check-msdefender 1.1.9__py3-none-any.whl → 1.1.10__py3-none-any.whl

check_msdefender/__init__.py

@@ -1,4 +1,4 @@
 """Check Microsoft Defender API endpoints and check values - Nagios plugin."""
-__version__ = "1.1.9"
+__version__ = "1.1.10"
 __author__ = "ldvchosal"
 __email__ = "ldvchosa@github.com"

check_msdefender/cli/commands/products.py

@@ -25,8 +25,12 @@ def register_products_commands(main_group: Any) -> None:
         critical: Optional[float],
     ) -> None:
         """Check installed products for Microsoft Defender."""
-        warning = warning if warning is not None else 5
-        critical = critical if critical is not None else 1
+        warning = (
+            warning if warning is not None else 1
+        )  # Trigger warning on any high/medium severity
+        critical = (
+            critical if critical is not None else 1
+        )  # Trigger critical on any critical severity
 
         try:
             # Load configuration

check_msdefender/core/defender.py

@@ -65,10 +65,7 @@ class DefenderClient:
             "Content-Type": DefenderClient.application_json,
         }
 
-        params = {
-            PARAM_FILTER: f"computerDnsName eq '{dns_name}'",
-            PARAM_SELECT: "id"
-        }
+        params = {PARAM_FILTER: f"computerDnsName eq '{dns_name}'", PARAM_SELECT: "id"}
 
         try:
             start_time = time.time()

check_msdefender/services/products_service.py

@@ -82,9 +82,25 @@ class ProductsService:
             )
             software_vulnerabilities[software_key]["severities"].add(severity)
 
-        # Count vulnerable software
-        vulnerable_software = []
+        # Count vulnerabilities by severity
+        critical_count = 0
+        high_count = 0
+        medium_count = 0
+        low_count = 0
 
+        for vulnerability in products:
+            severity = vulnerability.get("vulnerabilitySeverityLevel", "Unknown").lower()
+            if severity == "critical":
+                critical_count += 1
+            elif severity == "high":
+                high_count += 1
+            elif severity == "medium":
+                medium_count += 1
+            elif severity == "low":
+                low_count += 1
+
+        # Count vulnerable software for reporting
+        vulnerable_software = []
         for software in software_vulnerabilities.values():
             if len(software["cves"]) > 0:
                 vulnerable_software.append(software)
@@ -92,7 +108,7 @@ class ProductsService:
         # Create details for output
         details = []
         if software_vulnerabilities:
-            summary_line = f"{len(products)} CVE found on {target_dns_name}"
+            summary_line = f"{len(products)} total CVEs (Critical: {critical_count}, High: {high_count}, Medium: {medium_count}, Low: {low_count}), {len(vulnerable_software)} vulnerable software"
             details.append(summary_line)
 
             # Add software details (limit to 10)
@@ -100,12 +116,13 @@ class ProductsService:
                 cve_count = len(software["cves"])
                 unique_cves = list(set(software["cves"]))
                 cve_list = ", ".join(unique_cves[:5])  # Show first 5 CVEs
+                severity = ", ".join(software["severities"])  # Show first 5 CVEs
                 if len(unique_cves) > 5:
                     cve_list += f".. (+{len(unique_cves) - 5} more)"
 
                 details.append(
                     f"{software['name']} {software['version']} ({software['vendor']}) - "
-                    f"{cve_count} weaknesses ({cve_list})"
+                    f"{cve_count} ({severity}) weaknesses ({cve_list})"
                 )
 
                 # Add paths (limit to 4)
@@ -113,23 +130,26 @@ class ProductsService:
                     details.append(f" - {path}")
 
         # Determine the value based on severity:
-        # - Vulnerable software triggers warnings
-        # - No vulnerabilities is OK
-        if vulnerable_software:
-            value = len(vulnerable_software)  # Will trigger warning threshold
-        else:
-            value = 0  # OK status
+        # - Critical vulnerabilities trigger critical threshold
+        # - High/Medium vulnerabilities trigger warning threshold
+        # - Low vulnerabilities or no vulnerabilities are OK
 
