Add support for configurable Azure Defender severity, plus fix a sporadic resource-group bug.
This commit is contained in:
parent
72e13f4204
commit
87b27b3b49
Binary file not shown.
BIN
check_mk-azure/azure-spearhead-0.3.0.mkp
Executable file
BIN
check_mk-azure/azure-spearhead-0.3.0.mkp
Executable file
Binary file not shown.
@ -215,17 +215,19 @@ def check_defender(item, params, section):
|
||||
info = details["info"]
|
||||
|
||||
if severity == "High":
|
||||
state = State.CRIT
|
||||
state = State(params.get("severity_high", State.CRIT))
|
||||
elif severity == "Medium":
|
||||
state = State.WARN
|
||||
state = State(params.get("severity_medium", State.WARN))
|
||||
elif severity == "Low":
|
||||
state = State.OK
|
||||
state = State(params.get("severity_low", State.WARN))
|
||||
elif severity == "Informational":
|
||||
state = State(params.get("severity_informational", State.OK))
|
||||
else:
|
||||
state = State.UNKNOWN
|
||||
|
||||
yield Result(
|
||||
state=state,
|
||||
summary=f"{status}: {info}: {url}"
|
||||
summary=f"{severity}: {status}: {info}: {url}"
|
||||
)
|
||||
|
||||
|
||||
|
||||
@ -140,6 +140,13 @@ def print_json(obj):
|
||||
print(json.dumps(obj))
|
||||
|
||||
|
||||
def get_resource_group(obj):
|
||||
found = re.search(RESOURCE_GROUP_RE, obj['id'])
|
||||
if found:
|
||||
return found[1]
|
||||
return None
|
||||
|
||||
|
||||
command, tenant, username, password, proxy = get_args(sys.argv)
|
||||
token = get_token(tenant, username, password, proxy)
|
||||
|
||||
@ -158,7 +165,7 @@ for subscription in list_subscriptions(token, proxy):
|
||||
'type': command,
|
||||
'name': alert['name'],
|
||||
'location': re.search(REGION_RE, alert['id'])[1],
|
||||
'resource_group': re.search(RESOURCE_GROUP_RE, alert['id'])[1],
|
||||
'resource_group': get_resource_group(alert),
|
||||
'alert': {
|
||||
'status': status,
|
||||
'severity': properties['severity'],
|
||||
@ -175,7 +182,7 @@ for subscription in list_subscriptions(token, proxy):
|
||||
'type': command,
|
||||
'name': firewall['name'],
|
||||
'location': firewall['location'],
|
||||
'resource_group': re.search(RESOURCE_GROUP_RE, firewall['id'])[1],
|
||||
'resource_group': get_resource_group(firewall),
|
||||
'metrics': metrics_to_lookup(metrics),
|
||||
})
|
||||
|
||||
@ -186,6 +193,6 @@ for subscription in list_subscriptions(token, proxy):
|
||||
'type': command,
|
||||
'name': vault['name'],
|
||||
'location': vault['location'],
|
||||
'resource_group': re.search(RESOURCE_GROUP_RE, vault['id'])[1],
|
||||
'resource_group': get_resource_group(vault),
|
||||
'metrics': metrics_to_lookup(metrics),
|
||||
})
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
# Copyright (C) 2024 Spearhead Systems SRL
|
||||
|
||||
import copy
|
||||
from cmk.base.plugins.agent_based.agent_based_api.v1 import State
|
||||
from cmk.gui.i18n import _
|
||||
from cmk.gui.plugins.wato.utils import (
|
||||
rulespec_registry,
|
||||
@ -20,7 +21,6 @@ from cmk.gui.valuespec import (
|
||||
Password
|
||||
)
|
||||
|
||||
|
||||
def _discovery(title):
|
||||
return Dictionary(
|
||||
title=_(title),
|
||||
@ -166,6 +166,65 @@ def _valuespec_special_agents_azure_firewall_check():
|
||||
)
|
||||
]
|
||||
)
|
||||
),
|
||||
],
|
||||
)
|
||||
|
||||
def _valuespec_special_agents_azure_defender_check():
|
||||
return Dictionary(
|
||||
title=_("Azure Defender Alerts Severity"),
|
||||
elements=[
|
||||
(
|
||||
"severity_high",
|
||||
DropdownChoice(
|
||||
title=_("Defender severity 'High'"),
|
||||
help=_("What CheckMK criticality should this Azure Defender severity trigger"),
|
||||
default_value=State.CRIT.value,
|
||||
choices=[
|
||||
(State.CRIT.value, _(State.CRIT.name)),
|
||||
(State.WARN.value, _(State.WARN.name)),
|
||||
(State.OK.value, _(State.OK.name)),
|
||||
],
|
||||
),
|
||||
),
|
||||
(
|
||||
"severity_medium",
|
||||
DropdownChoice(
|
||||
title=_("Defender severity 'Medium'"),
|
||||
help=_("What CheckMK criticality should this Azure Defender severity trigger"),
|
||||
default_value=State.WARN.value,
|
||||
choices=[
|
||||
(State.CRIT.value, _(State.CRIT.name)),
|
||||
(State.WARN.value, _(State.WARN.name)),
|
||||
(State.OK.value, _(State.OK.name)),
|
||||
],
|
||||
),
|
||||
),
|
||||
(
|
||||
"severity_low",
|
||||
DropdownChoice(
|
||||
title=_("Defender severity 'Low'"),
|
||||
help=_("What CheckMK criticality should this Azure Defender severity trigger"),
|
||||
default_value=State.WARN.value,
|
||||
choices=[
|
||||
(State.CRIT.value, _(State.CRIT.name)),
|
||||
(State.WARN.value, _(State.WARN.name)),
|
||||
(State.OK.value, _(State.OK.name)),
|
||||
],
|
||||
),
|
||||
),
|
||||
(
|
||||
"severity_informational",
|
||||
DropdownChoice(
|
||||
title=_("Defender severity 'Informational'"),
|
||||
help=_("What CheckMK criticality should this Azure Defender severity trigger"),
|
||||
default_value=State.OK.value,
|
||||
choices=[
|
||||
(State.CRIT.value, _(State.CRIT.name)),
|
||||
(State.WARN.value, _(State.WARN.name)),
|
||||
(State.OK.value, _(State.OK.name)),
|
||||
],
|
||||
),
|
||||
),
|
||||
],
|
||||
)
|
||||
@ -215,3 +274,13 @@ rulespec_registry.register(
|
||||
title=lambda: _("Azure Firewall Metrics"),
|
||||
)
|
||||
)
|
||||
rulespec_registry.register(
|
||||
CheckParameterRulespecWithItem(
|
||||
check_group_name="azure_defender",
|
||||
group=RulespecGroupCheckParametersApplications,
|
||||
match_type="dict",
|
||||
parameter_valuespec=_valuespec_special_agents_azure_defender_check,
|
||||
item_spec=lambda: TextInput(title=_("Defender")),
|
||||
title=lambda: _("Azure Defender Alerts Severity"),
|
||||
)
|
||||
)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user