check-msdefender 1.1.9__tar.gz → 1.1.11__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/PKG-INFO +29 -2
  2. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/README.md +28 -1
  3. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/__init__.py +1 -1
  4. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/cli/commands/products.py +6 -2
  5. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/core/defender.py +1 -4
  6. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/services/products_service.py +45 -14
  7. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/pyproject.toml +1 -1
  8. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/LICENSE +0 -0
  9. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/__main__.py +0 -0
  10. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/check_msdefender.py +0 -0
  11. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/cli/__init__.py +0 -0
  12. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/cli/__main__.py +0 -0
  13. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/cli/commands/__init__.py +0 -0
  14. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/cli/commands/alerts.py +0 -0
  15. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/cli/commands/detail.py +0 -0
  16. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/cli/commands/lastseen.py +0 -0
  17. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/cli/commands/machines.py +0 -0
  18. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/cli/commands/onboarding.py +0 -0
  19. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/cli/commands/vulnerabilities.py +0 -0
  20. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/cli/decorators.py +0 -0
  21. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/cli/handlers.py +0 -0
  22. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/core/__init__.py +0 -0
  23. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/core/auth.py +0 -0
  24. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/core/config.py +0 -0
  25. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/core/exceptions.py +0 -0
  26. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/core/logging_config.py +0 -0
  27. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/core/nagios.py +0 -0
  28. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/services/__init__.py +0 -0
  29. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/services/alerts_service.py +0 -0
  30. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/services/detail_service.py +0 -0
  31. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/services/lastseen_service.py +0 -0
  32. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/services/machines_service.py +0 -0
  33. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/services/models.py +0 -0
  34. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/services/onboarding_service.py +0 -0
  35. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/services/vulnerabilities_service.py +0 -0
  36. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/__init__.py +0 -0
  37. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/fixtures/__init__.py +0 -0
  38. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/fixtures/alerts_data.json +0 -0
  39. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/fixtures/machine_data.json +0 -0
  40. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/fixtures/mock_defender_client.py +0 -0
  41. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/fixtures/test_alerts_service.py +0 -0
  42. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/fixtures/test_detail_service.py +0 -0
  43. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/fixtures/test_lastseen_service.py +0 -0
  44. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/fixtures/test_onboarding_service.py +0 -0
  45. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/fixtures/test_vulnerabilities_service.py +0 -0
  46. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/fixtures/vulnerability_data.json +0 -0
  47. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/integration/__init__.py +0 -0
  48. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/integration/test_cli_integration.py +0 -0
  49. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/integration/test_lastseen_integration.py +0 -0
  50. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/unit/__init__.py +0 -0
  51. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/unit/test_alerts_service.py +0 -0
  52. {check_msdefender-1.1.9 → check_msdefender-1.1.11}/tests/unit/test_detail_service.py +0 -0
{check_msdefender-1.1.9 → check_msdefender-1.1.11}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: check-msdefender
3
- Version: 1.1.9
3
+ Version: 1.1.11
4
4
  Summary: A Nagios plugin for monitoring Microsoft Defender API endpoints
5
5
  Keywords: nagios,monitoring,microsoft,graph,api,azure
6
6
  Author-Email: ldvchosal <ldvchosal@github.com>
@@ -36,7 +36,7 @@ A comprehensive **Nagios plugin** for monitoring Microsoft Defender for Endpoint
36
36
  ## ✨ Features
37
37
 
38
38
  - 🔐 **Dual Authentication** - Support for Client Secret and Certificate-based authentication
39
- - 🎯 **Multiple Endpoints** - Monitor onboarding status, last seen, vulnerabilities, alerts, and machine details
39
+ - 🎯 **Multiple Endpoints** - Monitor onboarding status, last seen, vulnerabilities, products with CVEs, alerts, and machine details
40
40
  - 📊 **Nagios Compatible** - Standard exit codes and performance data output
41
41
  - 🏗️ **Clean Architecture** - Modular design with testable components
42
42
  - 🔧 **Flexible Configuration** - File-based configuration with sensible defaults
@@ -68,6 +68,9 @@ check_msdefender lastseen -d machine.domain.tld -W 7 -C 30
68
68
  # Check vulnerabilities
69
69
  check_msdefender vulnerabilities -d machine.domain.tld -W 10 -C 100
70
70
 