+        value = (critical_count * 100) + (high_count *10) + (medium_count*5) + (low_count*1)
         result = {
             "value": value,
             "details": details,
             "vulnerable_count": len(vulnerable_software),
+            "critical_count": critical_count,
+            "high_count": high_count,
+            "medium_count": medium_count,
+            "low_count": low_count,
             "total_cves": len(products),
             "total_software": len(software_vulnerabilities),
         }
 
         self.logger.info(
-            f"Products analysis complete: {len(products)} total CVEs, "
+            f"Products analysis complete: {len(products)} total CVEs "
+            f"(Critical: {critical_count}, High: {high_count}, Medium: {medium_count}, Low: {low_count}), "
             f"{len(vulnerable_software)} vulnerable software"
         )
         self.logger.method_exit("get_result", result)

{check_msdefender-1.1.9.dist-info → check_msdefender-1.1.10.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: check-msdefender
-Version: 1.1.9
+Version: 1.1.10
 Summary: A Nagios plugin for monitoring Microsoft Defender API endpoints
 Keywords: nagios,monitoring,microsoft,graph,api,azure
 Author-Email: ldvchosal <ldvchosal@github.com>
@@ -36,7 +36,7 @@ A comprehensive **Nagios plugin** for monitoring Microsoft Defender for Endpoint
 ## ✨ Features
 
 - 🔐 **Dual Authentication** - Support for Client Secret and Certificate-based authentication
-- 🎯 **Multiple Endpoints** - Monitor onboarding status, last seen, vulnerabilities, alerts, and machine details
+- 🎯 **Multiple Endpoints** - Monitor onboarding status, last seen, vulnerabilities, products with CVEs, alerts, and machine details
 - 📊 **Nagios Compatible** - Standard exit codes and performance data output
 - 🏗️ **Clean Architecture** - Modular design with testable components
 - 🔧 **Flexible Configuration** - File-based configuration with sensible defaults
@@ -68,6 +68,9 @@ check_msdefender lastseen -d machine.domain.tld -W 7 -C 30
 # Check vulnerabilities
 check_msdefender vulnerabilities -d machine.domain.tld -W 10 -C 100
 
+# Check products with CVE vulnerabilities
+check_msdefender products -d machine.domain.tld -W 5 -C 1
+
 # Check alerts
 check_msdefender alerts -d machine.domain.tld -W 1 -C 5
 
@@ -85,6 +88,7 @@ check_msdefender detail -d machine.domain.tld
 | `onboarding` | Check machine onboarding status | W:1, C:2 |
 | `lastseen` | Days since machine last seen | W:7, C:30 |
 | `vulnerabilities` | Vulnerability score calculation | W:10, C:100 |
+| `products` | Count of vulnerable software with CVEs | W:5, C:1 |
 | `alerts` | Count of unresolved alerts | W:1, C:0 |
 | `machines` | List all machines | W:10, C:25 |
 | `detail` | Get detailed machine information | - |
@@ -97,6 +101,15 @@ The vulnerability score is calculated as:
 - **Medium vulnerabilities** × 5
 - **Low vulnerabilities** × 1
 
+### Products CVE Monitoring
+
+The products command monitors installed software with known CVE vulnerabilities:
+- **Groups CVEs by software** (name, version, vendor)
+- **Shows CVE details** including severity levels and disk paths
+- **Counts vulnerable software** (not individual CVEs)
+- **Default thresholds**: Warning at 5 vulnerable software, Critical at 1
+- **Displays up to 10 software entries** with first 5 CVEs per software
+
 ### Alert Monitoring
 
 The alerts command monitors unresolved security alerts for a machine:
@@ -186,6 +199,11 @@ define command {
     command_line    $USER1$/check_msdefender/bin/check_msdefender vulnerabilities -d $HOSTALIAS$ -W 10 -C 100
 }
 
