From fb1343007bb9b6d925c0d9195c44ed146fa0472a Mon Sep 17 00:00:00 2001
From: "th.l" <thl-cmk@outlook.com>
Date: Wed, 1 Sep 2021 20:30:39 +0200
Subject: [PATCH] update project
---
agent_based/checkpoint_threat_emulation.py | 287 +++++++++++++++++++++
checkpoint_threat_emulation.mkp | Bin 4877 -> 4873 bytes
packages/checkpoint_threat_emulation | 2 +-
3 files changed, 288 insertions(+), 1 deletion(-)
create mode 100644 agent_based/checkpoint_threat_emulation.py
diff --git a/agent_based/checkpoint_threat_emulation.py b/agent_based/checkpoint_threat_emulation.py
new file mode 100644
index 0000000..b48b94e
--- /dev/null
+++ b/agent_based/checkpoint_threat_emulation.py
@@ -0,0 +1,287 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL : https://thl-cmk.hopto.org
+# Date : 2018-03-14
+#
+# Monitor status of Check Point Threat Emulation
+#
+# 2018-05-02: fixed: monthly_quota_on_cloud_used = ''
+# 2018-05-30: removed 'unknown' OIDs
+# removed counters for last day, last week, last month
+# code cleanup
+# 2020-06-08: changed snmp-scan function
+# 2021-08-27: rewritten for CMK 2.0
+#
+# snmpwalk sample
+#
+# sample info
+#
+# [
+# [
+# [u'0%', u'0', u'up-to-date', u'Gateway is up to date.', u'1548979200', u'100000', u'100000', u'valid', u'ok',
+# u'Quota subscription is valid', u'990002053', u'0', u'ok', u'']
+# ],
+# [
+# [u'0', u'0', u'0', u'0', u'0', u'0', u'0', u'0']
+# ]
+# ]
+#
+# threat emulation not active
+# [[], []]
+#
+
+import time
+from dataclasses import dataclass
+from typing import List, Optional, Tuple
+
+from cmk.base.plugins.agent_based.agent_based_api.v1 import (
+ register,
+ Service,
+ Result,
+ check_levels,
+ State,
+ SNMPTree,
+ all_of,
+ startswith,
+ any_of,
+ equals,
+ Metric,
+)
+from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
+ DiscoveryResult,
+ CheckResult,
+ StringTable,
+)
+
+
+@dataclass
+class CheckpointTeStatus:
+ current_files_waiting_for_emulation: int
+ teUpdateStatus: str
+ teUpdateDesc: str
+ teSubscriptionExpDate: int
+ teSubscriptionExpDateStr: str
+ quota_on_cloud: int
+ remaining_quota_on_cloud: int
+ teSubscriptionStatus: str
+ teCloudSubscriptionStatus: str
+ teSubscriptionDesc: str
+ build: str
+ teStatusCode: int
+ teStatusShortDesc: str
+ teStatusLongDesc: str
+ metric_count: List[Tuple[str, int]]
+ monthly_quota_on_cloud_used: Optional[int] = None
+
+
+def parse_checkpoint_threat_emulation(string_table: List[StringTable]) -> Optional[CheckpointTeStatus]:
+ testatus, tecounter = string_table
+ try:
+ monthly_quota_on_cloud_used, current_files_waiting_for_emulation, teUpdateStatus, teUpdateDesc, \
+ teSubscriptionExpDate, quota_on_cloud, remaining_quota_on_cloud, teSubscriptionStatus, \
+ teCloudSubscriptionStatus, teSubscriptionDesc, build, teStatusCode, teStatusShortDesc, \
+ teStatusLongDesc = testatus[0]
+ except(IndexError, ValueError):
+ return
+
+ scanned_files, malicious_files_detected, files_scanned_by_threat_cloud, malicious_files_detected_by_threat_cloud, \
+ average_process_time, average_emulated_file_size, average_queue_size, peak_queue_size, = tecounter[0]
+
+ metric_count = [
+ ('scanned_files', int(scanned_files)),
+ ('malicious_files_detected', int(malicious_files_detected)),
+ ('files_scanned_by_threat_cloud', int(files_scanned_by_threat_cloud)),
+ ('malicious_files_detected_by_threat_cloud', int(malicious_files_detected_by_threat_cloud)),
+ ('average_process_time', int(average_process_time)),
+ ('average_emulated_file_size', int(average_emulated_file_size)),
+ ('average_queue_size', int(average_queue_size)),
+ ('peak_queue_size', int(peak_queue_size)),
+ ]
+
+ monthly_quota_on_cloud_used = monthly_quota_on_cloud_used.replace('%', '')
+
+ if teStatusCode != '3': # possible TE not activated
+ return CheckpointTeStatus(
+ monthly_quota_on_cloud_used=int(monthly_quota_on_cloud_used) if monthly_quota_on_cloud_used.isdigit() else None,
+ current_files_waiting_for_emulation=int(current_files_waiting_for_emulation),
+ teUpdateStatus=teUpdateStatus,
+ teUpdateDesc=teUpdateDesc,
+ teSubscriptionExpDate=int(teSubscriptionExpDate),
+ teSubscriptionExpDateStr=time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(teSubscriptionExpDate)),
+ quota_on_cloud=int(quota_on_cloud),
+ remaining_quota_on_cloud=int(remaining_quota_on_cloud),
+ teSubscriptionStatus=teSubscriptionStatus,
+ teCloudSubscriptionStatus=teCloudSubscriptionStatus,
+ teSubscriptionDesc=teSubscriptionDesc.replace('\n', ' '),
+ build=build,
+ teStatusCode=int(teStatusCode),
+ teStatusShortDesc=teStatusShortDesc,
+ teStatusLongDesc=teStatusLongDesc,
+ metric_count=metric_count
+ )
+
+
+def discovery_checkpoint_threat_emulation(section: CheckpointTeStatus) -> DiscoveryResult:
+ yield Service()
+
+
+def check_checkpoint_threat_emulation(params, section: CheckpointTeStatus) -> CheckResult:
+ yield Result(state=State.OK, summary=f'Subscription valid until: {section.teSubscriptionExpDateStr}')
+ yield Result(state=State.OK, summary=f'Build: {section.build}')
