From 18717383f50b12dd0187766f48e570b021c44e77 Mon Sep 17 00:00:00 2001
From: "th.l" <thl-cmk@outlook.com>
Date: Fri, 27 Aug 2021 21:00:54 +0200
Subject: [PATCH] update project
---
.../utils/checkpoint_threat_emulation.py | 287 ++++++++++++++++++
checkpoint_threat_emulation.mkp | Bin 60 -> 4877 bytes
packages/checkpoint_threat_emulation | 23 +-
.../metrics/checkpoint_threat_emulation.py | 73 ++---
.../wato/checkpoint_threat_emulation.py | 46 ++-
5 files changed, 370 insertions(+), 59 deletions(-)
create mode 100644 agent_based/utils/checkpoint_threat_emulation.py
diff --git a/agent_based/utils/checkpoint_threat_emulation.py b/agent_based/utils/checkpoint_threat_emulation.py
new file mode 100644
index 0000000..b48b94e
--- /dev/null
+++ b/agent_based/utils/checkpoint_threat_emulation.py
@@ -0,0 +1,287 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2018-03-14
+#
+# Monitor status of Check Point Threat Emulation
+#
+# 2018-05-02: fixed: monthly_quota_on_cloud_used = ''
+# 2018-05-30: removed 'unknown' OIDs
+# removed counters for last day, last week, last month
+# code cleanup
+# 2020-06-08: changed snmp-scan function
+# 2021-08-27: rewritten for CMK 2.0
+#
+# snmpwalk sample
+#
+# sample info
+#
+# [
+# [
+# [u'0%', u'0', u'up-to-date', u'Gateway is up to date.', u'1548979200', u'100000', u'100000', u'valid', u'ok',
+# u'Quota subscription is valid', u'990002053', u'0', u'ok', u'']
+# ],
+# [
+# [u'0', u'0', u'0', u'0', u'0', u'0', u'0', u'0']
+# ]
+# ]
+#
+# threat emulation not active
+# [[], []]
+#
+
+import time
+from dataclasses import dataclass
+from typing import List, Optional, Tuple
+
+from cmk.base.plugins.agent_based.agent_based_api.v1 import (
+ register,
+ Service,
+ Result,
+ check_levels,
+ State,
+ SNMPTree,
+ all_of,
+ startswith,
+ any_of,
+ equals,
+ Metric,
+)
+from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
+ DiscoveryResult,
+ CheckResult,
+ StringTable,
+)
+
+
+@dataclass
+class CheckpointTeStatus:
+ current_files_waiting_for_emulation: int
+ teUpdateStatus: str
+ teUpdateDesc: str
+ teSubscriptionExpDate: int
+ teSubscriptionExpDateStr: str
+ quota_on_cloud: int
+ remaining_quota_on_cloud: int
+ teSubscriptionStatus: str
+ teCloudSubscriptionStatus: str
+ teSubscriptionDesc: str
+ build: str
+ teStatusCode: int
+ teStatusShortDesc: str
+ teStatusLongDesc: str
+ metric_count: List[Tuple[str, int]]
+ monthly_quota_on_cloud_used: Optional[int] = None
+
+
+def parse_checkpoint_threat_emulation(string_table: List[StringTable]) -> Optional[CheckpointTeStatus]:
+ testatus, tecounter = string_table
+ try:
+ monthly_quota_on_cloud_used, current_files_waiting_for_emulation, teUpdateStatus, teUpdateDesc, \
+ teSubscriptionExpDate, quota_on_cloud, remaining_quota_on_cloud, teSubscriptionStatus, \
+ teCloudSubscriptionStatus, teSubscriptionDesc, build, teStatusCode, teStatusShortDesc, \
+ teStatusLongDesc = testatus[0]
+ except(IndexError, ValueError):
+ return
+
+ scanned_files, malicious_files_detected, files_scanned_by_threat_cloud, malicious_files_detected_by_threat_cloud, \
+ average_process_time, average_emulated_file_size, average_queue_size, peak_queue_size, = tecounter[0]
+
+ metric_count = [
+ ('scanned_files', int(scanned_files)),
+ ('malicious_files_detected', int(malicious_files_detected)),