+define command {
+    command_name    check_defender_products
+    command_line    $USER1$/check_msdefender/bin/check_msdefender products -d $HOSTALIAS$ -W 5 -C 1
+}
+
 define command {
     command_name    check_defender_alerts
     command_line    $USER1$/check_msdefender/bin/check_msdefender alerts -d $HOSTALIAS$ -W 1 -C 5
@@ -217,6 +235,13 @@ define service {
     hostgroup_name          msdefender
 }
 
+define service {
+    use                     generic-service
+    service_description     DEFENDER_PRODUCTS
+    check_command           check_defender_products
+    hostgroup_name          msdefender
+}
+
 define service {
     use                     generic-service
     service_description     DEFENDER_ALERTS
@@ -236,6 +261,7 @@ check_msdefender/
 │   │   ├── onboarding.py      # Onboarding status command
 │   │   ├── lastseen.py        # Last seen command
 │   │   ├── vulnerabilities.py # Vulnerabilities command
+│   │   ├── products.py        # Products CVE monitoring command
 │   │   ├── alerts.py          # Alerts monitoring command
 │   │   ├── machines.py        # List machines command
 │   │   └── detail.py          # Machine detail command
@@ -252,6 +278,7 @@ check_msdefender/
 │   ├── onboarding_service.py  # Onboarding business logic
 │   ├── lastseen_service.py    # Last seen business logic
 │   ├── vulnerabilities_service.py # Vulnerability business logic
+│   ├── products_service.py    # Products CVE monitoring business logic
 │   ├── alerts_service.py      # Alerts monitoring business logic
 │   ├── machines_service.py    # Machines business logic
 │   ├── detail_service.py      # Detail business logic

