def __update_sensor_properties(self, sensor_id, config_alienvault):
""" Update sensor properties
"""
# Only updates sensors with entries in sensor and sensor_properties tables
# This situation could happen in Federated environments without forwarding enabled
success, sensor = get_sensor_by_sensor_id(sensor_id)
if not success or sensor is None:
return
sensor_detectors = config_alienvault.get('sensor_detectors', [])
sensor_netflow = config_alienvault.get('sensor_netflow', 'no')
prads_enabled = 'prads' in sensor_detectors
nids_enabled = 'AlienVault_NIDS' in sensor_detectors
netflow_enabled = sensor_netflow == 'yes'
success, message = set_sensor_properties_active_inventory(
sensor_id, nids_enabled)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] "
"set_sensor_properties_active_inventory failed: %s" % message)
success, message = set_sensor_properties_passive_inventory(
sensor_id, prads_enabled)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] "
"set_sensor_properties_pasive_inventory failed: %s" % message)
success, message = set_sensor_properties_netflow(
sensor_id, netflow_enabled)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] "
"set_sensor_properties_netflow failed: %s" %
message)
def __update_sensor_properties(self,
sensor_id,
config_alienvault):
""" Update sensor properties
"""
# Only updates sensors with entries in sensor and sensor_properties tables
# This situation could happen in Federated environments without forwarding enabled
success, sensor = get_sensor_by_sensor_id(sensor_id)
if not success or sensor is None:
return
sensor_detectors = config_alienvault.get('sensor_detectors', [])
sensor_netflow = config_alienvault.get('sensor_netflow', 'no')
prads_enabled = 'prads' in sensor_detectors
nids_enabled = 'AlienVault_NIDS' in sensor_detectors
netflow_enabled = sensor_netflow == 'yes'
success, message = set_sensor_properties_active_inventory(sensor_id, nids_enabled)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] "
"set_sensor_properties_active_inventory failed: %s" % message)
success, message = set_sensor_properties_passive_inventory(sensor_id, prads_enabled)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] "
"set_sensor_properties_pasive_inventory failed: %s" % message)
success, message = set_sensor_properties_netflow(sensor_id, netflow_enabled)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] "
"set_sensor_properties_netflow failed: %s" % message)
def start(self):
try:
self.remove_monitor_data()
rc, system_list = get_systems()
if not rc:
logger.error("Can't retrieve systems..%s" % str(system_list))
return False
for (system_id, system_ip) in system_list:
success, sensor_id = get_sensor_id_from_system_id(system_id)
if not success:
continue
success, result = get_plugins_from_yaml(sensor_id, no_cache=True)
if not success:
continue
success, result = system_all_info(system_id, no_cache=True)
if not success:
continue
success, result = network_status(system_id, no_cache=True)
if not success:
continue
success, result = alienvault_status(system_id, no_cache=True)
if not success:
continue
success, result = get_system_config_general(system_id, no_cache=True)
if not success:
continue
#Getting config params from the system, we do use this result var so do not change the order of the calls!