+ ('files_scanned_by_threat_cloud', int(files_scanned_by_threat_cloud)),
+ ('malicious_files_detected_by_threat_cloud', int(malicious_files_detected_by_threat_cloud)),
+ ('average_process_time', int(average_process_time)),
+ ('average_emulated_file_size', int(average_emulated_file_size)),
+ ('average_queue_size', int(average_queue_size)),
+ ('peak_queue_size', int(peak_queue_size)),
+ ]
+
+ monthly_quota_on_cloud_used = monthly_quota_on_cloud_used.replace('%', '')
+
+ if teStatusCode != '3': # possible TE not activated
+ return CheckpointTeStatus(
+ monthly_quota_on_cloud_used=int(monthly_quota_on_cloud_used) if monthly_quota_on_cloud_used.isdigit() else None,
+ current_files_waiting_for_emulation=int(current_files_waiting_for_emulation),
+ teUpdateStatus=teUpdateStatus,
+ teUpdateDesc=teUpdateDesc,
+ teSubscriptionExpDate=int(teSubscriptionExpDate),
+ teSubscriptionExpDateStr=time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(teSubscriptionExpDate)),
+ quota_on_cloud=int(quota_on_cloud),
+ remaining_quota_on_cloud=int(remaining_quota_on_cloud),
+ teSubscriptionStatus=teSubscriptionStatus,
+ teCloudSubscriptionStatus=teCloudSubscriptionStatus,
+ teSubscriptionDesc=teSubscriptionDesc.replace('\n', ' '),
+ build=build,
+ teStatusCode=int(teStatusCode),
+ teStatusShortDesc=teStatusShortDesc,
+ teStatusLongDesc=teStatusLongDesc,
+ metric_count=metric_count
+ )
+
+
+def discovery_checkpoint_threat_emulation(section: CheckpointTeStatus) -> DiscoveryResult:
+ yield Service()
+
+
+def check_checkpoint_threat_emulation(params, section: CheckpointTeStatus) -> CheckResult:
+ yield Result(state=State.OK, summary=f'Subscription valid until: {section.teSubscriptionExpDateStr}')
+ yield Result(state=State.OK, summary=f'Build: {section.build}')
+
+ if section.teUpdateStatus != 'up-to-date':
+ yield Result(state=State.WARN, notice=f'Update status {section.teUpdateStatus}, {section.teUpdateDesc}')
+ if not section.teStatusCode == 0:
+ yield Result(state=State.WARN, notice=f'Status {section.teStatusShortDesc}, {section.teStatusLongDesc}')
+ if section.teSubscriptionStatus != 'valid':
+ yield Result(state=State.WARN, notice=f'Subscription status: {section.teCloudSubscriptionStatus}, {section.teSubscriptionDesc}')
+ if section.teCloudSubscriptionStatus != 'ok':
+ yield Result(state=State.WARN, notice=f'Cloud subscription status {section.teCloudSubscriptionStatus}')
+
+ for levels, metric, label, value in [
+ (params.get('used_monthly_quota_levels'), 'monthly_quota_on_cloud_used', 'Used quota on cloud', section.monthly_quota_on_cloud_used),
+ (params.get('remaining_quota_levels'), 'remaining_quota_on_cloud', 'Remaining quota on cloud', section.remaining_quota_on_cloud), # max: quota_on_cloud
+ (params.get('files_waiting_levels'), 'current_files_waiting_for_emulation', 'Current files waiting for emulation', section.current_files_waiting_for_emulation), # max: quota_on_cloud
+ ]:
+ if value:
+ yield from check_levels(
+ value=value,
+ label=label,
+ levels_upper=levels,
+ metric_name=metric,
+ render_func=lambda v: f'{v:.0f}'
+ )
+
+ for metric, value in section.metric_count:
+ yield Metric(
+ value=value,
+ name=f'checkpoint_threat_emulation_{metric}_current'
+ )
+
+
+register.snmp_section(
+ name='checkpoint_threat_emulation',