{check_msdefender-1.1.9.dist-info → check_msdefender-1.1.10.dist-info}/RECORD

@@ -1,8 +1,8 @@
-check_msdefender-1.1.9.dist-info/METADATA,sha256=YipwDTBq1XRQUXDrHJzpjl_twnP4kkrS7ndLP2x6Okk,13659
-check_msdefender-1.1.9.dist-info/WHEEL,sha256=9P2ygRxDrTJz3gsagc0Z96ukrxjr-LFBGOgv3AuKlCA,90
-check_msdefender-1.1.9.dist-info/entry_points.txt,sha256=OqVzHI1PaD9V22g0K7BhA2nYv4O-pH8mcLzuGdsk5rM,79
-check_msdefender-1.1.9.dist-info/licenses/LICENSE,sha256=kW3DwIsKc9HVYdS4f4tI6sLo-EPqBQbz-WmuvHU4Nak,1065
-check_msdefender/__init__.py,sha256=AUrKu-68_EVlX67fyJOU_9sJ9V4a8S7-tyWP_V10uDU,160
+check_msdefender-1.1.10.dist-info/METADATA,sha256=uYW5ttbZmmh_zIglbRmKeGJlJ20UgkVMYFOsMyKJSxk,14799
+check_msdefender-1.1.10.dist-info/WHEEL,sha256=9P2ygRxDrTJz3gsagc0Z96ukrxjr-LFBGOgv3AuKlCA,90
+check_msdefender-1.1.10.dist-info/entry_points.txt,sha256=OqVzHI1PaD9V22g0K7BhA2nYv4O-pH8mcLzuGdsk5rM,79
+check_msdefender-1.1.10.dist-info/licenses/LICENSE,sha256=kW3DwIsKc9HVYdS4f4tI6sLo-EPqBQbz-WmuvHU4Nak,1065
+check_msdefender/__init__.py,sha256=HJ0WhYzGXOqU1QtDqumM6mqkzvD4sBZGTuNLZlYAZMQ,161
 check_msdefender/__main__.py,sha256=TuNsRSdnkQm9OdBTAwD5aB2zV_Irc50WgylVWhrfnLY,124
 check_msdefender/check_msdefender.py,sha256=OO4Tg2DBW28AT-2LOH-qJM2pE5TPcF615BF7HjyZsmA,137
 check_msdefender/cli/__init__.py,sha256=NWaS5ZI9_252AcReugF_WGPMOvQ_B7sC_s3pSrGujcI,291
@@ -13,14 +13,14 @@ check_msdefender/cli/commands/detail.py,sha256=qCATgEo_au7t93usEqyWAer6jYlHktQ7D
 check_msdefender/cli/commands/lastseen.py,sha256=my-kW00ioaFdmec3zjqrLk12kt9Pld8rqu5n8wcT4Ys,1878
 check_msdefender/cli/commands/machines.py,sha256=uyQal7P4VI4a3dECFWgXKBiUPcdxhUrpWFOyKHmpORU,1724
 check_msdefender/cli/commands/onboarding.py,sha256=5QSP75uyrX0MQ1ABiGFSDKIzVszLF8U3uQ4bqFF9F2g,1912
-check_msdefender/cli/commands/products.py,sha256=negey5uZIKcZIzpEKwV-IZ8QLu6_sWLC6ffWZ9We4F4,1853
+check_msdefender/cli/commands/products.py,sha256=hmun3C_eqpk_ve8yc0tnY0qAgocUpkvvXojjUviUwI4,1993
 check_msdefender/cli/commands/vulnerabilities.py,sha256=CIYjANeMfcs20Ayi75cJpY98mjljH-DSujxc0E10L90,1931
 check_msdefender/cli/decorators.py,sha256=wRUv4vY6SL3nFjpYW9h1M1xDO_pzA6--gCtg3y6MmQM,786
 check_msdefender/cli/handlers.py,sha256=hp_CX_3qPoQGrPPVeiojb2j7tuFMva4ebWg9CxVUiPg,1395
 check_msdefender/core/__init__.py,sha256=naBiEkixiWTuHU3GENk8fqC8H3p_hkzRsmSY2uiM_TQ,47
 check_msdefender/core/auth.py,sha256=7mkGmhGHy4t38O0e4Rz7dQ52xfMbK3IUXMlw3u83aB4,1585
 check_msdefender/core/config.py,sha256=IoWBL_DB110F4i6hFfli6iFDBXx57dHh32lCuLkcgNk,1170
-check_msdefender/core/defender.py,sha256=Pf28KuRRubCWoATRW4-6K07A6WF6Mvf0XfO7Tfo13Yc,10423
+check_msdefender/core/defender.py,sha256=JChnsyKD2grSMlxSDHEbTd4Al8pW-_8TAN8-1JsINR4,10389
 check_msdefender/core/exceptions.py,sha256=X4s_XM64SEVSs-4mGKqnF8xXwGFY3E0buvkgRNuCCX4,600
 check_msdefender/core/logging_config.py,sha256=Rd1F-IDXTx7yckrI8kyx2Ht20f5OcArPCAXb44BOmbg,4084
 check_msdefender/core/nagios.py,sha256=5GY4MIFOOB_bVSTbESxCpNVkJg1zzuuNna6rlwsECvQ,6312
@@ -31,6 +31,6 @@ check_msdefender/services/lastseen_service.py,sha256=LiNVeUbAoMzowMvE90P7zCtKFHB
 check_msdefender/services/machines_service.py,sha256=KLRwltpYtwg_qtW6BGIxlH-PB9LcnEyW-i3C4RGSD30,3238
 check_msdefender/services/models.py,sha256=CDmQ5vU0-GawIalqXjXNk3rry6gsyjv6eSlW2NiXwQ0,979
 check_msdefender/services/onboarding_service.py,sha256=RIOsvALCoKV0YqnCHKYRkelSPrO-F-6vNBLlto4MpiI,2686
-check_msdefender/services/products_service.py,sha256=GBwOEIsc1NP3KXCVhqmDIvkmKysDyvCXaFzXKnDnges,5662
+check_msdefender/services/products_service.py,sha256=fZHk6QPmIBMtLf52IjOX_yh7dSwMC22TcZzU9v3KfFo,6751
 check_msdefender/services/vulnerabilities_service.py,sha256=LuRRQlFt-K82tGUhLCx_QCOp4CbBgSp7fktmeSSoa9o,6838
-check_msdefender-1.1.9.dist-info/RECORD,,
+check_msdefender-1.1.10.dist-info/RECORD,,