示例#1
0
文件: common.py 项目: TPLink32/spnk1
def get_firewall_credentials(session_key):
    """Given a splunk session_key returns a clear text user name
    and password from a splunk password container"""
    try:
        # Get all credentials
        logger.debug("Getting firewall credentials from Splunk")
        entities = entity.getEntities(['admin', 'passwords'],
                                      namespace=APPNAME,
                                      owner='nobody',
                                      sessionKey=session_key)

        accounts = entity.getEntities(['admin', 'Splunk_TA_paloalto_account'],
                                      namespace=APPNAME,
                                      owner='nobody',
                                      sessionKey=session_key)
    except Exception as e:
        exit_with_error("Could not get %s credentials from splunk. \
                         Error: %s" % (APPNAME, str(e)))
    # Check for username and passwords
    for i, c in accounts.items():
        if i.lower() == 'firewall' or i.lower() == 'panorama':
            username = accounts[i]['username']

    for i, c in entities.items():
        if c['username'] == 'Firewall``splunk_cred_sep``1':
            logger.debug('Match found for firewall credentials')
            clear_password = json.loads(c['clear_password'])
            password = clear_password['password']

    if username and password:
        logger.debug('Credentials have been found')
        return username, password
    else:
        raise NoCredentialsFound("No credentials have been found")
示例#2
0
    def getCapabilities4User(user=None, session_key=None):
        roles = []
        capabilities = []

        # Get user info
        if user is not None:
            userDict = en.getEntities('authentication/users/%s' % (user),
                                      count=-1,
                                      sessionKey=session_key)

            for stanza, settings in userDict.items():
                if stanza == user:
                    for key, val in settings.items():
                        if key == 'roles':
                            roles = val

        # Get capabilities
        for role in roles:
            roleDict = en.getEntities('authorization/roles/%s' % (role),
                                      count=-1,
                                      sessionKey=session_key)

            for stanza, settings in roleDict.items():
                if stanza == role:
                    for key, val in settings.items():
                        if key == 'capabilities' or key == 'imported_capabilities':
                            capabilities.extend(val)

        return capabilities
示例#3
0
 def getCapabilities4User(user=None, session_key=None):
     roles = []
     capabilities = []
     
     ## Get user info              
     if user is not None:
         logger.info('Retrieving role(s) for current user: %s' % (user))
         userDict = en.getEntities('authentication/users/%s' % (user), count=-1, sessionKey=session_key)
     
         for stanza, settings in userDict.items():
             if stanza == user:
                 for key, val in settings.items():
                     if key == 'roles':
                         logger.info('Successfully retrieved role(s) for user: %s' % (user))
                         roles = val
          
     ## Get capabilities
     for role in roles:
         logger.info('Retrieving capabilities for current user: %s' % (user))
         roleDict = en.getEntities('authorization/roles/%s' % (role), count=-1, sessionKey=session_key)
         
         for stanza, settings in roleDict.items():
             if stanza == role:
                 for key, val in settings.items():
                     if key == 'capabilities' or key =='imported_capabilities':
                         logger.info('Successfully retrieved %s for user: %s' % (key, user))
                         capabilities.extend(val)
         
     return capabilities
def get_firewall_credentials(session_key):
    """Given a splunk session_key returns a clear text user name
    and password from a splunk password container"""
    try:
        # Get all credentials
        logger.debug("Getting firewall credentials from Splunk")
        entities = entity.getEntities(['admin', 'passwords'],
                                      namespace=APPNAME, owner='nobody',
                                      sessionKey=session_key)

        accounts = entity.getEntities(['admin', 'Splunk_TA_paloalto_account'],
                                      namespace=APPNAME, owner='nobody',
                                      sessionKey=session_key)
    except Exception as e:
        exit_with_error("Could not get %s credentials from splunk. \
                         Error: %s" % (APPNAME, str(e)))
    # Check for username and passwords
    for i, c in accounts.items():
        if i.lower() == 'firewall' or i.lower() == 'panorama':
            username = accounts[i]['username']

    for i, c in entities.items():
        if c['username'] == 'Firewall``splunk_cred_sep``1':
            logger.debug('Match found for firewall credentials')
            clear_password = json.loads(c['clear_password'])
            password = clear_password['password']

    if username and password:
        logger.debug('Credentials have been found')
        return username, password
    else:
        raise NoCredentialsFound("No credentials have been found")
示例#5
0
 def getCapabilities4User(user=None, session_key=None):
     """
     Get the capabilities for the given user.
     """
     
     roles = []
     capabilities = []
     
     # Get user info              
     if user is not None:
         logger.info('Retrieving role(s) for current user: %s' % (user))
         userDict = entity.getEntities('authentication/users/%s' % (user), count=-1, sessionKey=session_key)
     
         for stanza, settings in userDict.items():
             if stanza == user:
                 for key, val in settings.items():
                     if key == 'roles':
                         logger.info('Successfully retrieved role(s) for user: %s' % (user))
                         roles = val
          
     # Get capabilities
     for role in roles:
         logger.info('Retrieving capabilities for current user: %s' % (user))
         roleDict = entity.getEntities('authorization/roles/%s' % (role), count=-1, sessionKey=session_key)
         
         for stanza, settings in roleDict.items():
             if stanza == role:
                 for key, val in settings.items():
                     if key == 'capabilities' or key =='imported_capabilities':
                         logger.info('Successfully retrieved %s for user: %s' % (key, user))
                         capabilities.extend(val)
         
     return capabilities     
示例#6
0
def reloadConf(self, procInputs=[], scriptInputs=[]):
	for procInput in procInputs:
		en.getEntities( procInput,
		  	sessionKey = self.getSessionKey() )

	#TODO: Handle restart of individual cripted
	for scriptInput in scriptInputs:
		en.getEntities( scriptInput,
		  	sessionKey = self.getSessionKey() )
示例#7
0
def search(token, srch=None, sort='seed'):

    if srch:
        return entity.getEntities(ENTITY_PATH, namespace=APP_NAME,
                                  owner='nobody', sessionKey=token, 
                                  sort_key=sort, search=srch)
    else:
        return entity.getEntities(ENTITY_PATH, namespace=APP_NAME,
                                  owner='nobody', sessionKey=token,
                                  sort_key=sort) 
示例#8
0
def search(token, srch=None, sort='seed'):

    if srch:
        return entity.getEntities(ENTITY_PATH,
                                  namespace=APP_NAME,
                                  owner='nobody',
                                  sessionKey=token,
                                  sort_key=sort,
                                  search=srch)
    else:
        return entity.getEntities(ENTITY_PATH,
                                  namespace=APP_NAME,
                                  owner='nobody',
                                  sessionKey=token,
                                  sort_key=sort)
示例#9
0
    def getParsedView(self, namespace, refresh, rawxml, viewid, viewdigest):
        with self.views_lock:
            entry = self.digest_to_view_map.get(viewdigest)
            if entry:
                self.touchCacheEntry(viewdigest)
                # Cache hit!
                return entry