+ parse_function=parse_checkpoint_threat_emulation,
+ fetch=[
+ SNMPTree(
+ base='.1.3.6.1.4.1.2620.1.49', # CHECKPOINT-MIB::te (status)
+ oids=[
+ '3', # monthly_quota_on_cloud_used
+ '12', # current_files_waiting_for_emulation
+ '16', # teUpdateStatus
+ '17', # teUpdateDesc
+ '20', # teSubscriptionExpDate
+ '22', # quota_on_cloud
+ '23', # remaining_quota_on_cloud
+ '25', # teSubscriptionStatus
+ '26', # teCloudSubscriptionStatus
+ '27', # teSubscriptionDesc
+ '30', # build
+ '101', # teStatusCode
+ '102', # teStatusShortDesc
+ '103', # teStatusLongDesc
+ ]
+ ),
+ SNMPTree(
+ base='.1.3.6.1.4.1.2620.1.49', # CHECKPOINT-MIB::te (counter)
+ oids=[
+ '4.1', # scanned_files current
+ '5.1', # malicious_files_detected current
+ '6.1', # files_scanned_by_threat_cloud current
+ '7.1', # malicious_files_detected_by_threat_cloud current
+ '8.1', # average_process_time current
+ '9.1', # average_emulated_file_size current
+ '10.1', # average_queue_size current
+ '11.1', # peak_queue_size current
+ ]
+ ),
+
+ ],
+ detect=any_of(
+ startswith('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.2620'),
+ all_of(
+ equals('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.8072.3.2.10'),
+ equals('.1.3.6.1.4.1.2620.1.6.1.0', 'SVN Foundation'),
+ )
+ )
+)
+
+register.check_plugin(
+ name='checkpoint_threat_emulation',
+ service_name='Threat Emulation status',
+ discovery_function=discovery_checkpoint_threat_emulation,
+ check_function=check_checkpoint_threat_emulation,
+ check_ruleset_name='checkpoint_threat_emulation',
+ check_default_parameters={
+ 'used_monthly_quota_levels': [90, 95],
+ 'remaining_quota_levels': [10000, 5000],
+ 'files_waiting_levels': [5, 10],
+ }
+)
+
+
+# Name Last Day Last Week Last Month
+# Scanned Files 0 0 0
+# Malicious Files Detected 0 0 0
+# Average Process Time 0 Sec 0 Sec 0 Sec
+# Average Emulated File Size 0 B 0 B 0 B
+# Average Queue Size 0 0 0
+# Peak Queue Size 0 0 0
+#
+# Scanned Files in the Last 7 Days: 0
+# Malicious Files Detected in the Last 7 Days: 0
+# Remaining Quota on Cloud: "Wait"
+# Monthly Quota on Cloud Used: NaN%
+
+# ('.1.3.6.1.4.1.2620.1.49.2.1', [
+# '1', #
+# '2', #
+# '3', #
+# '4', #
+# '5', #
+# '6', #
+# '7', #
+# '8', #
+# '9', #
+# '10', #
+# '11', #
+# ]),
+
+# if item == 'anaylsis':
+#
+# #
+# # sample te_analysis
+# #
+# # [[u'1', u'Image', u'1afbde2e-d593-45a8-a686-6cbd42f37823', u'', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
+# # [u'2', u'Image', u'1b0c5014-714d-47f3-9b10-0b7ee386e745', u'', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
+# # [u'3', u'Image', u'5e5de275-a103-4f67-b55b-47532918fa59', u'Win7,Office 2013,Adobe 11', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
+# # [u'4', u'Image', u'e50e99f3-5963-4573-af9e-e3f4750b55e2', u'WinXP,Office 2003/7,Adobe 9', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
+# # [u'5', u'Detection Rules', u'5e5de275-a103-4f67-b55b-47532918fa59', u'Win7,Office 2013,Adobe 11', u'56431', u'46960', u'Thu Mar 15 08:39:31 2018', u'0', u'0', u'0', u'0'],
+# # [u'6', u'Detection Rules', u'e50e99f3-5963-4573-af9e-e3f4750b55e2', u'WinXP,Office 2003/7,Adobe 9', u'56431', u'52602', u'Thu Mar 15 08:39:26 2018', u'0', u'0', u'0', u'0'],
