Class: Eso::IntegrationOptionsManager

Inherits:
Object
  • Object
show all
Defined in:
lib/eso/integration_options_manager.rb

Overview

This class is a manager for the integration options api. Integration options match epo/dxl/etc steps (ie discover-epo-assets) to nexpose steps (ie import-external-assets).

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(nsc) ⇒ Eso::IntegrationOptionsManager

Constructor for IntegrationOptionsManager.

Parameters:

  • nsc (Nexpose::Connection)

    A logged-in Nexpose::Connection object with a valid session used to authenticate.



16
17
18
19
# File 'lib/eso/integration_options_manager.rb', line 16

def initialize(nsc)
  @nexpose_console = nsc
  @url = "https://#{nsc.host}:#{nsc.port}/eso/integration-manager-service/api/integration-options/"
end

Class Method Details

.build_export_risk_scores_option(name:, discovery_conn_id:) ⇒ Object



155
156
157
158
159
160
# File 'lib/eso/integration_options_manager.rb', line 155

def self.build_export_risk_scores_option(name:, discovery_conn_id:)
  step1 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::RISK_SCORE_UPDATED)
  step2 = Step.new(service_name: ServiceNames::EPO, type_name: StepNames::PUSH_RISK_SCORE, previous_type_name: step1.type_name)
              .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
  IntegrationOption.new(name: name, steps: [step1, step2])
end

.build_find_vuln_details_option(name:, discovery_conn_id:) ⇒ Object



162
163
164
165
166
167
168
169
# File 'lib/eso/integration_options_manager.rb', line 162

def self.build_find_vuln_details_option(name:, discovery_conn_id:)
  step1 = Step.new(service_name: ServiceNames::DXL, type_name: StepNames::VULN_DETAILS_REQUEST)
              .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
  step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::VULN_DETAILS, previous_type_name: step1.type_name)
  step3 = Step.new(service_name: ServiceNames::DXL, type_name: StepNames::VULN_DETAILS_REQUEST, previous_type_name: step2.type_name)
              .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
  IntegrationOption.new(name: name, steps: [step1, step2, step3])
end

.build_import_ad_assets_option(name:, discovery_conn_id:, site_id: nil) ⇒ Object



87
88
89
90
91
92
93
94
95
# File 'lib/eso/integration_options_manager.rb', line 87

def self.build_import_ad_assets_option(name:, discovery_conn_id:, site_id: nil)
  step1 = Step.new(service_name: ServiceNames::ACTIVE_DIRECTORY, type_name: StepNames::DISCOVER_ACTIVE_DIRECTORY)
              .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
  step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::IMPORT_EXTERNAL, previous_type_name: step1.type_name)

  #This isn't always known immediately, which is why we have IntegrationOption.site_id=
  step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
  IntegrationOption.new(name: name, steps: [step1, step2])
end

.build_import_epo_assets_option(name:, discovery_conn_id:, site_id: nil) ⇒ Object

TODO: These build_* methods must die.



77
78
79
80
81
82
83
84
85
# File 'lib/eso/integration_options_manager.rb', line 77

def self.build_import_epo_assets_option(name:, discovery_conn_id:, site_id: nil)
  step1 = Step.new(service_name: ServiceNames::EPO, type_name: StepNames::DISCOVER_EPO)
              .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
  step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::IMPORT_EXTERNAL, previous_type_name: step1.type_name)

  #This isn't always known immediately, which is why we have IntegrationOption.site_id=
  step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
  IntegrationOption.new(name: name, steps: [step1, step2])
end

.build_publish_vulnerabilities_option(name:, discovery_conn_id:) ⇒ Object



171
172
173
174
175
176
# File 'lib/eso/integration_options_manager.rb', line 171

def self.build_publish_vulnerabilities_option(name:, discovery_conn_id:)
  step1 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::NEW_ASSET_VULN)
  step2 = Step.new(service_name: ServiceNames::DXL, type_name: StepNames::PUBLISH_VULN_INT_TYPE, previous_type_name: step1.type_name)
              .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
  IntegrationOption.new(name: name, steps: [step1, step2])
end

