def load_alert_matrix(self, alert_folder):
SetupLogger.logger.debug(
"Creating alert matrix list object with alert_folder '{}'".format(
alert_folder))
matrix = []
alerts = []
alert_folder_list = Utils.list_files_in_directory(alert_folder)
# Add each alert object
for alert_file_path in alert_folder_list:
# Parse alert yml file
alert_file_data = Utils.read_yml_file(alert_file_path)
if type(alert_file_data) is dict:
category = list(alert_file_data.keys())[0]
for tool, val in list(alert_file_data.values())[0].items():
alert_file_obj = AlertFile(alert_file_path, val, True,
category, tool)
alerts.append(alert_file_obj)
SetupLogger.logger.debug(
'Alert file loaded: {}'.format(alert_file_path))
else:
alert_file_obj = AlertFile(alert_file_path, "", False, "", "")
alerts.append(alert_file_obj)
SetupLogger.logger.info(
'Error loading file: {}'.format(alert_file_path))
alerts.sort(key=operator.attrgetter(
'category', 'tool')) # Sort by category and tool
if type(alerts) is list:
for alert in alerts:
if alert.parsed:
try:
# Parse AWS alerts
if alert.tool.lower() == "aws":
self.parse_cloudwatch_alerts(alert, matrix)
# Parse GCP alerts
elif alert.tool.lower() == "gcp":
self.parse_stackdriver_alerts(alert, matrix)
except Exception as e:
print('[error] Could not parsed alert: {}'.format(e))
else:
print("[error] Error parsing file '{}'".format(alert.path))
# Sort by category and tool
matrix.sort(key=operator.attrgetter('category', 'subcategory'))
SetupLogger.logger.info("Number of parsed files: {}".format(
len(alerts)))
SetupLogger.logger.info("Number of alerts found: {}".format(
len(matrix)))
return matrix
def remove(passwords, dry_run):
print("[plugin: AWS] Removing cloudformation stacks alert")
# Check if deployment folder exist
if os.path.exists(_path_deployment_plugin):
# Read password file
aws_keys = get_aws_keys(passwords)["AWS"]
# Get list of cloudformation templates in folder
deployed_stacks_list = Utils.list_files_in_directory(
_path_deployment_plugin)
for deployed_stack in deployed_stacks_list:
filename = os.path.basename(deployed_stack)
# Get account name from filename
aws_account_stack = filename.split("-")[
0] # -> is always the first string
stack_name = filename.replace(".yml", "")
SetupLogger.logger.info(
"Checking if '{0}' stack exists in AWS account '{1}'".format(
stack_name, aws_account_stack))
# Checking if the stack exist
if check_cloudformation_stack(
stack_name=stack_name,
aws_access_key_id=aws_keys[aws_account_stack]
["aws_access_key_id"],
aws_secret_access_key=aws_keys[aws_account_stack]
["aws_secret_access_key"],
region=aws_keys[aws_account_stack]["region"]):
SetupLogger.logger.info(
"Stack found, deleting stack '{}'".format(stack_name))
delete_cloudformation_stack(
stack_name=stack_name,
aws_access_key_id=aws_keys[aws_account_stack]
["aws_access_key_id"],
aws_secret_access_key=aws_keys[aws_account_stack]
["aws_secret_access_key"],
region=aws_keys[aws_account_stack]["region"])
else:
print("[warning] AWS Cloudformation stack {} does not exists".
format(stack_name))
else:
print("[error] Directory {} does not exists".format(
_path_deployment_plugin))
def process_alerts_deployment(self, config_file_path, dry_run, option):
# Read configuration file
config_file = Utils.read_yml_file(config_file_path)
# Check if the configuration file exist
if config_file is None:
print("[error] Configuration file not found: {}, exiting ...".format(config_file_path))
exit(1)
config = config_file.get('config')
# Validate if the value exist if don't use default
if not config.get('alerts_dir', False):
alerts_dir = Settings.CONFIGURATION_FOLDERS["alerts"].get('folder')
SetupLogger.logger.debug("Variable alerts_dir not defined, using default value: {}".format(alerts_dir))
else:
alerts_dir = config.get('alerts_dir')
SetupLogger.logger.debug("Variable alerts_dir defined, using value: {}".format(alerts_dir))
# Validate if the dir is valid
if not os.path.isdir(alerts_dir):
SetupLogger.logger.fatal("Alerts directory is not valid, exiting ...")
exit(1)
"""
# Check this **************
# Validate if the value exist if don't use default
if not config.get('passwords_file', False):
passwords_file_path = os.path.join(
Settings.CONFIGURATION_FOLDERS["passwords"].get('folder'), "passwords.yml")
SetupLogger.logger.debug("Variable passwords_file not defined, using default value: {}"
.format(passwords_file_path))
else:
passwords_file_path = config.get('passwords_file')
SetupLogger.logger.debug("passwords_file defined, using value: {}".format(passwords_file_path))
# Validate if the file is valid
if not os.path.isfile(passwords_file_path):
print("[error] Passwords file is not valid, exiting ...")
exit(1)
"""
passwords_file_path = ""
# Check alerts file
alerts_list_file = Utils.list_files_in_directory(alerts_dir)
if len(alerts_list_file) > 0:
print("[-] Alerts definition file found: {}".format(len(alerts_list_file)))
else:
print("[warning] No alerts definition file found, exiting ...")
exit(1)
######################
# Process deployment process for each plugin
######################
# Create hidden folder for plugin deployment configuration
Utils.create_folder(overwrite=False, folder_path=Settings.CONFIGURATION_HIDDEN_FOLDER_DEPLOYMENT)
plugin_folder_path = Settings.ALERT_PLUGINS_PATH
plugin_package = "lib.plugins.alerts"
# Get information about what plugins are available in the folder
plugins_available = Utils.get_list_plugins(plugin_folder_path)
print("[*] Plugins loaded: {}".format(",".join(plugins_available.keys())))
plugins_modules = Utils.load_plugins(plugin_package, plugin_folder_path)
if option == "deploy":
for plugin in plugins_available:
print("[plugin] Processing {} plugin".format(plugin))
plugins_modules[plugin].deploy(alerts_list_file, passwords_file_path, dry_run)
print("[plugin] Finished {} plugin".format(plugin))
elif option == "remove":
for plugin in plugins_available:
# Call remove function inside the plugin
print("[plugin] Processing {} plugin".format(plugin))
plugins_modules[plugin].remove(passwords_file_path, dry_run)
print("[plugin] Finished {} plugin".format(plugin))
else:
print("[error] Plugin option not available: {}".format(option))
