diff --git a/check_mk-azure/azure-spearhead-0.2.3.mkp b/check_mk-azure/azure-spearhead-0.2.3.mkp deleted file mode 100755 index 8dfd2e7..0000000 Binary files a/check_mk-azure/azure-spearhead-0.2.3.mkp and /dev/null differ diff --git a/check_mk-azure/azure-spearhead-0.3.0.mkp b/check_mk-azure/azure-spearhead-0.3.0.mkp new file mode 100755 index 0000000..8d65f83 Binary files /dev/null and b/check_mk-azure/azure-spearhead-0.3.0.mkp differ diff --git a/check_mk-azure/local/lib/check_mk/base/plugins/agent_based/azure_common.py b/check_mk-azure/local/lib/check_mk/base/plugins/agent_based/azure_common.py index cbe5895..e03f5ac 100644 --- a/check_mk-azure/local/lib/check_mk/base/plugins/agent_based/azure_common.py +++ b/check_mk-azure/local/lib/check_mk/base/plugins/agent_based/azure_common.py @@ -215,17 +215,19 @@ def check_defender(item, params, section): info = details["info"] if severity == "High": - state = State.CRIT + state = State(params.get("severity_high", State.CRIT)) elif severity == "Medium": - state = State.WARN + state = State(params.get("severity_medium", State.WARN)) elif severity == "Low": - state = State.OK + state = State(params.get("severity_low", State.WARN)) + elif severity == "Informational": + state = State(params.get("severity_informational", State.OK)) else: state = State.UNKNOWN yield Result( state=state, - summary=f"{status}: {info}: {url}" + summary=f"{severity}: {status}: {info}: {url}" ) diff --git a/check_mk-azure/local/share/check_mk/agents/special/agent_azure_common b/check_mk-azure/local/share/check_mk/agents/special/agent_azure_common index 01225a7..60c662d 100755 --- a/check_mk-azure/local/share/check_mk/agents/special/agent_azure_common +++ b/check_mk-azure/local/share/check_mk/agents/special/agent_azure_common @@ -140,6 +140,13 @@ def print_json(obj): print(json.dumps(obj)) +def get_resource_group(obj): + found = re.search(RESOURCE_GROUP_RE, obj['id']) + if found: + return found[1] + return None + + command, tenant, username, password, proxy = get_args(sys.argv) token = get_token(tenant, username, password, proxy) @@ -158,7 +165,7 @@ for subscription in list_subscriptions(token, proxy): 'type': command, 'name': alert['name'], 'location': re.search(REGION_RE, alert['id'])[1], - 'resource_group': re.search(RESOURCE_GROUP_RE, alert['id'])[1], + 'resource_group': get_resource_group(alert), 'alert': { 'status': status, 'severity': properties['severity'], @@ -175,7 +182,7 @@ for subscription in list_subscriptions(token, proxy): 'type': command, 'name': firewall['name'], 'location': firewall['location'], - 'resource_group': re.search(RESOURCE_GROUP_RE, firewall['id'])[1], + 'resource_group': get_resource_group(firewall), 'metrics': metrics_to_lookup(metrics), }) @@ -186,6 +193,6 @@ for subscription in list_subscriptions(token, proxy): 'type': command, 'name': vault['name'], 'location': vault['location'], - 'resource_group': re.search(RESOURCE_GROUP_RE, vault['id'])[1], + 'resource_group': get_resource_group(vault), 'metrics': metrics_to_lookup(metrics), }) diff --git a/check_mk-azure/local/share/check_mk/web/plugins/wato/azure_common.py b/check_mk-azure/local/share/check_mk/web/plugins/wato/azure_common.py index 5cb94db..423a9d6 100644 --- a/check_mk-azure/local/share/check_mk/web/plugins/wato/azure_common.py +++ b/check_mk-azure/local/share/check_mk/web/plugins/wato/azure_common.py @@ -2,6 +2,7 @@ # Copyright (C) 2024 Spearhead Systems SRL import copy +from cmk.base.plugins.agent_based.agent_based_api.v1 import State from cmk.gui.i18n import _ from cmk.gui.plugins.wato.utils import ( rulespec_registry, @@ -20,7 +21,6 @@ from cmk.gui.valuespec import ( Password ) - def _discovery(title): return Dictionary( title=_(title), @@ -166,6 +166,65 @@ def _valuespec_special_agents_azure_firewall_check(): ) ] ) +), + ], + ) + +def _valuespec_special_agents_azure_defender_check(): + return Dictionary( + title=_("Azure Defender Alerts Severity"), + elements=[ + ( + "severity_high", + DropdownChoice( + title=_("Defender severity 'High'"), + help=_("What CheckMK criticality should this Azure Defender severity trigger"), + default_value=State.CRIT.value, + choices=[ + (State.CRIT.value, _(State.CRIT.name)), + (State.WARN.value, _(State.WARN.name)), + (State.OK.value, _(State.OK.name)), + ], + ), + ), + ( + "severity_medium", + DropdownChoice( + title=_("Defender severity 'Medium'"), + help=_("What CheckMK criticality should this Azure Defender severity trigger"), + default_value=State.WARN.value, + choices=[ + (State.CRIT.value, _(State.CRIT.name)), + (State.WARN.value, _(State.WARN.name)), + (State.OK.value, _(State.OK.name)), + ], + ), + ), + ( + "severity_low", + DropdownChoice( + title=_("Defender severity 'Low'"), + help=_("What CheckMK criticality should this Azure Defender severity trigger"), + default_value=State.WARN.value, + choices=[ + (State.CRIT.value, _(State.CRIT.name)), + (State.WARN.value, _(State.WARN.name)), + (State.OK.value, _(State.OK.name)), + ], + ), + ), + ( + "severity_informational", + DropdownChoice( + title=_("Defender severity 'Informational'"), + help=_("What CheckMK criticality should this Azure Defender severity trigger"), + default_value=State.OK.value, + choices=[ + (State.CRIT.value, _(State.CRIT.name)), + (State.WARN.value, _(State.WARN.name)), + (State.OK.value, _(State.OK.name)), + ], + ), ), ], ) @@ -215,3 +274,13 @@ rulespec_registry.register( title=lambda: _("Azure Firewall Metrics"), ) ) +rulespec_registry.register( + CheckParameterRulespecWithItem( + check_group_name="azure_defender", + group=RulespecGroupCheckParametersApplications, + match_type="dict", + parameter_valuespec=_valuespec_special_agents_azure_defender_check, + item_spec=lambda: TextInput(title=_("Defender")), + title=lambda: _("Azure Defender Alerts Severity"), + ) +)