def put_sensor_detector_by_device(sensor_id):
"""
Set the [sensor]/detectors list on config.yml of the sensor
"""
# Get the 'plugins' param list, with contains the detector plugins
# It must be a comma separate list
plugins = request.form['plugins']
if plugins is None:
current_app.logger.error(
"detector: put_sensor_detector error: Missing parameter 'plugins'")
return make_bad_request("Missing parameter plugins")
(success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
current_app.logger.error(
"detector: put_sensor_detector error: Bad 'sensor_id'")
return make_bad_request("Bad sensor_id")
plugins_hash = {}
try:
plugins = json.loads(plugins)
for device_id, plugins in plugins.iteritems():
ips = get_asset_ip_from_id(device_id)
if len(ips) > 0:
plugins_hash[device_id] = {
"device_ip":
ips[0], # A device should never have more than one IP
"plugins": plugins
}
except Exception, e:
return make_bad_request("Invalid JSON: %s , p=%s" % ("", str(plugins)))
def put_sensor_detector_by_device(sensor_id):
"""
Set the [sensor]/detectors list on config.yml of the sensor
"""
# Get the 'plugins' param list, with contains the detector plugins
# It must be a comma separate list
plugins = request.form['plugins']
if plugins is None:
current_app.logger.error("detector: put_sensor_detector error: Missing parameter 'plugins'")
return make_bad_request("Missing parameter plugins")
(success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
current_app.logger.error("detector: put_sensor_detector error: Bad 'sensor_id'")
return make_bad_request("Bad sensor_id")
plugins_hash = {}
try:
plugins = json.loads(plugins)
for device_id, plugins in plugins.iteritems():
ips = get_asset_ip_from_id(device_id)
if len(ips) > 0:
plugins_hash[device_id] = {"device_ip": ips[0], # A device should never have more than one IP
"plugins": plugins}
except Exception, e:
return make_bad_request("Invalid JSON: %s , p=%s" % ("", str(plugins)))
def set_sensor_plugins_enabled_by_asset(sensor_id, assets_info):
""" Set the list of plugins enabled in a sensor by asset
Params:
sensor_id (UUID): sensor id
assets_info (dict or json string):
{"<asset_id>": ["<plugin_1>",
"<plugin_2>",
...],
...}
Return:
the id of the agent restart job
"""
(success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
raise APICannotResolveSensorID(
sensor_id=sensor_id,
log="[set_sensor_plugins_enabled_by_asset] "
"Error getting Sensor ip: %s".format(sensor_ip))
try:
plugins = {}
if isinstance(assets_info, basestring):
assets_info = json.loads(assets_info)
for asset_id, asset_plugins in assets_info.iteritems():
asset_id = str(uuid.UUID(asset_id))
asset_ips = get_asset_ip_from_id(asset_id=asset_id)
if not asset_ips:
api_log.error(
"Cannot resolve ips for asset '{0}'".format(asset_id))
continue
plugins[asset_id] = {
'device_ip': asset_ips[0],
'plugins': asset_plugins
}
except Exception as e:
raise APIInvalidInputFormat(
log="[set_sensor_plugins_enabled_by_asset] "
"Invalid asset_info format: '{0}'".format(str(e)))
try:
(success,
data) = set_sensor_detectors_from_yaml(sensor_ip, str(plugins))
except Exception as e:
raise APICannotSetSensorPlugins(
log="[set_sensor_plugins_enabled_by_asset] "
"Cannot set asset plugins: '{0}'".format(str(e)))
if not success:
api_log.error("[set_sensor_plugins_enabled_by_asset] "
"Cannot set asset plugins: '{0}'".format(str(data)))
raise APICannotSetSensorPlugins(
log="[set_sensor_plugins_enabled_by_asset] "
"Cannot set asset plugins: '{0}'".format(str(data)))
# Flush sensor plugin cache and Update host plugin info
flush_cache("sensor_plugins")
# Import here to avoid circular imports
from celerymethods.tasks.monitor_tasks import (
monitor_update_host_plugins, monitor_enabled_plugins_limit)
try:
monitor_update_host_plugins.delay()
except AlreadyQueued:
api_log.info(
"[set_sensor_plugins_enabled_by_asset] monitor update host plugins already queued"
)
try:
monitor_enabled_plugins_limit.delay()
except AlreadyQueued:
api_log.info(
"[set_sensor_plugins_enabled_by_asset] monitor for enabled plugins already queued"
)
# Restart the alienvault agent
job = restart_alienvault_agent.delay(sensor_ip=sensor_ip)
return job.id
def set_sensor_plugins_enabled_by_asset(sensor_id, assets_info):
""" Set the list of plugins enabled in a sensor by asset
Params:
sensor_id (UUID): sensor id
assets_info (dict or json string):
{"<asset_id>": ["<plugin_1>",
"<plugin_2>",
...],
...}
Return:
the id of the agent restart job
"""
(success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
raise APICannotResolveSensorID(
sensor_id=sensor_id,
log="[set_sensor_plugins_enabled_by_asset] "
"Error getting Sensor ip: %s".format(sensor_ip))
try:
plugins = {}
if isinstance(assets_info, basestring):
assets_info = json.loads(assets_info)
for asset_id, asset_plugins in assets_info.iteritems():
asset_id = str(uuid.UUID(asset_id))
asset_ips = get_asset_ip_from_id(asset_id=asset_id)
if not asset_ips:
api_log.error("Cannot resolve ips for asset '{0}'".format(asset_id))
continue
plugins[asset_id] = {'device_ip': asset_ips[0],
'plugins': asset_plugins}
except Exception as e:
raise APIInvalidInputFormat(
log="[set_sensor_plugins_enabled_by_asset] "
"Invalid asset_info format: '{0}'".format(str(e)))
try:
(success, data) = set_sensor_detectors_from_yaml(sensor_ip, str(plugins))
except Exception as e:
raise APICannotSetSensorPlugins(
log="[set_sensor_plugins_enabled_by_asset] "
"Cannot set asset plugins: '{0}'".format(str(e)))
if not success:
api_log.error("[set_sensor_plugins_enabled_by_asset] "
"Cannot set asset plugins: '{0}'".format(str(data)))
raise APICannotSetSensorPlugins(
log="[set_sensor_plugins_enabled_by_asset] "
"Cannot set asset plugins: '{0}'".format(str(data)))
# Flush sensor plugin cache and Update host plugin info
flush_cache("sensor_plugins")
# Import here to avoid circular imports
from celerymethods.tasks.monitor_tasks import (monitor_update_host_plugins, monitor_enabled_plugins_limit)
try:
monitor_update_host_plugins.delay()
except AlreadyQueued:
api_log.info("[set_sensor_plugins_enabled_by_asset] monitor update host plugins already queued")
try:
monitor_enabled_plugins_limit.delay()
except AlreadyQueued:
api_log.info("[set_sensor_plugins_enabled_by_asset] monitor for enabled plugins already queued")
# Restart the alienvault agent
job = restart_alienvault_agent.delay(sensor_ip=sensor_ip)
return job.id