+# # [u'7', u'Static Analysis Rules', u'496149D5-0689-472B-8F50-21DD409F0EC6', u'Static Analysis Detection Rules', u'53030', u'25049', u'Thu Mar 15 08:39:24 2018', u'0', u'0', u'0', u'0']]
+# #
+# # eher fuer inventory (?)
+# #
+#
+# te_analysis_1, te_analysis_2, te_analysis_3, te_analysis_4, te_analysis_5, te_analysis_6, te_analysis_7, \
+# te_analysis_8, te_analysis_9, te_analysis_10, te_analysis_11 = te_analysis[0]
+#
+# infotext = ''
+#
+# longoutput += '\nte_analysis_1 : %s (Status)' % te_analysis_1
+# longoutput += '\nte_analysis_2 : %s (Cloud or Local: Image --> local, Static Analysis Rules --> Cloud (??))' % te_analysis_2
+# longoutput += '\nte_analysis_3 : %s (UID)' % te_analysis_3
+# longoutput += '\nte_analysis_4 : %s (Name)' % te_analysis_4
+# longoutput += '\nte_analysis_5 : %s (Revision)' % te_analysis_5
+# longoutput += '\nte_analysis_6 : %s (Size in Bytes)' % te_analysis_6
+# longoutput += '\nte_analysis_7 : %s (Download Time)' % te_analysis_7
+# longoutput += '\nte_analysis_8 : %s' % te_analysis_8
+# longoutput += '\nte_analysis_9 : %s' % te_analysis_9
+# longoutput += '\nte_analysis_10: %s' % te_analysis_10
+# longoutput += '\nte_analysis_11: %s' % te_analysis_11
+#
+# state = 0
diff --git a/checkpoint_threat_emulation.mkp b/checkpoint_threat_emulation.mkp
index 4f15e51e2d88dc3542c1bf3eece5c1fbe17d1317..8e12e71296e5c9a9e9fe85e46fb4ad31b6ee3062 100644
GIT binary patch
literal 4877
zcmajfg*zOM<G^t_bxfN$b(-nk^mOMi?aYaZ!<_DJ(|tOo?ZcTm%&<+)w9_VcVwkx5
z{r-dR^M0P!pYUc&AtrW_=6A%yIzwEXJ$$^~y!`F`Ay5}be|wjA0iKTjZr)zc#YM%%
zL}kTggx?E`{(lmV!tXqMa84EOy;o)D9uY&Br+u_hCod*uM=r?Fr;9wNcJ1$0-pw5Y
zJEGWE{VPQ}b{9Ymt>f76P@SLi9i`W8k+t>C$r2-5nI(+boTo5d>~i1}I%EZkH-c&x
z>mCC?*E{woYGIE5B~#u|)OffrQK5K`OPP=bWH&CW%y!ztaG~`(c7FeQT1}EE>>cta
zxPoTAcQP~}&_#1GoCPru5%>vRb&ME1(z)<sf9@drv?O5nmbEtcPl&-T(dHHX)Sn?u
z)H$b55VP_Nyw=z49?pFzg+saVD6=~>lA@1hR1r^iwDWRrZ;!|UwVLiRZL?IGGlxSs
z%3%|k`-fv$W;0_c!*esl;q2}lPnK1-rIKuO^8L%NpZPhg<%I!F#M(Ttwo+mmXREF7
zTy=E=9OY8cWHrXo<2WFai*c;;)#A`Ky<QKs1t*U{O4kSMCSst!ZF}eoc>uHeu@4kF
zywV+b+zJ{zAd(>{HY0|^DSYw!$BUM=YWTvqzhv#i^ZKpzd93wXys}=@5m<ZUUG4EN
zsP?Uo24vAIbO*LIL8=iYftpkoHUmiP=&_!RqXfQ!T2ftG*;}CG;tgF4twMIb_)3W-
z<J>s`{e_tuBkW+1^6LP7;Ni$dn4vlr@aEO;W|nEvO}2I#$}k;yjY)@(r~iN^chQ$e
z4I^d0rYlA{&af6I@c)z{2LnWG<=}@G<Cq(a(p5he{wPCwZEu<o?17C)d{nBu#zOGY
z|69d^7+Fa6*=VFBu!A9Q$U{Ja8{fg+ozrGTVM5-&zEcMfThJd@%}qLiIq8N~tqs$J
zbnJmrVjY@`iG&>=V;y9^C6l3$sjM6lr0H#RU(6ekUqX|9jKTtJaX{kE@y294rsLC=
zdeN!AuL!(E<#^pi)d911oI)b+ZEZNb&SpV7=T>CXWh9Sn3FKQD-B_M~WuLIU(k%a7
zV-w5<qt=76uh}RUAS0MejFf(@K$wF&lXt|s`pWQ1a`GxHXq7F}wR6drK?=5dfvrYw
zi}3nBEBVgyhamXIp<e|V>H2W>Kxl+%j6@77pZVc!LmE=iG&xb18*+ZX<9zVK<*<P8
zC{}<cLujgNi^M_Drk(4!h<2nH?t(Aj*xkb+F!?WU#ax6_wZus!Rd$OzNL`Ayd3tiw
zm^c76WdCanl$r<?qcbnBfNcrd=)usASu?{I3MoBdDFi&G?An}#a04IFZB*4u{_C@s
zv?N-aBdeX1&PhY<`-)JlakVVi=%*24p_4SdK?P;l*8ysdi<d^G%Cxb{t0{|Sq_*Zi
zqbk#R9Kt<9#(~i@Z<=#`ysDJ>uJ=FIJ~LH=BrA?yC{|DkMYB?ET|Ktq$i1$m(0g?F
z9LV1F+JoVujtdw4GD-o#SvhOyL#KPx9y`pd&0T(OofJx#V8Zo}?C!$BJCddnhwPQ&
zkeotxP2uA#O!k+#PCb=#CN|jn^Hg-`<sYuXL$17VP?kN9h8lPE_>P#gP@@}hw&RoE
z8UFeRn{WTziF;NR`JY|{{peCXeaqy6H=Plg#<aysU1JO1JUuFM!d|UeH9xZBWp%0|
zz75$sep&MS`M^Q?#>(p=5&o)JisG%+*$duOFgohzhQ{m<7d@u5t!;Qre{hC+n8NHV
z8R~h+>D8IkRM+La--@F*W#F@M$spXA5XnZXBN~9Sj1$SWoDjo?n#}GJ1OQ!2xx8T$
z!5{zd-?23&o4ai*ZJ3C+cMq|_^F#f-ytFOUFxn>P_u1=yRuf<sy$|EQK=6L7pQL1r
zeyz#qdvKXe#YKOyE{mB7KY9>L!<6^{j~&gh8zyr~=F!vlrF4L6UAeWpCB=<796@*?
