leave as nil to run on all sites and DAGs the user has access to or
     # set as an empty array e.g. 'dags=[]' to not run on any sites/dags.
@@ -34,9 +39,12 @@ module Paloalto
     @log.log_message("Running with user configured site IDs <#{sites}> and dynamic asset group IDs #{dags}.")
 
     # Log in to nexpose.
-    nsc = Paloalto::NexposeHelper.login(nexpose_url, nexpose_username, nexpose_password)
+    nsc = Paloalto::NexposeHelper.login(nexpose_url,
+                                        nexpose_username,
+                                        nexpose_password,
+                                        nexpose_port)
 
-    #Gather the sites
+    # Gather the sites
     all_sites = nsc.sites
     all_sites.delete_if {|site| !(sites.include? site.id)} unless sites.nil?
     all_sites_names = []
@@ -53,53 +61,53 @@ module Paloalto
     # Login to PAN.
     pan_key = Paloalto::Ngfw.login(pan_url, pan_username, pan_password)
 
-    #Get the device config
+    # Get the device config
     device_config_xml = Paloalto::Ngfw.retrieve_device_config(pan_url, pan_key)
 
-    #Get the device names
+    # Get the device names
     device_name = Paloalto::Ngfw.parse_device_name(device_config_xml)
     vsys_name = Paloalto::Ngfw.parse_vsys_name(device_config_xml)
 
     @log.log_message("Found device configuration. Name <#{device_name}> and vsys <#{vsys_name}>.")
 
-    #Get this device's config
+    # Get this device's config
     vsys_config = Paloalto::Ngfw.retrieve_device_config(pan_url, pan_key, device_name, vsys_name)
 
-    #Get the existing tags
+    # Get the existing tags
     existing_tags = Paloalto::Ngfw.parse_existing_tags(vsys_config)
 
-    #Gather the tags we want to create
+    # Gather the tags we want to create
     wanted_tags = []
     all_sites_names.each {|site_name| wanted_tags << site_name.gsub(/[()]/, "")}
     wanted_tags << 'Nexpose'
     all_nexpose_dag_details.each {|details| wanted_tags << details[1].gsub(/[()']/, "")}
 
-    #Find which new tags need to be created
+    # Finds which new tags need to be created
     tags_to_create = wanted_tags - existing_tags
 
     @log.log_message("New tags to be created <#{tags_to_create}>.")
 
-    #Find the existing DAGs
+    # Find the existing DAGs
     existing_dags = Paloalto::Ngfw.parse_existing_dags(vsys_config)
 
-    #Gather the dags we want to create
+    # Gather the dags we want to create
     wanted_dags = []
     all_sites_names.each {|site_name| wanted_dags << site_name.gsub(/[()]/, "")}
     wanted_dags << 'Nexpose'
     all_nexpose_dag_details.each {|details| wanted_dags << details[1].gsub(/[()']/, "")}
 
-    #Find which new dags need to be created
+    # Find which new dags need to be created
     dags_to_create = wanted_dags - existing_dags
 
     @log.log_message("New DAGs to be created <#{dags_to_create}>.")
 
-    #Create the new tags
+    # Create the new tags
     @log.log_message("Creating tags...")
     tags_element=''
     tags_to_create.each {|tag_to_create| tags_element << Paloalto::Ngfw.generate_tag_xml(tag_to_create, 'color3', "Nexpose tag for asset grouping: #{tag_to_create}")}
     response = Paloalto::Ngfw.create_tags(pan_url, pan_key, device_name, vsys_name, tags_element) unless tags_element.empty?
 
-    #Create the new dags
+    # Create the new dags
     @log.log_message("Creating DAGs...")
     dags_element=''
     dags_to_create.each {|dag_to_create| dags_element << Paloalto::Ngfw.generate_dag_xml(dag_to_create, "'Nexpose' AND '#{dag_to_create}'", dag_to_create)}
@@ -107,7 +115,7 @@ module Paloalto
 
     @log.log_message('Committing the changes...')
 