+
+ if section.teUpdateStatus != 'up-to-date':
+ yield Result(state=State.WARN, notice=f'Update status {section.teUpdateStatus}, {section.teUpdateDesc}')
+ if not section.teStatusCode == 0:
+ yield Result(state=State.WARN, notice=f'Status {section.teStatusShortDesc}, {section.teStatusLongDesc}')
+ if section.teSubscriptionStatus != 'valid':
+ yield Result(state=State.WARN, notice=f'Subscription status: {section.teCloudSubscriptionStatus}, {section.teSubscriptionDesc}')
+ if section.teCloudSubscriptionStatus != 'ok':
+ yield Result(state=State.WARN, notice=f'Cloud subscription status {section.teCloudSubscriptionStatus}')
+
+ for levels, metric, label, value in [
+ (params.get('used_monthly_quota_levels'), 'monthly_quota_on_cloud_used', 'Used quota on cloud', section.monthly_quota_on_cloud_used),
+ (params.get('remaining_quota_levels'), 'remaining_quota_on_cloud', 'Remaining quota on cloud', section.remaining_quota_on_cloud), # max: quota_on_cloud
+ (params.get('files_waiting_levels'), 'current_files_waiting_for_emulation', 'Current files waiting for emulation', section.current_files_waiting_for_emulation), # max: quota_on_cloud
+ ]:
+ if value:
+ yield from check_levels(
+ value=value,
+ label=label,
+ levels_upper=levels,
+ metric_name=metric,
+ render_func=lambda v: f'{v:.0f}'
+ )
+
+ for metric, value in section.metric_count:
+ yield Metric(
+ value=value,
+ name=f'checkpoint_threat_emulation_{metric}_current'
+ )
+
+
+register.snmp_section(
+ name='checkpoint_threat_emulation',
+ parse_function=parse_checkpoint_threat_emulation,
+ fetch=[
+ SNMPTree(
+ base='.1.3.6.1.4.1.2620.1.49', # CHECKPOINT-MIB::te (status)
+ oids=[
+ '3', # monthly_quota_on_cloud_used
+ '12', # current_files_waiting_for_emulation
+ '16', # teUpdateStatus
+ '17', # teUpdateDesc
+ '20', # teSubscriptionExpDate
+ '22', # quota_on_cloud
+ '23', # remaining_quota_on_cloud
+ '25', # teSubscriptionStatus
+ '26', # teCloudSubscriptionStatus
+ '27', # teSubscriptionDesc
+ '30', # build
+ '101', # teStatusCode
+ '102', # teStatusShortDesc
+ '103', # teStatusLongDesc
+ ]
+ ),
+ SNMPTree(
+ base='.1.3.6.1.4.1.2620.1.49', # CHECKPOINT-MIB::te (counter)
+ oids=[
+ '4.1', # scanned_files current
+ '5.1', # malicious_files_detected current
+ '6.1', # files_scanned_by_threat_cloud current
+ '7.1', # malicious_files_detected_by_threat_cloud current
+ '8.1', # average_process_time current
+ '9.1', # average_emulated_file_size current
+ '10.1', # average_queue_size current
+ '11.1', # peak_queue_size current
+ ]
+ ),
+
+ ],
+ detect=any_of(
+ startswith('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.2620'),
+ all_of(
+ equals('.1.3.6.1.2.1.1.2.0', '.1.3.6.1.4.1.8072.3.2.10'),
+ equals('.1.3.6.1.4.1.2620.1.6.1.0', 'SVN Foundation'),
+ )
+ )
+)
+
+register.check_plugin(
+ name='checkpoint_threat_emulation',
+ service_name='Threat Emulation status',
+ discovery_function=discovery_checkpoint_threat_emulation,
+ check_function=check_checkpoint_threat_emulation,
+ check_ruleset_name='checkpoint_threat_emulation',
+ check_default_parameters={
+ 'used_monthly_quota_levels': [90, 95],
+ 'remaining_quota_levels': [10000, 5000],
+ 'files_waiting_levels': [5, 10],
+ }
+)
+
+
+# Name Last Day Last Week Last Month
+# Scanned Files 0 0 0
+# Malicious Files Detected 0 0 0
+# Average Process Time 0 Sec 0 Sec 0 Sec
+# Average Emulated File Size 0 B 0 B 0 B
+# Average Queue Size 0 0 0
+# Peak Queue Size 0 0 0
+#
+# Scanned Files in the Last 7 Days: 0
+# Malicious Files Detected in the Last 7 Days: 0
+# Remaining Quota on Cloud: "Wait"
+# Monthly Quota on Cloud Used: NaN%
+
+# ('.1.3.6.1.4.1.2620.1.49.2.1', [
+# '1', #
+# '2', #
+# '3', #
+# '4', #
+# '5', #
+# '6', #
+# '7', #
+# '8', #
+# '9', #
+# '10', #
+# '11', #
+# ]),
+
+# if item == 'anaylsis':
+#
+# #
+# # sample te_analysis
+# #
+# # [[u'1', u'Image', u'1afbde2e-d593-45a8-a686-6cbd42f37823', u'', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
+# # [u'2', u'Image', u'1b0c5014-714d-47f3-9b10-0b7ee386e745', u'', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
+# # [u'3', u'Image', u'5e5de275-a103-4f67-b55b-47532918fa59', u'Win7,Office 2013,Adobe 11', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
+# # [u'4', u'Image', u'e50e99f3-5963-4573-af9e-e3f4750b55e2', u'WinXP,Office 2003/7,Adobe 9', u'0', u'0', u'0', u'0', u'0', u'0', u'0'],
+# # [u'5', u'Detection Rules', u'5e5de275-a103-4f67-b55b-47532918fa59', u'Win7,Office 2013,Adobe 11', u'56431', u'46960', u'Thu Mar 15 08:39:31 2018', u'0', u'0', u'0', u'0'],
+# # [u'6', u'Detection Rules', u'e50e99f3-5963-4573-af9e-e3f4750b55e2', u'WinXP,Office 2003/7,Adobe 9', u'56431', u'52602', u'Thu Mar 15 08:39:26 2018', u'0', u'0', u'0', u'0'],
+# # [u'7', u'Static Analysis Rules', u'496149D5-0689-472B-8F50-21DD409F0EC6', u'Static Analysis Detection Rules', u'53030', u'25049', u'Thu Mar 15 08:39:24 2018', u'0', u'0', u'0', u'0']]
+# #
+# # eher fuer inventory (?)