        if len(rawxml) == 0:
            # Only do a single viewstate GET for each batch of cache misses.
            rawxml.update(en.getEntities(VIEW_ENTITY_CLASS,
                                         namespace=namespace,
                                         refresh=refresh,
                                         count=-1))

        parsed_view = None
        try:
            viewobj = rawxml.get(viewid)
            if not viewobj:
                # This view's digest appeared in an earlier GET, but it no
                # longer exists now that we are trying to fetch its contents.
                # It has probably been deleted or re-permissioned. Ignore it.
                return None
            native_view = viewconf.loads(viewobj.get('eai:data'), viewid, isStorm=splunk.util.normalizeBoolean(cherrypy.config.get('storm_enabled')))
            parsed_view = self._generateViewRoster(viewid, native_view, viewobj.getFullPath())
            with self.views_lock:
                self.digest_to_view_map[viewdigest] = parsed_view
                self.touchCacheEntry(viewdigest)
                self.evictLeastRecentlyUsed()
            logger.info('Populate cache for view "%s" (%s) with digest %s, making cache_size=%s' % (viewid, namespace, viewdigest, len(self.digest_to_view_map)))
        except Exception, e:
            logger.error('Error loading view "%s"' % viewid)
            logger.exception(e)
示例#10
0
def get_credentials(session_key, owner, namespace):
    """
    :param session_key:
    :return: AWS Keys
    """
    import os, sys, logging as logger
    logger.basicConfig(level=logger.INFO,
                       format='%(asctime)s %(levelname)s %(message)s',
                       filename=os.path.join(os.environ['SPLUNK_HOME'], 'var',
                                             'log', 'splunk',
                                             'trusted_advisor.log'),
                       filemode='a')

    try:
        # list all credentials
        entities = entity.getEntities(['admin', 'passwords'],
                                      namespace=namespace,
                                      owner=owner,
                                      sessionKey=session_key)
    except Exception as unknown_exception:
        raise Exception("Could not get %s credentials from splunk. Error: %s" %
                        ("AWS_Trusted_Advisor", str(unknown_exception)))
    # grab first set of credentials
    if entities:
        for i, stanza in entities.items():
            if stanza['eai:acl']['app'] == namespace:
                cred = json.loads(stanza['clear_password'])
                return cred['aws_access_key'], cred['aws_secret_key']
    else:
        message = 'No credentials have been found. Please set them up in your AWS console.'
        make_error_message(message, session_key, 'common.py')
        sys.exit(0)
def get_wildfire_apikey(session_key):
    """Given a splunk session_key returns a clear
    text API Key from a splunk password container"""
    try:
        logger.debug("Getting wildfire apikey from Splunk")
        entities = entity.getEntities(['admin', 'passwords'],
                                      namespace=APPNAME, owner='nobody',
                                      sessionKey=session_key)
    except Exception as e:
        entities = {}
        exit_with_error("Could not get %s credentials from splunk."
                        "Error: %s" % (APPNAME, str(e)))
    try:
        clear_password = json.loads(entities['__REST_CREDENTIAL__#Splunk_TA_paloalto#configs/conf-splunk_ta_paloalto_settings:additional_parameters``splunk_cred_sep``1:']['clear_password'])
        api_key = clear_password['wildfire_api_key']
        logger.debug('WildFire API key exists')
        return api_key
    except KeyError:
        logger.info(
            "There are Palo Alto Networks WildFire malware events, "
            "but no WildFire API Key found, please set the API key "
            "in the Splunk_TA_paloalto Add-on Configuration dashboard.")
        exit_with_error("No WildFire API key is set, "
                        "set apikey in Add-on configuration.",
                        log_error=False,
                        log_traceback=False)
    except (ValueError, TypeError):
        exit_with_error("Problem getting WildFire API Key from JSON returned by Splunk password API")
    def _set_user_directory(self, sessionKey, user, post_data):
        logger.debug("START _set_user_directory()")

        required = ['user_directory']
        missing = [r for r in required if r not in post_data]
        if missing:
            return self.response("Missing required arguments: {}".format(missing), http.client.BAD_REQUEST)

        user_directory = post_data.pop('user_directory')

        if user_directory in [ 'both',  'builtin', 'alert_manager']:

            logger.info("Set active user directory to {}".format(user_directory))


            config = entity.getEntities('configs/alert_manager', count=-1, sessionKey=sessionKey)

            settings = dict(config['settings'])
            if 'eai:acl' in settings:
                del settings['eai:acl']

            settings['user_directories'] = user_directory

            logger.debug("settings: {}".format(settings))

            uri = '/servicesNS/nobody/alert_manager/admin/alert_manager/settings?{}'.format(urllib.parse.urlencode(settings))
            serverResponse, serverContent = rest.simpleRequest(uri, sessionKey=sessionKey, method='POST')

            logger.info("User Directory changed. Response: {}".format(serverResponse))

            return self.response('User Directory successfully changed', http.client.OK)
        else:
            msg = 'Invalid user_directory parameter provided!'
            logger.exception(msg)
            return self.response(msg, http.client.INTERNAL_SERVER_ERROR)
示例#13
0
def getIPSCredentials(sessionKey, host):
    try:
        #adding count='-1' as parameter per ADDON-3724
        entities = entity.getEntities(['storage', 'passwords'],
                                      namespace=APPNAME,
                                      owner='nobody',
                                      sessionKey=sessionKey,
                                      count='-1')
    except:
        exception = traceback.format_exc()
        exception = re.sub(r"[\r\n]+", " ", exception)
        logger('Could not get IPS ' + host + ' credentials from splunk: ' +
               exception)
        time.sleep(300)
        sys.exit()

    for i, c in entities.items():
        if c['realm'] == host:
            return c['username'], c['clear_password']

    logger('No credentials for IPS ' + host + ' were found!')
    # This appears to sleep 5 minutes and then quit because it does sleep 5 minutes and then quit.
    # ...Yet this script is called every 1 second IF it is not running, so this sleep actually
    #    delays the next instantiation by 5 minutes
    time.sleep(300)
    sys.exit()
 def validateLocalClusterArgs(self, conf):
     import util
     uri = util.getProperty(self.callerArgs, 'uri', conf)
     if not self._isLocalURI(uri):
         raise HcException(HCERR0503, {
             'name': 'uri',
             'value': uri,
             'accepted_values': 'file://<path>'
         })
     import os.path
     if not os.path.isdir(uri[7:]):
         raise HcException(HCERR0502, {
             'name': 'uri',
             'value': uri,
             'error': 'path does not exist'
         })
     import splunk.entity as en
     clusters = en.getEntities('admin/conf-clusters',
                               search='uri=file://*',
                               namespace=self.appName,
                               owner=self.userName,
                               sessionKey=self.getSessionKey())
     for name, obj in clusters.items():
         if name != self.callerArgs.id and obj['uri'].rstrip(
                 '/') == uri.rstrip('/'):
             raise HcException(HCERR1515, {'path': uri, 'cluster': name})
示例#15
0
    def index(self, one, two, three=None, four=None, **kw):
        '''Returns a list of entities assuming the standard entity paths, omitting the /services path prefix.'''
        resp = []

        try:
            if 'owner' not in kw:
                kw['owner'] = cherrypy.session['user'].get('name')

            entity_path = '/'.join(
                [seg for seg in [one, two, three, four] if seg is not None])
            entities = entity.getEntities(
                entity_path,
                sessionKey=cherrypy.session['sessionKey'],
                **entity.entityParams(**kw))