success, result = get_system_config_alienvault(system_id, no_cache=True)
if not success:
continue
prads_enabled = False
suricata_snort_enabled = False
netflow_enabled = False
ha_ip = None
ha_role = None
if 'sensor_detectors' in result:
prads_enabled = True if 'prads' in result['sensor_detectors'] else False
suricata_snort_enabled = True if 'snort' in result['sensor_detectors'] or 'suricata' in result['sensor_detectors'] else False
if 'sensor_netflow' in result:
netflow_enabled = True if result['sensor_netflow'] == 'yes' else False
if 'ha_ha_virtual_ip' in result:
ha_ip = result['ha_ha_virtual_ip']
if not is_valid_ipv4(ha_ip):
ha_ip = None
if 'ha_ha_role' in result:
ha_role = result['ha_ha_role']
if ha_role not in ['master', 'slave']:
ha_role = None
success, result = get_interfaces(system_id, no_cache=True)
if not success:
continue
success, result = system_get(system_id, no_cache=True)
if not success:
continue
vpn_ip = None
if "ansible_tun0" in result:
try:
vpn_ip = result['ansible_tun0']['ipv4']['address']
except:
vpn_ip = None
# TO DB; vpn_ip, netflow, active inventory, passive inventory
# ha_ip
success, message = set_sensor_properties_active_inventory(sensor_id, suricata_snort_enabled)
if not success:
continue
success, message = set_sensor_properties_passive_inventory(sensor_id, prads_enabled)
if not success:
continue
success, message = set_sensor_properties_netflow(sensor_id, netflow_enabled)
if not success:
continue
if vpn_ip is not None:
success, message = set_system_vpn_ip(system_id, vpn_ip)
if not success:
continue
if ha_role is not None:
success, message = set_system_ha_role(system_id, ha_role)
if not success:
continue
if ha_ip is not None:
success, message = set_system_ha_ip(system_id, ha_ip)
if not success:
continue
except Exception as err:
api_log.error("Something wrong happened while running the MonitorRetrievesRemoteInfo monitor %s" % str(err))
return False
return True
def start(self):
try:
self.remove_monitor_data()
rc, system_list = get_systems()
if not rc:
logger.error("Can't retrieve systems..%s" % str(system_list))
return False
for (system_id, system_ip) in system_list:
success, sensor_id = get_sensor_id_from_system_id(system_id)
if not success:
continue
success, result = get_plugins_from_yaml(sensor_id,
no_cache=True)
if not success:
continue
success, result = system_all_info(system_id, no_cache=True)
if not success:
continue
success, result = network_status(system_id, no_cache=True)
if not success:
continue
success, result = alienvault_status(system_id, no_cache=True)
if not success:
continue
success, result = get_system_config_general(system_id,
no_cache=True)
if not success:
continue
#Getting config params from the system, we do use this result var so do not change the order of the calls!
success, result = get_system_config_alienvault(system_id,
no_cache=True)
if not success:
continue
prads_enabled = False
suricata_snort_enabled = False
netflow_enabled = False
ha_ip = None
ha_role = None
if 'sensor_detectors' in result:
prads_enabled = True if 'prads' in result[
'sensor_detectors'] else False
suricata_snort_enabled = True if 'snort' in result[
'sensor_detectors'] or 'suricata' in result[
'sensor_detectors'] else False
if 'sensor_netflow' in result:
netflow_enabled = True if result[
'sensor_netflow'] == 'yes' else False
if 'ha_ha_virtual_ip' in result:
ha_ip = result['ha_ha_virtual_ip']
if not is_valid_ipv4(ha_ip):
ha_ip = None
if 'ha_ha_role' in result:
ha_role = result['ha_ha_role']
if ha_role not in ['master', 'slave']:
ha_role = None
success, result = get_interfaces(system_id, no_cache=True)
if not success:
continue
success, result = system_get(system_id, no_cache=True)
if not success:
continue
vpn_ip = None
if "ansible_tun0" in result:
try:
vpn_ip = result['ansible_tun0']['ipv4']['address']
except:
vpn_ip = None
# TO DB; vpn_ip, netflow, active inventory, passive inventory
# ha_ip
success, message = set_sensor_properties_active_inventory(
sensor_id, suricata_snort_enabled)
if not success:
continue
success, message = set_sensor_properties_passive_inventory(
sensor_id, prads_enabled)
if not success:
continue
success, message = set_sensor_properties_netflow(
sensor_id, netflow_enabled)
if not success:
continue
if vpn_ip is not None:
success, message = set_system_vpn_ip(system_id, vpn_ip)
if not success:
continue
if ha_role is not None:
success, message = set_system_ha_role(system_id, ha_role)
if not success:
continue
if ha_ip is not None:
success, message = set_system_ha_ip(system_id, ha_ip)
if not success:
continue
except Exception as err:
api_log.error(
"Something wrong happened while running the MonitorRetrievesRemoteInfo monitor %s"
% str(err))
return False
return True
