def build_url_to_resilient(host, port, incident_id, task_id=None):
"""Builds the URL to resilient. If a task_id is provided builds
the URL to include the task"""
url = build_incident_url(build_resilient_url(host, port), incident_id)
if task_id:
url = "{0}?task_id={1}".format(url, task_id)
return url
def send_res_id_to_dlp(self, new_incident, dlp_incident_id):
"""send_res_id_to_dlp takes a newly created incident from Resilient and attempts to send its Incident ID to the corressponding DLP Incident
This reduces the amount of API calls made to Resilient on each Poll as any DLP Incidents with a resilient_incidentid are filtered out before we check Resilient
:param new_incident: Resilient Incident
:type new_incident: dict
"""
resilient_incident_url = build_incident_url(
url=build_resilient_url(self.opts.get('host'),
self.opts.get('port')),
incidentId=new_incident['id'])
headers = {'content-type': 'text/xml'}
body = """<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sch="http://www.vontu.com/v2011/enforce/webservice/incident/schema" xmlns:sch1="http://www.vontu.com/v2011/enforce/webservice/incident/common/schema">
<soapenv:Header/>
<soapenv:Body>
<sch:incidentUpdateRequest>
<!--1 or more repetitions:-->
<updateBatch>
<batchId>{batch}</batchId>
<!--Zero or more repetitions:-->
<incidentId>{dlp_id}</incidentId>
<incidentAttributes>
<!--Zero or more repetitions:-->
<customAttribute>
<sch1:name>resilient_incident_id</sch1:name>
<!--Optional:-->
<sch1:value>{resilient_id}</sch1:value>
</customAttribute>
<customAttribute>
<sch1:name>resilient_incident_url</sch1:name>
<!--Optional:-->
<sch1:value>{resilient_url}</sch1:value>
</customAttribute>
</incidentAttributes>
</updateBatch>
</sch:incidentUpdateRequest>
</soapenv:Body>
</soapenv:Envelope>""".format(
batch="_{}".format(uuid.uuid4()),
resilient_id=new_incident['id'],
dlp_id=dlp_incident_id,
resilient_url=resilient_incident_url)
response = DLPSoapClient.session.post(
DLPSoapClient.sdlp_incident_endpoint, data=body, headers=headers)
response.raise_for_status()
LOG.info(
"Sent new Resilient Incident ID back to the original DLP Incident as a custom attribute"
)
def build_conversation(self, card, incident_id, task_id, teams_payload,
teams_mrkdow):
"""
build the message card format used to post to teams webhooks
:param card:
:param incident_id:
:param task_id:
:param teams_payload: json formatted data
:param teams_mrkdow: true/false to support markdown format
:return: formatted card for transmission
"""
incident_url = build_incident_url(
build_resilient_url(self.opts['host'], self.opts['port']),
incident_id)
type = 'Incident'
# build url back to resilient
if task_id:
incident_url = "{}{}{}".format(incident_url, TASK_FRAGMENT,
task_id)
type = 'Task'
# url back to resilient
card.addLinkButton("Resilient {}".format(type), incident_url)
if teams_payload.get("title"):
card.title(teams_payload.get("title"))
mrkdown = MarkdownParser()
card.text(mrkdown.convert(teams_payload.get("summary", "-None-")))
for section in teams_payload.get("sections", []):
cardsection = pymsteams.cardsection()
if teams_mrkdow:
cardsection.enableMarkdown()
if section.get("title"):
cardsection.title(section.get("title"))
if section.get("text"):
cardsection.text(section.get("text"))
for fact in section.get("facts", []):
cardsection.addFact(fact.get("name"), fact.get("value"))
card.addSection(cardsection)
return card
def _build_createIssue_appDict(self, kwargs):
'''
build the dictionary used for the create api request
:param kwargs:
:return: dictionary of values to use
'''
validate_fields(
['incident_id', 'jira_project', 'jira_issuetype', 'jira_summary'],
kwargs)
# build the URL back to Resilient
url = build_incident_url(
build_resilient_url(self.res_params.get('host'),
self.res_params.get('port')),
kwargs['incident_id'])
if kwargs.get("task_id"):
url = "{}?task_id={}".format(url, kwargs.get("task_id"))
html2markdwn = MarkdownParser(strikeout=constants.STRIKEOUT_CHAR,
bold=constants.BOLD_CHAR,
underline=constants.UNDERLINE_CHAR,
italic=constants.ITALIC_CHAR)
data = {
'url': self.options['url'],
'user': self.options['user'],
'password': self.options['password'],
'verifyFlag': str_to_bool(self.options.get('verify_cert', 'True')),
'project': self.get_textarea_param(kwargs['jira_project']),
'issuetype': self.get_textarea_param(kwargs['jira_issuetype']),
'fields': {
'summary':
self.get_textarea_param(kwargs['jira_summary']),
'description':
u"{}\n{}".format(
url,
html2markdwn.convert(kwargs.get('jira_description', '')))
}
}
if kwargs.get('jira_priority'):
data['fields']['priority'] = {"id": kwargs['jira_priority']}
if kwargs.get('jira_assignee'):
data['fields']['assignee'] = {"name": kwargs['jira_assignee']}
return data
def _buildIncidentPayload(self, kwargs, pd_options, res_options):
# Get the function parameters:
incidentID = kwargs.get("incidentID")
url = build_incident_url(
build_resilient_url(self.res_options.get('host'),
self.res_options.get('port')), incidentID)
payloadDict = pd_options.copy()
payloadDict['incidentID'] = incidentID
payloadDict['title'] = unescape(kwargs.get("pd_title"))
desc = self.get_textarea_param(kwargs.get("pd_description"))
if desc:
desc = clean_html(desc)
else:
desc = ''
payloadDict['description'] = '\n'.join((url, desc))
payloadDict['service'] = kwargs.get("pd_service")
payloadDict['escalation_policy'] = kwargs.get("pd_escalation_policy")
payloadDict['priority'] = kwargs.get("pd_priority")
payloadDict['incident_key'] = kwargs.get("pd_incident_key")
return payloadDict