            # This is set to support pagination in non search result lists.
            # This same hack is used in JobManager, it should probably be removed by
            # implementing a standard non-job entity, like an EntityContext to compliment
            # the SearchContext. TODO: research this more.
            cherrypy.response.headers[
                'X-Splunk-List-Length'] = entities.totalResults

        except (splunk.ResourceNotFound, splunk.RESTException), e:
            logger.warn(
                'Splunk could not find entities at "%s".  Error message: %s' %
                (entity_path, str(e)))
            return resp
示例#16
0
    def get_credetials(self, username=None, app="-"):
        if app in [None, '', '-']:
            script_dir = os.path.dirname(os.path.abspath(__file__))
            splunk_paths = self.give_splunk_paths(script_dir)
            app = splunk_paths['app_name']

        try:
            # list all credentials available
            entities = entity.getEntities(['admin', 'passwords'],
                                          namespace=app,
                                          owner='nobody',
                                          sessionKey=self.sessionKey)
            self.logger.debug("entities: " + str(entities))
        except Exception:
            self.logger.exception("Could not get " + str(app) +
                                  " credentials from splunk.")

        found = 0
        # make a dict when the correct info is found
        for i, c in entities.items():
            if c['username'] == username:
                credentials = {c['username']: c['clear_password']}
                password = credentials[username]
                found = 1
                break

        if found == 0:
            password = "******"

        return password
示例#17
0
def run():
    logger.debug("start running.")
    config = get_config()
    logger.debug("config = %s" % config)
    try:
        servers = en.getEntities(["admin","opcservers"], sessionKey=config["session_key"], hostPath=config["server_uri"])
        logger.debug("servers = %s" % servers)
    except Exception as ex:
        logger.critical("%ss" % ex)
    
    server = servers[config["server"]]    
    logger.debug("server = %s" % server)
    
    opcserver = dict( dcomhost = server["dcomhost"], domain = server["domain"], user = server["user"], password = server["password"], 
                      progid = server["progid"], clsid = server["clsid"])
    
    measures = dict( items = config["measures"], duration = config["duration"], 
                     polltime = config["polltime"], collector = config["collector"], writer = config["writer"], parameters = config.get("parameters", ""))
    
    logger.debug("Measured server = %s." % opcserver)
    logger.debug("Measuring the items = %s." % measures)

    try:
        msg = opc.runMeasure(opcserver, measures)
        logger.debug("Measuring is done [%s]." % msg)
    except Exception as ex:
        logger.critical("Request error as ex = %s" % ex)
    def get_app_credentials(self, session_key, owner, namespace):
        """
        :param session_key:
        :return: AWS Keys
        """
        import os, sys, logging as logger
        logger.basicConfig(level=logger.INFO,
                           format='%(asctime)s %(levelname)s %(message)s',
                           filename=os.path.join(
                               os.environ['SPLUNK_HOME'], 'var', 'log',
                               'splunk',
                               'ta_aws_surface_aws_surface_cloudtrail.log'),
                           filemode='a')

        try:
            # list all credentials
            entities = entity.getEntities(['admin', 'passwords'],
                                          namespace=namespace,
                                          owner='-',
                                          sessionKey=session_key,
                                          count=0)
        except Exception as unknown_exception:
            raise Exception(
                "Could not get %s credentials from splunk. Error: %s" %
                ("AWS_Trusted_Advisor", str(unknown_exception)))
        # grab first set of credentials
        if entities:
            for i, stanza in entities.items():
                if stanza['eai:acl']['app'] == namespace:
                    # cred = stanza['clear_password']
                    yield stanza
        else:
            message = 'No credentials have been found. Please set them up in your AWS console.'
            logger.warning(message, session_key, 'common.py')
示例#19
0
def get_credentials(app, session_key):
    try:
        # list all credentials
        entities = en.getEntities(['admin', 'passwords'],
                                  namespace=app,
                                  owner='nobody',
                                  sessionKey=session_key)
    except Exception as e:
        raise Exception("Could not get %s credentials from Splunk. Error: %s" %
                        (app, str(e)))

    credentials = []

    for id, c in list(entities.items()):  # pylint: disable=unused-variable
        # c.keys() = ['clear_password', 'password', 'username', 'realm', 'eai:acl', 'encr_password']
        if c['eai:acl']['app'] == app:
            credentials.append({
                'realm': c["realm"],
                'username': c["username"],
                "password": c["clear_password"]
            })

