Add support for configurable Azure Defender severity, plus fix a sporadic resource-group bug.
This commit is contained in:
parent
72e13f4204
commit
87b27b3b49
Binary file not shown.
BIN
check_mk-azure/azure-spearhead-0.3.0.mkp
Executable file
BIN
check_mk-azure/azure-spearhead-0.3.0.mkp
Executable file
Binary file not shown.
@ -215,17 +215,19 @@ def check_defender(item, params, section):
|
|||||||
info = details["info"]
|
info = details["info"]
|
||||||
|
|
||||||
if severity == "High":
|
if severity == "High":
|
||||||
state = State.CRIT
|
state = State(params.get("severity_high", State.CRIT))
|
||||||
elif severity == "Medium":
|
elif severity == "Medium":
|
||||||
state = State.WARN
|
state = State(params.get("severity_medium", State.WARN))
|
||||||
elif severity == "Low":
|
elif severity == "Low":
|
||||||
state = State.OK
|
state = State(params.get("severity_low", State.WARN))
|
||||||
|
elif severity == "Informational":
|
||||||
|
state = State(params.get("severity_informational", State.OK))
|
||||||
else:
|
else:
|
||||||
state = State.UNKNOWN
|
state = State.UNKNOWN
|
||||||
|
|
||||||
yield Result(
|
yield Result(
|
||||||
state=state,
|
state=state,
|
||||||
summary=f"{status}: {info}: {url}"
|
summary=f"{severity}: {status}: {info}: {url}"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -140,6 +140,13 @@ def print_json(obj):
|
|||||||
print(json.dumps(obj))
|
print(json.dumps(obj))
|
||||||
|
|
||||||
|
|
||||||
|
def get_resource_group(obj):
|
||||||
|
found = re.search(RESOURCE_GROUP_RE, obj['id'])
|
||||||
|
if found:
|
||||||
|
return found[1]
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
command, tenant, username, password, proxy = get_args(sys.argv)
|
command, tenant, username, password, proxy = get_args(sys.argv)
|
||||||
token = get_token(tenant, username, password, proxy)
|
token = get_token(tenant, username, password, proxy)
|
||||||
|
|
||||||
@ -158,7 +165,7 @@ for subscription in list_subscriptions(token, proxy):
|
|||||||
'type': command,
|
'type': command,
|
||||||
'name': alert['name'],
|
'name': alert['name'],
|
||||||
'location': re.search(REGION_RE, alert['id'])[1],
|
'location': re.search(REGION_RE, alert['id'])[1],
|
||||||
'resource_group': re.search(RESOURCE_GROUP_RE, alert['id'])[1],
|
'resource_group': get_resource_group(alert),
|
||||||
'alert': {
|
'alert': {
|
||||||
'status': status,
|
'status': status,
|
||||||
'severity': properties['severity'],
|
'severity': properties['severity'],
|
||||||
@ -175,7 +182,7 @@ for subscription in list_subscriptions(token, proxy):
|
|||||||
'type': command,
|
'type': command,
|
||||||
'name': firewall['name'],
|
'name': firewall['name'],
|
||||||
'location': firewall['location'],
|
'location': firewall['location'],
|
||||||
'resource_group': re.search(RESOURCE_GROUP_RE, firewall['id'])[1],
|
'resource_group': get_resource_group(firewall),
|
||||||
'metrics': metrics_to_lookup(metrics),
|
'metrics': metrics_to_lookup(metrics),
|
||||||
})
|
})
|
||||||
|
|
||||||
@ -186,6 +193,6 @@ for subscription in list_subscriptions(token, proxy):
|
|||||||
'type': command,
|
'type': command,
|
||||||
'name': vault['name'],
|
'name': vault['name'],
|
||||||
'location': vault['location'],
|
'location': vault['location'],
|
||||||
'resource_group': re.search(RESOURCE_GROUP_RE, vault['id'])[1],
|
'resource_group': get_resource_group(vault),
|
||||||
'metrics': metrics_to_lookup(metrics),
|
'metrics': metrics_to_lookup(metrics),
|
||||||
})
|
})
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
# Copyright (C) 2024 Spearhead Systems SRL
|
# Copyright (C) 2024 Spearhead Systems SRL
|
