Delete checkpoint_threat_emulation

cfc40d42 · thl-cmk · ac1fe4d5 · ac1fe4d5
Commit cfc40d42 authored 3 years ago by thl-cmk
--- a/checks/checkpoint_threat_emulation
+++ b/checks/checkpoint_threat_emulation
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
-#
-# License: GNU General Public License v2
-#
-# Author: thl-cmk[at]outlook[dot]com
-# URL   : https://thl-cmk.hopto.org
-# Date  : 2018-03-14
-#
-# Monitor status of Check Point Threat Emulation
-#
-# 2018-05-02: fixed: monthly_quota_on_cloud_used = ''
-# 2018-05-30: removed 'unknown' OIDs
-#             removed counters for last day, last week, last month
-#             code cleanup
-# 2020-06-08: changed snmp-scan function
-#
-# snmpwalk sample
-#
-# sample info
-#
-# [
-#  [
-#   [u'0%', u'0', u'up-to-date', u'Gateway is up to date.', u'1548979200', u'100000', u'100000', u'valid', u'ok',
-#    u'Quota subscription is valid', u'990002053', u'0', u'ok', u'']
-#   ],
-#  [
-#   [u'0', u'0', u'0', u'0', u'0', u'0', u'0', u'0']
-#  ]
-# ]
-#
-# threat emulation not active
-# [[], []]
-#
-factory_settings['checkpoint_threat_emulation_defaults'] = {
-    'used_monthly_quota_levels': [90, 95],
-    'remaining_quota_levels': [10000, 5000],
-    'files_waiting_levels': [5, 10],
-}
-def inventory_checkpoint_threat_emulation(info):
-    if len(info) == 2:
-        testatus, tecounter = info
-        if len(testatus) == 1 and len(tecounter) == 1:
-            teStatusCode = testatus[0][11]
-            if teStatusCode != '3':  # possible TE not activated
-                return [(None, None)]
-def check_checkpoint_threat_emulation(item, params, info):
-    if len(info) == 2:
-        testatus, tecounter = info
-        if len(testatus) == 1 and len(tecounter) == 1:
-            infotext = ''
-            longoutput = ''
-            perfdata = []
-            state = 0
-            now_time = time.time()
-            monthly_quota_on_cloud_used, current_files_waiting_for_emulation, teUpdateStatus, teUpdateDesc, \
-            teSubscriptionExpDate, quota_on_cloud, remaining_quota_on_cloud, teSubscriptionStatus, \
-            teCloudSubscriptionStatus, teSubscriptionDesc, build, teStatusCode, teStatusShortDesc, \
-            teStatusLongDesc = testatus[0]
-            monthly_quota_on_cloud_used = monthly_quota_on_cloud_used.replace('%', '')
-            if monthly_quota_on_cloud_used.isdigit():
-                monthly_quota_on_cloud_used = int(monthly_quota_on_cloud_used)
-            else:
-                monthly_quota_on_cloud_used = 0
-            current_files_waiting_for_emulation = int(current_files_waiting_for_emulation)
-            quota_on_cloud = int(quota_on_cloud)
-            remaining_quota_on_cloud = int(remaining_quota_on_cloud)
-            infotext += 'Subscription valid until: %s' % time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(int(teSubscriptionExpDate)))
-            infotext += ', Build: %s' % build
-            counternames = ['scanned_files',
-                            'malicious_files_detected',
-                            'files_scanned_by_threat_cloud',
-                            'malicious_files_detected_by_threat_cloud',
-                            'average_process_time',
-                            'average_emulated_file_size',
-                            'average_queue_size',
-                            'peak_queue_size',
-                            ]
-            counters = tecounter[0]
-            for j in range(0, 8, 1):
-                perfdata.append(('%s_%s' % (counternames[j], 'current'), int(counters[j])))
-            if teUpdateStatus != 'up-to-date':
-                yield 1, 'Update status %s, %s' % (teUpdateStatus, teUpdateDesc.replace('\n', ' '))
-            if not int(teStatusCode) == 0:
-                yield 1, 'Status %s, %s' % (teStatusShortDesc, teStatusLongDesc)
-            if teSubscriptionStatus != 'valid':
-                yield 1, 'Subscription status: %s, %s' % (teSubscriptionStatus, teSubscriptionDesc)
-            if teCloudSubscriptionStatus != 'ok':
-                yield 1, 'Cloud subscriptionstatus %s' % teCloudSubscriptionStatus
-            warn, crit = params.get('used_monthly_quota_levels')
-            perfdata.append(('monthly_quota_on_cloud_used', monthly_quota_on_cloud_used, warn, crit, 0, 100))
-            if monthly_quota_on_cloud_used >= crit:
-                yield 2, 'Used quota on cloud %d%% >= %d%%' % (monthly_quota_on_cloud_used, crit)
-            elif monthly_quota_on_cloud_used >= warn:
-                yield 1, 'Used quota on cloud %d%% >= %d%%' % (monthly_quota_on_cloud_used, warn)
-            warn, crit = params.get('remaining_quota_levels')