    if len(credentials) > 0:
        return credentials
    else:
        raise Exception("No credentials have been found")
示例#20
0
def getCredentials(sessionKey):
   myapp = 'BTHomeHub'
   try:
      # list all credentials
      entities = entity.getEntities(['admin', 'passwords'], namespace=myapp, owner='nobody', sessionKey=sessionKey)
   except Exception, e:
      raise Exception("Could not get %s credentials from splunk. Error: %s" % (myapp, str(e)))
示例#21
0
def getCredentials(sessionKey, host):
    myapp = __file__.split(os.sep)[-3]
    try:
        # list all credentials
        entities = entity.getEntities(['admin', 'passwords'], namespace=myapp, owner='nobody', sessionKey=sessionKey)
    except Exception, e:
        logging.error("Could not get %s credentials from splunk. Error: %s" % (myapp, str(e)))
示例#22
0
文件: common.py 项目: TPLink32/spnk1
def get_wildfire_apikey(session_key):
    """Given a splunk session_key returns a clear
    text API Key from a splunk password container"""
    try:
        logger.debug("Getting wildfire apikey from Splunk")
        entities = entity.getEntities(['admin', 'passwords'],
                                      namespace=APPNAME,
                                      owner='nobody',
                                      sessionKey=session_key)
    except Exception as e:
        entities = {}
        exit_with_error("Could not get %s credentials from splunk."
                        "Error: %s" % (APPNAME, str(e)))
    try:
        clear_password = json.loads(entities[
            '__REST_CREDENTIAL__#Splunk_TA_paloalto#configs/conf-splunk_ta_paloalto_settings:additional_parameters``splunk_cred_sep``1:']
                                    ['clear_password'])
        api_key = clear_password['wildfire_api_key']
        logger.debug('WildFire API key exists')
        return api_key
    except KeyError:
        logger.info(
            "There are Palo Alto Networks WildFire malware events, "
            "but no WildFire API Key found, please set the API key "
            "in the Splunk_TA_paloalto Add-on Configuration dashboard.")
        exit_with_error(
            "No WildFire API key is set, "
            "set apikey in Add-on configuration.",
            log_error=False,
            log_traceback=False)
    except (ValueError, TypeError):
        exit_with_error(
            "Problem getting WildFire API Key from JSON returned by Splunk password API"
        )
示例#23
0
 def get_wildfire_apikey(self):
     """Given a splunk session_key returns a clear
     text API Key from a splunk password container"""
     try:
         self.logger.debug("Getting wildfire apikey from Splunk")
         entities = entity.getEntities(['admin', 'passwords'],
                                       namespace=self.APPNAME,
                                       owner='nobody',
                                       sessionKey=self.session_key)
     except Exception as e:
         self.exit_with_error("Could not get %s credentials from splunk. \
                              Error: %s" % (self.APPNAME, str(e)))
     if ('__REST_CREDENTIAL__#Splunk_TA_paloalto#configs/conf-splunk_ta_paloalto_settings:additional_parameters``splunk_cred_sep``1:'
             in entities):
         clear_password = json.loads(entities[
             '__REST_CREDENTIAL__#Splunk_TA_paloalto#configs/conf-splunk_ta_paloalto_settings:additional_parameters``splunk_cred_sep``1:']
                                     ['clear_password'])
         if 'wildfire_api_key' in clear_password:
             api_key = clear_password['wildfire_api_key']
             self.logger.debug('Password exist')
             return api_key
         else:
             self.exit_with_error("No Wildfire API key is set, "
                                  "set apikey in App configuration.")
     else:
         self.logger.warn(
             "There are Palo Alto Networks WildFire malware events, "
             "but no WildFire API Key found, please set the API key "
             "in the Splunk_TA_paloalto App set up page")
         self.exit_with_error("No Wildfire API key is set, "
                              "set apikey in App configuration.")
示例#24
0
    def _validateURI(self, uri):
        if len(self.clusters) == 0:
            msg = None
            #1. hit the clusters endpoint 
            import splunk.entity as entity
            logger.error("Namespace: {}".format(self.namespace))
            logger.error("Owner: {}".format(self.owner))
            logger.error("sessionKey: {}".format(self.sessionKey))
            logger.error("Splunk Debug is here first")
            try:
                self.clusters = entity.getEntities('admin/conf-clusters', namespace=self.namespace, owner=self.owner, sessionKey=self.sessionKey)
                logger.error(self.clusters)
            except Exception as e:
                logger.exception('Failed to get entities admin/conf-clusters')
                msg = str(e)
                if isinstance(e, splunk.RESTException):
                    msg = e.get_extended_message_text()
            if msg != None:
                raise HcException(HCERR2002, {'entity_path':'admin/conf-clusters', 'search':'', 'uri':'', 'error':msg})
        
        found = False
        for name, cluster in self.clusters.items():
            cluster_uri = cluster.get('uri', '')
            if cluster_uri == '':
               continue
            if not uri.startswith(cluster_uri):
               continue
            found = True
            break

        if not found:
           raise HcException(HCERR1005, {'uri':uri})       
 def get_data(self, eai_path, root, msg=None, **kwargs):
     entity_path = eai_path
     if len(root) > 0:
         entity_path = '/'.join([eai_path, root])
         
     try:
         entities = en.getEntities(entity_path, sessionKey=cherrypy.session['sessionKey'], **kwargs)
         
     except splunk.RESTException, e:
         if e.statusCode == 401:
             err = _('Client is not authenticated.')
             return (None, (err,400))
             
         elif e.statusCode == 403:
             err = _('You are not authorized to perform this action.')
             return (None, (err,400))
             
         else: 
             err = _('Unable to open the selected path. Path doesn\'t exist or access is denied.')
             if not msg and len(root)>0:
                 # return error and the root nodes
                 logger.warn('%s %s' % (err, e.get_extended_message_text()))
                 return self.get_data(eai_path, '', msg=err, **kwargs)
             else:                     
                 # if root node can't be accessed, just display the message
                 return (None, err)
示例#26
0
    def load_protected_items_str(self, realms=None):
        reload(entity)
        storage = self.STORAGE_PATH
        app = self.app_name
        owner = self.STORAGE_OWNER

        # BUG !
        # если не задать search=, то вернутся записи от всех приложений, но расшифроваться не смогут и упадут
        ee = entity.getEntities(storage,
                                search=None,
                                namespace=app,
                                owner=owner,
                                sessionKey=self.session_key)
        result = []
        for full_key, e in ee.items():
            if realms is not None and e[self.ENTITY_FIELD_REALM] not in realms:
                continue
            if self.ENTITY_FIELD_REALM not in e.properties:
                raise ProtectedStoreError(
                    'Password cant be decrypted (usually after splunk upgrade)'
                )
            item = {
                'realm': e[self.ENTITY_FIELD_REALM],
                'key': e[self.ENTITY_FIELD_KEY],
                'value': e[self.ENTITY_FIELD_VALUE]
            }
            result.append(item)
        return result
def getEntities(entityPath,
                namespace=None,
                owner=None,
                sessionKey=None,
                count=None,
                offset=0,
                hostPath=None,
                available=True):
    conns = en.getEntities(entityPath,
                           namespace=namespace,
                           owner=owner,
                           count=count,
                           offset=offset,
                           sessionKey=sessionKey,
                           hostPath=hostPath)

    for name in conns:
        params = conns[name].properties
        if available:
            for n, v in params.items():
                if n in ["disabled"] or n.endswith(".disabled"):
                    if v in ["-1"] or util.normalizeBoolean(v):
                        del conns[name]

    return conns
示例#28
0
    def set_user_directory(self, user_directory, **kwargs):
        logger.info("Set active user directory to %s" % user_directory)
        user = cherrypy.session['user']['name']
        sessionKey = cherrypy.session.get('sessionKey')

        config = entity.getEntities('configs/alert_manager',
                                    count=-1,
                                    sessionKey=sessionKey)

        settings = dict(config['settings'])
        if 'eai:acl' in settings:
            del settings['eai:acl']

        settings['user_directories'] = user_directory

        logger.debug("settings: %s" % settings)

        uri = '/servicesNS/nobody/alert_manager/admin/alert_manager/settings?%s' % urllib.urlencode(
            settings)
        serverResponse, serverContent = rest.simpleRequest(
            uri, sessionKey=sessionKey, method='POST')

        logger.debug("Active directory changed. Response: %s" % serverResponse)

        return 'Ok'
示例#29
0
    def get_credential(self, username):
        '''
        Searches passwords using username and returns tuple of username and password if credentials are found else tuple of empty string
        :param username: Username used to search credentials.
        :return: username, password
        '''
        # list all credentials
        entities = entity.getEntities(["admin", "passwords"],
                                      search=APP_NAME,
                                      count=-1,
                                      namespace=APP_NAME,
                                      owner="nobody",
                                      sessionKey=self.session_key)

