예제 #1
0
def merge_site_members(api, data):
    print('Merging users...')

    # Get existing site users
    keys = ['user']
    src = api.get_site_members()
    users = filter_data(src['data'], keys)

    # Get existing corp users in case user needs to be added
    keys = ['email']
    src = api.get_corp_users()
    corp_users = [user['email'] for user in filter_data(src['data'], keys)]

    # Loop through the users to add
    for item in data:
        for user in users:
            # Skip users that exist in the site
            if item['user']['email'] == user['user']['email']:
                print('  Skipping %s (exists)' % item['user']['email'])
                break
        else:
            if item['user']['email'] not in corp_users:
                # User does not exist in corp so invite it to the corp and add
                # it to the site
                print('  %s (New user - Corp role: %s, API user: %s)' %
                      (item['user']['email'], item['role'],
                       item['user']['apiUser']))
                add_new_user(api, item['user']['email'], item['role'],
                             item['user']['apiUser'])
            else:
                # Add missing user
                print('  Adding %s' % item['user']['email'])
                role = {'role': item['role']}
                api.update_site_member(item['user']['email'], role)
예제 #2
0
def generate_advanced_rules_request(api, source, data):
    print('Merging advanced rules...')

    # Get the existing advanced rules
    src = api.get_advanced_rules()
    rules = filter_data(src.get('data', []), ['shortName'])
    rule_names = [r['shortName'] for r in rules]

    email = '\nEmail [email protected] with the following...\n'
    email += ('Please copy the following advanced rules from %s/%s to %s/%s:' %
              (source['corp'], source['site'], api.corp, api.site))
    make_request = False
    skipped = []
    for item in data:
        if item['shortName'] not in rule_names:
            email += '\n    %s (ID %s)' % (item['shortName'], item['id'])
            make_request = True
        else:
            skipped.append(item['shortName'])

    for item in skipped:
        print('  Skipping %s (exists)' % item)

    if make_request:
        print(email)
예제 #3
0
def merge_integrations(api, data):
    print('Merging integrations...')

    # Get existing integrations
    keys = ['id', 'name', 'type', 'url', 'events']
    src = api.get_integrations()
    integs = filter_data(src['data'], keys)

    # Loop through integrations to add/update
    for item in data:
        for integ in integs:
            if item['url'] == integ['url'] and item['type'] == integ['type']:
                # Integration exists, see if it needs updating
                if sorted(item['events']) == sorted(integ['events']):
                    # Integration events are the same, skip
                    print('  Skipping %s (exists)' % item['name'])
                    break
                else:
                    # Integration events are different, updating
                    print('  Updating %s' % item['name'])
                    api.update_integration(integ['id'], item)
                    break
        else:
            # Add missing integration
            print('  Adding %s' % item['name'])
            try:
                api.add_integration(item)
            except Exception as e:  # pylint: disable=broad-except
                print('    Failed: %s' % e)
예제 #4
0
def get_request_rules(api):
    keys = [
        'enabled', 'groupOperator', 'conditions', 'action', 'signal', 'reason',
        'expiration'
    ]
    data = api.get_request_rules()
    return filter_data(data['data'], keys)
예제 #5
0
def merge_signal_rules(api, data):
    print('Merging signal rules...')

    # Get the existing signal rules
    keys = [
        'enabled',
        'groupOperator',
        'conditions',
        'signal',
        'reason',
    ]
    src = api.get_signal_rules()
    rules = filter_data(src['data'], keys)

    for item in data:
        for rule in rules:
            if equal_rules(rule, item, signal_rule=True):
                print('  Skipping %s (exists)' % item['reason'])
                break
        else:
            print('  Adding %s' % item['reason'])
            try:
                api.add_signal_rules(item)
            except Exception as e:  # pylint: disable=broad-except
                print('    Failed: %s' % e)
예제 #6
0
def merge_advanced_rules(api, source, data):
    print('Merging advanced rules...')