+# #
+#
+# te_analysis_1, te_analysis_2, te_analysis_3, te_analysis_4, te_analysis_5, te_analysis_6, te_analysis_7, \
+# te_analysis_8, te_analysis_9, te_analysis_10, te_analysis_11 = te_analysis[0]
+#
+# infotext = ''
+#
+# longoutput += '\nte_analysis_1 : %s (Status)' % te_analysis_1
+# longoutput += '\nte_analysis_2 : %s (Cloud or Local: Image --> local, Static Analysis Rules --> Cloud (??))' % te_analysis_2
+# longoutput += '\nte_analysis_3 : %s (UID)' % te_analysis_3
+# longoutput += '\nte_analysis_4 : %s (Name)' % te_analysis_4
+# longoutput += '\nte_analysis_5 : %s (Revision)' % te_analysis_5
+# longoutput += '\nte_analysis_6 : %s (Size in Bytes)' % te_analysis_6
+# longoutput += '\nte_analysis_7 : %s (Download Time)' % te_analysis_7
+# longoutput += '\nte_analysis_8 : %s' % te_analysis_8
+# longoutput += '\nte_analysis_9 : %s' % te_analysis_9
+# longoutput += '\nte_analysis_10: %s' % te_analysis_10
+# longoutput += '\nte_analysis_11: %s' % te_analysis_11
+#
+# state = 0
diff --git a/checkpoint_threat_emulation.mkp b/checkpoint_threat_emulation.mkp
index 8e12e71296e5c9a9e9fe85e46fb4ad31b6ee3062..c8426d7c431b694d19acba8674367f1bb704f8bc 100644
GIT binary patch
delta 4765
zcmajf_aoGe0|4O2-ka>bC5P<nJK;E+Ix{1joq6%GGcwL7>$P*P7iWg-m6eQavhHNO
z*<|zm6TZJZf5MX@oG47nlT1eT{hKt3G!2NlH2lvqPv#FteEgxDh3tDbjqtw@d1(Yx
zG)h%<g$71$pReUR4^CF|=rQuzuKZm&(-8R@n0>jsKayH=tLPtozwfaQnF|1BvhiCQ
zFS>oX75^JLQZqbTIWHKZ?cR|pSdB{S#ObabKaC6`vco#feGBPAP6ebt#GJ0jaD@OO
z3E@N^65O^%M@MP9JDa)Y3R`Pc#6A&FBxtuhkXY5O_vz-T<5}oF?_NH`5&Nq8!gX1@
zv-d($gUz%W-@w@{=`#!u9aQLrzt#8NiYF%(Jcv|wWO@fmn4?sQehzx?mRJ+DCzazX
zRHb8R&f+d|-xCmybR39E=Gc9jG`kMq@v%)l2ebB&h;dqPvZok2Ep4t1k}#Bf14`fI
zN<R-5Z;K0R;-9LqG@V%q6R;f}mko@T)oKdDaST!#TRx#E2o0%^ONLi6xPHr3okw-0
z^qmRR#Jgd6YY@~RObshm($3|fdP2dFP*&h=PWnn8uXDJ)RUnjWr*9?PIFp5t7J%w2
zgGU^y_Aa?h&!bOvF@1%z<Hh}a`<Iq~bZNW?0#;+vj1}*=obQqMJXb6C6L%cM*I0Ma
zwx)aa-a8(XYe0?wvb1-PqDmz?NlVPjy<hF9j_*J*`?%IOFSv=1J^P^G>6)laB$0e(
z;_e~?LQy#KRinWypRlRBDNB=pJU{qDcJaQejbEKg&ZK}dxQG5rX$wfcB}ck0mknEU
zB*QQ3%GTrnio1C~AUMPZ(ODzO3@9Zr>!;fj>OFRv8(`k}&8-IFE^6x5+<vEqAOqTO
z6^75NZs!7<Ru}Ji2+n5L$d>>O^D^pd?W;Mt+|Q>`829qqz+V&b;@-eLLGLwckG8wP
z=1)s9d%M>qU>b7tF;kJs$Tc;Xumf4UQtZ$z8xeL#C<<6~FWd8;D-rlLnu9OMN4i4~
z3Y1Q@6bZTt0Fo{ZT9Pl6&%Vjd<({beVrB6k1-o-1cUuTwh2Ndh=-x2GcGP929tBO3
zJ-2E?m9i(zy15*R#sXh`)}%dg^kALVoTSgju=Ydd$HJ-?wR*1|FAH^-J9P;&#nJ^)