        # return first set of credentials
        for _, value in list(entities.items()):
            # if str(value["eai:acl"]["app"]) == APP_NAME and value["username"] == username:
            if value['username'].partition(
                    '`')[0] == username and not value.get(
                        'clear_password', '`').startswith('`'):
                try:
                    return json.loads(
                        value.get('clear_password', '{}').replace("'", '"'))
                except:
                    return value.get('clear_password', '')
示例#30
0
def get_proxies(session_key):
    import splunk.entity as entity
    util_logger.debug("Getting proxy settings")
    myapp = 'pyden-manager'
    user = ""
    password = ""
    util_logger.debug("Getting proxy password")
    try:
        entities = entity.getEntities(['admin', 'passwords'],
                                      namespace=myapp,
                                      owner='nobody',
                                      sessionKey=session_key)
    except Exception as e:
        util_logger.error("Could not obtain proxy credentials")
        raise Exception("Could not get %s credentials from splunk. Error: %s" %
                        (myapp, str(e)))

    for i, c in entities.items():
        user, password = c['username'], c['clear_password']

    auth = "%s:%s@" % (user, password) if user else ""
    proxy = load_pyden_config()[0].get('appsettings', 'proxy')

    proxies = {
        "http": "http://%s%s/" % (auth, proxy),
        "https": "https://%s%s/" % (auth, proxy)
    } if proxy else {}
    return proxies
 def getExistingExtractions(self, constraint=None):
    search = "type=inline"
    if constraint != None:
       search = "%s AND %s" % (search, constraint)
       
    entities = en.getEntities('data/props/extractions', namespace=self._namespace, owner=self._owner,
                              search=search,  count=-1, sessionKey=self._sessionKey)
    return entities
示例#32
0
def get(view, viewstate_id, namespace, owner):
    '''
    Returns a viewstate object that defines a param set
    '''

    logger.debug('get - view=%s viewstate_id=%s namespace=%s owner=%s' %
                 (view, viewstate_id, namespace, owner))

    altView = view

    # empty viewstate means default sticky state
    if viewstate_id == None:
        viewstate_id = CURRENT_VIEWSTATE_KEY

    # otherwise check if viewstate is absolute
    else:
        altView, viewstate_id = parseViewstateHash(viewstate_id)

    logger.debug("Found altView: %s viewstate_id: %s" %
                 (altView, viewstate_id))

    # construct proper stanza search string
    if altView == None:
        stanzaSearch = buildStanzaName(view, viewstate_id)
    else:
        # altView can only be None if a viewstate_id was defined
        # but no view was found when parseViewstateHash was run,
        # thus we almost always get here.
        stanzaSearch = buildStanzaName(altView, viewstate_id)

    # 1) Two part strategy, first try to get the viewstate by name. This usually works.
    # 2) If nothing is returned, run the search in case a generic viewstate
    #    is provided.
    #
    # This turns 1 request into 2 in some edge cases but for 90% of the issues I found
    # it eliminated the slower search requests viewstate was previously making.
    try:
        matchingStanzas = en.getEntities('/'.join(
            [VIEWSTATE_ENTITY_CLASS, stanzaSearch]),
                                         namespace=namespace,
                                         owner=owner)
    except splunk.ResourceNotFound, e:
        matchingStanzas = en.getEntities(VIEWSTATE_ENTITY_CLASS,
                                         namespace=namespace,
                                         owner=owner,
                                         search="name=%s" % stanzaSearch)
示例#33
0
 def getExistingExtractions(self, constraint=None):
    search = "type=inline"
    if constraint != None:
       search = "%s AND %s" % (search, constraint)
       
    entities = en.getEntities('data/props/extractions', namespace=self._namespace, owner=self._owner,
                              search=search,  count=-1, sessionKey=self._sessionKey)
    return entities
def getCredentials(sessionKey):
    myapp = 'tanium'
    try:
    # list all credentials
        entities = entity.getEntities(['admin', 'passwords'], namespace=myapp,
                                  owner='nobody', sessionKey=sessionKey)
    except Exception, e:
        raise Exception("Could not get %s credentials from splunk. Error: %s" % (myapp, str(e)))
示例#35
0
def getCredentials():
   myapp = 'GoogleGeoCode'
   entities = entity.getEntities(['admin','passwords'], namespace=myapp, owner='nobody',sessionKey=sessionKey)
   # return first set of credentials
   for i,c in entities.items():
      username=c['username']
      password=c['clear_password']
      return password
示例#36
0
def _config_dict(session_key, attempt=0):
    """
    :param session_key: A session key for calls to Splunk functions.
    :param attempt:     The number of the attempt to get the dictionary.
                         Defaults to 0.
    :return:            A dictionary containing Splunk config info.
    """
    if attempt > 19 or not session_key:
        return {}

    try:
        # list all credentials
        password_entities = entity.getEntities(['admin', 'passwords'], namespace='code42',
                                               owner='nobody', sessionKey=session_key)
        config_console_entities = entity.getEntities(['code42', 'config', 'console'], namespace='code42',
                                                     owner='nobody', sessionKey=session_key)
        config_script_entities = entity.getEntities(['code42', 'config', 'script'], namespace='code42',
                                                    owner='nobody', sessionKey=session_key)
    except Exception as exception:
        raise Exception("Could not get code42 credentials from splunk. Error: %s" % (str(exception)))

    config = {}
    try:
        result = [item for _, item in password_entities.items() if 'username' in item and 'clear_password' in item][0]
        config['username'] = result['username']
        config['password'] = result['clear_password']

        result = [item for _, item in config_console_entities.items() if 'hostname' in item and 'port' in item][0]
        config['hostname'] = result['hostname']
        config['port'] = result['port']
        config['verify_ssl'] = result['verify_ssl'] == 'true'
        config['collect_analytics'] = result['collect_analytics'] == 'true'

        result = [item for _, item in config_script_entities.items() if 'devices' in item][0]
        config['devices'] = result['devices']
    except IndexError:
        pass

    keys = ['username', 'password', 'hostname', 'verify_ssl', 'port', 'devices']
    all_in_config = all([(key in config) for key in keys])
    if not all_in_config:
        time.sleep(1)
        return _config_dict(session_key, attempt + 1)
    else:
        return config
示例#37
0
def load_db(config):
    ents = en.getEntities(["admin","conf-inputs"], namespace="splunk-demo-opcda", owner="nobody", sessionKey=config["session_key"], hostPath=config["server_uri"])
    # logger.debug("%s" % ents)
    for dbn, dbv in [(n, v) for n, v in ents.items() if n.startswith("database://")]:
        name = dbn.replace("database://", "")
        logger.debug("name=%s" % name)
        logger.debug("values=%s" % dbv)
        jdbc.updateDatabase(name, dbv["dburl"], dbv["jdbcdriver"], dbv["user"], dbv["password"], dbv["parameters"])
        
