Switch to using single-row summaries for all the Defender alerts. Move the extra into into the details section.
This commit is contained in:
		
							parent
							
								
									1dca9e4a65
								
							
						
					
					
						commit
						6d39ee351b
					
				
										
											Binary file not shown.
										
									
								
							
							
								
								
									
										
											BIN
										
									
								
								check_mk-azure/azure-spearhead-0.5.0.mkp
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										
											BIN
										
									
								
								check_mk-azure/azure-spearhead-0.5.0.mkp
									
									
									
									
									
										Executable file
									
								
							
										
											Binary file not shown.
										
									
								
							| @ -25,8 +25,8 @@ def check_state_above(alert_percentages, measured_percent): | |||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| # Convert JSON entries into dictionaries indexed by name. We're assuming here | # Convert JSON entries into dictionaries indexed by name. We're assuming here | ||||||
| # that the name is unique across AZs and resource groups. If not, add the | # that the name is unique across AZs. If not, add the 'location' field in each | ||||||
| # 'location' and 'resource_group' fields in each object to the name. | # object to the name. | ||||||
| def parse(string_table): | def parse(string_table): | ||||||
|     lookup = {} |     lookup = {} | ||||||
| 
 | 
 | ||||||
| @ -39,12 +39,25 @@ def parse(string_table): | |||||||
|     return lookup |     return lookup | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| # Produce a list of Azure objects for discovery. | # Produce a list of Azure objects for discovery. This applies for KeyVault and | ||||||
|  | # Firewall. | ||||||
| def discover(section): | def discover(section): | ||||||
|     for name, details in sorted(section.items()): |     for name, details in sorted(section.items()): | ||||||
|         yield Service(item=name) |         yield Service(item=name) | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  | # Produce a list of Azure resource group objects for discovery. This applies to | ||||||
|  | # Defender. We also assume each section comes entirely from the same resource | ||||||
|  | # group (this should be true given our special agent). | ||||||
|  | def discover_defender(section): | ||||||
|  |     items = list(section.values()) | ||||||
|  | 
 | ||||||
|  |     if items != []: | ||||||
|  |         yield Service(item=items[0]["resource_group"]) | ||||||
|  |     else: | ||||||
|  |         yield Service(item=None) | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
| # Given a specific keyvault metric, look it up in the parsed output, and produce | # Given a specific keyvault metric, look it up in the parsed output, and produce | ||||||
| # results on that service based upon the metric's range. | # results on that service based upon the metric's range. | ||||||
| def check_keyvault(item, params, section): | def check_keyvault(item, params, section): | ||||||
| @ -200,34 +213,49 @@ def check_firewall(item, params, section): | |||||||
|         ) |         ) | ||||||
| 
 | 
 | ||||||
| def check_defender(item, params, section): | def check_defender(item, params, section): | ||||||
|     alert = section.get(item) |     num_high = 0 | ||||||
|     if alert is None: |     num_med  = 0 | ||||||
|         return |     num_low  = 0 | ||||||
|  |     num_info = 0 | ||||||
| 
 | 
 | ||||||
|     details = alert["alert"] |     final_state = State.OK | ||||||
|     status = details["status"] |     region_details  = [] | ||||||
| 
 | 
 | ||||||
|     if status != "Active" and status != "InProgress": |     for name, alert in sorted(section.items()): | ||||||
|         return |         details = alert["alert"] | ||||||
|  |         status = details["status"] | ||||||
| 
 | 
 | ||||||
|     severity = details["severity"] |         if status != "Active" and status != "InProgress": | ||||||
|     url = details["url"] |             continue | ||||||
|     info = details["info"] |  | ||||||
| 
 | 
 | ||||||
|     if severity == "High": |         severity = details["severity"] | ||||||
|         state = State(params.get("severity_high",   State.CRIT)) |         url      = details["url"] | ||||||
|     elif severity == "Medium": |         info     = details["info"] | ||||||
|         state = State(params.get("severity_medium", State.WARN)) | 
 | ||||||
|     elif severity == "Low": |         if severity == "High": | ||||||
|         state = State(params.get("severity_low",    State.WARN)) |             num_high += 1 | ||||||
|     elif severity == "Informational": |             state = State(params.get("severity_high",   State.CRIT)) | ||||||
|         state = State(params.get("severity_informational", State.OK)) |         elif severity == "Medium": | ||||||
|     else: |             num_med += 1 | ||||||
|         state = State.UNKNOWN |             state = State(params.get("severity_medium", State.WARN)) | ||||||
|  |         elif severity == "Low": | ||||||
|  |             num_low += 1 | ||||||
|  |             state = State(params.get("severity_low",    State.WARN)) | ||||||
|  |         elif severity == "Informational": | ||||||
|  |             num_info += 1 | ||||||
|  |             state = State(params.get("severity_informational", State.OK)) | ||||||
|  |         else: | ||||||
|  |             state = State.UNKNOWN | ||||||
|  | 
 | ||||||
|  |         final_state = State(max(final_state.value, state.value)) | ||||||
|  | 
 | ||||||
|  |         if state.value > State.OK.value: | ||||||
|  |             region_details.append(f"{severity}: {info}: {url}") | ||||||
| 
 | 
 | ||||||
|     yield Result( |     yield Result( | ||||||
|         state=state, |         state=final_state, | ||||||
|         summary=f"{severity}: {status}: {info}: {url}" |         summary=f"High: {num_high}, Medium: {num_med}, Low: {num_low}, Informational: {num_info}", | ||||||
|  |         details="\n".join(region_details) | ||||||
|     ) |     ) | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| @ -276,5 +304,5 @@ register.check_plugin( | |||||||
|     check_default_parameters={}, |     check_default_parameters={}, | ||||||
|     check_ruleset_name="azure_defender", |     check_ruleset_name="azure_defender", | ||||||
| 
 | 
 | ||||||
|     discovery_function=discover, |     discovery_function=discover_defender, | ||||||
| ) | ) | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user