def send_mbu_device_notifications(meta_business_unit):
queues.post_raw_event(
"mdm_device_notifications", {
"enrolled_device_pk_list": [
d.pk for d in EnrolledDevice.objects.active_in_mbu(
meta_business_unit)
]
})
def post_puppet_report(instance, user_agent, ip, report):
raw_event = {
"request": {
"user_agent": user_agent,
"ip": ip
},
"event_type": PuppetReportEvent.event_type,
"puppet_instance": instance,
"puppet_report": report
}
queues.post_raw_event("puppet_reports", raw_event)
def post_webhook_event(instance, user_agent, ip, wsone_event):
raw_event = {
"request": {
"user_agent": user_agent,
"ip": ip
},
"observer": instance.observer_dict(),
"wsone_instance": {
"pk": instance.pk,
"version": instance.version
},
"wsone_event": wsone_event
}
queues.post_raw_event("wsone_events", raw_event)
def post_jamf_webhook_event(jamf_instance, user_agent, ip, data):
jamf_event = data["webhook"]["webhookEvent"]
event_type = 'jamf_{}'.format(JAMF_EVENTS[jamf_event][0])
payload = data["event"]
# device event ?
device_type = None
if jamf_event.startswith("Computer"):
device_type = "computer"
elif jamf_event.startswith("MobileDevice"):
device_type = "mobile_device"
observer_dict = jamf_instance.observer_dict()
if device_type is not None \
or event_type == "jamf_smart_group_computer_membership_change" \
or event_type == "jamf_smart_group_mobile_device_membership_change":
# event needs preprocessing
raw_event = {
"request": {
"user_agent": user_agent,
"ip": ip
},
"observer": observer_dict,
"event_type": event_type,
"jamf_instance": jamf_instance.serialize(),
"jamf_event": payload
}
if device_type:
try:
jamf_id = payload["computer"]["jssID"]
serial_number = payload["computer"]["serialNumber"]
except KeyError:
jamf_id = payload["jssID"]
serial_number = payload["serialNumber"]
raw_event.update({
"device_type": device_type,
"jamf_id": jamf_id,
"serial_number": serial_number,
})
queues.post_raw_event("jamf_events", raw_event)
else:
# event doesn't need preprocessing
event_cls = event_cls_from_type(event_type)
msn = payload.get("serialNumber", None)
event_cls.post_machine_request_payloads(msn,
user_agent,
ip, [payload],
observer=observer_dict)
def post_jamf_event(jamf_instance, user_agent, ip, data):
jamf_event = data["webhook"]["webhookEvent"]
event_type = 'jamf_{}'.format(JAMF_EVENTS[jamf_event][0])
payload = data["event"]
# add origin to jamf event
payload["jamf_instance"] = {
"host": jamf_instance.host,
"path": jamf_instance.path,
"port": jamf_instance.port
}
# device event ?
device_type = None
if jamf_event.startswith("Computer"):
device_type = "computer"
elif jamf_event.startswith("MobileDevice"):
device_type = "mobile_device"
if device_type is not None \
or event_type == "jamf_smart_group_computer_membership_change" \
or event_type == "jamf_smart_group_mobile_device_membership_change":
# event needs preprocessing
raw_event = {
"request": {
"user_agent": user_agent,
"ip": ip
},
"event_type": event_type,
"jamf_instance": jamf_instance.serialize(),
"jamf_event": payload
}
if device_type:
raw_event.update({
"device_type": device_type,
"jamf_id": payload["jssID"],
"serial_number": payload["serialNumber"],
})
queues.post_raw_event("jamf_events", raw_event)
else:
# event doesn't need preprocessing
event_cls = event_cls_from_type(event_type)
msn = payload.get("serialNumber", None)
event_cls.post_machine_request_payloads(msn, user_agent, ip, [payload])
def post_jamf_event(jamf_instance, user_agent, ip, data):
jamf_event = data["webhook"]["webhookEvent"]
event_type = 'jamf_{}'.format(JAMF_EVENTS[jamf_event][0])
payload = data["event"]
# add origin to jamf event
payload["jamf_instance"] = {
"host": jamf_instance.host,
"path": jamf_instance.path,
"port": jamf_instance.port
}
# device event ?
device_type = None
if jamf_event.startswith("Computer"):
device_type = "computer"
elif jamf_event.startswith("MobileDevice"):
device_type = "mobile_device"
if device_type is not None \
or event_type == "jamf_smart_group_computer_membership_change" \
or event_type == "jamf_smart_group_mobile_device_membership_change":
# event needs preprocessing
raw_event = {"request": {"user_agent": user_agent,
"ip": ip},
"event_type": event_type,
"jamf_instance": jamf_instance.serialize(),
"jamf_event": payload}
if device_type:
raw_event.update({
"device_type": device_type,
"jamf_id": payload["jssID"],
"serial_number": payload["serialNumber"],
})
queues.post_raw_event("jamf_events", raw_event)
else:
# event doesn't need preprocessing
event_cls = event_cls_from_type(event_type)
msn = payload.get("serialNumber", None)
event_cls.post_machine_request_payloads(msn, user_agent, ip, [payload])
def send_device_notification(enrolled_device, delay=0):
payload = {"enrolled_device_pk_list": [enrolled_device.pk]}
if delay:
not_before = timezone.now() + timedelta(seconds=delay)
payload["not_before"] = not_before.isoformat()
queues.post_raw_event("mdm_device_notifications", payload)
def post_finished_file_carve_session(session_id):
queues.post_raw_event("osquery_finished_file_carve_session",
{"session_id": session_id})
