diff --git a/agent_based/utils/checkpoint_threat_emulation.py b/agent_based/utils/checkpoint_threat_emulation.py
new file mode 100644
index 0000000000000000000000000000000000000000..b48b94e3d425a5fa70fa978610fc2e08d0866f6f
--- /dev/null
+++ b/agent_based/utils/checkpoint_threat_emulation.py
@@ -0,0 +1,287 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2018-03-14
+#
+# Monitor status of Check Point Threat Emulation
+#
+# 2018-05-02: fixed: monthly_quota_on_cloud_used = ''
+# 2018-05-30: removed 'unknown' OIDs
+# removed counters for last day, last week, last month
+# code cleanup
+# 2020-06-08: changed snmp-scan function
+# 2021-08-27: rewritten for CMK 2.0
+#
+# snmpwalk sample
+#
+# sample info
+#
+# [
+# [
+# [u'0%', u'0', u'up-to-date', u'Gateway is up to date.', u'1548979200', u'100000', u'100000', u'valid', u'ok',
+# u'Quota subscription is valid', u'990002053', u'0', u'ok', u'']
+# ],
+# [
+# [u'0', u'0', u'0', u'0', u'0', u'0', u'0', u'0']
+# ]
+# ]
+#
+# threat emulation not active
+# [[], []]
+#
+
+import time
+from dataclasses import dataclass
+from typing import List, Optional, Tuple
+
+from cmk.base.plugins.agent_based.agent_based_api.v1 import (
+ register,
+ Service,
+ Result,
+ check_levels,
+ State,
+ SNMPTree,
+ all_of,
+ startswith,
+ any_of,
+ equals,
+ Metric,
+)
+from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
+ DiscoveryResult,
+ CheckResult,
+ StringTable,
+)
+
+
+@dataclass
+class CheckpointTeStatus:
+ current_files_waiting_for_emulation: int
+ teUpdateStatus: str
+ teUpdateDesc: str
+ teSubscriptionExpDate: int
+ teSubscriptionExpDateStr: str
+ quota_on_cloud: int
+ remaining_quota_on_cloud: int
+ teSubscriptionStatus: str
+ teCloudSubscriptionStatus: str
+ teSubscriptionDesc: str
+ build: str
+ teStatusCode: int
+ teStatusShortDesc: str
+ teStatusLongDesc: str
+ metric_count: List[Tuple[str, int]]
+ monthly_quota_on_cloud_used: Optional[int] = None
+
+
+def parse_checkpoint_threat_emulation(string_table: List[StringTable]) -> Optional[CheckpointTeStatus]:
+ testatus, tecounter = string_table
+ try:
+ monthly_quota_on_cloud_used, current_files_waiting_for_emulation, teUpdateStatus, teUpdateDesc, \
+ teSubscriptionExpDate, quota_on_cloud, remaining_quota_on_cloud, teSubscriptionStatus, \
+ teCloudSubscriptionStatus, teSubscriptionDesc, build, teStatusCode, teStatusShortDesc, \
+ teStatusLongDesc = testatus[0]
+ except(IndexError, ValueError):
+ return
+
+ scanned_files, malicious_files_detected, files_scanned_by_threat_cloud, malicious_files_detected_by_threat_cloud, \
+ average_process_time, average_emulated_file_size, average_queue_size, peak_queue_size, = tecounter[0]
+
+ metric_count = [
+ ('scanned_files', int(scanned_files)),
+ ('malicious_files_detected', int(malicious_files_detected)),
+ ('files_scanned_by_threat_cloud', int(files_scanned_by_threat_cloud)),
+ ('malicious_files_detected_by_threat_cloud', int(malicious_files_detected_by_threat_cloud)),
+ ('average_process_time', int(average_process_time)),
+ ('average_emulated_file_size', int(average_emulated_file_size)),
+ ('average_queue_size', int(average_queue_size)),
+ ('peak_queue_size', int(peak_queue_size)),
+ ]
+
+ monthly_quota_on_cloud_used = monthly_quota_on_cloud_used.replace('%', '')
+
+ if teStatusCode != '3': # possible TE not activated
+ return CheckpointTeStatus(
+ monthly_quota_on_cloud_used=int(monthly_quota_on_cloud_used) if monthly_quota_on_cloud_used.isdigit() else None,
+ current_files_waiting_for_emulation=int(current_files_waiting_for_emulation),
+ teUpdateStatus=teUpdateStatus,
+ teUpdateDesc=teUpdateDesc,
+ teSubscriptionExpDate=int(teSubscriptionExpDate),
+ teSubscriptionExpDateStr=time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(teSubscriptionExpDate)),
+ quota_on_cloud=int(quota_on_cloud),