-    #Commit the changes
+    # Commit the changes
     response = Paloalto::Ngfw.commit(pan_url, pan_key)
 
     @log.log_message("Commit response <#{response}>")

data/lib/paloalto/nexpose_helper.rb

@@ -5,10 +5,11 @@ module Paloalto
     require 'paloalto/nx_logger'
 
     # Logs in to Nexpose using the url, username and password.
-    def self.login(url=nil, username=nil, password=nil)
+    def self.login(url=nil, username=nil, password=nil, port=3780)
       raise 'Nexpose connection must be set in environment variables.' if url.nil? || username.nil? || password.nil?
-      nsc = Nexpose::Connection.new(url, username, password)
+      nsc = Nexpose::Connection.new(url, username, password, port)
       nsc.login
+      Paloalto::NxLogger.instance.on_connect(url, port, nsc.session_id, "{}")
       nsc
     end
 

data/lib/paloalto/nx_logger.rb

@@ -1,27 +1,166 @@
+require 'fileutils'
+require 'json'
+require 'net/http'
+require 'singleton'
+
 module Paloalto
-  class NXLogger
-    LOGGER_FILE = File.join(File.dirname(__FILE__), './logs/rapid7_palo_alto.log')
-    
-    attr_accessor :options
-    
-    def initialize
-      setup_logging()
-    end 
-    
-    def setup_logging(enabled = true)
-      if enabled
-        require 'logger'
-        directory = File.dirname(LOGGER_FILE)
-        FileUtils.mkdir_p(directory) unless File.directory?(directory)
-        @log = Logger.new(LOGGER_FILE, 'monthly')
-        @log.level = Logger::INFO
-        log_message('Logging enabled for helper.')
+  class NxLogger
+    include Singleton
+    LOG_PATH = "./logs/rapid7_%s.log"
+    KEY_FORMAT = "external.integration.%s"
+    PRODUCT_FORMAT = "%s_%s"
+
+    DEFAULT_LOG = 'integration'
+    PRODUCT_RANGE = 4..30
+    KEY_RANGE = 3..15
+
+    ENDPOINT = '/data/external/statistic/'
+
+    def initialize()
+      create_calls
+      @logger_file = get_log_path @product
+      setup_logging(true, 'info')
+    end
+
+    def setup_statistics_collection(vendor, product_name, gem_version)
+      begin
+        @statistic_key = get_statistic_key vendor
+        @product = get_product product_name, gem_version
+      rescue => e
+        #Continue
+      end
+    end
+
+    def setup_logging(enabled, log_level = 'info', stdout=false)
+      @stdout = stdout
+
+      log_message('Logging disabled.') unless enabled || @log.nil?
+      @enabled = enabled
+      return unless @enabled
+
+      @logger_file = get_log_path @product
+
+      require 'logger'
+      directory = File.dirname(@logger_file)
+      FileUtils.mkdir_p(directory) unless File.directory?(directory)
+      io = IO.for_fd(IO.sysopen(@logger_file, 'a'), 'a')
+      io.autoclose = false
+      io.sync = true
+      @log = Logger.new(io, 'weekly')
+      @log.level = if log_level.to_s.casecmp('info') == 0 
+                     Logger::INFO 
+                   else
+                     Logger::DEBUG
+                   end
+      log_message("Logging enabled at level <#{log_level}>")
+    end
+
+    def create_calls
+      levels = [:info, :debug, :error, :warn]
+      levels.each do |level|
+        method_name = 
+        define_singleton_method("log_#{level.to_s}_message") do |message|
+          puts message if @stdout
+          @log.send(level, message) unless !@enabled || @log.nil?
+        end
       end
     end
 