z-(ez(Y)1zsg-pm`?j$0?!}UFzggTuy>j0isAv{`7bz{+yh~+Q1VwIb>{gr(pT_|^@
z7%zoZ@!o)^cwCM6u7(MO@kv*c8lFjWyLwh%vDt)|2^nB%2E51c$?5Vqh4R42STxfT
ze6Q}TBH@x|q!kghzf|ZJ|81hYG|PApQrKMxr=Q#wX-N_~v({SAEYBDZsn+R?))vdS
zAr23%Rp=%+i6rLdSu5Zkp89_GT9xxZaiQr1nIWK~+15?7^D;Q&`x^#>F4T}TV_6A<
zDgKC!gJnjJ2pE3y@D%d30$#KER-S0tt0;@~vfcGX$*gP&C~6DR4Nmc;O`NKMkp%}r
z>wvKRs@Vv-s3Dt@WtTN<t<xVRk2|`!YDtCAepu-kJ86UD`9F+c(1nJFPZ`@5NI2!2
z@6kk$UB{qPSK;<{+`)&Aps;gxx5djHrM+5(1QjZ0Ag?{LM~!_(@{Bybj-!s~i01?4
zK?#RHLXJdff8g>u?IQvH`BI=1Fw8K22wsn2{B;cX$^2a^I$>npDN^!S|IPWocC;9p
z7nChj0nBOvy-MtPJ;G*UPAVYd$FR$lF(Dc$4AaHxJvp_`9ZYKjD!ooDqsv%Pp-5H>
z6C`N@<{SI9UOfqHW|aHJpTyNO?)<dZniopE@LpDqbX2vIF246atS3T5_D28MB%6rE
zCPrjJ_@~sr3__!wI@@N3wZxF`KP=K(RwO|s>bk-*5+tE-quQb7({#hgEu=!Lq;g7q
zf>&X>NuX~06mxI7Ot9)}a;GMr96{V61tYH&5H;uiT3WM%rfQEj))HDZL;jq!fq%I#
zhe@lbZJ%)S!2QvHcaYlp8J=;T4CE6NOP?#-?$9UtW!lhtDsU5?mMzO=LDGfR%?{F4
zn!Cl1*ok}$`T{3s{sn!!;{w`)`&Sqb57cB~wJT)#r~^9eF;xxS*npN)WuFe>n=562
z?Co^+oqL;%;A&g+{zJBbsCOz9b%{fv$RPy1%cw(~>f-VdF5Mj<Flhj{SiH_F8-Lmk
zk&&{XXOXe#KsXbjel^ZUslRi4?KmzdV(e}p+gdeonU;PIp?Y<Ppx$fy9^<}9o9L0G
zO;ZB@w79MJh+5D2K@e#CtF28x_OlouP(AX)4`U(n$|CtE>@&qIbTZ&mmOMMo`h$h0
zEn=B7jbDox-MAURIrW~?rKaym{qoOP;XREe$1te3bfo88VP9%&jOFuP|I{C#SA^a6
zutpy}#s_whO+4{5^#yCkf$Y<c;doNN#Os5btcAHs6hi+>GcbZR+1g501g;1u7)|dG
zG9_tlMB))U)RIc5QUW`LL1oW-v{EoEH5s}khZ8*x5vqwMv(EeJrIq@2mx(rx+dt9Z
zhBz=5kQkKM3?WFpmr;sPSL)Q@iYacnTMi;O3Jtv^Y)H`}8hbXvXs)EB^&;EGeoW_H
zXkXgcYF!vTL(^E}Jezk3*#RQ^+A=f<O*;wu35+oukD1b`^j7wVW4wv|H|o*4B6dbS
zzb@qNdEZHgRbz7WCcnB5HLuAgU)9q7aQ|a3$0dj#9W%CGuJtQ!TWhFKg^B)?GQ*s}
zZ-R_FSNOstX&42Hn}Tq0?sbdh?wmclNoqE*lu(&B{FpIMu>GDhy$QG=zxX!t$0FrB
z1d$pny370ztKi$`JYnDGPaE|ndFlUqTxCwSZtXH@Zx^BbvF;Wk4siiknv?rKCvK{a
z3~(;jWhC*F*For+GQ)~@m@1KEK_=;<3KaEPF35IK>rhW}it<sZ>jcptR63NHI9L3;
zvC&~ci5P1~G&5?oYYBi{{Oo<^@LZ(wv*x10Fa@uzykk7E^xaso1WuC?N8D@(Hyrdj
zAOUlcw;?4sC}5UDUkEY6;BJx&*;G`$3fk0(CM=L30nTT%Vn$wXt|TKlgiZ>FYvy_I
zB;e|^Zv!&|zA`hoK76FvNrIwbIm;@Y@e-#rRiG&Hknoi{1q`PDdHycP`5*ednm1C0
z*3qK_`D|ooS#L)M;8R-_ja%7xh6>AeyFQ0J8@z<y`;ebGmjeuf<r&0OlI>4Yl3tFn
zJZ&k8{B*h(F=h5K&GZAmtkK1V9tn8r<-n)>8(4*Byi%OGM2ucn71C$u3OtHzw5Bv5
z9vq*8B15EpIRQ=}dOd=(10fTguh#umhv=7cscZ`j;FBecgY3nkrx9_8?Hlp4#==RC
z;_+u!SlTzt0GC0zec>JMYzNDu-mcbVzS0#gpUbO0SMszb-(^!J873(c>N8sW-lOU{
zIjX|!GYJm;K1>7Cz}-USm!sSNql^e@rS#%?t!eytIe-P}iSe5mW&248$c#E;s!9qg