||||||
|
|
||||||
import copy
|
import copy
|
||||||
|
from cmk.base.plugins.agent_based.agent_based_api.v1 import State
|
||||||
from cmk.gui.i18n import _
|
from cmk.gui.i18n import _
|
||||||
from cmk.gui.plugins.wato.utils import (
|
from cmk.gui.plugins.wato.utils import (
|
||||||
rulespec_registry,
|
rulespec_registry,
|
||||||
@ -20,7 +21,6 @@ from cmk.gui.valuespec import (
|
|||||||
Password
|
Password
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def _discovery(title):
|
def _discovery(title):
|
||||||
return Dictionary(
|
return Dictionary(
|
||||||
title=_(title),
|
title=_(title),
|
||||||
@ -166,6 +166,65 @@ def _valuespec_special_agents_azure_firewall_check():
|
|||||||
)
|
)
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
),
|
||||||
|
],
|
||||||
|
)
|
||||||
|
|
||||||
|
def _valuespec_special_agents_azure_defender_check():
|
||||||
|
return Dictionary(
|
||||||
|
title=_("Azure Defender Alerts Severity"),
|
||||||
|
elements=[
|
||||||
|
(
|
||||||
|
"severity_high",
|
||||||
|
DropdownChoice(
|
||||||
|
title=_("Defender severity 'High'"),
|
||||||
|
help=_("What CheckMK criticality should this Azure Defender severity trigger"),
|
||||||
|
default_value=State.CRIT.value,
|
||||||
|
choices=[
|
||||||
|
(State.CRIT.value, _(State.CRIT.name)),
|
||||||
|
(State.WARN.value, _(State.WARN.name)),
|
||||||
|
(State.OK.value, _(State.OK.name)),
|
||||||
|
],
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"severity_medium",
|
||||||
|
DropdownChoice(
|
||||||
|
title=_("Defender severity 'Medium'"),
|
||||||
|
help=_("What CheckMK criticality should this Azure Defender severity trigger"),
|
||||||
|
default_value=State.WARN.value,
|
||||||
|
choices=[
|
||||||
|
(State.CRIT.value, _(State.CRIT.name)),
|
||||||
|
(State.WARN.value, _(State.WARN.name)),
|
||||||
|
(State.OK.value, _(State.OK.name)),
|
||||||
|
],
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"severity_low",
|
||||||
|
DropdownChoice(
|
||||||
|
title=_("Defender severity 'Low'"),
|
||||||
|
help=_("What CheckMK criticality should this Azure Defender severity trigger"),
|
||||||
|
default_value=State.WARN.value,
|
||||||
|
choices=[
|
||||||
|
(State.CRIT.value, _(State.CRIT.name)),
|
||||||
|
(State.WARN.value, _(State.WARN.name)),
|
||||||
|
(State.OK.value, _(State.OK.name)),
|
||||||
|
],
|
||||||
|
),
|
||||||
|
),
|
||||||
|
(
|
||||||
|
"severity_informational",
|
||||||
|
DropdownChoice(
|
||||||
|
title=_("Defender severity 'Informational'"),
|
||||||
|
help=_("What CheckMK criticality should this Azure Defender severity trigger"),
|
||||||
|
default_value=State.OK.value,
|
||||||
|
choices=[
|
||||||
|
(State.CRIT.value, _(State.CRIT.name)),
|
||||||
|
(State.WARN.value, _(State.WARN.name)),
|
||||||
|
(State.OK.value, _(State.OK.name)),
|
||||||
|
],
|
||||||
|
),
|
||||||
),
|
),
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
@ -215,3 +274,13 @@ rulespec_registry.register(
|
|||||||
title=lambda: _("Azure Firewall Metrics"),
|
title=lambda: _("Azure Firewall Metrics"),
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
rulespec_registry.register(
|
||||||
|
CheckParameterRulespecWithItem(
|
||||||
|
check_group_name="azure_defender",
|
||||||
|
group=RulespecGroupCheckParametersApplications,
|
||||||
|
match_type="dict",
|
||||||
|
parameter_valuespec=_valuespec_special_agents_azure_defender_check,
|
||||||
|
item_spec=lambda: TextInput(title=_("Defender")),
|
||||||
|
title=lambda: _("Azure Defender Alerts Severity"),
|
||||||
|
)
|
||||||
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user