71
+ # Check products with CVE vulnerabilities
72
+ check_msdefender products -d machine.domain.tld -W 5 -C 1
73
+
71
74
  # Check alerts
72
75
  check_msdefender alerts -d machine.domain.tld -W 1 -C 5
73
76
 
@@ -85,6 +88,7 @@ check_msdefender detail -d machine.domain.tld
85
88
  | `onboarding` | Check machine onboarding status | W:1, C:2 |
86
89
  | `lastseen` | Days since machine last seen | W:7, C:30 |
87
90
  | `vulnerabilities` | Vulnerability score calculation | W:10, C:100 |
91
+ | `products` | Count of vulnerable software with CVEs | W:5, C:1 |
88
92
  | `alerts` | Count of unresolved alerts | W:1, C:0 |
89
93
  | `machines` | List all machines | W:10, C:25 |
90
94
  | `detail` | Get detailed machine information | - |
@@ -97,6 +101,15 @@ The vulnerability score is calculated as:
97
101
  - **Medium vulnerabilities** × 5
98
102
  - **Low vulnerabilities** × 1
99
103
 
104
+ ### Products CVE Monitoring
105
+
106
+ The products command monitors installed software with known CVE vulnerabilities:
107
+ - **Groups CVEs by software** (name, version, vendor)
108
+ - **Shows CVE details** including severity levels and disk paths
109
+ - **Counts vulnerable software** (not individual CVEs)
110
+ - **Default thresholds**: Warning at 5 vulnerable software, Critical at 1
111
+ - **Displays up to 10 software entries** with first 5 CVEs per software
112
+
100
113
  ### Alert Monitoring
101
114
 
102
115
  The alerts command monitors unresolved security alerts for a machine:
@@ -186,6 +199,11 @@ define command {
186
199
  command_line $USER1$/check_msdefender/bin/check_msdefender vulnerabilities -d $HOSTALIAS$ -W 10 -C 100
187
200
  }
188
201
 
202
+ define command {
203
+ command_name check_defender_products
204
+ command_line $USER1$/check_msdefender/bin/check_msdefender products -d $HOSTALIAS$ -W 5 -C 1
205
+ }
206
+
189
207
  define command {
190
208
  command_name check_defender_alerts
191
209
  command_line $USER1$/check_msdefender/bin/check_msdefender alerts -d $HOSTALIAS$ -W 1 -C 5
@@ -217,6 +235,13 @@ define service {
217
235
  hostgroup_name msdefender
218
236
  }
219
237
 
238
+ define service {
239
+ use generic-service
240
+ service_description DEFENDER_PRODUCTS
241
+ check_command check_defender_products
242
+ hostgroup_name msdefender
243
+ }
244
+
220
245
  define service {
221
246
  use generic-service
222
247
  service_description DEFENDER_ALERTS
@@ -236,6 +261,7 @@ check_msdefender/
236
261
  │ │ ├── onboarding.py # Onboarding status command
237
262
  │ │ ├── lastseen.py # Last seen command
238
263
  │ │ ├── vulnerabilities.py # Vulnerabilities command
264
+ │ │ ├── products.py # Products CVE monitoring command
239
265
  │ │ ├── alerts.py # Alerts monitoring command
240
266
  │ │ ├── machines.py # List machines command
241
267
  │ │ └── detail.py # Machine detail command
@@ -252,6 +278,7 @@ check_msdefender/
252
278
  │ ├── onboarding_service.py # Onboarding business logic
253
279
  │ ├── lastseen_service.py # Last seen business logic
254
280
  │ ├── vulnerabilities_service.py # Vulnerability business logic
281
+ │ ├── products_service.py # Products CVE monitoring business logic
255
282
  │ ├── alerts_service.py # Alerts monitoring business logic
256
283
  │ ├── machines_service.py # Machines business logic
257
284
  │ ├── detail_service.py # Detail business logic
{check_msdefender-1.1.9 → check_msdefender-1.1.11}/README.md RENAMED
@@ -9,7 +9,7 @@ A comprehensive **Nagios plugin** for monitoring Microsoft Defender for Endpoint
9
9
  ## ✨ Features
10
10
 