.build_sync_aws_assets_option(name:, discovery_conn_id:, site_id: nil) ⇒ Object



97
98
99
100
101
102
103
104
105
# File 'lib/eso/integration_options_manager.rb', line 97

def self.build_sync_aws_assets_option(name:, discovery_conn_id:, site_id: nil)
  step1 = Step.new(service_name: ServiceNames::AWS, type_name: StepNames::DISCOVER_AWS_ASSETS)
              .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
  step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::SYNC_EXTERNAL, previous_type_name: step1.type_name)

  #This isn't always known immediately, which is why we have IntegrationOption.site_id=
  step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
  IntegrationOption.new(name: name, steps: [step1, step2])
end

.build_sync_aws_assets_with_tags_option(name:, discovery_conn_id:, site_id: nil, tags: '') ⇒ Object



129
130
131
132
133
134
135
136
137
138
139
140
# File 'lib/eso/integration_options_manager.rb', line 129

def self.build_sync_aws_assets_with_tags_option(name:, discovery_conn_id:, site_id: nil, tags: '')
  step1 = Step.new(service_name: ServiceNames::AWS, type_name: StepNames::DISCOVER_AWS_ASSETS)
              .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
              .add_property(StepConfiguration::ConfigParamProperties::IMPORT_TAGS, true)
              .add_property(StepConfiguration::ConfigParamProperties::EXCLUDE_ASSETS_WITH_TAGS, "")
              .add_property(StepConfiguration::ConfigParamProperties::ONLY_IMPORT_THESE_TAGS, tags)
  step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::SYNC_EXTERNAL, previous_type_name: step1.type_name)

  #This isn't always known immediately, which is why we have IntegrationOption.site_id=
  step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
  IntegrationOption.new(name: name, steps: [step1, step2])
end

.build_sync_azure_assets_option(name:, discovery_conn_id:, site_id: nil) ⇒ Object



119
120
121
122
123
124
125
126
127
# File 'lib/eso/integration_options_manager.rb', line 119

def self.build_sync_azure_assets_option(name:, discovery_conn_id:, site_id: nil)
  step1 = Step.new(service_name: ServiceNames::AZURE, type_name: StepNames::DISCOVER_AZURE_ASSETS)
              .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
  step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::SYNC_EXTERNAL, previous_type_name: step1.type_name)

  #This isn't always known immediately, which is why we have IntegrationOption.site_id=
  step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
  IntegrationOption.new(name: name, steps: [step1, step2])
end

.build_sync_azure_assets_with_tags_option(name:, discovery_conn_id:, site_id: nil, only_tags: '', exclude_tags: '') ⇒ Object



142
143
144
145
146
147
148
149
150
151
152
153
# File 'lib/eso/integration_options_manager.rb', line 142

def self.build_sync_azure_assets_with_tags_option(name:, discovery_conn_id:, site_id: nil, only_tags: '', exclude_tags: '')
  step1 = Step.new(service_name: ServiceNames::AZURE, type_name: StepNames::DISCOVER_AZURE_ASSETS)
              .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
              .add_property(StepConfiguration::ConfigParamProperties::IMPORT_TAGS, true)
              .add_property(StepConfiguration::ConfigParamProperties::EXCLUDE_ASSETS_WITH_TAGS, exclude_tags)
              .add_property(StepConfiguration::ConfigParamProperties::ONLY_IMPORT_THESE_TAGS, only_tags)
  step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::SYNC_EXTERNAL, previous_type_name: step1.type_name)

  #This isn't always known immediately, which is why we have IntegrationOption.site_id=
  step2.add_property(StepConfiguration::ConfigParamProperties::SITE_ID, site_id) if site_id
  IntegrationOption.new(name: name, steps: [step1, step2])
end