zOM7XvC#go0DkoBU-e?onfSCV%(JMv%TL0)&(vG1#i=V^BnY+>14;!Z`2B3SoEgSPv
zN&2&oN2*>OMc8RM_(y*ZEMZ?HKv&z=e0F@YY<WS`4lb}-@HeOarD$vgkN#XTJFOb}
z^@BO20`RL}zA{sS)|APNkA3BwnaSFJO&<RE*U4^qhY{rdNQB#Bpfe};$xrG=xJboI
zmlU?t>5|k8GEFJNeo92_WMpRS(t!GS56AQ^>$FRv>b&oE{cT-8>(oW8_w?Q_rMB|m
zr@FYT)j>Cu0>lWtoOpteqZ~)L2$#RyntD{v3xKtWz?Qf?6Of#H^JHuv|D<^T0f}MP
zC-&;ZQ;{`~su2f-9i<eEIZ42|9{u>?O}#~Yshk}6qJpZC=tO4W_$|Q?RKXfo1a$rT
z%7nB%Z+qG5%83H&<H`jBpM+0lN9xCUBno1Zxc5s9L^vU?x-|iLrZol*3TAkB>xGyT
z(CJzcRZGMg(*Ajk`Ci)TE*>H`=&%{Cqun7{W=+l%3~sL4)rN=4xmRP&g>;qAE>n!d
zjdlumCt0T%Ab(O=j@c0`58n#6rELAZl<`V6iaY7m=1j5r8y2HO&0(<Z)Jw-0F5{S#
z7?s18l!(e<OD2bomFqmJ!3@8RLMs>nL{=e9+VyHkT)a^NdQ<x1T6%}|PF$ZzDt5=4
z&Xs&>#=_8p!@$R?a&m`K=&%2mNM&=D-}A7m3N_O|J+F(YemCga+q3tfj8>TzHks*^
zq!_!Nm2Qm|U;@l$u0~-0NoU>px{Km+E5vsZWF<1}-HxlOjfMhN735I!u@Ve0FKTUi
zHQEEq&HYW4?ah8=%^~F#U`W@cxB|PYh4cSRvUdaFKT-lDQ59UghUy|zau$l*WghuB
z0?Vrj*q=={@d<1GP;)`H>DDLrS2_A+>>}F2;};M7D*bn?`)fAL49^*h3=Mu4`%L)U
z_Jn8*w6v$7l*l4o2?OP1zA*yY0@!5v4`DE|vrLR^_R=)zXS>JE&*q`~e4(j0e>WPt
z`bjapRUX>LyNmDU(><@>%T;%of_)4vCYu@>I+Y{JI-hZ6)r)#*Xv<gfe#QJ9WR~Cd
z!Sn<s9z8f@A#r$AMmyLB;Va@nXl!lOB#d-Xx(-d@4Nb>|QxNq<&^%xP&zsMg!FA=7
zSSGosm_I!Ye<7f9H2kohwP>2CYl*c7OAqv+)PpC9M$^gyIitFuNAzE)44x1S@@?0u
zJtXIJGeGp~xEWUZoIE_FIcSAGsN>f#xuY2pE}+s!vS=2U|5F6)vp7$13_Cn|^sGxw
z!uJWg-?l7`qMUf`wgTYf2x2K(>xfB{VVciLnWqXVTZ56r@nE0QOMV$ErpNN(0>9C;
zq{FJZJ?9hV5)Maxrm|0_8n_RRDPvxM|HX_YG?_X<+4!7`9#C`i*Q)7HX;DfwPW)eP
z($)xmbS?oMX`H(U!1VRNHIIcEPvg1z9ohUIXyM^v*YO=>Y~o#b#C@5v`D6f>n(Wdw
z4?uJ?d;oAZfOfr+&RY;|jca8vc4zZXbSM5pYySL>(&7+~b<idb9zo0{EsX5rR4GeZ
zt#d|;c@rYTC7xOLIqYQq<hc=3^5TQd+V%Qa0EPA6SW$I2!QtD#mgp<Iy!x2HKp`XQ
z<>`^8LWC3XC-{{%eO{0g4xOe#W)m#gq4i^YW-f|VSM4#q*{bb#VUb>m{&2GZ<@P$)
z6dgQQ?2iHoLn9HZgkj^R3GIZN`XcWD`s?ci>(CtE<i?$Kc5xqnLVwzxv2Y@+8n_h-
zge?lO$>exlNR^x}<GC%^R5AO(RZy3goOUv{OK2w-w0^TiG!MxuIs9j|a#SCK<C%7>
z6t|0)I0!AcONw{)NLiD;*$+-U{KnUde&>`=0Tum1@p4A$Z@qjgu5C$B2=aiI(X3Gt
zg9Kh+Z8<iGUfL=r8yzkf9T9eR2xb9Mcx7(GoRfgki(~K{O<{RD`CT=g81m(s-P=Rs
zaA(1A#0nTmBz1-orF7lc5K_f2XpS{)ZWM`l)_q0#1|u4kE#EaR5tzWeuBGy0Ly&T|
zeaM8uD)M|dq~n#@Q^!!f%zY-@>{BOEl5SG@m#u~_)J@4_3$ms)3aZQ{OMoMZTYfpI
z$42o)TaO~khJU<YSnW7M_~d+--xyP70d2f@-d$`JCiU<xdZb<b;ZMd+za~2-`!La?
z>zb(?MU!-rDKe>((r8?s_B$XB9HzI$U~GENutQUIp2}FhsE=)EK*xB%g{*V~mwvUO
zm+svUe@4FBySLcCulxr42`t>Dd7lp7r72G=t=@Z_1IO3uOHW-vq4<n(U+S&6q8q;R
z#QC0h8^&W#=|9&mrK1(_!D(N!uT?`T@gWS9m#Ecs-N$GRV!*F-shJ)wvqFGGOy*B!
