check-msdefender 1.1.8__py3-none-any.whl → 1.1.10__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- check_msdefender/__init__.py +1 -1
- check_msdefender/cli/commands/products.py +6 -2
- check_msdefender/core/defender.py +1 -4
- check_msdefender/core/nagios.py +1 -1
- check_msdefender/services/machines_service.py +4 -2
- check_msdefender/services/products_service.py +31 -11
- {check_msdefender-1.1.8.dist-info → check_msdefender-1.1.10.dist-info}/METADATA +29 -2
- {check_msdefender-1.1.8.dist-info → check_msdefender-1.1.10.dist-info}/RECORD +11 -11
- {check_msdefender-1.1.8.dist-info → check_msdefender-1.1.10.dist-info}/WHEEL +0 -0
- {check_msdefender-1.1.8.dist-info → check_msdefender-1.1.10.dist-info}/entry_points.txt +0 -0
- {check_msdefender-1.1.8.dist-info → check_msdefender-1.1.10.dist-info}/licenses/LICENSE +0 -0
check_msdefender/__init__.py
CHANGED
|
@@ -25,8 +25,12 @@ def register_products_commands(main_group: Any) -> None:
|
|
|
25
25
|
critical: Optional[float],
|
|
26
26
|
) -> None:
|
|
27
27
|
"""Check installed products for Microsoft Defender."""
|
|
28
|
-
warning =
|
|
29
|
-
|
|
28
|
+
warning = (
|
|
29
|
+
warning if warning is not None else 1
|
|
30
|
+
) # Trigger warning on any high/medium severity
|
|
31
|
+
critical = (
|
|
32
|
+
critical if critical is not None else 1
|
|
33
|
+
) # Trigger critical on any critical severity
|
|
30
34
|
|
|
31
35
|
try:
|
|
32
36
|
# Load configuration
|
|
@@ -65,10 +65,7 @@ class DefenderClient:
|
|
|
65
65
|
"Content-Type": DefenderClient.application_json,
|
|
66
66
|
}
|
|
67
67
|
|
|
68
|
-
params = {
|
|
69
|
-
PARAM_FILTER: f"computerDnsName eq '{dns_name}'",
|
|
70
|
-
PARAM_SELECT: "id"
|
|
71
|
-
}
|
|
68
|
+
params = {PARAM_FILTER: f"computerDnsName eq '{dns_name}'", PARAM_SELECT: "id"}
|
|
72
69
|
|
|
73
70
|
try:
|
|
74
71
|
start_time = time.time()
|
check_msdefender/core/nagios.py
CHANGED
|
@@ -116,7 +116,7 @@ class NagiosPlugin:
|
|
|
116
116
|
) -> int:
|
|
117
117
|
"""Execute the check and return Nagios exit code."""
|
|
118
118
|
try:
|
|
119
|
-
result = self.service.get_result()
|
|
119
|
+
result = self.service.get_result(machine_id=machine_id, dns_name=dns_name)
|
|
120
120
|
value = result["value"]
|
|
121
121
|
details = result.get("details", [])
|
|
122
122
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"""Machines service implementation."""
|
|
2
2
|
|
|
3
|
-
from typing import Dict, List, Any
|
|
3
|
+
from typing import Dict, List, Any, Optional
|
|
4
4
|
|
|
5
5
|
from check_msdefender.core.logging_config import get_verbose_logger
|
|
6
6
|
|
|
@@ -13,7 +13,9 @@ class MachinesService:
|
|
|
13
13
|
self.defender = defender_client
|
|
14
14
|
self.logger = get_verbose_logger(__name__, verbose_level)
|
|
15
15
|
|
|
16
|
-
def get_result(
|
|
16
|
+
def get_result(
|
|
17
|
+
self, machine_id: Optional[str] = None, dns_name: Optional[str] = None
|
|
18
|
+
) -> Dict[str, Any]:
|
|
17
19
|
"""Get machine count result with value and details."""