+ remaining_quota_on_cloud=int(remaining_quota_on_cloud),
+ teSubscriptionStatus=teSubscriptionStatus,
+ teCloudSubscriptionStatus=teCloudSubscriptionStatus,
+ teSubscriptionDesc=teSubscriptionDesc.replace('\n', ' '),
+ build=build,
+ teStatusCode=int(teStatusCode),
+ teStatusShortDesc=teStatusShortDesc,
+ teStatusLongDesc=teStatusLongDesc,
+ metric_count=metric_count
+ )
+
+
+def discovery_checkpoint_threat_emulation(section: CheckpointTeStatus) -> DiscoveryResult:
+ yield Service()
+
+
+def check_checkpoint_threat_emulation(params, section: CheckpointTeStatus) -> CheckResult:
+ yield Result(state=State.OK, summary=f'Subscription valid until: {section.teSubscriptionExpDateStr}')
+ yield Result(state=State.OK, summary=f'Build: {section.build}')
+
+ if section.teUpdateStatus != 'up-to-date':
+ yield Result(state=State.WARN, notice=f'Update status {section.teUpdateStatus}, {section.teUpdateDesc}')
+ if not section.teStatusCode == 0:
+ yield Result(state=State.WARN, notice=f'Status {section.teStatusShortDesc}, {section.teStatusLongDesc}')
+ if section.teSubscriptionStatus != 'valid':
+ yield Result(state=State.WARN, notice=f'Subscription status: {section.teCloudSubscriptionStatus}, {section.teSubscriptionDesc}')
+ if section.teCloudSubscriptionStatus != 'ok':
+ yield Result(state=State.WARN, notice=f'Cloud subscription status {section.teCloudSubscriptionStatus}')
+
+ for levels, metric, label, value in [
+ (params.get('used_monthly_quota_levels'), 'monthly_quota_on_cloud_used', 'Used quota on cloud', section.monthly_quota_on_cloud_used),
+ (params.get('remaining_quota_levels'), 'remaining_quota_on_cloud', 'Remaining quota on cloud', section.remaining_quota_on_cloud), # max: quota_on_cloud
+ (params.get('files_waiting_levels'), 'current_files_waiting_for_emulation', 'Current files waiting for emulation', section.current_files_waiting_for_emulation), # max: quota_on_cloud
+ ]:
+ if value:
+ yield from check_levels(
+ value=value,
+ label=label,
+ levels_upper=levels,
+ metric_name=metric,
+ render_func=lambda v: f'{v:.0f}'
+ )
+
+ for metric, value in section.metric_count:
+ yield Metric(
+ value=value,
+ name=f'checkpoint_threat_emulation_{metric}_current'
+ )
+
+
+register.snmp_section(
+ name='checkpoint_threat_emulation',
+ parse_function=parse_checkpoint_threat_emulation,
+ fetch=[
+ SNMPTree(
+ base='.1.3.6.1.4.1.2620.1.49', # CHECKPOINT-MIB::te (status)
+ oids=[
+ '3', # monthly_quota_on_cloud_used
+ '12', # current_files_waiting_for_emulation
+ '16', # teUpdateStatus
+ '17', # teUpdateDesc
+ '20', # teSubscriptionExpDate
+ '22', # quota_on_cloud
+ '23', # remaining_quota_on_cloud
+ '25', # teSubscriptionStatus
+ '26', # teCloudSubscriptionStatus
+ '27', # teSubscriptionDesc
+ '30', # build
+ '101', # teStatusCode
+ '102', # teStatusShortDesc
+ '103', # teStatusLongDesc
+ ]
+ ),
+ SNMPTree(
+ base='.1.3.6.1.4.1.2620.1.49', # CHECKPOINT-MIB::te (counter)
+ oids=[
+ '4.1', # scanned_files current
+ '5.1', # malicious_files_detected current
+ '6.1', # files_scanned_by_threat_cloud current
+ '7.1', # malicious_files_detected_by_threat_cloud current
+ '8.1', # average_process_time current
+ '9.1', # average_emulated_file_size current
+ '10.1', # average_queue_size current
+ '11.1', # peak_queue_size current
+ ]
+ ),
+
+ ],
+ detect=any_of(
+ startswith('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.2620'),
+ all_of(
+ equals('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.8072.3.2.10'),
+ equals('.1.3.6.1.4.1.2620.1.6.1.0', 'SVN Foundation'),
+ )
+ )
+)
+
+register.check_plugin(
+ name='checkpoint_threat_emulation',
+ service_name='Threat Emulation status',
+ discovery_function=discovery_checkpoint_threat_emulation,
+ check_function=check_checkpoint_threat_emulation,
+ check_ruleset_name='checkpoint_threat_emulation',
+ check_default_parameters={