.build_verify_aws_targets_option(name:, discovery_conn_id:) ⇒ Object



107
108
109
110
111
112
113
114
115
116
117
# File 'lib/eso/integration_options_manager.rb', line 107

def self.build_verify_aws_targets_option(name:, discovery_conn_id:)
  step1 = Step.new(service_name: ServiceNames::AWS, type_name: StepNames::VERIFY_AWS_ASSETS)
              .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)
  step2 = Step.new(service_name: ServiceNames::NEXPOSE, type_name: StepNames::VERIFY_EXTERNAL_TARGETS,
                   previous_type_name: step1.type_name)
  step3 = Step.new(service_name: ServiceNames::AWS, type_name: StepNames::VERIFY_AWS_ASSETS,
                   previous_type_name: step2.type_name)
              .add_property(StepConfiguration::ConfigParamProperties::DISCOVERY_CONFIG_ID, discovery_conn_id)

  IntegrationOption.new(name: name, steps: [step1, step2, step3])
end

Instance Method Details

#create(payload) ⇒ String Also known as: update

Create a new or Update existing integration option.

Parameters:

  • payload (String)

    The JSON representation of an integration option.

Returns:

  • (String)

    The integrationOptionID (a UUID) of the newly created configuration. Raises error on failure.



27
28
29
30
31
# File 'lib/eso/integration_options_manager.rb', line 27

def create(payload)
  # TODO retry if the post fails on timeout
  response_body = ::Nexpose::AJAX.post(@nexpose_console, "#{@url}", payload, ::Nexpose::AJAX::CONTENT_TYPE::JSON)
  JSON.parse(response_body)['data']['id']
end

#delete(integration_option_id) ⇒ Object Also known as: stop

Deleting and stopping are the same thing



35
36
37
# File 'lib/eso/integration_options_manager.rb', line 35

def delete(integration_option_id)
  ::Nexpose::AJAX.delete(@nexpose_console, "#{@url}#{integration_option_id}/state")
end

#get(integration_option_id) ⇒ Object

Get an existing integration option.

Parameters:

  • integration_option_id (String)

    The integration_option_id of the integration option.

Returns:

  • IntegrationOption for that id, or nil



46
47
48
49
50
51
52
53
54
55
56
57
# File 'lib/eso/integration_options_manager.rb', line 46

def get(integration_option_id)
  # Gets all integration options
  response_body = ::Nexpose::AJAX.get(@nexpose_console, "#{@url}", ::Nexpose::AJAX::CONTENT_TYPE::JSON)
  response = JSON.parse(response_body, symbolize_names: true)

  # Find the desired one
  raw_integration_option = response.find{|raw| raw[:id] == integration_option_id}
  raise "No IntegrationOption with ID #{integration_option_id}" if raw_integration_option.nil?

  # Load it to an object
  IntegrationOption.load(raw_integration_option)
end

#start(integration_option_id) ⇒ Object



71
72
73
74
# File 'lib/eso/integration_options_manager.rb', line 71

def start(integration_option_id)
  response_body = ::Nexpose::AJAX.post(@nexpose_console, "#{@url}#{integration_option_id}/state", ::Nexpose::AJAX::CONTENT_TYPE::JSON)
  JSON.parse(response_body)
end

#status(integration_option_id) ⇒ Object

Get the status of an integration option.

Parameters:

  • integration_option_id (String)

    The integration_option_id of the integration option.

Returns:

  • the state (READY, STOPPED, etc)



65
66
67
68
69
# File 'lib/eso/integration_options_manager.rb', line 65

def status(integration_option_id)
  response_body = ::Nexpose::AJAX.get(@nexpose_console, "#{@url}#{integration_option_id}/status", ::Nexpose::AJAX::CONTENT_TYPE::JSON)
  response = JSON.parse(response_body)
  response['state']
end