Add support for configurable Azure Defender severity, plus fix a sporadic resource-group bug.

This commit is contained in:
Marsell Kukuljevic 2024-11-26 17:58:00 +01:00
parent 72e13f4204
commit 87b27b3b49
5 changed files with 86 additions and 8 deletions

Binary file not shown.

View File

@ -215,17 +215,19 @@ def check_defender(item, params, section):
info = details["info"] info = details["info"]
if severity == "High": if severity == "High":
state = State.CRIT state = State(params.get("severity_high", State.CRIT))
elif severity == "Medium": elif severity == "Medium":
state = State.WARN state = State(params.get("severity_medium", State.WARN))
elif severity == "Low": elif severity == "Low":
state = State.OK state = State(params.get("severity_low", State.WARN))
elif severity == "Informational":
state = State(params.get("severity_informational", State.OK))
else: else:
state = State.UNKNOWN state = State.UNKNOWN
yield Result( yield Result(
state=state, state=state,
summary=f"{status}: {info}: {url}" summary=f"{severity}: {status}: {info}: {url}"
) )

View File

@ -140,6 +140,13 @@ def print_json(obj):
print(json.dumps(obj)) print(json.dumps(obj))
def get_resource_group(obj):
found = re.search(RESOURCE_GROUP_RE, obj['id'])
if found:
return found[1]
return None
command, tenant, username, password, proxy = get_args(sys.argv) command, tenant, username, password, proxy = get_args(sys.argv)
token = get_token(tenant, username, password, proxy) token = get_token(tenant, username, password, proxy)
@ -158,7 +165,7 @@ for subscription in list_subscriptions(token, proxy):
'type': command, 'type': command,
'name': alert['name'], 'name': alert['name'],
'location': re.search(REGION_RE, alert['id'])[1], 'location': re.search(REGION_RE, alert['id'])[1],
'resource_group': re.search(RESOURCE_GROUP_RE, alert['id'])[1], 'resource_group': get_resource_group(alert),
'alert': { 'alert': {
'status': status, 'status': status,
'severity': properties['severity'], 'severity': properties['severity'],
@ -175,7 +182,7 @@ for subscription in list_subscriptions(token, proxy):
'type': command, 'type': command,
'name': firewall['name'], 'name': firewall['name'],
'location': firewall['location'], 'location': firewall['location'],
'resource_group': re.search(RESOURCE_GROUP_RE, firewall['id'])[1], 'resource_group': get_resource_group(firewall),
'metrics': metrics_to_lookup(metrics), 'metrics': metrics_to_lookup(metrics),
}) })
@ -186,6 +193,6 @@ for subscription in list_subscriptions(token, proxy):
'type': command, 'type': command,
'name': vault['name'], 'name': vault['name'],
'location': vault['location'], 'location': vault['location'],
'resource_group': re.search(RESOURCE_GROUP_RE, vault['id'])[1], 'resource_group': get_resource_group(vault),
'metrics': metrics_to_lookup(metrics), 'metrics': metrics_to_lookup(metrics),
}) })

View File

@ -2,6 +2,7 @@
# Copyright (C) 2024 Spearhead Systems SRL # Copyright (C) 2024 Spearhead Systems SRL
import copy import copy
from cmk.base.plugins.agent_based.agent_based_api.v1 import State
from cmk.gui.i18n import _ from cmk.gui.i18n import _
from cmk.gui.plugins.wato.utils import ( from cmk.gui.plugins.wato.utils import (
rulespec_registry, rulespec_registry,
@ -20,7 +21,6 @@ from cmk.gui.valuespec import (
Password Password
) )
def _discovery(title): def _discovery(title):
return Dictionary( return Dictionary(
title=_(title), title=_(title),
@ -166,6 +166,65 @@ def _valuespec_special_agents_azure_firewall_check():
) )
] ]
) )
),
],
)
def _valuespec_special_agents_azure_defender_check():
return Dictionary(
title=_("Azure Defender Alerts Severity"),
elements=[
(
"severity_high",
DropdownChoice(
title=_("Defender severity 'High'"),
help=_("What CheckMK criticality should this Azure Defender severity trigger"),
default_value=State.CRIT.value,
choices=[
(State.CRIT.value, _(State.CRIT.name)),
(State.WARN.value, _(State.WARN.name)),
(State.OK.value, _(State.OK.name)),
],
),
),
(
"severity_medium",
DropdownChoice(
title=_("Defender severity 'Medium'"),
help=_("What CheckMK criticality should this Azure Defender severity trigger"),
default_value=State.WARN.value,
choices=[
(State.CRIT.value, _(State.CRIT.name)),
(State.WARN.value, _(State.WARN.name)),
(State.OK.value, _(State.OK.name)),
],
),
),
(
"severity_low",
DropdownChoice(
title=_("Defender severity 'Low'"),
help=_("What CheckMK criticality should this Azure Defender severity trigger"),
default_value=State.WARN.value,
choices=[
(State.CRIT.value, _(State.CRIT.name)),
(State.WARN.value, _(State.WARN.name)),
(State.OK.value, _(State.OK.name)),
],
),
),
(
"severity_informational",
DropdownChoice(
title=_("Defender severity 'Informational'"),
help=_("What CheckMK criticality should this Azure Defender severity trigger"),
default_value=State.OK.value,
choices=[
(State.CRIT.value, _(State.CRIT.name)),
(State.WARN.value, _(State.WARN.name)),
(State.OK.value, _(State.OK.name)),
],
),
), ),
], ],
) )
@ -215,3 +274,13 @@ rulespec_registry.register(
title=lambda: _("Azure Firewall Metrics"), title=lambda: _("Azure Firewall Metrics"),
) )
) )
rulespec_registry.register(
CheckParameterRulespecWithItem(
check_group_name="azure_defender",
group=RulespecGroupCheckParametersApplications,
match_type="dict",
parameter_valuespec=_valuespec_special_agents_azure_defender_check,
item_spec=lambda: TextInput(title=_("Defender")),
title=lambda: _("Azure Defender Alerts Severity"),
)
)