示例#38
0
def execute():
    import crawl_factory
    results = []
    try:
        
        args = { 'add-all':'fail'} ## 'name':'file_crawler'}
        keywords, options = splunk.Intersplunk.getKeywordsAndOptions()
        args.update(options)

        results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
        results = [] # we don't care about incoming results

        sessionKey = settings.get("sessionKey", None)
        owner      = settings.get("owner", None)
        namespace  = settings.get("namespace", None)
        ########TEST#####################
        # sessionKey = splunk.auth.getSessionKey('admin', 'changeme')
        ########TEST####################
        
        mgr = CrawlerManager(sessionKey, owner, namespace, args)

        if len(keywords) == 0:
            logger.warn("No crawl type specified.  Defaulting to crawling 'files'.")
            keywords = ["files"]
        
        # name = args['name']
        # add crawler for each keyword
        for name in keywords:
            crawler = crawl_factory.getCrawler(name, mgr, args)
            if crawler == None:
                splunk.Intersplunk.generateErrorResults("Unknown crawler '%s'.  Legal values are: %s" % (name, crawl_factory.getCrawlerNames()))
                return
            mgr.addCrawler(crawler)
            
        # do crawl
        actions = mgr.execute()

        monitors = en.getEntities('/data/inputs/monitor', sessionKey=sessionKey, owner=owner, namespace=namespace)
        
        # convert actions to results -- just a dictionary of attributes
        for action in actions:
            result = action.getAttrs()
            status = "not_added"
            try:
                if not action.valid(sessionKey, owner, namespace, monitors):
                    status = "added"
            except:
                status = "unknown"
            result['status'] = status
            results.append(result)
        # outputresults
        splunk.Intersplunk.outputResults(results)
    except Exception, e:
        import traceback
        stack =  traceback.format_exc()
        splunk.Intersplunk.generateErrorResults(str(e))
        logger.error(str(e) + ". Traceback: " + str(stack))
    def _buildConfDict(self):
        """Build configuration dictionary that we will use """
        if self.splunkEmbedded and not STANDALONE:
            self.logger.info('Retrieving eventgen configurations from /configs/eventgen')
            self._confDict = entity.getEntities('configs/eventgen', count=-1, sessionKey=self.sessionKey)
        else:
            self.logger.info('Retrieving eventgen configurations with ConfigParser()')
            # We assume we're in a bin directory and that there are default and local directories
            conf = ConfigParser()
            # Make case sensitive
            conf.optionxform = str
            currentdir = os.getcwd()

            # If we're running standalone (and thusly using configParser)
            # only pick up eventgen-standalone.conf.
            conffiles = [ ]
            if len(sys.argv) > 1:
                if len(sys.argv[1]) > 0:
                    if os.path.exists(sys.argv[1]):
                        conffiles = [os.path.join(self.grandparentdir, 'default', 'eventgen.conf'),
                                    sys.argv[1]]
            if len(conffiles) == 0:
                conffiles = [os.path.join(self.grandparentdir, 'default', 'eventgen.conf'),
                            os.path.join(self.grandparentdir, 'local', 'eventgen.conf')]

            self.logger.debug('Reading configuration files for non-splunkembedded: %s' % conffiles)
            conf.read(conffiles)

            sections = conf.sections()
            ret = { }
            orig = { }
            for section in sections:
                ret[section] = dict(conf.items(section))
                # For compatibility with Splunk's configs, need to add the app name to an eai:acl key
                ret[section]['eai:acl'] = { 'app': self.grandparentdir.split(os.sep)[-1] }
                # orig[section] = dict(conf.items(section))
                # ret[section] = { }
                # for item in orig[section]:
                #     results = re.match('(token\.\d+)\.(\w+)', item)
                #     if results != None:
                #         ret[section][item] = orig[section][item]
                #     else:
                #         if item.lower() in [x.lower() for x in self._validSettings]:
                #             newitem = self._validSettings[[x.lower() for x in self._validSettings].index(item.lower())]
                #         ret[section][newitem] = orig[section][item]
            self._confDict = ret

        # Have to look in the data structure before normalization between what Splunk returns
        # versus what ConfigParser returns.
        logobj = logging.getLogger('eventgen')
        if self._confDict['global']['debug'].lower() == 'true' \
                or self._confDict['global']['debug'].lower() == '1':
            logobj.setLevel(logging.DEBUG)
        if self._confDict['global']['verbose'].lower() == 'true' \
                or self._confDict['global']['verbose'].lower() == '1':
            logobj.setLevel(logging.DEBUGV)
        self.logger.debug("ConfDict returned %s" % pprint.pformat(dict(self._confDict)))
def get_firewall_apikey(session_key):
    """Given a splunk session_key returns a clear text API Key from a splunk password container"""
    try:
        entities = entity.getEntities(['admin', 'passwords'], namespace=APPNAME, owner='nobody', sessionKey=session_key)
    except Exception as e:
        exit_with_error("Could not get %s credentials from splunk. Error: %s" % (APPNAME, str(e)))
    for i, c in entities.items():
        if c['username'] == 'firewall_api_key':
            return c['clear_password']
    raise NoCredentialsFound
示例#41
0
def execute():
    results = []
    try:
        results, dummyresults, settings = si.getOrganizedResults()

        # default values
        args = {"namespace": "search"}
        # get commandline args
        keywords, options = si.getKeywordsAndOptions()
        # override default args with settings from search kernel
        args.update(settings)
        # override default args with commandline args
        args.update(options)

        sessionKey = args.get("sessionKey", None)
        owner = args.get("owner", "admin")
        namespace = args.get("namespace", None)

        if namespace.lower() == "none":
            namespace = None

        messages = {}

        if sessionKey == None:
            # this shouldn't happen, but it's useful for testing.
            try:
                sessionKey = sa.getSessionKey("admin", "changeme")
                si.addWarnMessage(
                    messages, "No session given to 'tune' command. Using default admin account and password."
                )
            except splunk.AuthenticationFailed, e:
                si.addErrorMessage(messages, "No session given to 'tune' command.")
                return

        if len(keywords) != 1:
            usage()

