Example #1
0
    plugins_hash = {}
    try:
        plugins = json.loads(plugins)
        for device_id, plugins in plugins.iteritems():
            ips = get_asset_ip_from_id(device_id)
            if len(ips) > 0:
                plugins_hash[device_id] = {
                    "device_ip":
                    ips[0],  # A device  should never have more than one IP
                    "plugins": plugins
                }
    except Exception, e:
        return make_bad_request("Invalid JSON: %s , p=%s" % ("", str(plugins)))
    try:
        (success,
         data) = set_sensor_detectors_from_yaml(sensor_ip, str(plugins_hash))
    except Exception as err:
        return make_error(
            "Something wrong happen while getting the yaml information %s" %
            str(err))
    if not success:
        current_app.logger.error("detector: put_sensor_detector error %s" %
                                 data)
        return make_error("Error setting sensor detector plugins: %s" % data,
                          500)

    # Now restart the alienvault agent
    job = restart_alienvault_agent.delay(sensor_ip=sensor_ip)
    # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces
    return make_ok(result=data, jobid=job.id)
Example #2
0
def set_sensor_plugins_enabled_by_asset(sensor_id, assets_info):
    """ Set the list of plugins enabled in a sensor by asset
    Params:
        sensor_id (UUID): sensor id
        assets_info (dict or json string):
           {"<asset_id>": ["<plugin_1>",
                           "<plugin_2>",
                           ...],
            ...}
    Return:
        the id of the agent restart job
    """
    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        raise APICannotResolveSensorID(
            sensor_id=sensor_id,
            log="[set_sensor_plugins_enabled_by_asset] "
            "Error getting Sensor ip: %s".format(sensor_ip))

    try:
        plugins = {}
        if isinstance(assets_info, basestring):
            assets_info = json.loads(assets_info)

        for asset_id, asset_plugins in assets_info.iteritems():
            asset_id = str(uuid.UUID(asset_id))
            asset_ips = get_asset_ip_from_id(asset_id=asset_id)
            if not asset_ips:
                api_log.error("Cannot resolve ips for asset '{0}'".format(asset_id))
                continue

            plugins[asset_id] = {'device_ip': asset_ips[0],
                                 'plugins': asset_plugins}
    except Exception as e:
        raise APIInvalidInputFormat(
            log="[set_sensor_plugins_enabled_by_asset] "
            "Invalid asset_info format: '{0}'".format(str(e)))

    try:
        (success, data) = set_sensor_detectors_from_yaml(sensor_ip, str(plugins))
    except Exception as e:
        raise APICannotSetSensorPlugins(
            log="[set_sensor_plugins_enabled_by_asset] "
            "Cannot set asset plugins: '{0}'".format(str(e)))
    if not success:
        api_log.error("[set_sensor_plugins_enabled_by_asset] "
                      "Cannot set asset plugins: '{0}'".format(str(data)))
        raise APICannotSetSensorPlugins(
            log="[set_sensor_plugins_enabled_by_asset] "
            "Cannot set asset plugins: '{0}'".format(str(data)))

    # Flush sensor plugin cache and Update host plugin info
    flush_cache("sensor_plugins")
    # Import here to avoid circular imports
    from celerymethods.tasks.monitor_tasks import (monitor_update_host_plugins, monitor_enabled_plugins_limit)
    try:
        monitor_update_host_plugins.delay()
    except AlreadyQueued:
        api_log.info("[set_sensor_plugins_enabled_by_asset] monitor update host plugins already queued")
    try:
        monitor_enabled_plugins_limit.delay()
    except AlreadyQueued:
        api_log.info("[set_sensor_plugins_enabled_by_asset] monitor for enabled plugins already queued")