z94lQ(NAX}A3VH+B)Gm6sJYrAX-W}?$?!-A-nvO3byDp7WYwg7Wy=>lPAyV5Gt>0gK
z6CHo0^j+rLC4vmRONjf63{eW95VB#sl6P%SW|TNNqr=|ZbN%b+ih__DZ(OV7+FbRd
zr^6AkM~Dk8j?3WJ6oWx-VJW6A#`V`Gd~6SnrA(8+nmp6%dHIpJt1M_CB>>LsvyHe;
z%tAc<ZCkNBWpDt{n7+x3D><n2JVEZ*EE$Zxbx&GNDo}W<7NOuQa3a=7&>?q3!ZGq&
zL261ZSO?^VaL>%I-g_P4xz3Z8uTSX=()}RB67uz58<zRWzr_l#6s-G7S?&El1-E(0
TE&u-o$XPwkDcv6wKX~vzPCOpX
delta 4780
zcmZvc^*`K!<AB9Xo9<Jm8Pj9a)1AY#Gbg6a$+zyF?$a@*HqO*xrY2|FX~WowY3}>|
z_49dsetBN6=lKJkc<y9weAYw)0!K-{bo^8RexiNon%~G2^Gm9vHotCvSFBX-7Mnaa
z9mHl(T$W+K^T3JLY1#Vy>q!M+nvh4(-@sC;)y~miKYvHH`A}v=58(e9U4Dq@J<vS$
zVS8%({7IqT_7zK2;NKwKZT$6f+KIn?YN!(q&j2Qc7dW3@H@iA?p=9@^hr^9;&`2_%
zi)v5~M{BV4Y-eW&-xjr;;yP)$P?R}?g*V7<8J6{zeNk#Xbs^PlJ;?U><^<<C%k#!E
z;`Pz@FTa1~W4DkIBB>|P;D$975l}gpZ-i#4sOVxT6g^8&W*9t-1|c~ahFV|E_g&Cx
zcTk#gaPud&eZZ_Edb*o7`@WI-F{vB^p5EU5OYQ!LpTNC)_)?Dwj0xayGB4cj;rvDQ
zO5PBzZ|PexJU%O3t}C6UuPo*@`B&a}RJdLTRK4|7h0ePNZ^1T3h*ZPHP@^hB#w21}
z+AM#DQT*S*jY&?Q*c!b_MQhvWJ_%ZT;mXGq4s&Jtb?2q64X{DL3a|ZiK>Gv0T8N$s
zhUCqw-wn)@MC+{0ROBI=GODAtACIm<hBpys2ekvmza~ou*^e=%f8bvfpnE;|tR;}U
z7sC&i5Ax^T82G&u(S?msY@jO!h`X0ByTCwkQobx>zzocUyR1|aVwm2bH>5#efwggn
zN9&|<eu$vQuW?F00#n+<@)=;%9>PJ>uVkT@EU0M%k`QT8n~%e5`50v@HI_h(LME}W
zixH(X(R?$hLw*a6|1k*jv%&(4I>Z<da~lm$nrTNQdA)k%{!E(3<(Ue}v^9sI@Ovvu
zcK73H@Yabr@nkXKeN!yyMru2T`?~lurc;vn%LOLZxHo(?Amf6Sd=7vPJfuBH=v48C
z*t#%!0PkwbLd!@=%Q4_()-b2m1ur@Y*zzf+0=+5B<3(RM&iwaL;H7Q1A~MYB?)(l<
z|Di4n(W`LmgR=>(O+r&;hM%oT`}~gf#0izgkc5V_khswWCpk5W?FFn`I}HnKgo$9!
zdEpJ+-0g!B{_&K~0Dygk*q<_rj7Ar*iUf7T<mkEqfgh^R=GPE7Db8Dj#-yYawjp4t
z4MW?dPxYV5CU%4*KH@fF)8NR1>v}%hM3ukfyEuMHO{l&;u-r=S5Z~9lE9b2~teg%T
z{5(J)_$OJrS5^V`y@!(h^rgO$0(F$aa^k!(k(J5M@Uj$cz&6x1Xc!bR^`;@q)4g1Q
z_hR>B6}^!%G(m3gRIZd<FoK0*<NW>;mh|f?GVOcYul{UpuU+X*t2wdJFT-UK9A(pb
zo-|qq%~Ab48eAnO7V*J&v4))2#5bq59${2vSj4a7`lMwuD)a8AVb6b=Xx30Tq+tR*
zzD`60pZ(>`1NJ$yL&51b+^Wi46~kL1l7e;41Q~XZf2aEDAS}nOT?jgs<@lbQ2K;DK
zI(p0Kh%=cQmdv=pLRo1AUq3p?x5u2Xm^a+B;iR`JA;$V_?7l7d{Jdi)dSmW>8V7$>
zAVK!l{P+b=5(FLob4_*nhod%Q^2R1SvO6$UB}8_58X!hJ4LUkMmY8TeoAp_;^C0)9
z9~KY5jtmm7Ge4jrageen+>{oiTT_<WUVxH#uOyybvI^r4fB14}@sPpQw2|D8&(pbs
zSmXYoa#B*%6s#9vnfd$pbvKJ4sEyW>VV6H}H_As`JW{91aPU2(*s}DryFiQC*pLt1
zi=kqS1Mc8agQ?d2#P$i?+B#n3ws7@x=Vs^l=pow!C=WDAh5AKA$%tE2vqC;m3xgAs
zEIS~Wog{kRW`05U?N!!xIX|Ib%VWJ#ovJscT$<S-@l(~gw!|s9MfEIR-R2M_AVJ&S
zl;rdZC!nCFhCSnQ;?mvQ+!x1@V)-R|`9T5+P$>|_?r;p7q8xNVJ<}N4py5_%#Q8Ke
zWgQU+GFw(8XvpWSr^+CEtI`oG!WSjyzlt}CniWl0{S(-KIKtCJ0a<%Y2o`mMA!7{O