|
|
18
20
|
self.logger.method_entry("get_result")
|
|
19
21
|
|
|
@@ -82,9 +82,25 @@ class ProductsService:
|
|
|
82
82
|
)
|
|
83
83
|
software_vulnerabilities[software_key]["severities"].add(severity)
|
|
84
84
|
|
|
85
|
-
# Count
|
|
86
|
-
|
|
85
|
+
# Count vulnerabilities by severity
|
|
86
|
+
critical_count = 0
|
|
87
|
+
high_count = 0
|
|
88
|
+
medium_count = 0
|
|
89
|
+
low_count = 0
|
|
87
90
|
|
|
91
|
+
for vulnerability in products:
|
|
92
|
+
severity = vulnerability.get("vulnerabilitySeverityLevel", "Unknown").lower()
|
|
93
|
+
if severity == "critical":
|
|
94
|
+
critical_count += 1
|
|
95
|
+
elif severity == "high":
|
|
96
|
+
high_count += 1
|
|
97
|
+
elif severity == "medium":
|
|
98
|
+
medium_count += 1
|
|
99
|
+
elif severity == "low":
|
|
100
|
+
low_count += 1
|
|
101
|
+
|
|
102
|
+
# Count vulnerable software for reporting
|
|
103
|
+
vulnerable_software = []
|
|
88
104
|
for software in software_vulnerabilities.values():
|
|
89
105
|
if len(software["cves"]) > 0:
|
|
90
106
|
vulnerable_software.append(software)
|
|
@@ -92,7 +108,7 @@ class ProductsService:
|
|
|
92
108
|
# Create details for output
|
|
93
109
|
details = []
|
|
94
110
|
if software_vulnerabilities:
|
|
95
|
-
summary_line = f"{len(products)}
|
|
111
|
+
summary_line = f"{len(products)} total CVEs (Critical: {critical_count}, High: {high_count}, Medium: {medium_count}, Low: {low_count}), {len(vulnerable_software)} vulnerable software"
|
|
96
112
|
details.append(summary_line)
|
|
97
113
|
|
|
98
114
|
# Add software details (limit to 10)
|
|
@@ -100,12 +116,13 @@ class ProductsService:
|
|
|
100
116
|
cve_count = len(software["cves"])
|
|
101
117
|
unique_cves = list(set(software["cves"]))
|
|
102
118
|
cve_list = ", ".join(unique_cves[:5]) # Show first 5 CVEs
|
|
119
|
+
severity = ", ".join(software["severities"]) # Show first 5 CVEs
|
|
103
120
|
if len(unique_cves) > 5:
|
|
104
121
|
cve_list += f".. (+{len(unique_cves) - 5} more)"
|
|
105
122
|
|
|
106
123
|
details.append(
|
|
107
124
|
f"{software['name']} {software['version']} ({software['vendor']}) - "
|
|
108
|
-
f"{cve_count} weaknesses ({cve_list})"
|
|
125
|
+
f"{cve_count} ({severity}) weaknesses ({cve_list})"
|
|
109
126
|
)
|
|
110
127
|
|
|
111
128
|
# Add paths (limit to 4)
|
|
@@ -113,23 +130,26 @@ class ProductsService:
|
|
|
113
130
|
details.append(f" - {path}")
|
|
114
131
|
|
|
115
132
|
# Determine the value based on severity:
|
|
116
|
-
# -
|
|
117
|
-
# -
|
|
118
|
-
|
|
119
|
-
value = len(vulnerable_software) # Will trigger warning threshold
|
|
120
|
-
else:
|
|
121
|
-
value = 0 # OK status
|
|
133
|
+
# - Critical vulnerabilities trigger critical threshold
|
|
134
|
+
# - High/Medium vulnerabilities trigger warning threshold
|
|
135
|
+
# - Low vulnerabilities or no vulnerabilities are OK
|
|
122
136
|
|
|
137
|
+
value = (critical_count * 100) + (high_count *10) + (medium_count*5) + (low_count*1)
|
|
123
138
|
result = {
|
|
124
139
|
"value": value,
|
|
125
140
|
"details": details,
|
|
126
141
|
"vulnerable_count": len(vulnerable_software),
|
|
142
|
+
"critical_count": critical_count,
|
|
143
|
+
"high_count": high_count,
|
|
144
|
+
"medium_count": medium_count,
|
|
145
|
+
"low_count": low_count,
|
|
127
146
|
"total_cves": len(products),
|
|
128
147
|
"total_software": len(software_vulnerabilities),
|
|
129
148
|
}
|
|
130
149
|
|
|
131
150
|
self.logger.info(
|
|
132
|
-
f"Products analysis complete: {len(products)} total CVEs
|
|
151
|
+
f"Products analysis complete: {len(products)} total CVEs "
|
|
152
|
+
f"(Critical: {critical_count}, High: {high_count}, Medium: {medium_count}, Low: {low_count}), "
|
|
133
153
|
f"{len(vulnerable_software)} vulnerable software"
|
|
134
154
|
)
|
|
135
155
|
self.logger.method_exit("get_result", result)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: check-msdefender
|
|
3
|
-
Version: 1.1.