-            perfdata.append(('remaining_quota_on_cloud',remaining_quota_on_cloud, warn, crit, 0, quota_on_cloud))
-            if remaining_quota_on_cloud <= crit:
-                yield 2, 'Remaining quota on cloud %d <= %d' % (remaining_quota_on_cloud, crit)
-            elif remaining_quota_on_cloud <= warn:
-                yield 1, 'Remaining quota on cloud %d <= %d' % (remaining_quota_on_cloud, warn)
-            warn, crit = params.get('files_waiting_levels')
-            perfdata.append(('current_files_waiting_for_emulation', current_files_waiting_for_emulation, warn, crit))
-            if current_files_waiting_for_emulation >= crit:
-                yield 2, 'Current files waiting for emulation %d >= %d' % (current_files_waiting_for_emulation, crit)
-            elif current_files_waiting_for_emulation >= warn:
-                yield 1, 'Current files waiting for emulation %d >= %d' % (current_files_waiting_for_emulation, warn)
-            yield state, infotext + longoutput, perfdata
-check_info['checkpoint_threat_emulation'] = {
-    'check_function'         : check_checkpoint_threat_emulation,
-    'inventory_function'     : inventory_checkpoint_threat_emulation,
-    'service_description'    : 'Threat Emulation status',
-    'has_perfdata'           : True,
-    'snmp_scan_function': lambda oid: (oid('.1.3.6.1.2.1.1.2.0').startswith('.1.3.6.1.4.1.2620.1.6.123.1') or
-                                       oid('.1.3.6.1.2.1.1.2.0').startswith('.1.3.6.1.4.1.8072.3.2.10')) and
-                                      oid('.1.3.6.1.4.1.2620.1.6.1.0', '').lower().startswith('svn foundation'),    'group'                  : 'checkpoint_threat_emulation',
-    'default_levels_variable': 'checkpoint_threat_emulation_defaults',
-    'snmp_info'              : [('.1.3.6.1.4.1.2620.1.49', [  # CHECKPOINT-MIB::te (status)
-                                  '3',    # monthly_quota_on_cloud_used
-                                  '12',   # current_files_waiting_for_emulation
-                                  '16',   # teUpdateStatus
-                                  '17',   # teUpdateDesc
-                                  '20',   # teSubscriptionExpDate
-                                  '22',   # quota_on_cloud
-                                  '23',   # remaining_quota_on_cloud
-                                  '25',   # teSubscriptionStatus
-                                  '26',   # teCloudSubscriptionStatus
-                                  '27',   # teSubscriptionDesc
-                                  '30',   # build
-                                  '101',  # teStatusCode
-                                  '102',  # teStatusShortDesc
-                                  '103',  # teStatusLongDesc
-                                ]),
-                                ('.1.3.6.1.4.1.2620.1.49', [  # CHECKPOINT-MIB::te (counter)
-                                    '4.1',   # scanned_files current
-                                    '5.1',   # malicious_files_detected current
-                                    '6.1',   # files_scanned_by_threat_cloud current
-                                    '7.1',   # malicious_files_detected_by_threat_cloud current
-                                    '8.1',   # average_process_time current
-                                    '9.1',   # average_emulated_file_size current
-                                    '10.1',  # average_queue_size current
-                                    '11.1',  # peak_queue_size current
-                                 ]),
-                                # ('.1.3.6.1.4.1.2620.1.49.4', [  # scanned_files
-                                #   '1',   # current
-                                #   '2',   # last_day
-                                #   '3',   # last_week
-                                #   '4',   # last_month
-                                # ]),
-                                # ('.1.3.6.1.4.1.2620.1.49.5', [  # malicious_files_detected
-                                #   '1',  # current
-                                #   '2',  # last_day
-                                #   '3',  # last_week
-                                #   '4',  # last_month
-                                # ]),
-                                # ('.1.3.6.1.4.1.2620.1.49.6', [  # files_scanned_by_threat_cloud
-                                #   '1',   # current
-                                #   '2',   # last_day
-                                #   '3',   # last_week
-                                #   '4',   # last_month
-                                # ]),
