예제 #1
0
def put_sensor_detector_by_device(sensor_id):
    """
    Set the [sensor]/detectors list on config.yml of the sensor
    """
    # Get the 'plugins' param list, with contains the detector plugins
    # It must be a comma separate list
    plugins = request.form['plugins']
    if plugins is None:
        current_app.logger.error(
            "detector: put_sensor_detector error: Missing parameter 'plugins'")
        return make_bad_request("Missing parameter plugins")

    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        current_app.logger.error(
            "detector: put_sensor_detector error: Bad 'sensor_id'")
        return make_bad_request("Bad sensor_id")
    plugins_hash = {}
    try:
        plugins = json.loads(plugins)
        for device_id, plugins in plugins.iteritems():
            ips = get_asset_ip_from_id(device_id)
            if len(ips) > 0:
                plugins_hash[device_id] = {
                    "device_ip":
                    ips[0],  # A device  should never have more than one IP
                    "plugins": plugins
                }
    except Exception, e:
        return make_bad_request("Invalid JSON: %s , p=%s" % ("", str(plugins)))
예제 #2
0
def put_sensor_detector_by_device(sensor_id):
    """
    Set the [sensor]/detectors list on config.yml of the sensor
    """
    # Get the 'plugins' param list, with contains the detector plugins
    # It must be a comma separate list
    plugins = request.form['plugins']
    if plugins is None:
        current_app.logger.error("detector: put_sensor_detector error: Missing parameter 'plugins'")
        return make_bad_request("Missing parameter plugins")

    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        current_app.logger.error("detector: put_sensor_detector error: Bad 'sensor_id'")
        return make_bad_request("Bad sensor_id")
    plugins_hash = {}
    try:
        plugins = json.loads(plugins)
        for device_id, plugins in plugins.iteritems():
            ips = get_asset_ip_from_id(device_id)
            if len(ips) > 0:
                plugins_hash[device_id] = {"device_ip": ips[0],  # A device  should never have more than one IP
                                           "plugins": plugins}
    except Exception, e:
        return make_bad_request("Invalid JSON: %s , p=%s" % ("", str(plugins)))
예제 #3
0
def set_sensor_plugins_enabled_by_asset(sensor_id, assets_info):
    """ Set the list of plugins enabled in a sensor by asset
    Params:
        sensor_id (UUID): sensor id
        assets_info (dict or json string):
           {"<asset_id>": ["<plugin_1>",
                           "<plugin_2>",
                           ...],
            ...}
    Return:
        the id of the agent restart job
    """
    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        raise APICannotResolveSensorID(
            sensor_id=sensor_id,
            log="[set_sensor_plugins_enabled_by_asset] "
            "Error getting Sensor ip: %s".format(sensor_ip))

    try:
        plugins = {}
        if isinstance(assets_info, basestring):
            assets_info = json.loads(assets_info)

        for asset_id, asset_plugins in assets_info.iteritems():
            asset_id = str(uuid.UUID(asset_id))
            asset_ips = get_asset_ip_from_id(asset_id=asset_id)
            if not asset_ips:
                api_log.error(
                    "Cannot resolve ips for asset '{0}'".format(asset_id))
                continue

            plugins[asset_id] = {
                'device_ip': asset_ips[0],
                'plugins': asset_plugins
            }
    except Exception as e:
        raise APIInvalidInputFormat(
            log="[set_sensor_plugins_enabled_by_asset] "
            "Invalid asset_info format: '{0}'".format(str(e)))

    try:
        (success,
         data) = set_sensor_detectors_from_yaml(sensor_ip, str(plugins))
    except Exception as e:
        raise APICannotSetSensorPlugins(
            log="[set_sensor_plugins_enabled_by_asset] "
            "Cannot set asset plugins: '{0}'".format(str(e)))
    if not success:
        api_log.error("[set_sensor_plugins_enabled_by_asset] "
                      "Cannot set asset plugins: '{0}'".format(str(data)))
        raise APICannotSetSensorPlugins(
            log="[set_sensor_plugins_enabled_by_asset] "
            "Cannot set asset plugins: '{0}'".format(str(data)))

    # Flush sensor plugin cache and Update host plugin info
    flush_cache("sensor_plugins")
    # Import here to avoid circular imports
    from celerymethods.tasks.monitor_tasks import (
        monitor_update_host_plugins, monitor_enabled_plugins_limit)
    try:
        monitor_update_host_plugins.delay()
    except AlreadyQueued:
        api_log.info(
            "[set_sensor_plugins_enabled_by_asset] monitor update host plugins already queued"
        )
    try:
        monitor_enabled_plugins_limit.delay()
    except AlreadyQueued:
        api_log.info(
            "[set_sensor_plugins_enabled_by_asset] monitor for enabled plugins already queued"
        )

    # Restart the alienvault agent
    job = restart_alienvault_agent.delay(sensor_ip=sensor_ip)

    return job.id
예제 #4
0
def set_sensor_plugins_enabled_by_asset(sensor_id, assets_info):
    """ Set the list of plugins enabled in a sensor by asset
    Params:
        sensor_id (UUID): sensor id
        assets_info (dict or json string):
           {"<asset_id>": ["<plugin_1>",
                           "<plugin_2>",
                           ...],
            ...}
    Return:
        the id of the agent restart job
    """
    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        raise APICannotResolveSensorID(
            sensor_id=sensor_id,
            log="[set_sensor_plugins_enabled_by_asset] "
            "Error getting Sensor ip: %s".format(sensor_ip))

    try:
        plugins = {}
        if isinstance(assets_info, basestring):
            assets_info = json.loads(assets_info)

        for asset_id, asset_plugins in assets_info.iteritems():
            asset_id = str(uuid.UUID(asset_id))
            asset_ips = get_asset_ip_from_id(asset_id=asset_id)
            if not asset_ips:
                api_log.error("Cannot resolve ips for asset '{0}'".format(asset_id))
                continue

            plugins[asset_id] = {'device_ip': asset_ips[0],
                                 'plugins': asset_plugins}
    except Exception as e:
        raise APIInvalidInputFormat(
            log="[set_sensor_plugins_enabled_by_asset] "
            "Invalid asset_info format: '{0}'".format(str(e)))

    try:
        (success, data) = set_sensor_detectors_from_yaml(sensor_ip, str(plugins))
    except Exception as e:
        raise APICannotSetSensorPlugins(
            log="[set_sensor_plugins_enabled_by_asset] "
            "Cannot set asset plugins: '{0}'".format(str(e)))
    if not success:
        api_log.error("[set_sensor_plugins_enabled_by_asset] "
                      "Cannot set asset plugins: '{0}'".format(str(data)))
        raise APICannotSetSensorPlugins(
            log="[set_sensor_plugins_enabled_by_asset] "
            "Cannot set asset plugins: '{0}'".format(str(data)))

    # Flush sensor plugin cache and Update host plugin info
    flush_cache("sensor_plugins")
    # Import here to avoid circular imports
    from celerymethods.tasks.monitor_tasks import (monitor_update_host_plugins, monitor_enabled_plugins_limit)
    try:
        monitor_update_host_plugins.delay()
    except AlreadyQueued:
        api_log.info("[set_sensor_plugins_enabled_by_asset] monitor update host plugins already queued")
    try:
        monitor_enabled_plugins_limit.delay()
    except AlreadyQueued:
        api_log.info("[set_sensor_plugins_enabled_by_asset] monitor for enabled plugins already queued")

    # Restart the alienvault agent
    job = restart_alienvault_agent.delay(sensor_ip=sensor_ip)

    return job.id