11
11
  - 🔐 **Dual Authentication** - Support for Client Secret and Certificate-based authentication
12
- - 🎯 **Multiple Endpoints** - Monitor onboarding status, last seen, vulnerabilities, alerts, and machine details
12
+ - 🎯 **Multiple Endpoints** - Monitor onboarding status, last seen, vulnerabilities, products with CVEs, alerts, and machine details
13
13
  - 📊 **Nagios Compatible** - Standard exit codes and performance data output
14
14
  - 🏗️ **Clean Architecture** - Modular design with testable components
15
15
  - 🔧 **Flexible Configuration** - File-based configuration with sensible defaults
@@ -41,6 +41,9 @@ check_msdefender lastseen -d machine.domain.tld -W 7 -C 30
41
41
  # Check vulnerabilities
42
42
  check_msdefender vulnerabilities -d machine.domain.tld -W 10 -C 100
43
43
 
44
+ # Check products with CVE vulnerabilities
45
+ check_msdefender products -d machine.domain.tld -W 5 -C 1
46
+
44
47
  # Check alerts
45
48
  check_msdefender alerts -d machine.domain.tld -W 1 -C 5
46
49
 
@@ -58,6 +61,7 @@ check_msdefender detail -d machine.domain.tld
58
61
  | `onboarding` | Check machine onboarding status | W:1, C:2 |
59
62
  | `lastseen` | Days since machine last seen | W:7, C:30 |
60
63
  | `vulnerabilities` | Vulnerability score calculation | W:10, C:100 |
64
+ | `products` | Count of vulnerable software with CVEs | W:5, C:1 |
61
65
  | `alerts` | Count of unresolved alerts | W:1, C:0 |
62
66
  | `machines` | List all machines | W:10, C:25 |
63
67
  | `detail` | Get detailed machine information | - |
@@ -70,6 +74,15 @@ The vulnerability score is calculated as:
70
74
  - **Medium vulnerabilities** × 5
71
75
  - **Low vulnerabilities** × 1
72
76
 
77
+ ### Products CVE Monitoring
78
+
79
+ The products command monitors installed software with known CVE vulnerabilities:
80
+ - **Groups CVEs by software** (name, version, vendor)
81
+ - **Shows CVE details** including severity levels and disk paths
82
+ - **Counts vulnerable software** (not individual CVEs)
83
+ - **Default thresholds**: Warning at 5 vulnerable software, Critical at 1
84
+ - **Displays up to 10 software entries** with first 5 CVEs per software
85
+
73
86
  ### Alert Monitoring
74
87
 
75
88
  The alerts command monitors unresolved security alerts for a machine:
@@ -159,6 +172,11 @@ define command {
159
172
  command_line $USER1$/check_msdefender/bin/check_msdefender vulnerabilities -d $HOSTALIAS$ -W 10 -C 100
160
173
  }
161
174
 
175
+ define command {
176
+ command_name check_defender_products
177
+ command_line $USER1$/check_msdefender/bin/check_msdefender products -d $HOSTALIAS$ -W 5 -C 1
178
+ }
179
+
162
180
  define command {
163
181
  command_name check_defender_alerts
164
182
  command_line $USER1$/check_msdefender/bin/check_msdefender alerts -d $HOSTALIAS$ -W 1 -C 5
@@ -190,6 +208,13 @@ define service {
190
208
  hostgroup_name msdefender
191
209
  }
192
210
 