+ 'used_monthly_quota_levels': [90, 95],
+ 'remaining_quota_levels': [10000, 5000],
+ 'files_waiting_levels': [5, 10],
+ }
+)
+
+
+# Name Last Day Last Week Last Month
+# Scanned Files 0 0 0
+# Malicious Files Detected 0 0 0
+# Average Process Time 0 Sec 0 Sec 0 Sec
+# Average Emulated File Size 0 B 0 B 0 B
+# Average Queue Size 0 0 0
+# Peak Queue Size 0 0 0
+#
+# Scanned Files in the Last 7 Days: 0
+# Malicious Files Detected in the Last 7 Days: 0
+# Remaining Quota on Cloud: "Wait"
+# Monthly Quota on Cloud Used: NaN%
+
+# ('.1.3.6.1.4.1.2620.1.49.2.1', [
+# '1', #
+# '2', #
+# '3', #
+# '4', #
+# '5', #
+# '6', #
+# '7', #
+# '8', #
+# '9', #
+# '10', #
+# '11', #
+# ]),
+
+# if item == 'anaylsis':
+#
+# #
+# # sample te_analysis
+# #
+# # [[u'1', u'Image', u'1afbde2e-d593-45a8-a686-6cbd42f37823', u'', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
+# # [u'2', u'Image', u'1b0c5014-714d-47f3-9b10-0b7ee386e745', u'', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
+# # [u'3', u'Image', u'5e5de275-a103-4f67-b55b-47532918fa59', u'Win7,Office 2013,Adobe 11', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
+# # [u'4', u'Image', u'e50e99f3-5963-4573-af9e-e3f4750b55e2', u'WinXP,Office 2003/7,Adobe 9', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
+# # [u'5', u'Detection Rules', u'5e5de275-a103-4f67-b55b-47532918fa59', u'Win7,Office 2013,Adobe 11', u'56431', u'46960', u'Thu Mar 15 08:39:31 2018', u'0', u'0', u'0', u'0'],
+# # [u'6', u'Detection Rules', u'e50e99f3-5963-4573-af9e-e3f4750b55e2', u'WinXP,Office 2003/7,Adobe 9', u'56431', u'52602', u'Thu Mar 15 08:39:26 2018', u'0', u'0', u'0', u'0'],
+# # [u'7', u'Static Analysis Rules', u'496149D5-0689-472B-8F50-21DD409F0EC6', u'Static Analysis Detection Rules', u'53030', u'25049', u'Thu Mar 15 08:39:24 2018', u'0', u'0', u'0', u'0']]
+# #
+# # eher fuer inventory (?)
+# #
+#
+# te_analysis_1, te_analysis_2, te_analysis_3, te_analysis_4, te_analysis_5, te_analysis_6, te_analysis_7, \
+# te_analysis_8, te_analysis_9, te_analysis_10, te_analysis_11 = te_analysis[0]
+#
+# infotext = ''
+#
+# longoutput += '\nte_analysis_1 : %s (Status)' % te_analysis_1
+# longoutput += '\nte_analysis_2 : %s (Cloud or Local: Image --> local, Static Analysis Rules --> Cloud (??))' % te_analysis_2
+# longoutput += '\nte_analysis_3 : %s (UID)' % te_analysis_3
+# longoutput += '\nte_analysis_4 : %s (Name)' % te_analysis_4
+# longoutput += '\nte_analysis_5 : %s (Revision)' % te_analysis_5
+# longoutput += '\nte_analysis_6 : %s (Size in Bytes)' % te_analysis_6
+# longoutput += '\nte_analysis_7 : %s (Download Time)' % te_analysis_7
+# longoutput += '\nte_analysis_8 : %s' % te_analysis_8
+# longoutput += '\nte_analysis_9 : %s' % te_analysis_9
+# longoutput += '\nte_analysis_10: %s' % te_analysis_10
+# longoutput += '\nte_analysis_11: %s' % te_analysis_11
+#
+# state = 0
diff --git a/checkpoint_threat_emulation.mkp b/checkpoint_threat_emulation.mkp
index 4f15e51e2d88dc3542c1bf3eece5c1fbe17d1317..8e12e71296e5c9a9e9fe85e46fb4ad31b6ee3062 100644
Binary files a/checkpoint_threat_emulation.mkp and b/checkpoint_threat_emulation.mkp differ
diff --git a/packages/checkpoint_threat_emulation b/packages/checkpoint_threat_emulation
index 269c380ecc203aadfc1c776627b457fad3daf9e9..ffce644eb8650096d449566b7e4a9bd59a71d7ae 100644
--- a/packages/checkpoint_threat_emulation
+++ b/packages/checkpoint_threat_emulation
@@ -1,12 +1,21 @@
-{'author': u'Th.L. (thl-cmk[at]outlook[dot]com)',
- 'description': u'Monitor Check Point Threat Emulation\n\nwarn/crit for (WATO available):\n - used monthly quota on cloud in %\n - remaining quota on cloud in files\n - files waiting for emulation\n\nwarn on: status, update status, subscription and cloud subscription\n',
+{'author': 'Th.L. (thl-cmk[at]outlook[dot]com)',
