class OsqueryProbe(OsqueryResultProbe): serializer_class = OsqueryProbeSerializer model_display = 'osquery' create_url = reverse_lazy("osquery:create_probe") template_name = "osquery/probe.html" def load_validated_data(self, data): super().load_validated_data(data) self.discovery = data.get('discovery', []) self.queries = [OsqueryQuery(probe=self, **query_data) for query_data in data["queries"]] self.can_delete_queries = len(self.queries) > 1 def iter_discovery_queries(self): yield from self.discovery def iter_scheduled_queries(self): yield from self.queries def get_discovery_display(self): for discovery in self.discovery: yield format_sql(discovery) def get_extra_event_search_dict(self): return {'event_type': self.forced_event_type, 'name__regexp': '(pack_[0-9a-f]{{{l}}}_)?{s}_[0-9a-f]{{{l}}}'.format(s=self.slug, l=self.hash_length)} register_probe_class(OsqueryProbe)
url = store.get_visu_url("santa_event", probe_search_dict) if url: probe_links.append((store.name, url)) probe_links.sort() return probe_links def get_extra_context(self): context = {} # policies policies = [] for policy in self.policies: # policy links. match policy sha256. policy_links = [] sha256 = policy['sha256'] if policy['rule_type'] == 'CERTIFICATE': search_dict = {'signing_chain.sha256': [sha256]} else: search_dict = {'file_sha256': [sha256]} for store in stores: # match url = store.get_visu_url("santa_event", search_dict) if url: policy_links.append((store.name, url)) policy_links.sort() policies.append((policy, policy_links)) context['santa_policies'] = policies return context register_probe_class(SantaProbe)
def load_validated_data(self, data): super().load_validated_data(data) self.discovery = data.get('discovery', []) self.queries = [ OsqueryQuery(probe=self, **query_data) for query_data in data["queries"] ] self.can_delete_queries = len(self.queries) > 1 def iter_discovery_queries(self): yield from self.discovery def iter_scheduled_queries(self): yield from self.queries def get_discovery_display(self): for discovery in self.discovery: yield format_sql(discovery) def get_extra_event_search_dict(self): return { 'event_type': self.forced_event_type, 'name__regexp': '(pack_[0-9a-f]{{{l}}}_)?{s}_[0-9a-f]{{{l}}}'.format( s=self.slug, l=self.hash_length) } register_probe_class(OsqueryProbe)
"attribute": "type", "operator": PayloadFilter.IN, "values": self.install_types }, ] if self.installed_item_names: payload_filter_data.append({ "attribute": "name", "operator": PayloadFilter.IN, "values": self.installed_item_names }) if self.unattended_installs is not None: payload_filter_data.append({ "attribute": "unattended", "operator": PayloadFilter.IN, "values": [str(self.unattended_installs)] } # str comparison ) self.payload_filters = [PayloadFilter(payload_filter_data)] def get_installed_item_names_display(self): return ", ".join(sorted(self.installed_item_names)) def get_install_types_display(self): return ", ".join(sorted(self.install_types)) register_probe_class(MunkiInstallProbe)
policy = serializers.ChoiceField(choices=Rule.POLICY_CHOICES) rule_type = serializers.ChoiceField(choices=Rule.RULE_TYPE_CHOICES) sha256 = serializers.RegexField(r'^[a-f0-9]{64}\Z') custom_msg = serializers.CharField(required=False) class SantaProbeSerializer(BaseProbeSerializer): rules = serializers.ListField(child=RuleSerializer()) class SantaProbe(BaseProbe): serializer_class = SantaProbeSerializer model_display = "santa" create_url = reverse_lazy("santa:create_probe") template_name = "santa/probe.html" forced_event_type = 'santa_event' can_edit_payload_filters = False def load_validated_data(self, validated_data): super().load_validated_data(validated_data) self.rules = [ Rule(self, **rule_data) for rule_data in validated_data["rules"] ] self.can_delete_rules = len(self.rules) > 1 for r in self.rules: self.payload_filters.append( PayloadFilter(r.get_payload_filter_data())) register_probe_class(SantaProbe)
{'name__startswith': [self.name]}) if url: probe_links.append((store.name, url)) probe_links.sort() return probe_links def get_extra_context(self): # queries schedule = [] for query_name, osquery_query in self.iter_schedule_queries(): # query links. match query_name. osquery_ctx = {} query_links = [] for store in stores: url = store.get_visu_url("osquery_result", {'name': [query_name]}) if url: query_links.append((store.name, url)) query_links.sort() osquery_ctx['links'] = query_links osquery_ctx['html_query'] = format_sql(osquery_query['query']) osquery_ctx['interval'] = osquery_query.get('interval', None) osquery_ctx['value'] = osquery_query.get('value', None) osquery_ctx['description'] = osquery_query.get('description', None) schedule.append(osquery_ctx) return {'osquery_schedule': schedule, 'osquery_file_paths': self.file_paths} register_probe_class(OSQueryProbe)
class MunkiInstallProbe(BaseProbe): serializer_class = MunkiInstallProbeSerializer model_display = "munki install" create_url = reverse_lazy("munki:create_install_probe") template_name = "munki/install_probe.html" forced_event_type = "munki_event" can_edit_payload_filters = False def load_validated_data(self, data): super().load_validated_data(data) self.install_types = data["install_types"] self.installed_item_names = data.get("installed_item_names", []) self.unattended_installs = data.get("unattended_installs") # probe with can_edit_payload_filters = False # override the payload filters kwargs = {'type': self.install_types} if self.installed_item_names: kwargs['name'] = self.installed_item_names if self.unattended_installs is not None: kwargs['unattended'] = [self.unattended_installs] self.payload_filters = [PayloadFilter(**kwargs)] def get_installed_item_names_display(self): return ", ".join(sorted(self.installed_item_names)) def get_install_types_display(self): return ", ".join(sorted(self.install_types)) register_probe_class(MunkiInstallProbe)