zYV%eq4o49z0!}h@B%ykV{6`7ijkhCN-MT_YZU{>L&H~GsF~|~PTe~D9(TdL|R@(_s
zV%!bvH8gh$x7qUq`K<*KU;XnVzp4?qpMCG3-s6wAivKJD_lZBXJyrVIMcN|AXf~24
zpbfG0oqhHJr|fOAXZ@78TFE<Ds=Y-WhoF5+;Nma=$5-bDT!3s~s=ru6w|FM|t+zS+
zjFtUwD*e#iBIA;O9{y|_E9D$@EVB}T(EL1|F3OlTjP(an?Dw@L&c?(@)gr5C%dlQ|
zsE)Q8ZcOvBplnZ*&sBV=S+G8$bD=|;MJ0+z*LiI3c?E;?sAa4j1W`?>vlQ+!aGt+n
zjWypW8w(=DZ^-z$!(8Mz^eC*i6pBjY#_Gayl_vo~q>(#^;xz*|!%sFTFHyiXUu(Gm
zcro)l^59O0wz=`GZilCPVa+TaFLmS~_Q>K4lbJV%3T~Hsir=pXJ)h%JX1an2=OKgb
z6HQAziYD>u<tXOspL{GtvfGq7SHuSd7}J#3qbE4b7zgjWQ19Syna7G=_lP6P!qd}J
zythoz1o<JEJT>0lQEmLKJ^4WVgVu^oabv%ZZaoNUHS$s7EOiDu)}Jf<QAIFb9B#3p
zlqD}4Lt5AB2mDo{?LkMqMBT2!h_5Hk4~k?q=N3jH>1BSiX&y)?+JAPeg|iF2P#N{%
zoPv_34!bP{f25Nm2(B-~R4+iTQg%V~*Tap^EEmU-s4`XN`BJ!%=qzv;az*2j^U?Hu
zQ=Sl4Gwu|FG+RBI3Z0y_SkIW3y1@Kb|EGYAu=-Vo+<9*EzH@q+BF8T)vs&{0=Fzg=
zt~*~Lhuc)+l+g!4ce;2Js<D8~MClF(E*cd|`&15I?tcoieEOH<f6CYl+^HeaqZcrP
zrqf@P)ap5JE+`ECaIgafL`0${xg~|`(#l3cfp`KOy+C^^x;i?fFGE+~B(lvTgGQm#
zrJsb@`mR9n^-v`D5V3n+M{dgU8flUY<@-xhN$S#%Y47k1b&|qJ(N4@@M}OVQLFV%V
z9CCzGVOKRJq}JQsEKQH*wj)A(PLBM$qrmMU=bo<s=lEmMh+u$}10;CBr&7OcOk3ej
zEjMSnZt**(=EVmxkr5g2lGVONZquWjL@5#S1HS9bL`21;j`O6z2$yyPtUCrN-a7nx
zlm6tr$XOznx;hszy&24ok)}QWshg)fw$}dgeMPkpYo(yd+d}k7I!RJRdxDnKHC%h1
z#D}QX^l^Hq`6V!v_Afd66533gO_Wmdso(-_(fMr<!jXn^fKo4u^KFj%w653Q2oh=G
zO4@BVLcT?Ro-ZUqcm6g$aF#8XQYZ;Iw_*Lw{~(jC-uv?Y`{AsOd?+j^w6+VlbrDqz
zZB%||DK$3gPYXA*KOM?eWSBGiK*^y~ZA?0($M7%A&<T+BWY~O`7+0i5nBVB#mSI~-
zQleqwm}dB@s*r!nRMkFv#L!$>)<7kimA{-Jo5ldn6uBSs$kLJD^mEi3%BjrFee*6(
zbv_lzmf@GskxgsjNW%x+$nXZJ1c)?FU?<D``{sRDRNwX^lS3tmHeB5|UoA}rY&#mz
zAXxJAPc6Vs4P&QQabw3L6Xk~5fK%V6wJF+L5X8S~?|e%&hvEW1>AHHp)oIEb%g((y
zji92Ghb_IAbqOINVs=$bP=u~_`zWIbbFDIniz31zH;!(Bpd6crussndj+Cmo6|Nbh
z3~1Vza=dkj7p^!VT&-E2ql@uP(Q+W>>rI{H@BmT@brDp1i%{C)#Zhhb_K8X{h+<L<
zLDI(|iE;>Z#=V>{R;A1&4n>+9swH7TwXfGVXO@Lr=%TeK<)>B~hUi&6zH+Q5QE`SQ
zp>-Ibgu4zcJJ&dcU}@xwyZrvVZn#a40!*#9d(T72Qoj{<ja;jG6WEp@bvHB{VrX{)
z2#2&}?2&3NynS4f)chS`J|{+l!9TQd?Ffa?FcYM}gU#R_X(}`YIeHrx6KJm5Ov!tk
z<ZeC}+i?n=v9PJtOz=H8V=B2RoROU?7p~z-Szvm)EwLc@_)7ad)8x^a!xD25(Oz`y
zbH-19{ymOol+2#`7RAneW8Y6rg)1TgP*Z_LL};n<^EKi{EsZ{0<LG%55;US+Vj)2n
zL!?FIdSf=|OPd+tJCjTT3xe5IwsFde`ug0TlG$sG`sK59ntyiOu>EQT$D85jIzbf+
zk<$tc<4%b^J>oIoq8`4MF#$Gj3+~X6SCcu?MtfCt|FYn}Y<TZCX7q=|bWDB%i{wfU
z;$Z_l0nj|vMs2G6ntWxWW`m}R^PEVysMrq%{#EhwW=V^s-CVX%uP*qV9pY6LP45I`
zSeWjC1V`tELT;!oJ+#jArRtpIcifNXaQMQQh;eE2tJ50wXEi={5C256R3&s{w2M!$