    # Get the existing advanced rules
    src = api.get_advanced_rules()
    rules = filter_data(src.get('data', []), ['shortName'])
    rule_names = [r['shortName'] for r in rules]
    not_copied = []
    for item in data:
        if item['shortName'] not in rule_names:
            try:
                response = api.copy_advanced_rule(item['shortName'],
                                                  source['site']) or item
                print('  Adding %s (ID %s)' %
                      (response['shortName'], response['id']))
            except Exception as e:  # pylint: disable=broad-except
                not_copied.append(item)
        else:
            print('  Skipping %s (exists)' % item)
    if not_copied:
        print('\nEmail [email protected] with the following...\n'
              'Please copy the following advanced rules from %s/%s to %s/%s:' %
              (source['corp'], source['site'], api.corp, api.site))
        for item in not_copied:
            print('    %s (ID %s)' % (item['shortName'], item['id']))
예제 #7
0
def add_site_members(api, data):
    print('Adding users...')

    # Get existing corp users in case user needs to be added
    keys = ['email']
    src = api.get_corp_users()
    users = [user['email'] for user in filter_data(src['data'], keys)]
    for item in data:
        if item['user']['email'] not in users:
            # User does not exist in corp so invite it to the corp and add it
            # to the site
            print('  %s (New user - Corp role: %s, API user: %s)' %
                  (item['user']['email'],
                   item['role'],
                   item['user']['apiUser']))
            add_new_user(api,
                         item['user']['email'],
                         item['role'],
                         item['user']['apiUser'])
        elif item['role'] == 'owner':
            # Owners are auto-added at site creation
            continue
        else:
            # User exists in corp and is not an owner to add it to the site
            print('  %s' % item['user']['email'])
            role = {'role': item['role']}
            api.update_site_member(item['user']['email'], role)
예제 #8
0
def get_site_rules(api):
    keys = [
        'type', 'enabled', 'groupOperator', 'conditions', 'actions', 'reason',
        'expiration'
    ]
    optional_alert_keys = ['signal']
    data = api.get_site_rules()
    return filter_data(data['data'], keys, optional_keys=optional_alert_keys)
예제 #9
0
def get_advanced_rules(api):
    keys = [
        'id', 'shortName', 'enabled', 'initRule', 'preEarlyRule', 'preRule',
        'preLateRule', 'postEarlyRule', 'postRule', 'postLateRule',
        'sampleRequest', 'sampleResponse'
    ]
    data = api.get_advanced_rules()
    return filter_data(data.get('data', []), keys)
예제 #10
0
def get_templated_rules(api):
    detection_keys = ['name', 'fields', 'enabled']
    alert_keys = ['longName', 'interval', 'threshold',
                  'skipNotifications', 'enabled', 'action']
    data = api.get_templated_rules()
    ret = {}
    for rule in data['data']:
        if not rule['detections']:
            # Skip empty rules
            continue

        # Reformat the retrieved data into the structure needed for adding the
        # templated rule to a clean site.
        ret[rule['name']] = {'detectionAdds': [], 'alertAdds': []}
        ret[rule['name']]['detectionAdds'] += filter_data(
            rule['detections'], detection_keys)
        ret[rule['name']]['alertAdds'] += filter_data(
            rule['alerts'], alert_keys)
    return ret
예제 #11
0
def generate_advanced_rules_request(api, source, data):
    # Get the existing advanced rules
    src = api.get_advanced_rules()
    rules = filter_data(src['data'], ['shortName'])
    rule_names = [r['shortName'] for r in rules]

    email = '\n\nEmail [email protected] with the following...\n'
    email += ('Please copy the following advanced rules from %s/%s to %s/%s:' %
              (source['corp'], source['site'], api.corp, api.site))
    make_request = False
    for item in data:
        if item['shortName'] not in rule_names:
            email += '\n    %s (ID %s)' % (item['shortName'], item['id'])
            make_request = True
    if make_request:
        print(email)
예제 #12
0
def merge_custom_signals(api, data):
    print('Merging custom signals...')

    # Get the existing custom signals
    keys = ['tagName']
    src = api.get_custom_signals()
    lists = filter_data(src['data'], keys)

    for item in data:
        for existing in lists:
            if existing['tagName'] == item['tagName']:
                print('  Skipping %s (exists)' % item['shortName'])
                break
        else:
            # List iteration ended without breaking on a tag match so add
            # the signal as a new one
            print('  Adding %s' % item['shortName'])
            api.add_custom_signals(item)
예제 #13
0
def merge_site_members(api, data):
    print('Merging users...')