|
|
3
|
+
Version: 1.1.10
|
|
4
4
|
Summary: A Nagios plugin for monitoring Microsoft Defender API endpoints
|
|
5
5
|
Keywords: nagios,monitoring,microsoft,graph,api,azure
|
|
6
6
|
Author-Email: ldvchosal <ldvchosal@github.com>
|
|
@@ -36,7 +36,7 @@ A comprehensive **Nagios plugin** for monitoring Microsoft Defender for Endpoint
|
|
|
36
36
|
## ✨ Features
|
|
37
37
|
|
|
38
38
|
- 🔐 **Dual Authentication** - Support for Client Secret and Certificate-based authentication
|
|
39
|
-
- 🎯 **Multiple Endpoints** - Monitor onboarding status, last seen, vulnerabilities, alerts, and machine details
|
|
39
|
+
- 🎯 **Multiple Endpoints** - Monitor onboarding status, last seen, vulnerabilities, products with CVEs, alerts, and machine details
|
|
40
40
|
- 📊 **Nagios Compatible** - Standard exit codes and performance data output
|
|
41
41
|
- 🏗️ **Clean Architecture** - Modular design with testable components
|
|
42
42
|
- 🔧 **Flexible Configuration** - File-based configuration with sensible defaults
|
|
@@ -68,6 +68,9 @@ check_msdefender lastseen -d machine.domain.tld -W 7 -C 30
|
|
|
68
68
|
# Check vulnerabilities
|
|
69
69
|
check_msdefender vulnerabilities -d machine.domain.tld -W 10 -C 100
|
|
70
70
|
|
|
71
|
+
# Check products with CVE vulnerabilities
|
|
72
|
+
check_msdefender products -d machine.domain.tld -W 5 -C 1
|
|
73
|
+
|
|
71
74
|
# Check alerts
|
|
72
75
|
check_msdefender alerts -d machine.domain.tld -W 1 -C 5
|
|
73
76
|
|
|
@@ -85,6 +88,7 @@ check_msdefender detail -d machine.domain.tld
|
|
|
85
88
|
| `onboarding` | Check machine onboarding status | W:1, C:2 |
|
|
86
89
|
| `lastseen` | Days since machine last seen | W:7, C:30 |
|
|
87
90
|
| `vulnerabilities` | Vulnerability score calculation | W:10, C:100 |
|
|
91
|
+
| `products` | Count of vulnerable software with CVEs | W:5, C:1 |
|
|
88
92
|
| `alerts` | Count of unresolved alerts | W:1, C:0 |
|
|
89
93
|
| `machines` | List all machines | W:10, C:25 |
|
|
90
94
|
| `detail` | Get detailed machine information | - |
|
|
@@ -97,6 +101,15 @@ The vulnerability score is calculated as:
|
|
|
97
101
|
- **Medium vulnerabilities** × 5
|
|
98
102
|
- **Low vulnerabilities** × 1
|
|
99
103
|
|
|
104
|
+
### Products CVE Monitoring
|
|
105
|
+
|
|
106
|
+
The products command monitors installed software with known CVE vulnerabilities:
|
|
107
|
+
- **Groups CVEs by software** (name, version, vendor)
|
|
108
|
+
- **Shows CVE details** including severity levels and disk paths
|
|
109
|
+
- **Counts vulnerable software** (not individual CVEs)
|
|
110
|
+
- **Default thresholds**: Warning at 5 vulnerable software, Critical at 1
|
|
111
|
+
- **Displays up to 10 software entries** with first 5 CVEs per software
|
|
112
|
+
|
|
100
113
|
### Alert Monitoring
|
|
101
114
|
|
|
102
115
|
The alerts command monitors unresolved security alerts for a machine:
|
|
@@ -186,6 +199,11 @@ define command {
|
|
|
186
199
|
command_line $USER1$/check_msdefender/bin/check_msdefender vulnerabilities -d $HOSTALIAS$ -W 10 -C 100