        # e.g., '/data/inputs/monitor'
        entity = keywords[0]
        logger.info("Entity: %s Args: %s" % (entity, args))

        results = []  # we don't care about incoming results
        try:
            entitys = en.getEntities(entity, sessionKey=sessionKey, owner=owner, namespace=namespace, count=-1)
            for name, entity in entitys.items():
                try:
                    myapp = entity["eai:acl"]["app"]
                    if namespace != None and myapp != namespace:
                        continue
                except:
                    continue  # if no eai:acl/app, filter out
                result = entityToResult(name, entity)
                results.append(result)
        except splunk.ResourceNotFound, e2:
            pass
示例#42
0
    def save_risks(self, contents, **kwargs):

        logger.info("Saving risks...")

        user = cherrypy.session['user']['name']
        sessionKey = cherrypy.session.get('sessionKey')
        splunk.setDefault('sessionKey', sessionKey)
        

        config = {}
        config['index'] = 'risks'
        
        restconfig = entity.getEntities('configs/risk_manager', count=-1, sessionKey=sessionKey)
        if len(restconfig) > 0:
            if 'index' in restconfig['settings']:
                config['index'] = restconfig['settings']['index']

        logger.debug("Global settings: %s" % config)

        # Parse the JSON
        parsed_contents = json.loads(contents)
        logger.debug("Contents: %s" % contents)

        for entry in parsed_contents:
            if '_key' in entry and entry['_key'] != None:

                uri = '/servicesNS/nobody/risk_manager/storage/collections/data/risks/' + entry['_key']
                
                # Get current risk
                serverResponse, risk = rest.simpleRequest(uri, sessionKey=sessionKey)
                logger.debug("Current risk: %s" % risk)
                risk = json.loads(risk)

                # Update risk if score has changed
                if int(risk['risk_score']) != int(entry['risk_score']):
                    logger.info("Updating risk_object_type=%s risk_object=%s to score=%s." % (entry['risk_object_type'], entry['risk_object'], entry['risk_score']))
                    del entry['_key']
                    if 'risk_id' in risk:
                        entry['risk_id'] = risk['risk_id']
                    else:
                        entry['risk_id'] = str(uuid.uuid4())
                        risk['risk_id'] = entry['risk_id']
                    entryStr = json.dumps(entry)

                    serverResponse, serverContent = rest.simpleRequest(uri, sessionKey=sessionKey, jsonargs=entryStr)
                    logger.debug("Updated entry. serverResponse was ok")

                    now = datetime.datetime.now().isoformat()
                    event = 'time="%s" risk_id="%s" action="update_risk_score" alert="Risk Score Tuner" user="******" risk_object_type="%s" risk_object="%s" risk_score="%s" previous_risk_score="%s"' % (now, risk['risk_id'], user, entry['risk_object_type'], entry['risk_object'], entry['risk_score'], risk['risk_score'])
                    logger.debug("Event will be: %s" % event)
                    input.submit(event, hostname = socket.gethostname(), sourcetype = 'risk_scoring', source = 'helpers.py', index = config['index'])
                else:
                    logger.info("Won't update risk_object_type=%s risk_object=%s, since score didn't change." % (entry['risk_object_type'], entry['risk_object']))

        return 'Done'
def getWildFireAPIKey(sessionKey):
  '''Given a splunk sesionKey returns a clear text API Key from a splunk password container'''
  # this is the folder name for the app and not the app's common name
  myapp = 'SplunkforPaloAltoNetworks'
  try:
    entities = entity.getEntities(['admin', 'passwords'], namespace=myapp, owner='nobody', sessionKey=sessionKey)
  except Exception, e:
    stack =  traceback.format_exc()
    logger.warn(stack)
    logger.warn("entity exception")
    raise Exception("Could not get %s credentials from splunk. Error: %s" % (myapp, str(e)))
示例#44
0
 def all(self):
     app, user = self._namespace_and_owner()
     
     return en.getEntities(self._endpoint,
                           namespace=app,
                           owner=user,
                           sessionKey=self.getSessionKey(),
                           count=self.maxCount+self.posOffset,
                           sort_key=self.sortByKey,
                           sort_dir=self.getSortDir(),
                           offset=self.posOffset)
    def _write_log_entry(self, sessionKey, user, post_data):
        logger.debug("START _write_log_entry()")

        required = ['incident_id', 'log_action', 'origin']
        missing = [r for r in required if r not in post_data]
        if missing:
            return self.response("Missing required arguments: %s" % missing, httplib.BAD_REQUEST)

        incident_id = post_data.pop('incident_id')
        log_action  = post_data.pop('log_action')

    	comment         = post_data.get('comment', '')
    	origin          = post_data.get('origin', '')
    	severity        = post_data.get('severity', 'INFO')
    	owner           = post_data.get('owner', '')
    	previous_owner  = post_data.get('previous_owner', '')
    	status          = post_data.get('status', '')
    	previous_status = post_data.get('status', '')
    	job_id          = post_data.get('job_id', '')
    	result_id       = post_data.get('result_id', '')

        now = datetime.datetime.now().isoformat()

        # Get Index
    	config = {}
        config['index'] = 'main'

        restconfig = entity.getEntities('configs/alert_manager', count=-1, sessionKey=sessionKey)
        if len(restconfig) > 0:
            if 'index' in restconfig['settings']:
                config['index'] = restconfig['settings']['index']


        comment = comment.replace('\n', '<br />').replace('\r', '')
        event_id = hashlib.md5(incident_id + now).hexdigest()

        event = ''
        if (log_action == "comment"):
            event = 'time=%s severity="%s" origin="%s" event_id="%s" user="******" action="comment" incident_id="%s" comment="%s"' % (now, severity, origin, event_id, user, incident_id, comment)
        elif (log_action == "change"):
            event = 'time=%s severity="%s" origin="%s" event_id="%s" user="******" action="comment" incident_id="%s" job_id="%s" result_id="%s" status="%s" previous_status="%s"' % (now, severity, origin, event_id, user, incident_id, job_id, result_id, status, previous_status)

        logger.debug("Event will be: %s" % event)
        event = event.encode('utf8')

        try:
            splunk.setDefault('sessionKey', sessionKey)
            input.submit(event, hostname = socket.gethostname(), sourcetype = 'incident_change', source = 'helper.py', index = config['index'])
            return self.response('Action logged', httplib.OK)