-    # Logs a message
     def log_message(message)
-      @log.info(message)
+      log_info_message message
+    end
+
+    def log_stat_message(message)
+    end
+
+    def get_log_path(product)
+      product.downcase! unless product.nil?
+      File.join(File.dirname(__FILE__), LOG_PATH % (product || DEFAULT_LOG))
+    end
+
+    def get_statistic_key(vendor)
+      if vendor.nil? || vendor.length < KEY_RANGE.min
+        log_stat_message("Vendor length is below minimum of <#{KEY_RANGE}>")
+        return nil
+      end
+
+      vendor.gsub!('-', '_')
+      vendor.slice! vendor.rindex('_') until vendor.count('_') <= 1
+
+      vendor.delete! "^A-Za-z0-9\_"
+
+      KEY_FORMAT % vendor[0...KEY_RANGE.max].downcase
+    end
+
+    def get_product(product, version)
+      return nil if ((product.nil? || product.empty?) || 
+                     (version.nil? || version.empty?))
+
+      product.gsub!('-', '_')
+      product.slice! product.rindex('_') until product.count('_') <= 1
+
+      product.delete! "^A-Za-z0-9\_"
+      version.delete! "^A-Za-z0-9\.\-"
+
+      product = (PRODUCT_FORMAT % [product, version])[0...PRODUCT_RANGE.max]
+
+      product.slice! product.rindex(/[A-Z0-9]/i)+1..-1
+
+      if product.length < PRODUCT_RANGE.min
+        log_stat_message("Product length below minimum <#{PRODUCT_RANGE.min}>.")
+        return nil
+      end
+      product.downcase
+    end
+
+    def generate_payload(statistic_value='')
+      product_name, separator, version = @product.to_s.rpartition('_')
+      payload_value = {'version' => version}.to_json
+
+      payload = {'statistic-key' => @statistic_key.to_s,
+                 'statistic-value' => payload_value,
+                 'product' => product_name}
+      JSON.generate(payload)
     end
+
+    def send(nexpose_address, nexpose_port, session_id, payload)
+      header = {'Content-Type' => 'application/json',
+                'nexposeCCSessionID' => session_id,
+                'Cookie' => "nexposeCCSessionID=#{session_id}"}
+      req = Net::HTTP::Put.new(ENDPOINT, header)
+      req.body = payload
+      http_instance = Net::HTTP.new(nexpose_address, nexpose_port)
+      http_instance.use_ssl = true
+      http_instance.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      response = http_instance.start { |http| http.request(req) }
+      log_stat_message "Received code #{response.code} from Nexpose console."
+      log_stat_message "Received message #{response.msg} from Nexpose console."
+      log_stat_message 'Finished sending statistics data to Nexpose.'
+
+      response.code
+    end
+
+    def on_connect(nexpose_address, nexpose_port, session_id, value)
+      log_stat_message 'Sending statistics data to Nexpose'
+
+      if @product.nil? || @statistic_key.nil?
+        log_stat_message('Invalid product name and/or statistics key.')
+        log_stat_message('Statistics collection not enabled.')
+        return
+      end
+      
+      begin
+        payload = generate_payload value
+        send(nexpose_address, nexpose_port, session_id, payload)
+      rescue => e
+        #Let the program continue
+      end
+    end
+
+    #Used by net library for debugging 
+    def <<(value)
+      log_debug_message(value)
+    end
+
   end
-end
+end

data/lib/paloalto/version.rb

@@ -1,3 +1,5 @@
 module Paloalto
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
+  VENDOR = "Palo Alto"
+  PRODUCT = "NGFW"
 end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: nexpose_paloalto
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Damian Finol
 - JJ Cassidy
 autorequire: 
-bindir: exe
+bindir: bin
 cert_chain: []
-date: 2015-04-01 00:00:00.000000000 Z
+date: 2017-05-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -45,14 +45,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '3.2'
 - !ruby/object:Gem::Dependency
   name: curb
   requirement: !ruby/object:Gem::Requirement
@@ -84,8 +84,9 @@ dependencies:
 description: This Gem allows usage of Nexpose Dynamic Asset groups with Palo Alto
   TAGs.
 email:
-- integrations_support@rapid7.com
-executables: []
+- support@rapid7.com
+executables:
+- nexpose_paloalto
 extensions: []
 extra_rdoc_files: []
 files:
@@ -94,13 +95,12 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- lib/bin/nexpose_paloalto.rb
+- bin/nexpose_paloalto
 - lib/paloalto.rb
 - lib/paloalto/nexpose_helper.rb
 - lib/paloalto/ngfw.rb
 - lib/paloalto/nx_logger.rb
 - lib/paloalto/version.rb
-- nexpose_paloalto.gemspec
 homepage: http://www.rapid7.com
 licenses:
 - MIT
@@ -121,7 +121,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.4
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Nexpose Palo Alto Gem Integration

data/nexpose_paloalto.gemspec

@@ -1,28 +0,0 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'paloalto/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = "nexpose_paloalto"
-  spec.version       = Paloalto::VERSION
-  spec.authors       = ['Damian Finol', 'JJ Cassidy']
-  spec.email         = ['integrations_support@rapid7.com']
-
-  spec.summary       = 'Nexpose Palo Alto Gem Integration'
-  spec.description   = 'This Gem allows usage of Nexpose Dynamic Asset groups with Palo Alto TAGs.'
-  spec.homepage      = "http://www.rapid7.com"
-  spec.license       = "MIT"
-
-  spec.files         = Dir['[A-Z]*'] + Dir['lib/**/*'] + Dir['bin/**']
-  spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
-
-  spec.add_development_dependency "bundler", "~> 1.8"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_runtime_dependency 'nexpose', "~> 0.9"
-  spec.add_runtime_dependency 'curb', "~> 0.8.7"
-  spec.add_runtime_dependency 'nokogiri', "~> 1.6"
-  spec.required_ruby_version = '~> 2.0'
-end