class OsqueryProbe(OsqueryResultProbe):
serializer_class = OsqueryProbeSerializer
model_display = 'osquery'
create_url = reverse_lazy("osquery:create_probe")
template_name = "osquery/probe.html"
def load_validated_data(self, data):
super().load_validated_data(data)
self.discovery = data.get('discovery', [])
self.queries = [OsqueryQuery(probe=self, **query_data)
for query_data in data["queries"]]
self.can_delete_queries = len(self.queries) > 1
def iter_discovery_queries(self):
yield from self.discovery
def iter_scheduled_queries(self):
yield from self.queries
def get_discovery_display(self):
for discovery in self.discovery:
yield format_sql(discovery)
def get_extra_event_search_dict(self):
return {'event_type': self.forced_event_type,
'name__regexp': '(pack_[0-9a-f]{{{l}}}_)?{s}_[0-9a-f]{{{l}}}'.format(s=self.slug, l=self.hash_length)}
register_probe_class(OsqueryProbe)
url = store.get_visu_url("santa_event", probe_search_dict)
if url:
probe_links.append((store.name, url))
probe_links.sort()
return probe_links
def get_extra_context(self):
context = {}
# policies
policies = []
for policy in self.policies:
# policy links. match policy sha256.
policy_links = []
sha256 = policy['sha256']
if policy['rule_type'] == 'CERTIFICATE':
search_dict = {'signing_chain.sha256': [sha256]}
else:
search_dict = {'file_sha256': [sha256]}
for store in stores:
# match
url = store.get_visu_url("santa_event", search_dict)
if url:
policy_links.append((store.name, url))
policy_links.sort()
policies.append((policy, policy_links))
context['santa_policies'] = policies
return context
register_probe_class(SantaProbe)
def load_validated_data(self, data):
super().load_validated_data(data)
self.discovery = data.get('discovery', [])
self.queries = [
OsqueryQuery(probe=self, **query_data)
for query_data in data["queries"]
]
self.can_delete_queries = len(self.queries) > 1
def iter_discovery_queries(self):
yield from self.discovery
def iter_scheduled_queries(self):
yield from self.queries
def get_discovery_display(self):
for discovery in self.discovery:
yield format_sql(discovery)
def get_extra_event_search_dict(self):
return {
'event_type':
self.forced_event_type,
'name__regexp':
'(pack_[0-9a-f]{{{l}}}_)?{s}_[0-9a-f]{{{l}}}'.format(
s=self.slug, l=self.hash_length)
}
register_probe_class(OsqueryProbe)
"attribute": "type",
"operator": PayloadFilter.IN,
"values": self.install_types
},
]
if self.installed_item_names:
payload_filter_data.append({
"attribute": "name",
"operator": PayloadFilter.IN,
"values": self.installed_item_names
})
if self.unattended_installs is not None:
payload_filter_data.append({
"attribute":
"unattended",
"operator":
PayloadFilter.IN,
"values": [str(self.unattended_installs)]
} # str comparison
)
self.payload_filters = [PayloadFilter(payload_filter_data)]
def get_installed_item_names_display(self):
return ", ".join(sorted(self.installed_item_names))
def get_install_types_display(self):
return ", ".join(sorted(self.install_types))
register_probe_class(MunkiInstallProbe)
policy = serializers.ChoiceField(choices=Rule.POLICY_CHOICES)
rule_type = serializers.ChoiceField(choices=Rule.RULE_TYPE_CHOICES)
sha256 = serializers.RegexField(r'^[a-f0-9]{64}\Z')
custom_msg = serializers.CharField(required=False)
class SantaProbeSerializer(BaseProbeSerializer):
rules = serializers.ListField(child=RuleSerializer())
class SantaProbe(BaseProbe):
serializer_class = SantaProbeSerializer
model_display = "santa"
create_url = reverse_lazy("santa:create_probe")
template_name = "santa/probe.html"
forced_event_type = 'santa_event'
can_edit_payload_filters = False
def load_validated_data(self, validated_data):
super().load_validated_data(validated_data)
self.rules = [
Rule(self, **rule_data) for rule_data in validated_data["rules"]
]
self.can_delete_rules = len(self.rules) > 1
for r in self.rules:
self.payload_filters.append(
PayloadFilter(r.get_payload_filter_data()))
register_probe_class(SantaProbe)
{'name__startswith': [self.name]})
if url:
probe_links.append((store.name, url))
probe_links.sort()
return probe_links
def get_extra_context(self):
# queries
schedule = []
for query_name, osquery_query in self.iter_schedule_queries():
# query links. match query_name.
osquery_ctx = {}
query_links = []
for store in stores:
url = store.get_visu_url("osquery_result",
{'name': [query_name]})
if url:
query_links.append((store.name, url))
query_links.sort()
osquery_ctx['links'] = query_links
osquery_ctx['html_query'] = format_sql(osquery_query['query'])
osquery_ctx['interval'] = osquery_query.get('interval', None)
osquery_ctx['value'] = osquery_query.get('value', None)
osquery_ctx['description'] = osquery_query.get('description', None)
schedule.append(osquery_ctx)
return {'osquery_schedule': schedule,
'osquery_file_paths': self.file_paths}
register_probe_class(OSQueryProbe)
class MunkiInstallProbe(BaseProbe):
serializer_class = MunkiInstallProbeSerializer
model_display = "munki install"
create_url = reverse_lazy("munki:create_install_probe")
template_name = "munki/install_probe.html"
forced_event_type = "munki_event"
can_edit_payload_filters = False
def load_validated_data(self, data):
super().load_validated_data(data)
self.install_types = data["install_types"]
self.installed_item_names = data.get("installed_item_names", [])
self.unattended_installs = data.get("unattended_installs")
# probe with can_edit_payload_filters = False
# override the payload filters
kwargs = {'type': self.install_types}
if self.installed_item_names:
kwargs['name'] = self.installed_item_names
if self.unattended_installs is not None:
kwargs['unattended'] = [self.unattended_installs]
self.payload_filters = [PayloadFilter(**kwargs)]
def get_installed_item_names_display(self):
return ", ".join(sorted(self.installed_item_names))
def get_install_types_display(self):
return ", ".join(sorted(self.install_types))
register_probe_class(MunkiInstallProbe)
