diff --git a/check_mk-azure/azure-spearhead-0.4.0.mkp b/check_mk-azure/azure-spearhead-0.4.0.mkp deleted file mode 100755 index 9e94118..0000000 Binary files a/check_mk-azure/azure-spearhead-0.4.0.mkp and /dev/null differ diff --git a/check_mk-azure/azure-spearhead-0.5.0.mkp b/check_mk-azure/azure-spearhead-0.5.0.mkp new file mode 100755 index 0000000..de229ec Binary files /dev/null and b/check_mk-azure/azure-spearhead-0.5.0.mkp differ diff --git a/check_mk-azure/local/lib/check_mk/base/plugins/agent_based/azure_common.py b/check_mk-azure/local/lib/check_mk/base/plugins/agent_based/azure_common.py index e03f5ac..bc5a927 100644 --- a/check_mk-azure/local/lib/check_mk/base/plugins/agent_based/azure_common.py +++ b/check_mk-azure/local/lib/check_mk/base/plugins/agent_based/azure_common.py @@ -25,8 +25,8 @@ def check_state_above(alert_percentages, measured_percent): # Convert JSON entries into dictionaries indexed by name. We're assuming here -# that the name is unique across AZs and resource groups. If not, add the -# 'location' and 'resource_group' fields in each object to the name. +# that the name is unique across AZs. If not, add the 'location' field in each +# object to the name. def parse(string_table): lookup = {} @@ -39,12 +39,25 @@ def parse(string_table): return lookup -# Produce a list of Azure objects for discovery. +# Produce a list of Azure objects for discovery. This applies for KeyVault and +# Firewall. def discover(section): for name, details in sorted(section.items()): yield Service(item=name) +# Produce a list of Azure resource group objects for discovery. This applies to +# Defender. We also assume each section comes entirely from the same resource +# group (this should be true given our special agent). +def discover_defender(section): + items = list(section.values()) + + if items != []: + yield Service(item=items[0]["resource_group"]) + else: + yield Service(item=None) + + # Given a specific keyvault metric, look it up in the parsed output, and produce # results on that service based upon the metric's range. def check_keyvault(item, params, section): @@ -200,34 +213,49 @@ def check_firewall(item, params, section): ) def check_defender(item, params, section): - alert = section.get(item) - if alert is None: - return + num_high = 0 + num_med = 0 + num_low = 0 + num_info = 0 - details = alert["alert"] - status = details["status"] + final_state = State.OK + region_details = [] - if status != "Active" and status != "InProgress": - return + for name, alert in sorted(section.items()): + details = alert["alert"] + status = details["status"] - severity = details["severity"] - url = details["url"] - info = details["info"] + if status != "Active" and status != "InProgress": + continue - if severity == "High": - state = State(params.get("severity_high", State.CRIT)) - elif severity == "Medium": - state = State(params.get("severity_medium", State.WARN)) - elif severity == "Low": - state = State(params.get("severity_low", State.WARN)) - elif severity == "Informational": - state = State(params.get("severity_informational", State.OK)) - else: - state = State.UNKNOWN + severity = details["severity"] + url = details["url"] + info = details["info"] + + if severity == "High": + num_high += 1 + state = State(params.get("severity_high", State.CRIT)) + elif severity == "Medium": + num_med += 1 + state = State(params.get("severity_medium", State.WARN)) + elif severity == "Low": + num_low += 1 + state = State(params.get("severity_low", State.WARN)) + elif severity == "Informational": + num_info += 1 + state = State(params.get("severity_informational", State.OK)) + else: + state = State.UNKNOWN + + final_state = State(max(final_state.value, state.value)) + + if state.value > State.OK.value: + region_details.append(f"{severity}: {info}: {url}") yield Result( - state=state, - summary=f"{severity}: {status}: {info}: {url}" + state=final_state, + summary=f"High: {num_high}, Medium: {num_med}, Low: {num_low}, Informational: {num_info}", + details="\n".join(region_details) ) @@ -276,5 +304,5 @@ register.check_plugin( check_default_parameters={}, check_ruleset_name="azure_defender", - discovery_function=discover, + discovery_function=discover_defender, )