zsp_;ZqRS^dW80OBNIMu^AryH*p&Wp?Mf=4igSWT2yHx@tLLE;GEA(sMSa9p)g(c0@
z6*!Qk7nC-!`u1CaRU?x1oGbtrw|GIt_4ORtH&ZuWP%D2t7pm2l992ijfEvMA4(Bu2
z4E3lxN>qDni;hRR1+R5x#x6P-Xt}CF++4)hM3YVNR=p=dj6YT}aGh`xH7}mLeiA%<
zJi*&W1>Sf<0upzHA>)lb8w%H|k0%kVg0Aw7fN;YUfzxDY%l$-dzk%?nCxTj_x7cRx
z8+Zk=t5=?#V#{xzpy#T}v>!ZZV&xiTf8YZQ*a#-O{To1eTQB%H|K3?^AdqmKNHiJ$
zX&|i=P1fag<}&AG9+EVu3$gQ+V;+N7`8Lg`X+~1B{2eUA$-0qK$f+ZEd7PN@vs*KM
z1jWeAaGAD2*<9XRs1^K@jpI+ov$2O|rj@`#qWLa1>IK>a7FC4Kr`arVrp$4i6L49;
z=Z-{sb5jlL+|nJBCWEm?`Z~B7-N)j}108-3$+32!rs&?K9ywO^SW*MGZwIo~jB=AU
z365Yy9f|%*l>5k4(V893Vv9lokc6l?`{y1@smmBa<X{B^mC1wChvT6H0D|R^d&iRX
zBX{FZx2bPX|M)wrj6useS20Hq!u0JeZw-2Uyh`fl3HfMaMsX*W=a?;_oa*>}Ug-h9
zFou3-6)X(JQ*L9%yXQJKgj8*kb*r%~|9<kbk}B*{=iibY5o0aVUr(Onv0$B{58=?z
zDETKUzK@7g>XM6#3&OX|al}PoIlT2yXl$22=Ri>sMt9A=tYui=pa}@Eo%kqqnK6f(
z5Xc=xP#sE`h+k$RW5dVJnAx}ffoPp{chto&#h|Yw`t!LPMuo!u%Gy*ct1@6d(;MkZ
z|JRYNWPWK7BCj=`UtHeS<G7<7h;(%U!j0san*=G<E3Zlaczg0&7T~#%)?~=bu0)xN
z&mV`~(s}29w0PfED9qiCKf@@;-h`$>r{yj;F%@PkvHUUmDJU<Zb(^htRnUIumQ|_3
z`ODU_fpWNgvU0HR!C%<<KEo`15+mfrkYrBtEhr~NuE&|1PMz8*gOiWvukt*<(GBHE
zCA+Z~EjVuS8fM&f@r#;PEC0<kmGKEDM=>d>xOqW&$)=o|sc<l%Am?C2cLusHE^H{<
zz{otN%R8G+xz~LdKxX$)tnzv+hG&e-tFWgaeRYF8Ri66&jfFIA#mCHdgeLl_k>qGs
z7LZGzLCq-3)e#;gLbar?jvCwmb+XJfq`U8lmRwMz{OTfjf6R5@FUa-%iFkA<IVVu)
zh+n;F)r`K{i&k;LV$=F}e*KFN6k-$dpcUIg>w-3d{1h26$|L@NIVp(hX??e8!3l1?
zW>|kbQnGXW_4c##_hOeR+*(@PWX~*Nj!bmjMbABblyG$qS0AhEgxP9@)Zdn%&$9rj
z)!oUuGXLOuivT~;28$<I;Z`?enSayrZXoUSd8Fy(t;N@9>)tP;V9rduBa~KUqJMj0
z>!x9M3s9_sJ9WR?6!{kYX|aS9-TT|@$W5V2M!7uf%AW1F07gDfYw+dc*W-D6rEpkC
zctc;ry}P(dc#GOQ8<}sDf%I@or;D*X6~+b257eCcb!OyahKzqBO<Wax7`H`J5=%8n
zidvvu*$y>;a&3E;Op{l&B?3DZ8cul=CRS<+#_Dlw0#%H8bjEPzn8SDi8y5kKPqA;P
zXL7a=t@^mM_|>I5#$Q4vw(ZDbOfUv9QOyu3AbFzTUar;G?Z>{@p<M#=V^ygxe1kWi
zZOlg;dYaKdSek5W$6h^CuWwmP4}rN_b3@RD|MP})y&W*(ZymJAM$@^hI6$tkiGO{T
z`p%~JU_m>iG##^J__8rMOiaSDmKlOD(CeOL5@Tsl19DSETNflUED=}X@{)9?M3lwI
z)ZdHLf1?g++nRB?cTN(iJ||hPUtM5`_fOY#CgUH>nCA3OFEK#S94tfV%a$kgw7REi
zB)}@E@x-Yg$E2#jkU6g^k_7ci^F$PRLAb7zHO-;n(1K+ya;cBrx<Y_fa~y1F`{dT8
z383x<Nk!{3LP++VJNEwJm4M`sFCL193;W^r1IjSX!TtkpVH=}P{0&Ooy6uQvDRM6p
z%Q41oSCTPZc_*Z%JKqquG_62Sq~E#eXy^|;d`A*tG|U_+h_N4iAkToLBPZ_@<Abd<
z+Nt@@QoXDe5_&EmbJq3^I?4V=m(1mNC36Z3RU-A==}XMdccqqup4{raXP!R2bY5X8
zB|V5skY#E;`THb^Njh)lODqS^ozpNa4ZfHdEe%LajGm^bNIOZ~#`MEKJVWmi;uf@f
z0yyM)jJ%Z6@S8pQ#(qxZ!90i9ns|Pl{X2DaQ&YiD>AZ~=qpEoZos&IJ+<<za@9pp_
z{gCRVm|11U@2)8W1CsHe(gFUCZ-VSlYo741SJU}&rU$i+e{<o#?D-zI=8VQ9^v!=R
zQ>r>kMve>wK?*fm^k|Cei_}cpjoYfP@?+rQ5<eIP)+MjnrL9-?3)sVb``{0bh*!0A
zgHzyf5e5tZPydB-LAb#)NTbh7jRoni_#dy}@TG5JW)<zPF6y;J>-`)tf5mb&qzvNq
z%Fc1OjrQi+6K%iL6`b)Z7Uq3dK~<pcV$LIzeS?@mev~*r2#z35sl4$Tb_^aue=AIm
zcuidex*MLF_1k!bwH2?aU9f!Jn_}q$SD9uGD6v8w&kGysV`iVZSx3~QZWJ_DdbqlV
z1w3ekg~{`|7_UUeyBn$ao1SI}y3e3YVvebIa5tX=hQu}4(gQP86_u7Er>1SGaw8bN
zXVy#<R+s5BErXScB|9fnq~*9?Tz#R|wCeJeZfHPsX}sV5Km-<1Y#<5m7Kye8Vd6m%
zXO$#*Y?{ZicoD_hAWz0T2fTE(8OM+()Us1~ONmKS1xBcSqD|n2Uono8dSvATFjHTa
zG3Qz+T3P#r5_awRc!f+h(m^~lJj7ztL2`S>mBj~Q<}m9$It&(4M1~NtIq<cKF}E|K
zHIQ%ssgm70PD{^X6_B0U*l{Y*hXZaIwb(}0O0|_+2b8J==Fg=U2bg?HwJ<HF@~9at
z5>*{n#AT9BbPUO<j-$7R!2c(=Y)Jf)u<j5xxt}O({Y}b^Qe$n)ryC^<@zN>NGXBco
z1xEA7OhVWO=Ez8WI^gQN=bwlNDm3pP*7y5l{pZuHQZ{nj)8l9TwfUW7ciC_Dy`1U}