-                                # ('.1.3.6.1.4.1.2620.1.49.7', [  # malicious_files_detected_by_threat_cloud
-                                #   '1',   # current
-                                #   '2',   # last_day
-                                #   '3',   # last_week
-                                #   '4',   # last_month
-                                # ]),
-                                # ('.1.3.6.1.4.1.2620.1.49.8', [  # average_process_time
-                                #   '1',   # current
-                                #   '2',   # last_day
-                                #   '3',   # last_week
-                                #   '4',   # last_month
-                                # ]),
-                                # ('.1.3.6.1.4.1.2620.1.49.9', [  # average_emulated_file_size
-                                #   '1',   # current
-                                #   '2',   # last_day
-                                #   '3',   # last_week
-                                #   '4',   # last_month
-                                # ]),
-                                # ('.1.3.6.1.4.1.2620.1.49.10', [  # average_queue_size
-                                #   '1',   # current
-                                #   '2',   # last_day
-                                #   '3',   # last_week
-                                #   '4',   # last_month
-                                # ]),
-                                # ('.1.3.6.1.4.1.2620.1.49.11', [  # peak_queue_size
-                                #   '1',   # current
-                                #   '2',   # last_day
-                                #   '3',   # last_week
-                                #   '4',   # last_month
-                                # ]),
-                                ]
-}
-# Name Last Day Last Week Last Month
-# Scanned Files 0 0 0
-# Malicious Files Detected 0 0 0
-# Average Process Time 0 Sec 0 Sec 0 Sec
-# Average Emulated File Size 0 B 0 B 0 B
-# Average Queue Size 0 0 0
-# Peak Queue Size 0 0 0
-#
-# Scanned Files in the Last 7 Days: 0
-# Malicious Files Detected in the Last 7 Days: 0
-# Remaining Quota on Cloud: "Wait"
-# Monthly Quota on Cloud Used: NaN%
-# ('.1.3.6.1.4.1.2620.1.49.2.1', [
-#   '1',  #
-#   '2',  #
-#   '3',  #
-#   '4',  #
-#   '5',  #
-#   '6',  #
-#   '7',  #
-#   '8',  #
-#   '9',  #
-#   '10',  #
-#   '11',  #
-#   ]),
-# if item == 'anaylsis':
-#
-#     #
-#     # sample te_analysis
-#     #
-#     # [[u'1', u'Image', u'1afbde2e-d593-45a8-a686-6cbd42f37823', u'', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
-#     #  [u'2', u'Image', u'1b0c5014-714d-47f3-9b10-0b7ee386e745', u'', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
-#     #  [u'3', u'Image', u'5e5de275-a103-4f67-b55b-47532918fa59', u'Win7,Office 2013,Adobe 11', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
-#     #  [u'4', u'Image', u'e50e99f3-5963-4573-af9e-e3f4750b55e2', u'WinXP,Office 2003/7,Adobe 9', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
-#     #  [u'5', u'Detection Rules', u'5e5de275-a103-4f67-b55b-47532918fa59', u'Win7,Office 2013,Adobe 11', u'56431', u'46960', u'Thu Mar 15 08:39:31 2018', u'0', u'0', u'0', u'0'],
-#     #  [u'6', u'Detection Rules', u'e50e99f3-5963-4573-af9e-e3f4750b55e2', u'WinXP,Office 2003/7,Adobe 9', u'56431', u'52602', u'Thu Mar 15 08:39:26 2018', u'0', u'0', u'0', u'0'],
-#     #  [u'7', u'Static Analysis Rules', u'496149D5-0689-472B-8F50-21DD409F0EC6', u'Static Analysis Detection Rules', u'53030', u'25049', u'Thu Mar 15 08:39:24 2018', u'0', u'0', u'0', u'0']]
-#     #
-#     #  eher fuer inventory (?)
-#     #
-#
-#     te_analysis_1, te_analysis_2, te_analysis_3, te_analysis_4, te_analysis_5, te_analysis_6, te_analysis_7, \
-#     te_analysis_8, te_analysis_9, te_analysis_10, te_analysis_11 = te_analysis[0]
-#
-#     infotext = ''
-#
-#     longoutput += '\nte_analysis_1 : %s (Status)' % te_analysis_1
-#     longoutput += '\nte_analysis_2 : %s (Cloud or Local: Image --> local, Static Analysis Rules --> Cloud (??))' % te_analysis_2
-#     longoutput += '\nte_analysis_3 : %s (UID)' % te_analysis_3
-#     longoutput += '\nte_analysis_4 : %s (Name)' % te_analysis_4
-#     longoutput += '\nte_analysis_5 : %s (Revision)' % te_analysis_5
-#     longoutput += '\nte_analysis_6 : %s (Size in Bytes)' % te_analysis_6
-#     longoutput += '\nte_analysis_7 : %s (Download Time)' % te_analysis_7
-#     longoutput += '\nte_analysis_8 : %s' % te_analysis_8
-#     longoutput += '\nte_analysis_9 : %s' % te_analysis_9
-#     longoutput += '\nte_analysis_10: %s' % te_analysis_10
-#     longoutput += '\nte_analysis_11: %s' % te_analysis_11
-#
-#     state = 0