|
|
187
200
|
}
|
|
188
201
|
|
|
202
|
+
define command {
|
|
203
|
+
command_name check_defender_products
|
|
204
|
+
command_line $USER1$/check_msdefender/bin/check_msdefender products -d $HOSTALIAS$ -W 5 -C 1
|
|
205
|
+
}
|
|
206
|
+
|
|
189
207
|
define command {
|
|
190
208
|
command_name check_defender_alerts
|
|
191
209
|
command_line $USER1$/check_msdefender/bin/check_msdefender alerts -d $HOSTALIAS$ -W 1 -C 5
|
|
@@ -217,6 +235,13 @@ define service {
|
|
|
217
235
|
hostgroup_name msdefender
|
|
218
236
|
}
|
|
219
237
|
|
|
238
|
+
define service {
|
|
239
|
+
use generic-service
|
|
240
|
+
service_description DEFENDER_PRODUCTS
|
|
241
|
+
check_command check_defender_products
|
|
242
|
+
hostgroup_name msdefender
|
|
243
|
+
}
|
|
244
|
+
|
|
220
245
|
define service {
|
|
221
246
|
use generic-service
|
|
222
247
|
service_description DEFENDER_ALERTS
|
|
@@ -236,6 +261,7 @@ check_msdefender/
|
|
|
236
261
|
│ │ ├── onboarding.py # Onboarding status command
|
|
237
262
|
│ │ ├── lastseen.py # Last seen command
|
|
238
263
|
│ │ ├── vulnerabilities.py # Vulnerabilities command
|
|
264
|
+
│ │ ├── products.py # Products CVE monitoring command
|
|
239
265
|
│ │ ├── alerts.py # Alerts monitoring command
|
|
240
266
|
│ │ ├── machines.py # List machines command
|
|
241
267
|
│ │ └── detail.py # Machine detail command
|
|
@@ -252,6 +278,7 @@ check_msdefender/
|
|
|
252
278
|
│ ├── onboarding_service.py # Onboarding business logic
|
|
253
279
|
│ ├── lastseen_service.py # Last seen business logic
|
|
254
280
|
│ ├── vulnerabilities_service.py # Vulnerability business logic
|
|
281
|
+
│ ├── products_service.py # Products CVE monitoring business logic
|
|
255
282
|
│ ├── alerts_service.py # Alerts monitoring business logic
|
|
256
283
|
│ ├── machines_service.py # Machines business logic
|
|
257
284
|
│ ├── detail_service.py # Detail business logic
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
check_msdefender-1.1.
|
|
2
|
-
check_msdefender-1.1.
|
|
3
|
-
check_msdefender-1.1.
|
|
4
|
-
check_msdefender-1.1.
|
|
5
|
-
check_msdefender/__init__.py,sha256=
|
|
1
|
+
check_msdefender-1.1.10.dist-info/METADATA,sha256=uYW5ttbZmmh_zIglbRmKeGJlJ20UgkVMYFOsMyKJSxk,14799
|
|
2
|
+
check_msdefender-1.1.10.dist-info/WHEEL,sha256=9P2ygRxDrTJz3gsagc0Z96ukrxjr-LFBGOgv3AuKlCA,90
|
|
3
|
+
check_msdefender-1.1.10.dist-info/entry_points.txt,sha256=OqVzHI1PaD9V22g0K7BhA2nYv4O-pH8mcLzuGdsk5rM,79
|
|
4
|
+
check_msdefender-1.1.10.dist-info/licenses/LICENSE,sha256=kW3DwIsKc9HVYdS4f4tI6sLo-EPqBQbz-WmuvHU4Nak,1065
|
|
5
|
+
check_msdefender/__init__.py,sha256=HJ0WhYzGXOqU1QtDqumM6mqkzvD4sBZGTuNLZlYAZMQ,161
|
|
6
6
|
check_msdefender/__main__.py,sha256=TuNsRSdnkQm9OdBTAwD5aB2zV_Irc50WgylVWhrfnLY,124
|
|
7
7
|
check_msdefender/check_msdefender.py,sha256=OO4Tg2DBW28AT-2LOH-qJM2pE5TPcF615BF7HjyZsmA,137
|
|
8
8
|
check_msdefender/cli/__init__.py,sha256=NWaS5ZI9_252AcReugF_WGPMOvQ_B7sC_s3pSrGujcI,291
|
|