zAfOC;7FRmxKRW-uf)jGTlT?B5ui2%wJtQZ8n{OS+V`>ZyBG7faU2)1m<{`qLE^?#>
z5>tV^+Ft*4%P;V@{&QpHzb;8!E6;e^drl+Bw>QU@Jkv$PtQ5AUGT!TaNCypX8KCIn
zJMv8`xI1%_mZP%cI4dri-%6A6;Ntwl?!Ry22$e^u>V-GPv8wLoKl&G^ETJ?<Cr4u6
zRO>%oGz$7alNmznbq0c+icP+on-@kVB0WdENoo#wZt90OwF3s7-wCX4qmvI;6zK$C
znD;hQKZri7;&`pFK*Ewo+{DJ|dCuoynkC0=ti;Z1>OoMx6*#CHD?>r0s6e}F22pJ{
zUuyJf&u^XpqSkr%<?vty1(hz^>-Y1)rz@1aOGk57{?XI#lNr#b+;9Nb;<>|cNjc4z
ze3{<&Xs$Rtw0E4=@+#iVc1*+(2z2OtDZK)MG-SN85~X1f+2WX{aBq3efPHC|valZW
z*|}<=UA}sqB5~V&)q9z1bhYY`X+!M_tiQA?e*`S<Ao-?N<X`u!`#&l*F&xGE<w+L-
zk9u3rsj@6+|5gL>I)#MnDwl#04N=?%`B*z;zC`MLOxRnA!ok-JK{~)@_sU0J)5R$%
zIU~RO@6X&nf%ElvDdx1AV-3yj*X!8R{EbS=UncRmSBG(iNtO#r&Z)`g!?N%4wE`Xb
z154N!EP_i*6@X?t0tkV|)w2zSb&O#Q8{tb&Y%3J2DHUHdbsgbfWq2L&Gin2adHost
z0fk-uPwc}4C_gmbLssNr_bI|~ltTJ@QKo%}BMKEv)yFXy^0RsE0IA0P^@HVj#sh^2
zRE|*KHic$=AZ;`GoMOp2Wg|5&XL>e*<N;Q?M_V@X8~OCi2vn`~B39(iKm^d49sFzK
z{zn8f_R&P8kzh+$?)NaAcz2vG;Mj|03U#HEV+AF9&W-^m_f5P|)#91<jUg`sm}wW_
zcnlhttT0IKjrs*JPrKj_dZpRnr-&Gh2!=fSV|kR9XE}LAtDgpxJQhB1_c{o+h1mq9
zU8s<5^a|YqKYjBm*=dBSxvm;kgFD6kh@0oz1qWtU77GEwG;NDfy3;Fm*894q4;H(9
zTgT_0IhYF#;pD$-l4O>QqzB!y&Jdt%H)q}AHP3gNmv6|hur)Jl_7D6WLhVEIwm&+C
k(*GmsXZ(z0qVK=W7VKYrSGDy&2e38hj?4(esldVcKSZ5k<NyEw
delta 32
lcmeBGvtgC*=HO7A$f_c2U|?oop;xA70EEVgdb!yJ3;=O&2QvTw
diff --git a/packages/checkpoint_threat_emulation b/packages/checkpoint_threat_emulation
index 269c380..ffce644 100644
--- a/packages/checkpoint_threat_emulation
+++ b/packages/checkpoint_threat_emulation
@@ -1,12 +1,21 @@
-{'author': u'Th.L. (thl-cmk[at]outlook[dot]com)',
- 'description': u'Monitor Check Point Threat Emulation\n\nwarn/crit for (WATO available):\n - used monthly quota on cloud in %\n - remaining quota on cloud in files\n - files waiting for emulation\n\nwarn on: status, update status, subscription and cloud subscription\n',
+{'author': 'Th.L. (thl-cmk[at]outlook[dot]com)',
+ 'description': 'Monitor Check Point Threat Emulation\n'
+ '\n'
+ 'warn/crit for (WATO available):\n'
+ ' - used monthly quota on cloud in %\n'
+ ' - remaining quota on cloud in files\n'
+ ' - files waiting for emulation\n'
+ '\n'
+ 'warn on: status, update status, subscription and cloud '
+ 'subscription\n',
'download_url': 'https://thl-cmk.hopto.org',
- 'files': {'checks': ['checkpoint_threat_emulation'],
+ 'files': {'agent_based': ['utils/checkpoint_threat_emulation.py'],
'web': ['plugins/metrics/checkpoint_threat_emulation.py',
'plugins/wato/checkpoint_threat_emulation.py']},
'name': 'checkpoint_threat_emulation',
'num_files': 3,
- 'title': u'Check Point Threat Emulation',
- 'version': '20200608.v.0.0.3a',
- 'version.min_required': '1.2.8b8',
- 'version.packaged': '1.4.0p38'}
\ No newline at end of file
+ 'title': 'Check Point Threat Emulation',
+ 'version': '20210827.v.0.0.3a',
+ 'version.min_required': '2.0.0',
+ 'version.packaged': '2021.07.14',
+ 'version.usable_until': None}
\ No newline at end of file
diff --git a/web/plugins/metrics/checkpoint_threat_emulation.py b/web/plugins/metrics/checkpoint_threat_emulation.py
index e19c013..fe66658 100644
--- a/web/plugins/metrics/checkpoint_threat_emulation.py
+++ b/web/plugins/metrics/checkpoint_threat_emulation.py
@@ -1,5 +1,5 @@