+ 'description': 'Monitor Check Point Threat Emulation\n'
+ '\n'
+ 'warn/crit for (WATO available):\n'
+ ' - used monthly quota on cloud in %\n'
+ ' - remaining quota on cloud in files\n'
+ ' - files waiting for emulation\n'
+ '\n'
+ 'warn on: status, update status, subscription and cloud '
+ 'subscription\n',
'download_url': 'https://thl-cmk.hopto.org',
- 'files': {'checks': ['checkpoint_threat_emulation'],
+ 'files': {'agent_based': ['utils/checkpoint_threat_emulation.py'],
'web': ['plugins/metrics/checkpoint_threat_emulation.py',
'plugins/wato/checkpoint_threat_emulation.py']},
'name': 'checkpoint_threat_emulation',
'num_files': 3,
- 'title': u'Check Point Threat Emulation',
- 'version': '20200608.v.0.0.3a',
- 'version.min_required': '1.2.8b8',
- 'version.packaged': '1.4.0p38'}
\ No newline at end of file
+ 'title': 'Check Point Threat Emulation',
+ 'version': '20210827.v.0.0.3a',
+ 'version.min_required': '2.0.0',
+ 'version.packaged': '2021.07.14',
+ 'version.usable_until': None}
\ No newline at end of file
diff --git a/web/plugins/metrics/checkpoint_threat_emulation.py b/web/plugins/metrics/checkpoint_threat_emulation.py
index e19c01308f53e848ab0c6ab979c524ccef481c67..fe666583e502f4aec699d3d6c9ac3f2ef5379d75 100644
--- a/web/plugins/metrics/checkpoint_threat_emulation.py
+++ b/web/plugins/metrics/checkpoint_threat_emulation.py
@@ -1,5 +1,5 @@
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
@@ -11,6 +11,14 @@
# checkpoint_threat_emulation
#
+from cmk.gui.i18n import _
+
+from cmk.gui.plugins.metrics import (
+ metric_info,
+ graph_info,
+ perfometer_info,
+)
+
metric_info['checkpoint_threat_emulation_remaining_quota_on_cloud'] = {
'title': _('Remaining quota on cloud'),
'unit': 'count',
@@ -75,24 +83,7 @@ metric_info['checkpoint_threat_emulation_peak_queue_size_current'] = {
'color': '25/a',
}
-check_metrics['check_mk-checkpoint_threat_emulation'] = {
- 'remaining_quota_on_cloud': {'name': 'checkpoint_threat_emulation_remaining_quota_on_cloud', },
- 'monthly_quota_on_cloud_used': {'name': 'checkpoint_threat_emulation_monthly_quota_on_cloud_used', },
- 'current_files_waiting_for_emulation': {
- 'name': 'checkpoint_threat_emulation_current_files_waiting_for_emulation', },
- 'scanned_files_current': {'name': 'checkpoint_threat_emulation_scanned_files_current', },
- 'malicious_files_detected_current': {'name': 'checkpoint_threat_emulation_malicious_files_detected_current', },
- 'files_scanned_by_threat_cloud_current': {
- 'name': 'checkpoint_threat_emulation_files_scanned_by_threat_cloud_current', },
- 'malicious_files_detected_by_threat_cloud_current': {
- 'name': 'checkpoint_threat_emulation_malicious_files_detected_by_threat_cloud_current', },
- 'average_process_time_current': {'name': 'checkpoint_threat_emulation_average_process_time_current', },
- 'average_emulated_file_size_current': {'name': 'checkpoint_threat_emulation_average_emulated_file_size_current', },
- 'average_queue_size_current': {'name': 'checkpoint_threat_emulation_average_queue_size_current', },
- 'peak_queue_size_current': {'name': 'checkpoint_threat_emulation_peak_queue_size_current', },
-}
-
-graph_info.append({
+graph_info['checkpoint_threat_emulation_remaining_quota_on_cloud'] = {
'title': _('Check Point Threat Emulation remaining quota on cloud'),
'metrics': [
('checkpoint_threat_emulation_remaining_quota_on_cloud', 'line'),
@@ -101,8 +92,8 @@ graph_info.append({
('checkpoint_threat_emulation_remaining_quota_on_cloud:crit'),
('checkpoint_threat_emulation_remaining_quota_on_cloud:warn'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_monthly_quota_on_cloud_used'] = {
'title': _('Check Point Threat Emulation monthly used quota on cloud used'),
'metrics': [
('checkpoint_threat_emulation_monthly_quota_on_cloud_used', 'line'),
@@ -111,8 +102,8 @@ graph_info.append({