211
+ define service {
212
+ use generic-service
213
+ service_description DEFENDER_PRODUCTS
214
+ check_command check_defender_products
215
+ hostgroup_name msdefender
216
+ }
217
+
193
218
  define service {
194
219
  use generic-service
195
220
  service_description DEFENDER_ALERTS
@@ -209,6 +234,7 @@ check_msdefender/
209
234
  │ │ ├── onboarding.py # Onboarding status command
210
235
  │ │ ├── lastseen.py # Last seen command
211
236
  │ │ ├── vulnerabilities.py # Vulnerabilities command
237
+ │ │ ├── products.py # Products CVE monitoring command
212
238
  │ │ ├── alerts.py # Alerts monitoring command
213
239
  │ │ ├── machines.py # List machines command
214
240
  │ │ └── detail.py # Machine detail command
@@ -225,6 +251,7 @@ check_msdefender/
225
251
  │ ├── onboarding_service.py # Onboarding business logic
226
252
  │ ├── lastseen_service.py # Last seen business logic
227
253
  │ ├── vulnerabilities_service.py # Vulnerability business logic
254
+ │ ├── products_service.py # Products CVE monitoring business logic
228
255
  │ ├── alerts_service.py # Alerts monitoring business logic
229
256
  │ ├── machines_service.py # Machines business logic
230
257
  │ ├── detail_service.py # Detail business logic
{check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/__init__.py RENAMED
@@ -1,4 +1,4 @@
1
1
  """Check Microsoft Defender API endpoints and check values - Nagios plugin."""
2
- __version__ = "1.1.9"
2
+ __version__ = "1.1.11"
3
3
  __author__ = "ldvchosal"
4
4
  __email__ = "ldvchosa@github.com"
{check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/cli/commands/products.py RENAMED
@@ -25,8 +25,12 @@ def register_products_commands(main_group: Any) -> None:
25
25
  critical: Optional[float],
26
26
  ) -> None:
27
27
  """Check installed products for Microsoft Defender."""
28
- warning = warning if warning is not None else 5
29
- critical = critical if critical is not None else 1
28
+ warning = (
29
+ warning if warning is not None else 1
30
+ ) # Trigger warning on any high/medium severity
31
+ critical = (
32
+ critical if critical is not None else 1
33
+ ) # Trigger critical on any critical severity
30
34
 
31
35
  try:
32
36
  # Load configuration
{check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/core/defender.py RENAMED
@@ -65,10 +65,7 @@ class DefenderClient:
65
65
  "Content-Type": DefenderClient.application_json,
66
66
  }
67
67
 
68
- params = {
69
- PARAM_FILTER: f"computerDnsName eq '{dns_name}'",
70
- PARAM_SELECT: "id"
71
- }
68
+ params = {PARAM_FILTER: f"computerDnsName eq '{dns_name}'", PARAM_SELECT: "id"}
72
69
 
73
70
  try:
74
71
  start_time = time.time()
{check_msdefender-1.1.9 → check_msdefender-1.1.11}/check_msdefender/services/products_service.py RENAMED
@@ -82,54 +82,85 @@ class ProductsService:
82
82
  )
83
83
  software_vulnerabilities[software_key]["severities"].add(severity)
84
84
 
85
- # Count vulnerable software
86
- vulnerable_software = []
85
+ # Count vulnerabilities by severity
86
+ critical_count = 0
87
+ high_count = 0
88
+ medium_count = 0
89
+ low_count = 0
87
90
 
91
+ for vulnerability in products:
92
+ severity = vulnerability.get("vulnerabilitySeverityLevel", "Unknown").lower()
93
+ if severity == "critical":
94
+ critical_count += 1
95
+ elif severity == "high":
96
+ high_count += 1
97
+ elif severity == "medium":
98
+ medium_count += 1
99
+ elif severity == "low":
100
+ low_count += 1
101
+
102
+ # Count vulnerable software for reporting
103
+ vulnerable_software = []
88
104
  for software in software_vulnerabilities.values():
89
105
  if len(software["cves"]) > 0:
90
106
  vulnerable_software.append(software)
91
107
 