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
#
# License: GNU General Public License v2
#
@@ -11,6 +11,14 @@
# checkpoint_threat_emulation
#
+from cmk.gui.i18n import _
+
+from cmk.gui.plugins.metrics import (
+ metric_info,
+ graph_info,
+ perfometer_info,
+)
+
metric_info['checkpoint_threat_emulation_remaining_quota_on_cloud'] = {
'title': _('Remaining quota on cloud'),
'unit': 'count',
@@ -75,24 +83,7 @@ metric_info['checkpoint_threat_emulation_peak_queue_size_current'] = {
'color': '25/a',
}
-check_metrics['check_mk-checkpoint_threat_emulation'] = {
- 'remaining_quota_on_cloud': {'name': 'checkpoint_threat_emulation_remaining_quota_on_cloud', },
- 'monthly_quota_on_cloud_used': {'name': 'checkpoint_threat_emulation_monthly_quota_on_cloud_used', },
- 'current_files_waiting_for_emulation': {
- 'name': 'checkpoint_threat_emulation_current_files_waiting_for_emulation', },
- 'scanned_files_current': {'name': 'checkpoint_threat_emulation_scanned_files_current', },
- 'malicious_files_detected_current': {'name': 'checkpoint_threat_emulation_malicious_files_detected_current', },
- 'files_scanned_by_threat_cloud_current': {
- 'name': 'checkpoint_threat_emulation_files_scanned_by_threat_cloud_current', },
- 'malicious_files_detected_by_threat_cloud_current': {
- 'name': 'checkpoint_threat_emulation_malicious_files_detected_by_threat_cloud_current', },
- 'average_process_time_current': {'name': 'checkpoint_threat_emulation_average_process_time_current', },
- 'average_emulated_file_size_current': {'name': 'checkpoint_threat_emulation_average_emulated_file_size_current', },
- 'average_queue_size_current': {'name': 'checkpoint_threat_emulation_average_queue_size_current', },
- 'peak_queue_size_current': {'name': 'checkpoint_threat_emulation_peak_queue_size_current', },
-}
-
-graph_info.append({
+graph_info['checkpoint_threat_emulation_remaining_quota_on_cloud'] = {
'title': _('Check Point Threat Emulation remaining quota on cloud'),
'metrics': [
('checkpoint_threat_emulation_remaining_quota_on_cloud', 'line'),
@@ -101,8 +92,8 @@ graph_info.append({
('checkpoint_threat_emulation_remaining_quota_on_cloud:crit'),
('checkpoint_threat_emulation_remaining_quota_on_cloud:warn'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_monthly_quota_on_cloud_used'] = {
'title': _('Check Point Threat Emulation monthly used quota on cloud used'),
'metrics': [
('checkpoint_threat_emulation_monthly_quota_on_cloud_used', 'line'),
@@ -111,8 +102,8 @@ graph_info.append({
('checkpoint_threat_emulation_monthly_quota_on_cloud_used:crit'),
('checkpoint_threat_emulation_monthly_quota_on_cloud_used:warn'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_current_files_waiting_for_emulation'] = {
'title': _('Check Point Threat Emulation files waiting for emulation'),
'metrics': [
('checkpoint_threat_emulation_current_files_waiting_for_emulation', 'line'),
@@ -121,52 +112,52 @@ graph_info.append({
('checkpoint_threat_emulation_current_files_waiting_for_emulation:crit'),
('checkpoint_threat_emulation_current_files_waiting_for_emulation:warn'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_scanned_files_current'] = {