        except Exception as e:
            msg = 'Unhandled Exception: {}'.format(str(e))
            logger.exception(msg)
            return self.response(msg, httplib.INTERNAL_SERVER_ERROR)
 def all(self):
     return en.getEntities(
         self._endpoint,
         namespace="-",
         owner="-",
         sessionKey=self.getSessionKey(),
         count=self.maxCount + self.posOffset,
         sort_key=self.sortByKey,
         sort_dir=self.getSortDir(),
         offset=self.posOffset,
     )
    def _getAllAppData(self):
        output = {} 
        try:
            # don't need to worry about dict vs list here since the names of apps should be unique
            apps = en.getEntities('apps/local', search=['disabled=false','visible=true'], count=-1, namespace="-") 
            for key, app in apps.iteritems():
                output[key] = {}
                output[key]['label'] = _(app.get('label',''))
        except splunk.ResourceNotFound:
            logger.error("Unable to retrieve apps/local/-")

        return output 
	def getCredentials(self,sessionKey):
		"""
		Splunk provided code for grabbing username/passwords during setup.
		"""
		myapp = 'pulse_for_aws_cloudwatch'
		try:
		# list all credentials
			entities = entity.getEntities(['admin', 'passwords'], namespace=myapp,
			                              owner='nobody', sessionKey=sessionKey)
		except Exception, e:
			raise Exception("Could not get %s credentials from splunk. Error: %s"
			                % (myapp, str(e)))
def get_firewall_credentials(session_key):
    """Given a splunk session_key returns a clear text user name and password from a splunk password container"""
    try:
        # Get all credentials
        logger.debug("Getting firewall credentials from Splunk")
        entities = entity.getEntities(['admin', 'passwords'], namespace=APPNAME, owner='nobody', sessionKey=session_key)
    except Exception as e:
        exit_with_error("Could not get %s credentials from splunk. Error: %s" % (APPNAME, str(e)))
    # return first set of credentials
    for i, c in entities.items():
        if c['username'] != 'wildfire_api_key':
            return c['username'], c['clear_password']
    raise NoCredentialsFound("No credentials have been found")
def get_wildfire_apikey(session_key):
    """Given a splunk session_key returns a clear text API Key from a splunk password container"""
    try:
        entities = entity.getEntities(['admin', 'passwords'], namespace=APPNAME, owner='nobody', sessionKey=session_key)
    except Exception as e:
        exit_with_error("Could not get %s credentials from splunk. Error: %s" % (APPNAME, str(e)))
    # return first set of credentials
    for i, c in entities.items():
        if c['username'] == 'wildfire_api_key':
            return c['clear_password']
    logger.warn(
        "There are Palo Alto Networks WildFire malware events, but no WildFire API Key found, please set the API key in the SplunkforPaloAltoNetworks App set up page")
    exit_with_error("No Wildfire API key is set, set apikey in App configuration.")
    def handleList(self, confInfo):

        ent = en.getEntities(ENDPOINT, namespace=self.appName, owner=self.userName, sessionKey=self.getSessionKey())

        for name, obj in ent.items():
            confItem = confInfo[name]
            for key, val in obj.items():
                confItem[key] = str(val)
            acl = {}
            for k, v in obj[admin.EAI_ENTRY_ACL].items():
                if None != v:
                    acl[k] = v
            confItem.setMetadata(admin.EAI_ENTRY_ACL, acl)
示例#52
0
def get(view, viewstate_id, namespace, owner):
    '''
    Returns a viewstate object that defines a param set
    '''

    logger.debug('get - view=%s viewstate_id=%s namespace=%s owner=%s' % (view, viewstate_id, namespace, owner))
    
    altView = view

    # empty viewstate means default sticky state
    if viewstate_id == None: 
        viewstate_id = CURRENT_VIEWSTATE_KEY 
    
    # otherwise check if viewstate is absolute
    else:
        altView, viewstate_id = parseViewstateHash(viewstate_id)
    
    logger.debug("Found altView: %s viewstate_id: %s" % (altView, viewstate_id))
    
    # construct proper stanza search string
    if altView == None:
        stanzaSearch = buildStanzaName(view, viewstate_id)
    else:
        # altView can only be None if a viewstate_id was defined
        # but no view was found when parseViewstateHash was run,
        # thus we almost always get here.
        stanzaSearch = buildStanzaName(altView, viewstate_id)
    
    # 1) Two part strategy, first try to get the viewstate by name. This usually works.
    # 2) If nothing is returned, run the search in case a generic viewstate
    #    is provided.
    #
    # This turns 1 request into 2 in some edge cases but for 90% of the issues I found 
    # it eliminated the slower search requests viewstate was previously making.
    try:
        matchingStanzas = en.getEntities('/'.join([VIEWSTATE_ENTITY_CLASS, stanzaSearch]), namespace=namespace, owner=owner)
    except splunk.ResourceNotFound, e:
        matchingStanzas = en.getEntities(VIEWSTATE_ENTITY_CLASS, namespace=namespace, owner=owner, search="name=%s" % stanzaSearch)
示例#53
0
文件: admin.py 项目: DRArpitha/splunk
 def readConfCtx(self, confName):
   """
   This version of readConf should only be used when you're sure there's an
   appropriate handler for it.  Basically, something at /configs/conf-<name>.
   """
   app  = self.context != CONTEXT_NONE         and self.appName  or "-" 
   user = self.context == CONTEXT_APP_AND_USER and self.userName or "-"
   retDict = {}
   path = "configs/conf-%s" % confName
   thing=en.getEntities(path, sessionKey=self.getSessionKey(), namespace=app, owner=user, count=-1)
   for s in thing:
     retDict[s] = {}
     retDict[s].update(thing[s].items())
   return retDict
def getIPSCredentials(sessionKey,host):
	try:
		entities = entity.getEntities(['storage', 'passwords'], namespace=APPNAME, owner='nobody', sessionKey=sessionKey)
	except:
		exception = traceback.format_exc().splitlines()[-1]
		logger('Could not get IPS ' + host + ' credentials from splunk: ' + exception)
		time.sleep(300)
		sys.exit()

	for i, c in entities.items():
		if c['realm'] == host:
			return c['username'], c['clear_password']
	
	logger('No credentials for IPS ' + host + ' were found!')
	time.sleep(300)
	sys.exit()
    def getPassword(self, sessionkey):
        import splunk.entity as entity
        import urllib

        if len(sessionkey) == 0:
            raise Exception, "No session key provided"
        if len(self.username) == 0:
            raise Exception, "No username provided"
        if len(self.app) == 0:
            raise Exception, "No app provided"
        
        try:
            # list all credentials
            entities = entity.getEntities(['admin', 'passwords'], namespace=self.app, owner='nobody', sessionKey=sessionkey)
        except Exception, e:
            raise Exception, "Could not get %s credentials from splunk. Error: %s" % (self.app, str(e))