Class: Fluent::Plugin::JfrogSiemInput

Inherits:
Input
  • Object
show all
Defined in:
lib/fluent/plugin/in_jfrog_siem.rb

Instance Method Summary collapse

Instance Method Details

#call_home(jpd_url) ⇒ Object

call home functionality



103
104
105
106
107
108
109
110
111
112
113
114
115
 
# File 'lib/fluent/plugin/in_jfrog_siem.rb', line 103

def call_home(jpd_url)
  call_home_json = { "productId": "jfrogLogAnalytics/v0.5.1", "features": [ { "featureId": "Platform/Xray" }, { "featureId": "Channel/xrayeventsiem" } ] }
  response = RestClient::Request.new(
      :method => :post,
      :url => jpd_url + "/artifactory/api/system/usage",
      :payload => call_home_json.to_json,
      :user => @username,
      :password => @apikey,
      :headers => { :accept => :json, :content_type => :json}
  ).execute do |response, request, result|
    puts "Posting call home information"
  end
end

#configure(conf) ⇒ Object

‘configure` is called before `start`. ’conf’ is a ‘Hash` that includes the configuration parameters. If the configuration is invalid, raise `Fluent::ConfigError`.

Raises:

  • (Fluent::ConfigError) 


44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/fluent/plugin/in_jfrog_siem.rb', line 44

def configure(conf)
  super
  if @tag == ""
    raise Fluent::ConfigError, "Must define a tag for the SIEM data."
  end

  if @jpd_url == ""
    raise Fluent::ConfigError, "Must define the JPD URL to pull Xray SIEM violations."
  end

  if @username == ""
    raise Fluent::ConfigError, "Must define the username to use for authentication."
  end

  raise Fluent::ConfigError, 'Must define the apikey or token for authentication.' if @token == '' &&  @apikey == ''

  if @wait_interval < 1
    raise Fluent::ConfigError, "Wait interval must be greater than 1 to wait between pulling new events."
  end

  if @from_date == ""
    puts "From date not specified, so getting violations from current date if pos_file doesn't exist"
  end

end

#get_last_item_create_dateObject

pull the last item create date from the pos_file return created_date_string



118
119
120
121
122
123
124
125
126
127
128
 
# File 'lib/fluent/plugin/in_jfrog_siem.rb', line 118

def get_last_item_create_date()
  recent_pos_file = get_recent_pos_file()
  if recent_pos_file != nil
    puts "Position file already exists so pulling the latest create_date from it"
    last_created_date_string = IO.readlines(recent_pos_file).last
    return DateTime.parse(last_created_date_string).strftime("%Y-%m-%dT%H:%M:%SZ")
  else
    puts "Position file doesn't exist so fetching current DateTime to form a new position file"
    return DateTime.now.strftime("%Y-%m-%dT%H:%M:%SZ")
  end
end

#get_recent_pos_fileObject 



130
131
132
133
 
# File 'lib/fluent/plugin/in_jfrog_siem.rb', line 130

def get_recent_pos_file()
  pos_file = @pos_file_path + "*.siem.pos"
  return Dir.glob(pos_file).sort.last
end

#runObject 



86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/fluent/plugin/in_jfrog_siem.rb', line 86

def run
  # call_home(@jpd_url)

  last_created_date = get_last_item_create_date()

  if (@from_date != "")
    last_created_date = DateTime.parse(@from_date).strftime("%Y-%m-%dT%H:%M:%SZ")
  end
  date_since = last_created_date
  puts "Getting queries from #{date_since}"
  xray = Xray.new(@jpd_url, @username, @apikey, @token, @wait_interval, @batch_size, @pos_file_path, router, @tag)
  violations_channel = xray.violations(date_since)
  xray.violation_details(violations_channel)
  sleep 100
end

#shutdownObject 



79
80
81
82
83
 
# File 'lib/fluent/plugin/in_jfrog_siem.rb', line 79

def shutdown
  @running = false
  @thread.join
  super
end

#startObject

‘start` is called when starting and after `configure` is successfully completed.



72
73
74
75
76
 
# File 'lib/fluent/plugin/in_jfrog_siem.rb', line 72

def start
  super
  @running = true
  @thread = Thread.new(&method(:run))
end