class FunctionComponent(ResilientComponent):
"""Component that implements Resilient function 'cisco_asa_get_network_object_details''"""
def __init__(self, opts):
"""Constructor provides access to the configuration options"""
super(FunctionComponent, self).__init__(opts)
self.fn_options = opts.get(PACKAGE_NAME, {})
# Load the firewall options from the app.config
self.firewalls = CiscoASAFirewalls(opts, self.fn_options)
@handler("reload")
def _reload(self, event, opts):
"""Configuration options have changed, save new values"""
self.fn_options = opts.get(PACKAGE_NAME, {})
# Load the firewall options from the app.config
self.firewalls = CiscoASAFirewalls(opts, self.fn_options)
@function(FN_NAME)
def _cisco_asa_get_network_object_details_function(self, event, *args,
**kwargs):
"""Function: Get the details of the Cisco ASA network object."""
try:
LOG = logging.getLogger(__name__)
rc = RequestsCommon(self.opts, self.fn_options)
rp = ResultPayload(PACKAGE_NAME, **kwargs)
yield StatusMessage("Starting '{0}'".format(FN_NAME))
# Get the function parameters
firewall_name = kwargs.get("cisco_asa_firewall") # text
network_object_id = kwargs.get(
"cisco_asa_network_object_id") # text
LOG.info(u"cisco_asa_firewall: %s", firewall_name)
LOG.info(u"cisco_asa_network_object_id: %s", network_object_id)
# Get the the options for this firewall.
firewall_options = self.firewalls.get_firewall(firewall_name)
# Initialize the Cisco ASA object.
asa = CiscoASAClient(firewall_name, self.fn_options,
firewall_options, rc)
yield StatusMessage(
"Validations complete. Get the network objects.")
# Call the ASA API to get the network objects in this network object group.
response = asa.get_network_object(network_object_id)
results = rp.done(True, response)
LOG.info("'%s' complete", FN_NAME)
# Produce a FunctionResult with the results
yield FunctionResult(results)
except Exception as e:
yield FunctionError(e)
def selftest_function(opts):
"""
Test connectivity to at least one Cisco ASA device defined in the app.config.
"""
fn_options = opts.get("fn_cisco_asa", {})
rc = RequestsCommon(opts, fn_options)
# Load the firewall options from the app.config
firewalls = CiscoASAFirewalls(opts, fn_options)
firewall_list = firewalls.get_firewall_name_list()
# Loop through the firewalls to find at least one that is up and connectable.
for firewall_name in firewall_list:
# Get the the options for this firewall.
firewall_options = firewalls.get_firewall(firewall_name)
# Initialize the Cisco ASA object.
asa = CiscoASAClient(firewall_name, fn_options, firewall_options, rc)
try:
# Check if we can access this Cisco ASA device.
# See if we can get just one object.
status_code, response = asa.get_network_objects(limit=1)
if status_code == 200:
reason = "Successfull connection to firewall {0}.".format(firewall_name)
return {
"state": "success",
"reason": reason
}
except Exception as err:
LOG.info(err)
continue
return {
"state": "failure",
"reason": "Unable to connect to any Cisco ASA firewall."
}
def _load_opts(self, opts):
""" Load the options """
self.fn_options = opts.get(PACKAGE_NAME, {})
rest_client = self.rest_client()
# Load the firewall options from the app.config
self.firewalls = CiscoASAFirewalls(opts, self.fn_options)
firewall_group_select_list = []
# Load the rule activity select field with the firewall options from app.config
firewall_name_list = self.firewalls.get_firewall_name_list()
for firewall_name in firewall_name_list:
firewall_options = self.firewalls.get_firewall(firewall_name)
network_object_groups_list = self._convert_csv_to_list(
firewall_options.get("network_object_groups"))
for group in network_object_groups_list:
select_item = "{0}:{1}".format(firewall_name, group)
firewall_group_select_list.append(select_item)
# Load the rule activity select field with the network object group options from app.config
init_select_list_choices(rest_client,
"cisco_asa_firewall_network_object_group",
firewall_group_select_list)
def _reload(self, event, opts):
"""Configuration options have changed, save new values"""
self.fn_options = opts.get(PACKAGE_NAME, {})
self.firewalls = CiscoASAFirewalls(opts, self.fn_options)
def __init__(self, opts):
"""Constructor provides access to the configuration options"""
super(FunctionComponent, self).__init__(opts)
self.fn_options = opts.get(PACKAGE_NAME, {})
# Load the firewall options from the app.config
self.firewalls = CiscoASAFirewalls(opts, self.fn_options)
class FunctionComponent(ResilientComponent):
"""Component that implements Resilient function 'cisco_asa_add_artifact_to_network_object_group''"""
def __init__(self, opts):
"""Constructor provides access to the configuration options"""
super(FunctionComponent, self).__init__(opts)
self.fn_options = opts.get(PACKAGE_NAME, {})
# Load the firewall options from the app.config
self.firewalls = CiscoASAFirewalls(opts, self.fn_options)
@handler("reload")
def _reload(self, event, opts):
"""Configuration options have changed, save new values"""
self.fn_options = opts.get(PACKAGE_NAME, {})
self.firewalls = CiscoASAFirewalls(opts, self.fn_options)
@function(FN_NAME)
def _cisco_asa_add_artifact_to_network_object_group_function(
self, event, *args, **kwargs):
"""Function: Add a network object to the network object group."""