    # Restart the alienvault agent
    job = restart_alienvault_agent.delay(sensor_ip=sensor_ip)

    return job.id
Example #3
0
def set_sensor_plugins_enabled_by_asset(sensor_id, assets_info):
    """ Set the list of plugins enabled in a sensor by asset
    Params:
        sensor_id (UUID): sensor id
        assets_info (dict or json string):
           {"<asset_id>": ["<plugin_1>",
                           "<plugin_2>",
                           ...],
            ...}
    Return:
        the id of the agent restart job
    """
    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        raise APICannotResolveSensorID(
            sensor_id=sensor_id,
            log="[set_sensor_plugins_enabled_by_asset] "
            "Error getting Sensor ip: %s".format(sensor_ip))

    try:
        plugins = {}
        if isinstance(assets_info, basestring):
            assets_info = json.loads(assets_info)

        for asset_id, asset_plugins in assets_info.iteritems():
            asset_id = str(uuid.UUID(asset_id))
            asset_ips = get_asset_ip_from_id(asset_id=asset_id)
            if not asset_ips:
                api_log.error(
                    "Cannot resolve ips for asset '{0}'".format(asset_id))
                continue

            plugins[asset_id] = {
                'device_ip': asset_ips[0],
                'plugins': asset_plugins
            }
    except Exception as e:
        raise APIInvalidInputFormat(
            log="[set_sensor_plugins_enabled_by_asset] "
            "Invalid asset_info format: '{0}'".format(str(e)))

    try:
        (success,
         data) = set_sensor_detectors_from_yaml(sensor_ip, str(plugins))
    except Exception as e:
        raise APICannotSetSensorPlugins(
            log="[set_sensor_plugins_enabled_by_asset] "
            "Cannot set asset plugins: '{0}'".format(str(e)))
    if not success:
        api_log.error("[set_sensor_plugins_enabled_by_asset] "
                      "Cannot set asset plugins: '{0}'".format(str(data)))
        raise APICannotSetSensorPlugins(
            log="[set_sensor_plugins_enabled_by_asset] "
            "Cannot set asset plugins: '{0}'".format(str(data)))

    # Flush sensor plugin cache and Update host plugin info
    flush_cache("sensor_plugins")
    # Import here to avoid circular imports
    from celerymethods.tasks.monitor_tasks import (
        monitor_update_host_plugins, monitor_enabled_plugins_limit)
    try:
        monitor_update_host_plugins.delay()
    except AlreadyQueued:
        api_log.info(
            "[set_sensor_plugins_enabled_by_asset] monitor update host plugins already queued"
        )
    try:
        monitor_enabled_plugins_limit.delay()
    except AlreadyQueued:
        api_log.info(
            "[set_sensor_plugins_enabled_by_asset] monitor for enabled plugins already queued"
        )

    # Restart the alienvault agent
    job = restart_alienvault_agent.delay(sensor_ip=sensor_ip)

    return job.id
Example #4
0
    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        current_app.logger.error("detector: put_sensor_detector error: Bad 'sensor_id'")
        return make_bad_request("Bad sensor_id")
    plugins_hash = {}
    try:
        plugins = json.loads(plugins)
        for device_id, plugins in plugins.iteritems():
            ips = get_asset_ip_from_id(device_id)
            if len(ips) > 0:
                plugins_hash[device_id] = {"device_ip": ips[0],  # A device  should never have more than one IP
                                           "plugins": plugins}
    except Exception, e:
        return make_bad_request("Invalid JSON: %s , p=%s" % ("", str(plugins)))
    try:
        (success, data) = set_sensor_detectors_from_yaml(sensor_ip, str(plugins_hash))
    except Exception as err:
        return make_error("Something wrong happen while getting the yaml information %s" % str(err))
    if not success:
        current_app.logger.error("detector: put_sensor_detector error %s" % data)
        return make_error("Error setting sensor detector plugins: %s" % data, 500)

    # Now restart the alienvault agent
    job = restart_alienvault_agent.delay(sensor_ip=sensor_ip)
    # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces
    return make_ok(result=data, jobid=job.id)


@blueprint.route('/<sensor_id>/detector/all', methods=['GET'])
@document_using('static/apidocs/sensor/all.html')
@admin_permission.require(http_exception=403)