def load_alert_matrix(self, alert_folder): SetupLogger.logger.debug( "Creating alert matrix list object with alert_folder '{}'".format( alert_folder)) matrix = [] alerts = [] alert_folder_list = Utils.list_files_in_directory(alert_folder) # Add each alert object for alert_file_path in alert_folder_list: # Parse alert yml file alert_file_data = Utils.read_yml_file(alert_file_path) if type(alert_file_data) is dict: category = list(alert_file_data.keys())[0] for tool, val in list(alert_file_data.values())[0].items(): alert_file_obj = AlertFile(alert_file_path, val, True, category, tool) alerts.append(alert_file_obj) SetupLogger.logger.debug( 'Alert file loaded: {}'.format(alert_file_path)) else: alert_file_obj = AlertFile(alert_file_path, "", False, "", "") alerts.append(alert_file_obj) SetupLogger.logger.info( 'Error loading file: {}'.format(alert_file_path)) alerts.sort(key=operator.attrgetter( 'category', 'tool')) # Sort by category and tool if type(alerts) is list: for alert in alerts: if alert.parsed: try: # Parse AWS alerts if alert.tool.lower() == "aws": self.parse_cloudwatch_alerts(alert, matrix) # Parse GCP alerts elif alert.tool.lower() == "gcp": self.parse_stackdriver_alerts(alert, matrix) except Exception as e: print('[error] Could not parsed alert: {}'.format(e)) else: print("[error] Error parsing file '{}'".format(alert.path)) # Sort by category and tool matrix.sort(key=operator.attrgetter('category', 'subcategory')) SetupLogger.logger.info("Number of parsed files: {}".format( len(alerts))) SetupLogger.logger.info("Number of alerts found: {}".format( len(matrix))) return matrix
def remove(passwords, dry_run): print("[plugin: AWS] Removing cloudformation stacks alert") # Check if deployment folder exist if os.path.exists(_path_deployment_plugin): # Read password file aws_keys = get_aws_keys(passwords)["AWS"] # Get list of cloudformation templates in folder deployed_stacks_list = Utils.list_files_in_directory( _path_deployment_plugin) for deployed_stack in deployed_stacks_list: filename = os.path.basename(deployed_stack) # Get account name from filename aws_account_stack = filename.split("-")[ 0] # -> is always the first string stack_name = filename.replace(".yml", "") SetupLogger.logger.info( "Checking if '{0}' stack exists in AWS account '{1}'".format( stack_name, aws_account_stack)) # Checking if the stack exist if check_cloudformation_stack( stack_name=stack_name, aws_access_key_id=aws_keys[aws_account_stack] ["aws_access_key_id"], aws_secret_access_key=aws_keys[aws_account_stack] ["aws_secret_access_key"], region=aws_keys[aws_account_stack]["region"]): SetupLogger.logger.info( "Stack found, deleting stack '{}'".format(stack_name)) delete_cloudformation_stack( stack_name=stack_name, aws_access_key_id=aws_keys[aws_account_stack] ["aws_access_key_id"], aws_secret_access_key=aws_keys[aws_account_stack] ["aws_secret_access_key"], region=aws_keys[aws_account_stack]["region"]) else: print("[warning] AWS Cloudformation stack {} does not exists". format(stack_name)) else: print("[error] Directory {} does not exists".format( _path_deployment_plugin))
def process_alerts_deployment(self, config_file_path, dry_run, option): # Read configuration file config_file = Utils.read_yml_file(config_file_path) # Check if the configuration file exist if config_file is None: print("[error] Configuration file not found: {}, exiting ...".format(config_file_path)) exit(1) config = config_file.get('config') # Validate if the value exist if don't use default if not config.get('alerts_dir', False): alerts_dir = Settings.CONFIGURATION_FOLDERS["alerts"].get('folder') SetupLogger.logger.debug("Variable alerts_dir not defined, using default value: {}".format(alerts_dir)) else: alerts_dir = config.get('alerts_dir') SetupLogger.logger.debug("Variable alerts_dir defined, using value: {}".format(alerts_dir)) # Validate if the dir is valid if not os.path.isdir(alerts_dir): SetupLogger.logger.fatal("Alerts directory is not valid, exiting ...") exit(1) """ # Check this ************** # Validate if the value exist if don't use default if not config.get('passwords_file', False): passwords_file_path = os.path.join( Settings.CONFIGURATION_FOLDERS["passwords"].get('folder'), "passwords.yml") SetupLogger.logger.debug("Variable passwords_file not defined, using default value: {}" .format(passwords_file_path)) else: passwords_file_path = config.get('passwords_file') SetupLogger.logger.debug("passwords_file defined, using value: {}".format(passwords_file_path)) # Validate if the file is valid if not os.path.isfile(passwords_file_path): print("[error] Passwords file is not valid, exiting ...") exit(1) """ passwords_file_path = "" # Check alerts file alerts_list_file = Utils.list_files_in_directory(alerts_dir) if len(alerts_list_file) > 0: print("[-] Alerts definition file found: {}".format(len(alerts_list_file))) else: print("[warning] No alerts definition file found, exiting ...") exit(1) ###################### # Process deployment process for each plugin ###################### # Create hidden folder for plugin deployment configuration Utils.create_folder(overwrite=False, folder_path=Settings.CONFIGURATION_HIDDEN_FOLDER_DEPLOYMENT) plugin_folder_path = Settings.ALERT_PLUGINS_PATH plugin_package = "lib.plugins.alerts" # Get information about what plugins are available in the folder plugins_available = Utils.get_list_plugins(plugin_folder_path) print("[*] Plugins loaded: {}".format(",".join(plugins_available.keys()))) plugins_modules = Utils.load_plugins(plugin_package, plugin_folder_path) if option == "deploy": for plugin in plugins_available: print("[plugin] Processing {} plugin".format(plugin)) plugins_modules[plugin].deploy(alerts_list_file, passwords_file_path, dry_run) print("[plugin] Finished {} plugin".format(plugin)) elif option == "remove": for plugin in plugins_available: # Call remove function inside the plugin print("[plugin] Processing {} plugin".format(plugin)) plugins_modules[plugin].remove(passwords_file_path, dry_run) print("[plugin] Finished {} plugin".format(plugin)) else: print("[error] Plugin option not available: {}".format(option))