@@ -13,24 +13,24 @@ check_msdefender/cli/commands/detail.py,sha256=qCATgEo_au7t93usEqyWAer6jYlHktQ7D
|
|
|
13
13
|
check_msdefender/cli/commands/lastseen.py,sha256=my-kW00ioaFdmec3zjqrLk12kt9Pld8rqu5n8wcT4Ys,1878
|
|
14
14
|
check_msdefender/cli/commands/machines.py,sha256=uyQal7P4VI4a3dECFWgXKBiUPcdxhUrpWFOyKHmpORU,1724
|
|
15
15
|
check_msdefender/cli/commands/onboarding.py,sha256=5QSP75uyrX0MQ1ABiGFSDKIzVszLF8U3uQ4bqFF9F2g,1912
|
|
16
|
-
check_msdefender/cli/commands/products.py,sha256=
|
|
16
|
+
check_msdefender/cli/commands/products.py,sha256=hmun3C_eqpk_ve8yc0tnY0qAgocUpkvvXojjUviUwI4,1993
|
|
17
17
|
check_msdefender/cli/commands/vulnerabilities.py,sha256=CIYjANeMfcs20Ayi75cJpY98mjljH-DSujxc0E10L90,1931
|
|
18
18
|
check_msdefender/cli/decorators.py,sha256=wRUv4vY6SL3nFjpYW9h1M1xDO_pzA6--gCtg3y6MmQM,786
|
|
19
19
|
check_msdefender/cli/handlers.py,sha256=hp_CX_3qPoQGrPPVeiojb2j7tuFMva4ebWg9CxVUiPg,1395
|
|
20
20
|
check_msdefender/core/__init__.py,sha256=naBiEkixiWTuHU3GENk8fqC8H3p_hkzRsmSY2uiM_TQ,47
|
|
21
21
|
check_msdefender/core/auth.py,sha256=7mkGmhGHy4t38O0e4Rz7dQ52xfMbK3IUXMlw3u83aB4,1585
|
|
22
22
|
check_msdefender/core/config.py,sha256=IoWBL_DB110F4i6hFfli6iFDBXx57dHh32lCuLkcgNk,1170
|
|
23
|
-
check_msdefender/core/defender.py,sha256=
|
|
23
|
+
check_msdefender/core/defender.py,sha256=JChnsyKD2grSMlxSDHEbTd4Al8pW-_8TAN8-1JsINR4,10389
|
|
24
24
|
check_msdefender/core/exceptions.py,sha256=X4s_XM64SEVSs-4mGKqnF8xXwGFY3E0buvkgRNuCCX4,600
|
|
25
25
|
check_msdefender/core/logging_config.py,sha256=Rd1F-IDXTx7yckrI8kyx2Ht20f5OcArPCAXb44BOmbg,4084
|
|
26
|
-
check_msdefender/core/nagios.py,sha256=
|
|
26
|
+
check_msdefender/core/nagios.py,sha256=5GY4MIFOOB_bVSTbESxCpNVkJg1zzuuNna6rlwsECvQ,6312
|
|
27
27
|
check_msdefender/services/__init__.py,sha256=_fiKXxcz263IghXn9BnUWDKPgedhUPoSakEN3tBd2SU,44
|
|
28
28
|
check_msdefender/services/alerts_service.py,sha256=poKZw1WKphmtPPnuMDrGRuPQbRLjLDZpo2rhFCh7TDc,4034
|
|
29
29
|
check_msdefender/services/detail_service.py,sha256=tXfb6H2dhrTZ5y85H8W58GA8CvA-7aUwMIbNdcqECw0,3381
|
|
30
30
|
check_msdefender/services/lastseen_service.py,sha256=LiNVeUbAoMzowMvE90P7zCtKFHBLbIDp5mmkVHRLwqs,3128
|
|
31
|
-
check_msdefender/services/machines_service.py,sha256=
|
|
31
|
+
check_msdefender/services/machines_service.py,sha256=KLRwltpYtwg_qtW6BGIxlH-PB9LcnEyW-i3C4RGSD30,3238
|
|
32
32
|
check_msdefender/services/models.py,sha256=CDmQ5vU0-GawIalqXjXNk3rry6gsyjv6eSlW2NiXwQ0,979
|
|
33
33
|
check_msdefender/services/onboarding_service.py,sha256=RIOsvALCoKV0YqnCHKYRkelSPrO-F-6vNBLlto4MpiI,2686
|
|
34
|
-
check_msdefender/services/products_service.py,sha256=
|
|
34
|
+
check_msdefender/services/products_service.py,sha256=fZHk6QPmIBMtLf52IjOX_yh7dSwMC22TcZzU9v3KfFo,6751
|
|
35
35
|
check_msdefender/services/vulnerabilities_service.py,sha256=LuRRQlFt-K82tGUhLCx_QCOp4CbBgSp7fktmeSSoa9o,6838
|
|
36
|
-
check_msdefender-1.1.
|
|
36
|
+
check_msdefender-1.1.10.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|