'title': _('Check Point Threat Emulation scanned files'),
'metrics': [
('checkpoint_threat_emulation_scanned_files_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_malicious_files_detected_current'] = {
'title': _('Check Point Threat Emulation malicious files detected'),
'metrics': [
('checkpoint_threat_emulation_malicious_files_detected_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_files_scanned_by_threat_cloud_current'] = {
'title': _('Check Point Threat Emulation files scanned by Threat Cloud'),
'metrics': [
('checkpoint_threat_emulation_files_scanned_by_threat_cloud_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_malicious_files_detected_by_threat_cloud_current'] = {
'title': _('Check Point Threat Emulation malicious files detected by Threat Cloud'),
'metrics': [
('checkpoint_threat_emulation_malicious_files_detected_by_threat_cloud_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_average_process_time_current'] = {
'title': _('Check Point Threat Emulation average process time'),
'metrics': [
('checkpoint_threat_emulation_average_process_time_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_average_emulated_file_size_current'] = {
'title': _('Check Point Threat Emulation average emulated file size'),
'metrics': [
('checkpoint_threat_emulation_average_emulated_file_size_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_average_queue_size_current'] = {
'title': _('Check Point Threat Emulation average queue size'),
'metrics': [
('checkpoint_threat_emulation_average_queue_size_current', 'line'),
],
-})
-graph_info.append({
+}
+graph_info['checkpoint_threat_emulation_peak_queue_size_current'] = {
'title': _('Check Point Threat Emulation peak queue size'),
'metrics': [
('checkpoint_threat_emulation_peak_queue_size_current', 'line'),
],
-})
\ No newline at end of file
+}
diff --git a/web/plugins/wato/checkpoint_threat_emulation.py b/web/plugins/wato/checkpoint_threat_emulation.py
index d94e276..4071faf 100644
--- a/web/plugins/wato/checkpoint_threat_emulation.py
+++ b/web/plugins/wato/checkpoint_threat_emulation.py
@@ -1,11 +1,28 @@
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+#
-register_check_parameters(
- subgroup_applications,
- 'checkpoint_threat_emulation',
- _('Check Point Threat Emulation status'),
- Dictionary(
+from cmk.gui.i18n import _
+from cmk.gui.valuespec import (
+ Dictionary,
+ Tuple,
+ Integer,
+)
+
+from cmk.gui.plugins.wato import (
+ CheckParameterRulespecWithItem,
+ rulespec_registry,
+ RulespecGroupCheckParametersNetworking,
+)
+
+
+def _parameter_valuespec_checkpoint_threat_emulation():
+ return Dictionary(
elements=[
('used_monthly_quota_levels',
Tuple(
@@ -29,7 +46,14 @@ register_check_parameters(
Integer(title=_('Critical at'), default_value=10, unit=_('Files')),
])),
],
- ),
- None,
- match_type='dict',
-)
+ )
+
+
+rulespec_registry.register(
+ CheckParameterRulespecWithItem(
+ check_group_name='checkpoint_threat_emulation',
+ group=RulespecGroupCheckParametersNetworking,
+ match_type='dict',
+ parameter_valuespec=_parameter_valuespec_checkpoint_threat_emulation,
+ title=lambda: _('Check Point Threat Emulation status'),
+ ))
--
GitLab