admingit
/
Splunk_Deploiement
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '835d839383'
${ noResults }
Splunk_Deploiement/apps/trackme/lib/splunktaucclib/alert_actions_base.py

221 lines
6.7 KiB
Raw Blame History

#
# Copyright 2025 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
import csv
import gzip
import logging
import sys
from solnlib import log
from splunktaucclib.cim_actions import ModularAction
from splunktaucclib.rest_handler import util
from splunktaucclib.splunk_aoblib.rest_helper import TARestHelper
from splunktaucclib.splunk_aoblib.setup_util import Setup_Util
try:
from splunk.clilib.bundle_paths import make_splunkhome_path
except ImportError:
from splunk.appserver.mrsparkle.lib.util import make_splunkhome_path
sys.path.insert(0, make_splunkhome_path(["etc", "apps", "Splunk_SA_CIM", "lib"]))
class ModularAlertBase(ModularAction):
def __init__(self, ta_name, alert_name):
self._alert_name = alert_name
self._logger_name = alert_name + "_modalert"
self._logger = log.Logs().get_logger(self._logger_name)
super().__init__(sys.stdin.read(), self._logger, alert_name)
self.setup_util_module = None
self.setup_util = None
self.result_handle = None
self.ta_name = ta_name
self.splunk_uri = self.settings.get("server_uri")
self.setup_util = Setup_Util(self.splunk_uri, self.session_key, self._logger)
self.rest_helper = TARestHelper(self._logger)
def log_error(self, msg):
self.message(msg, "failure", level=logging.ERROR)
def log_info(self, msg):
self.message(msg, "success", level=logging.INFO)
def log_debug(self, msg):
self.message(msg, None, level=logging.DEBUG)
def log_warn(self, msg):
self.message(msg, None, level=logging.WARN)
def set_log_level(self, level):
self._logger.setLevel(level)
def get_param(self, param_name):
return self.configuration.get(param_name)
def get_global_setting(self, var_name):
return self.setup_util.get_customized_setting(var_name)
def get_user_credential(self, username):
"""
if the username exists, return
{
"username": username,
"password": credential
}
"""
return self.setup_util.get_credential_by_username(username)
def get_user_credential_by_account_id(self, account_id):
"""
if the account_id exists, return
{
"username": username,
"password": credential
}
"""
return self.setup_util.get_credential_by_id(account_id)
@property
def log_level(self):
return self.get_log_level()
@property
def proxy(self):
return self.get_proxy()
def get_log_level(self):
return self.setup_util.get_log_level()
def get_proxy(self):
"""if the proxy setting is set. return a dict like
{
proxy_url: ... ,
proxy_port: ... ,
proxy_username: ... ,
proxy_password: ... ,
proxy_type: ... ,
proxy_rdns: ...
}
"""
return self.setup_util.get_proxy_settings()
def _get_proxy_uri(self):
proxy = self.get_proxy()
return util.get_proxy_uri(proxy)
def send_http_request(
self,
url,
method,
parameters=None,
payload=None,
headers=None,
cookies=None,
verify=True,
cert=None,
timeout=None,
use_proxy=True,
):
return self.rest_helper.send_http_request(
url=url,
method=method,
parameters=parameters,
payload=payload,
headers=headers,
cookies=cookies,
verify=verify,
cert=cert,
timeout=timeout,
proxy_uri=self._get_proxy_uri() if use_proxy else None,
)
def build_http_connection(self, config, timeout=120, disable_ssl_validation=False):
raise NotImplementedError(
"Replace the usage of this function to send_http_request function of same class "
"or use requests.request method"
)
def process_event(self, *args, **kwargs):
raise NotImplemented()
def pre_handle(self, num, result):
result.setdefault("rid", str(num))
self.update(result)
return result
def get_events(self):
try:
self.result_handle = gzip.open(self.results_file, "rt")
return (
self.pre_handle(num, result)
for num, result in enumerate(csv.DictReader(self.result_handle))
)
except OSError:
msg = "Error: {}."
self.log_error(msg.format("No search result. Cannot send alert action."))
sys.exit(2)
def prepare_meta_for_cam(self):
with gzip.open(self.results_file, "rt") as rf:
for num, result in enumerate(csv.DictReader(rf)):
result.setdefault("rid", str(num))
self.update(result)
self.invoke()
break
def run(self, argv):
status = 0
if len(argv) < 2 or argv[1] != "--execute":
msg = f'Error: argv="{argv}", expected="--execute"'
print(msg, file=sys.stderr)
sys.exit(1)
# prepare meta first for permission lack error handling: TAB-2455
self.prepare_meta_for_cam()
try:
level = self.get_log_level()
if level:
self._logger.setLevel(level)
except Exception as e:
if str(e) and "403" in str(e): # Handled e.message with str(e)
self.log_error("User does not have permissions")
else:
self.log_error("Unable to set log level")
sys.exit(2)
try:
status = self.process_event()
except OSError:
msg = "Error: {}."
self.log_error(msg.format("No search result. Cannot send alert action."))
sys.exit(2)
except Exception as e:
msg = "Unexpected error: {}."
if str(e): # e.message handled
self.log_error(msg.format(str(e))) # e.message handled
else:
import traceback
self.log_error(msg.format(traceback.format_exc()))
sys.exit(2)
finally:
if self.result_handle:
self.result_handle.close()
return status
Reference in new issue View Git Blame Copy Permalink