    # Get existing users
    keys = ['user']
    src = api.get_site_members()
    users = filter_data(src['data'], keys)

    # Loop through the users to add
    for item in data:
        for user in users:
            # Skip users that exist in the site
            if item['user']['email'] == user['user']['email']:
                print('  Skipping %s (exists)' % item['user']['email'])
                break
        else:
            # Add missing user
            print('  Adding %s' % item['user']['email'])
            role = {'role': item['role']}
            api.update_site_member(item['user']['email'], role)
예제 #14
0
def merge_custom_alerts(api, data):
    print('Merging custom alerts...')

    # Get existing alerts
    keys = [
        'id', 'tagName', 'longName', 'interval', 'threshold', 'enabled',
        'action'
    ]
    src = api.get_custom_alerts()
    alerts = filter_data(src['data'], keys)

    for item in data:
        if item['action'] == 'siteMetricInfo':
            # Default agent alerts are added at site creation
            continue
        for alert in alerts:
            if (item['tagName'] == alert['tagName']
                    and item['longName'] == alert['longName']):
                if (not alert['enabled']
                        and (item['interval'] != alert['interval']
                             or item['threshold'] != alert['threshold']
                             or item['enabled'] != alert['enabled']
                             or item['action'] != alert['action'])):
                    # Alert with same tag and description exists but is not
                    # enabled so update to match the source alert.
                    print('  Updating %s' % item['longName'])
                    api.update_custom_alert(alert['id'], item)
                    break
                else:
                    # Alert with same tag and description exists and is enabled
                    # or has the same values as the source alert so don't touch
                    # it.
                    print('  Skipping %s (exists)' % item['longName'])
                    break
        else:
            print('  Adding %s' % item['longName'])
            api.add_custom_alert(item)
예제 #15
0
def merge_rule_lists(api, data):
    print('Merging lists...')

    # Get the existing lists
    keys = ['id', 'name', 'type', 'entries']
    src = api.get_rule_lists()
    lists = filter_data(src['data'], keys)

    # Loop through the lists to merge in
    for item in data:
        existing = _find_match(item, lists, ['name', 'type'])
        if existing:
            # Found an existing list with same name and type
            _merge_lists(api, item, existing)
            # Go on to the next item
            continue

        existing = _find_match(item, lists, ['name'])
        if existing:
            # Found an existing list with the same name but different type.
            # Set the name to be the original name with the new type appended.
            # Names can only be 32 characters so need to leave space for the
            # type.
            item['name'] = '%s-%s' % (item['name'][0:31 - len(item['type'])],
                                      item['type'])

            # Make sure this new name doesn't already exist. If it does that
            # means it was already created on a previous merge and so will be
            # covered on another iteration through the existing lists.
            exist = _find_match(item, lists, ['name'])
            if not exist:
                _add_list(api, item)
            # Go on to the next item
            continue

        # No matching list was found to exist so add the list as a new one
        _add_list(api, item)
예제 #16
0
def get_integrations(api):
    keys = ['name', 'type', 'url', 'events']
    data = api.get_integrations()
    return filter_data(data['data'], keys)
예제 #17
0
def get_advanced_rules(api):
    keys = ['id', 'shortName']
    data = api.get_advanced_rules()
    return filter_data(data.get('data', []), keys)
예제 #18
0
def get_site_members(api):
    keys = ['user', 'role']
    data = api.get_site_members()
    return filter_data(data['data'], keys)
예제 #19
0
def get_custom_alerts(api):
    keys = [
        'tagName', 'longName', 'interval', 'threshold', 'enabled', 'action'
    ]
    data = api.get_custom_alerts()
    return filter_data(data['data'], keys)
예제 #20
0
def get_site(api):
    keys = ['agentLevel', 'blockDurationSeconds', 'blockHTTPCode']
    data = api.get_corp_site(api.site)
    return filter_data(data, keys)
예제 #21
0
def get_custom_signals(api):
    keys = ['tagName', 'shortName', 'description']
    data = api.get_custom_signals()
    return filter_data(data['data'], keys)
예제 #22
0
def get_rule_lists(api):
    keys = ['name', 'type', 'description', 'entries']
    data = api.get_rule_lists()
    return filter_data(data['data'], keys)