Switch to using single-row summaries for all the Defender alerts. Move the extra into into the details section.
This commit is contained in:
parent
1dca9e4a65
commit
6d39ee351b
Binary file not shown.
BIN
check_mk-azure/azure-spearhead-0.5.0.mkp
Executable file
BIN
check_mk-azure/azure-spearhead-0.5.0.mkp
Executable file
Binary file not shown.
@ -25,8 +25,8 @@ def check_state_above(alert_percentages, measured_percent):
|
||||
|
||||
|
||||
# Convert JSON entries into dictionaries indexed by name. We're assuming here
|
||||
# that the name is unique across AZs and resource groups. If not, add the
|
||||
# 'location' and 'resource_group' fields in each object to the name.
|
||||
# that the name is unique across AZs. If not, add the 'location' field in each
|
||||
# object to the name.
|
||||
def parse(string_table):
|
||||
lookup = {}
|
||||
|
||||
@ -39,12 +39,25 @@ def parse(string_table):
|
||||
return lookup
|
||||
|
||||
|
||||
# Produce a list of Azure objects for discovery.
|
||||
# Produce a list of Azure objects for discovery. This applies for KeyVault and
|
||||
# Firewall.
|
||||
def discover(section):
|
||||
for name, details in sorted(section.items()):
|
||||
yield Service(item=name)
|
||||
|
||||
|
||||
# Produce a list of Azure resource group objects for discovery. This applies to
|
||||
# Defender. We also assume each section comes entirely from the same resource
|
||||
# group (this should be true given our special agent).
|
||||
def discover_defender(section):
|
||||
items = list(section.values())
|
||||
|
||||
if items != []:
|
||||
yield Service(item=items[0]["resource_group"])
|
||||
else:
|
||||
yield Service(item=None)
|
||||
|
||||
|
||||
# Given a specific keyvault metric, look it up in the parsed output, and produce
|
||||
# results on that service based upon the metric's range.
|
||||
def check_keyvault(item, params, section):
|
||||
@ -200,34 +213,49 @@ def check_firewall(item, params, section):
|
||||
)
|
||||
|
||||
def check_defender(item, params, section):
|
||||
alert = section.get(item)
|
||||
if alert is None:
|
||||
return
|
||||
num_high = 0
|
||||
num_med = 0
|
||||
num_low = 0
|
||||
num_info = 0
|
||||
|
||||
final_state = State.OK
|
||||
region_details = []
|
||||
|
||||
for name, alert in sorted(section.items()):
|
||||
details = alert["alert"]
|
||||
status = details["status"]
|
||||
|
||||
if status != "Active" and status != "InProgress":
|
||||
return
|
||||
continue
|
||||
|
||||
severity = details["severity"]
|
||||
url = details["url"]
|
||||
info = details["info"]
|
||||
|
||||
if severity == "High":
|
||||
num_high += 1
|
||||
state = State(params.get("severity_high", State.CRIT))
|
||||
elif severity == "Medium":
|
||||
num_med += 1
|
||||
state = State(params.get("severity_medium", State.WARN))
|
||||
elif severity == "Low":
|
||||
num_low += 1
|
||||
state = State(params.get("severity_low", State.WARN))
|
||||
elif severity == "Informational":
|
||||
num_info += 1
|
||||
state = State(params.get("severity_informational", State.OK))
|
||||
else:
|
||||
state = State.UNKNOWN
|
||||
|
||||
final_state = State(max(final_state.value, state.value))
|
||||
|
||||
if state.value > State.OK.value:
|
||||
region_details.append(f"{severity}: {info}: {url}")
|
||||
|
||||
yield Result(
|
||||
state=state,
|
||||
summary=f"{severity}: {status}: {info}: {url}"
|
||||
state=final_state,
|
||||
summary=f"High: {num_high}, Medium: {num_med}, Low: {num_low}, Informational: {num_info}",
|
||||
details="\n".join(region_details)
|
||||
)
|
||||
|
||||
|
||||
@ -276,5 +304,5 @@ register.check_plugin(
|
||||
check_default_parameters={},
|
||||
check_ruleset_name="azure_defender",
|
||||
|
||||
discovery_function=discover,
|
||||
discovery_function=discover_defender,
|
||||
)
|
||||
|
Loading…
Reference in New Issue
Block a user