def __update_sensor_properties(self, sensor_id, config_alienvault): """ Update sensor properties """ # Only updates sensors with entries in sensor and sensor_properties tables # This situation could happen in Federated environments without forwarding enabled success, sensor = get_sensor_by_sensor_id(sensor_id) if not success or sensor is None: return sensor_detectors = config_alienvault.get('sensor_detectors', []) sensor_netflow = config_alienvault.get('sensor_netflow', 'no') prads_enabled = 'prads' in sensor_detectors nids_enabled = 'AlienVault_NIDS' in sensor_detectors netflow_enabled = sensor_netflow == 'yes' success, message = set_sensor_properties_active_inventory( sensor_id, nids_enabled) if not success: logger.warning( "[MonitorRetrievesRemoteInfo] " "set_sensor_properties_active_inventory failed: %s" % message) success, message = set_sensor_properties_passive_inventory( sensor_id, prads_enabled) if not success: logger.warning( "[MonitorRetrievesRemoteInfo] " "set_sensor_properties_pasive_inventory failed: %s" % message) success, message = set_sensor_properties_netflow( sensor_id, netflow_enabled) if not success: logger.warning("[MonitorRetrievesRemoteInfo] " "set_sensor_properties_netflow failed: %s" % message)
def __update_sensor_properties(self, sensor_id, config_alienvault): """ Update sensor properties """ # Only updates sensors with entries in sensor and sensor_properties tables # This situation could happen in Federated environments without forwarding enabled success, sensor = get_sensor_by_sensor_id(sensor_id) if not success or sensor is None: return sensor_detectors = config_alienvault.get('sensor_detectors', []) sensor_netflow = config_alienvault.get('sensor_netflow', 'no') prads_enabled = 'prads' in sensor_detectors nids_enabled = 'AlienVault_NIDS' in sensor_detectors netflow_enabled = sensor_netflow == 'yes' success, message = set_sensor_properties_active_inventory(sensor_id, nids_enabled) if not success: logger.warning("[MonitorRetrievesRemoteInfo] " "set_sensor_properties_active_inventory failed: %s" % message) success, message = set_sensor_properties_passive_inventory(sensor_id, prads_enabled) if not success: logger.warning("[MonitorRetrievesRemoteInfo] " "set_sensor_properties_pasive_inventory failed: %s" % message) success, message = set_sensor_properties_netflow(sensor_id, netflow_enabled) if not success: logger.warning("[MonitorRetrievesRemoteInfo] " "set_sensor_properties_netflow failed: %s" % message)
def start(self): try: self.remove_monitor_data() rc, system_list = get_systems() if not rc: logger.error("Can't retrieve systems..%s" % str(system_list)) return False for (system_id, system_ip) in system_list: success, sensor_id = get_sensor_id_from_system_id(system_id) if not success: continue success, result = get_plugins_from_yaml(sensor_id, no_cache=True) if not success: continue success, result = system_all_info(system_id, no_cache=True) if not success: continue success, result = network_status(system_id, no_cache=True) if not success: continue success, result = alienvault_status(system_id, no_cache=True) if not success: continue success, result = get_system_config_general(system_id, no_cache=True) if not success: continue #Getting config params from the system, we do use this result var so do not change the order of the calls! success, result = get_system_config_alienvault(system_id, no_cache=True) if not success: continue prads_enabled = False suricata_snort_enabled = False netflow_enabled = False ha_ip = None ha_role = None if 'sensor_detectors' in result: prads_enabled = True if 'prads' in result['sensor_detectors'] else False suricata_snort_enabled = True if 'snort' in result['sensor_detectors'] or 'suricata' in result['sensor_detectors'] else False if 'sensor_netflow' in result: netflow_enabled = True if result['sensor_netflow'] == 'yes' else False if 'ha_ha_virtual_ip' in result: ha_ip = result['ha_ha_virtual_ip'] if not is_valid_ipv4(ha_ip): ha_ip = None if 'ha_ha_role' in result: ha_role = result['ha_ha_role'] if ha_role not in ['master', 'slave']: ha_role = None success, result = get_interfaces(system_id, no_cache=True) if not success: continue success, result = system_get(system_id, no_cache=True) if not success: continue vpn_ip = None if "ansible_tun0" in result: try: vpn_ip = result['ansible_tun0']['ipv4']['address'] except: vpn_ip = None # TO DB; vpn_ip, netflow, active inventory, passive inventory # ha_ip success, message = set_sensor_properties_active_inventory(sensor_id, suricata_snort_enabled) if not success: continue success, message = set_sensor_properties_passive_inventory(sensor_id, prads_enabled) if not success: continue success, message = set_sensor_properties_netflow(sensor_id, netflow_enabled) if not success: continue if vpn_ip is not None: success, message = set_system_vpn_ip(system_id, vpn_ip) if not success: continue if ha_role is not None: success, message = set_system_ha_role(system_id, ha_role) if not success: continue if ha_ip is not None: success, message = set_system_ha_ip(system_id, ha_ip) if not success: continue except Exception as err: api_log.error("Something wrong happened while running the MonitorRetrievesRemoteInfo monitor %s" % str(err)) return False return True
def start(self): try: self.remove_monitor_data() rc, system_list = get_systems() if not rc: logger.error("Can't retrieve systems..%s" % str(system_list)) return False for (system_id, system_ip) in system_list: success, sensor_id = get_sensor_id_from_system_id(system_id) if not success: continue success, result = get_plugins_from_yaml(sensor_id, no_cache=True) if not success: continue success, result = system_all_info(system_id, no_cache=True) if not success: continue success, result = network_status(system_id, no_cache=True) if not success: continue success, result = alienvault_status(system_id, no_cache=True) if not success: continue success, result = get_system_config_general(system_id, no_cache=True) if not success: continue #Getting config params from the system, we do use this result var so do not change the order of the calls! success, result = get_system_config_alienvault(system_id, no_cache=True) if not success: continue prads_enabled = False suricata_snort_enabled = False netflow_enabled = False ha_ip = None ha_role = None if 'sensor_detectors' in result: prads_enabled = True if 'prads' in result[ 'sensor_detectors'] else False suricata_snort_enabled = True if 'snort' in result[ 'sensor_detectors'] or 'suricata' in result[ 'sensor_detectors'] else False if 'sensor_netflow' in result: netflow_enabled = True if result[ 'sensor_netflow'] == 'yes' else False if 'ha_ha_virtual_ip' in result: ha_ip = result['ha_ha_virtual_ip'] if not is_valid_ipv4(ha_ip): ha_ip = None if 'ha_ha_role' in result: ha_role = result['ha_ha_role'] if ha_role not in ['master', 'slave']: ha_role = None success, result = get_interfaces(system_id, no_cache=True) if not success: continue success, result = system_get(system_id, no_cache=True) if not success: continue vpn_ip = None if "ansible_tun0" in result: try: vpn_ip = result['ansible_tun0']['ipv4']['address'] except: vpn_ip = None # TO DB; vpn_ip, netflow, active inventory, passive inventory # ha_ip success, message = set_sensor_properties_active_inventory( sensor_id, suricata_snort_enabled) if not success: continue success, message = set_sensor_properties_passive_inventory( sensor_id, prads_enabled) if not success: continue success, message = set_sensor_properties_netflow( sensor_id, netflow_enabled) if not success: continue if vpn_ip is not None: success, message = set_system_vpn_ip(system_id, vpn_ip) if not success: continue if ha_role is not None: success, message = set_system_ha_role(system_id, ha_role) if not success: continue if ha_ip is not None: success, message = set_system_ha_ip(system_id, ha_ip) if not success: continue except Exception as err: api_log.error( "Something wrong happened while running the MonitorRetrievesRemoteInfo monitor %s" % str(err)) return False return True