92
108
  # Create details for output
93
109
  details = []
110
+ total_score = 0
94
111
  if software_vulnerabilities:
95
- summary_line = f"{len(products)} CVE found on {target_dns_name}"
112
+ summary_line = f"{len(products)} total CVEs (Critical: {critical_count}, High: {high_count}, Medium: {medium_count}, Low: {low_count}), {len(vulnerable_software)} vulnerable software"
96
113
  details.append(summary_line)
97
114
 
115
+ score = 0
98
116
  # Add software details (limit to 10)
99
117
  for software in list(software_vulnerabilities.values())[:10]:
100
118
  cve_count = len(software["cves"])
101
119
  unique_cves = list(set(software["cves"]))
102
120
  cve_list = ", ".join(unique_cves[:5]) # Show first 5 CVEs
121
+ severities = ", ".join(software["severities"]) # Show first 5 CVEs
122
+ for severity_name in software["severities"]:
123
+ severity = severity_name.lower()
124
+ if severity == "critical":
125
+ score += 100
126
+ elif severity == "high":
127
+ score += 10
128
+ elif severity == "medium":
129
+ score += 5
130
+ elif severity == "low":
131
+ score += 1
132
+
103
133
  if len(unique_cves) > 5:
104
134
  cve_list += f".. (+{len(unique_cves) - 5} more)"
105
135
 
106
136
  details.append(
107
137
  f"{software['name']} {software['version']} ({software['vendor']}) - "
108
- f"{cve_count} weaknesses ({cve_list})"
138
+ f"{score} ({cve_count}: {severities}) weaknesses ({cve_list})"
109
139
  )
110
-
140
+ total_score += score
111
141
  # Add paths (limit to 4)
112
142
  for path in list(software["paths"])[:4]:
113
143
  details.append(f" - {path}")
114
144
 
115
145
  # Determine the value based on severity:
116
- # - Vulnerable software triggers warnings
117
- # - No vulnerabilities is OK
118
- if vulnerable_software:
119
- value = len(vulnerable_software) # Will trigger warning threshold
120
- else:
121
- value = 0 # OK status
122
-
146
+ # - Critical vulnerabilities trigger critical threshold
147
+ # - High/Medium vulnerabilities trigger warning threshold
148
+ # - Low vulnerabilities or no vulnerabilities are OK
123
149
  result = {
124
- "value": value,
150
+ "value": total_score,
125
151
  "details": details,
126
152
  "vulnerable_count": len(vulnerable_software),
153
+ "critical_count": critical_count,
154
+ "high_count": high_count,
155
+ "medium_count": medium_count,
156
+ "low_count": low_count,
127
157
  "total_cves": len(products),
128
158
  "total_software": len(software_vulnerabilities),
129
159
  }
130
160
 
131
161
  self.logger.info(
132
- f"Products analysis complete: {len(products)} total CVEs, "
162
+ f"Products analysis complete: {len(products)} total CVEs "
163
+ f"(Critical: {critical_count}, High: {high_count}, Medium: {medium_count}, Low: {low_count}), "
133
164
  f"{len(vulnerable_software)} vulnerable software"
134
165
  )
135
166
  self.logger.method_exit("get_result", result)
{check_msdefender-1.1.9 → check_msdefender-1.1.11}/pyproject.toml RENAMED
@@ -38,7 +38,7 @@ dependencies = [
38
38
  "azure-identity>=1.12.0",
39
39
  "click>=8.0,<9.0",
40
40
  ]
41
- version = "1.1.9"
41
+ version = "1.1.11"
42
42
 
43
43
  [project.license]
44
44
  text = "MIT"