('checkpoint_threat_emulation_monthly_quota_on_cloud_used:crit'),
('checkpoint_threat_emulation_monthly_quota_on_cloud_used:warn'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_current_files_waiting_for_emulation'] = {
'title': _('Check Point Threat Emulation files waiting for emulation'),
'metrics': [
('checkpoint_threat_emulation_current_files_waiting_for_emulation', 'line'),
@@ -121,52 +112,52 @@ graph_info.append({
('checkpoint_threat_emulation_current_files_waiting_for_emulation:crit'),
('checkpoint_threat_emulation_current_files_waiting_for_emulation:warn'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_scanned_files_current'] = {
'title': _('Check Point Threat Emulation scanned files'),
'metrics': [
('checkpoint_threat_emulation_scanned_files_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_malicious_files_detected_current'] = {
'title': _('Check Point Threat Emulation malicious files detected'),
'metrics': [
('checkpoint_threat_emulation_malicious_files_detected_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_files_scanned_by_threat_cloud_current'] = {
'title': _('Check Point Threat Emulation files scanned by Threat Cloud'),
'metrics': [
('checkpoint_threat_emulation_files_scanned_by_threat_cloud_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_malicious_files_detected_by_threat_cloud_current'] = {
'title': _('Check Point Threat Emulation malicious files detected by Threat Cloud'),
'metrics': [
('checkpoint_threat_emulation_malicious_files_detected_by_threat_cloud_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_average_process_time_current'] = {
'title': _('Check Point Threat Emulation average process time'),
'metrics': [
('checkpoint_threat_emulation_average_process_time_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_average_emulated_file_size_current'] = {
'title': _('Check Point Threat Emulation average emulated file size'),
'metrics': [
('checkpoint_threat_emulation_average_emulated_file_size_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_average_queue_size_current'] = {
'title': _('Check Point Threat Emulation average queue size'),
'metrics': [
('checkpoint_threat_emulation_average_queue_size_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_peak_queue_size_current'] = {
'title': _('Check Point Threat Emulation peak queue size'),
'metrics': [
('checkpoint_threat_emulation_peak_queue_size_current', 'line'),
],
-})
\ No newline at end of file
+}
diff --git a/web/plugins/wato/checkpoint_threat_emulation.py b/web/plugins/wato/checkpoint_threat_emulation.py
index d94e27606421e1b14d4bccfe0cc219f9cc1ddb34..4071faffacc5fb640b180b44c643f13906143f8d 100644
--- a/web/plugins/wato/checkpoint_threat_emulation.py
+++ b/web/plugins/wato/checkpoint_threat_emulation.py
@@ -1,11 +1,28 @@
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+#
-register_check_parameters(
- subgroup_applications,
- 'checkpoint_threat_emulation',
- _('Check Point Threat Emulation status'),
- Dictionary(
+from cmk.gui.i18n import _
+from cmk.gui.valuespec import (
+ Dictionary,
+ Tuple,
+ Integer,
+)
+
+from cmk.gui.plugins.wato import (
+ CheckParameterRulespecWithItem,
+ rulespec_registry,
+ RulespecGroupCheckParametersNetworking,
+)
+
+
+def _parameter_valuespec_checkpoint_threat_emulation():
+ return Dictionary(
elements=[
('used_monthly_quota_levels',
Tuple(
@@ -29,7 +46,14 @@ register_check_parameters(
Integer(title=_('Critical at'), default_value=10, unit=_('Files')),
])),
],
- ),
- None,
- match_type='dict',
-)
+ )
+
+
+rulespec_registry.register(
+ CheckParameterRulespecWithItem(
+ check_group_name='checkpoint_threat_emulation',
+ group=RulespecGroupCheckParametersNetworking,
+ match_type='dict',
+ parameter_valuespec=_parameter_valuespec_checkpoint_threat_emulation,
+ title=lambda: _('Check Point Threat Emulation status'),
+ ))