try:
LOG = logging.getLogger(__name__)
rc = RequestsCommon(self.opts, self.fn_options)
rp = ResultPayload(PACKAGE_NAME, **kwargs)
yield StatusMessage("Starting '{0}'".format(FN_NAME))
# Get the function parameters
firewall_name = kwargs.get("cisco_asa_firewall") # text
network_object_group = kwargs.get(
"cisco_asa_network_object_group") # text
network_object_name = kwargs.get(
"cisco_asa_network_object_name") # text
network_object_description = kwargs.get(
"cisco_asa_network_object_description") # text
artifact_value = kwargs.get(
"cisco_asa_network_object_value") # text
artifact_type = kwargs.get("cisco_asa_artifact_type") # text
ip_netmask = kwargs.get("cisco_asa_netmask") # text
ip_end_range = kwargs.get("cisco_asa_end_range") # text
fqdn_version = self.get_select_param(
kwargs.get("cisco_asa_fqdn_ip_version"))
LOG.info(u"cisco_asa_firewall: %s", firewall_name)
LOG.info(u"cisco_asa_network_object_group: %s",
network_object_group)
LOG.info(u"cisco_asa_network_object_name: %s", network_object_name)
LOG.info(u"cisco_asa_network_object_value: %s", artifact_value)
LOG.info(u"cisco_asa_network_object_description: %s",
artifact_value)
LOG.info(u"cisco_asa_artifact_type: %s", artifact_type)
LOG.info(u"cisco_asa_ipv4_netmask: %s", ip_netmask)
LOG.info(u"cisco_asa_ipv4_end_range: %s", ip_end_range)
LOG.info(u"cisco_asa_fqdn_ip_version: %s", fqdn_version)
# Get the the options for this firewall.
firewall_options = self.firewalls.get_firewall(firewall_name)
# Initialize the Cisco ASA object.
asa = CiscoASAClient(firewall_name, self.fn_options,
firewall_options, rc)
yield StatusMessage(
"Validations complete. Add the network object.")
# Translate Resilient artifact to Cisco ASA network object kind and value.
network_object_kind, network_object_value = artifact_to_network_object(
artifact_type, artifact_value, ip_netmask, ip_end_range,
fqdn_version)
# Call the ASA API to add the network object to the network object group.
success, reason = asa.add_to_network_object_group(
network_object_group, network_object_name,
network_object_description, network_object_kind,
network_object_value)
content = {
"firewall": firewall_name,
"network_object_group": network_object_group,
"network_object_name": network_object_name,
"network_object_description": network_object_description,
"network_object_kind": network_object_kind,
"network_object_value": network_object_value,
"reason": reason
}
results = rp.done(success, content)
yield StatusMessage(
"Artifact added to network object group: {0}".format(success))
LOG.info("'%s' complete: success = %s", FN_NAME, success)
# Produce a FunctionResult with the results
yield FunctionResult(results)
except Exception as e:
yield FunctionError(e)
class FunctionComponent(ResilientComponent):
"""Component that implements Resilient function 'cisco_asa_get_network_objects''"""
def _convert_csv_to_list(self, csv):
return [item.strip() for item in csv.split(",")]
def _load_opts(self, opts):
""" Load the options """
self.fn_options = opts.get(PACKAGE_NAME, {})
rest_client = self.rest_client()
# Load the firewall options from the app.config
self.firewalls = CiscoASAFirewalls(opts, self.fn_options)
firewall_group_select_list = []
# Load the rule activity select field with the firewall options from app.config
firewall_name_list = self.firewalls.get_firewall_name_list()
for firewall_name in firewall_name_list:
firewall_options = self.firewalls.get_firewall(firewall_name)
network_object_groups_list = self._convert_csv_to_list(
firewall_options.get("network_object_groups"))
for group in network_object_groups_list:
select_item = "{0}:{1}".format(firewall_name, group)
firewall_group_select_list.append(select_item)
# Load the rule activity select field with the network object group options from app.config
init_select_list_choices(rest_client,
"cisco_asa_firewall_network_object_group",
firewall_group_select_list)
def __init__(self, opts):
"""Constructor provides access to the configuration options"""
super(FunctionComponent, self).__init__(opts)
self._load_opts(opts)
@handler("reload")
def _reload(self, event, opts):
"""Configuration options have changed, save new values"""
self._load_opts(opts)
@function(FN_NAME)
def _cisco_asa_get_network_objects_function(self, event, *args, **kwargs):
"""Function: Query the Cisco ASA firewall and return the network objects contained in the specified network object group."""
try:
LOG = logging.getLogger(__name__)
rc = RequestsCommon(self.opts, self.fn_options)
rp = ResultPayload(PACKAGE_NAME, **kwargs)
yield StatusMessage("Starting '{0}'".format(FN_NAME))
# Get the function parameters
firewall_name = kwargs.get("cisco_asa_firewall") # text
network_object_group = kwargs.get(
"cisco_asa_network_object_group") # text
LOG.info(u"cisco_asa_firewall: %s", firewall_name)
LOG.info(u"cisco_asa_network_object_group: %s",
network_object_group)
# Get the the options for this firewall.
firewall_options = self.firewalls.get_firewall(firewall_name)
# Initialize the Cisco ASA object.
asa = CiscoASAClient(firewall_name, self.fn_options,
firewall_options, rc)
yield StatusMessage(
"Validations complete. Get the network objects.")
# Call the ASA API to get the network objects in this network object group.
members = asa.get_network_object_group_detailed(
network_object_group)
member_results = {"member_list": members}
results = rp.done(True, member_results)
LOG.info("'%s' complete", FN_NAME)
# Produce a FunctionResult with the results
yield FunctionResult(results)
except Exception as e:
yield FunctionError(e)