zH}!XBn&Yg#Rp%b_$mL~^E22sP)J^0`Sb|po6WE6w>&K%5sC^PojH)%AtKh#<!vh{8
zC;s-@C&t~D?jcPDE6S(L-*+aMyCCI8X+82R(EF3T+M38|dS?ruGHEThuFTcRDa7wi
zH6%oa*U?}pEXGA&(bwoGRlsEmWf*x#xrM#{l%!8ol{LjbRY^{MA#4Jew4%rY=*H73
zNAfC)br=^R@&)3pBZ`vJoG;G5QL34@c}dpRBHC2nZ+^gs2+P$HhPDew*nl5mz`$`C
zVK%GU;d30IU=!@dkZp^TqC906^qBJbMD{{l{6wxkY8QVUwB}QQWv>!eb_Yt+dCrh|
zAsC^c@j@Q6@^rXVDg!{;iUx-UnXcQ4Z%#QedqRzEr#%MyA%b$qAbeI^-X;;IW(Kq>
z5>7%SZ~czL%&kBXY^^+Wm;~}<hnt1ZH&J||*vP5|NtA(dW>O0L3_mBC8Wm8uRu1Mr
zQyP}TW|WMx3(BmBrnP{={}+J&h*zvg+`^FdAXe$0C``>|;-!3DRpaMN`3Hi9BgRGC
zrQXvAwI5TlA!`o@`YMxt=i_dFfjbH`PcO!6e6;54QF;+8DfZDJeRow(EAdUnn_YMN
z>OCkp)rQ%L#`~Jaw=4G#sn4Gz{?P9kMO7VyfBrQ9SGJ^)m3q1Wx_Y}US|PwBNa*uv
zrbJI%5{O5`{Y$&d9M7j~XBNJT!nl=^)F+)MR06y^Gpq?yZB$J1AuEc*oeujn-l2^>
zWL>-mUh%m%$M%xa6xQs=1^KfZ$r7%d9Dmt-cP;I_We`f*p>@$LO4~X2z6FU3D7C@S
zfv7h?h0c?C{eTZtX+Z?;$6(lz$mqM7Ss`Q`(rv(luyT+4vZjAs!>`xj9slwsI$?iF
zjz-{xNoND)-81@f_Sdp=gv{9l^{gCjC%mpk>C#*V@@zatu8&GK{Cl;cq{t}bWT}^p
zp-Rmr3w7?zISnHq)G9ZhG!85`x6Dyv^>!8rJX#{>SvZ(6_l=l*pFoE`;)0WK&Y#%!
z7nV?c%aQ7QkLHZlMtel7FD~O;ZbkwJVDP@fndA}}TATXH{23LU@CN%NnM>nSI?PM+
z#JSbTuMXvN%`z3MWO17=%N~oIgUjXnjBCp05S@i>nFCNk3*ne@zHc>s`xgpj5iCHi
zW^vS!-?hfdZK62cyL+RSV3kbl`7)=hJ{5lS8tG6od5&1pY-Gq=vAo{bbOD;62A8sX
z9;5jQ32A+w+i`lA&yXB#9<mwrhA2Jb+tq5eWMBQll9%z^E)^jhA>t(h;xo!JIk1eI
z9Cd%&ZvR5IIn%(RB3Y2}7C(Z&ZW%aUlU;q#i)6)n>4y2_jZu?`$)C6Ye9QGNfS=)O
z4-c=uVm_cSi(f=OjDT~3V_csL-)%oZ=naxdj_0S@1lgfbffQZry+J=4R`!s}T;D&K
z4X56b342T9@n0oUt@b3ZC!CNiI3%tmWoJ%K1B7?5q8;kuf#1j{$NJz3dEiBq@Qto8
zNoz*nueIABfOpirp<>;m4I$~@{WPNO(OM*j?#vUYbInY1Z{nwH50Heekrztp+>>6B
zq{Sr08o5}my}E`=bmBXMK7LG-j@Z5K$=0}u!ukUOLG*vk4zjb&M$f5rl0o8!LVGUm
zdx2Ik%YfulMWVG%!7I?`F~GfWs}82@w5(SFX%+b^YLa6e=$}?rAV?CTW>tXFnq0EB
z*wr$+Gu`gmI6V2v&XlJIC;eR+FSVdA+3TEsi~wgiJ7^WGxV=+5dqa$Ytr%Odec)>m
wZ0?)2`q9#t@&&(};VY7nw)-kWpnLgU`Nn^Zfcd}t|8=9+1)1uPRf>i6e|DZQQ~&?~
diff --git a/packages/checkpoint_threat_emulation b/packages/checkpoint_threat_emulation
index ffce644..2d9384b 100644
--- a/packages/checkpoint_threat_emulation
+++ b/packages/checkpoint_threat_emulation
@@ -9,7 +9,7 @@
'warn on: status, update status, subscription and cloud '
'subscription\n',
'download_url': 'https://thl-cmk.hopto.org',
- 'files': {'agent_based': ['utils/checkpoint_threat_emulation.py'],
+ 'files': {'agent_based': ['checkpoint_threat_emulation.py'],
'web': ['plugins/metrics/checkpoint_threat_emulation.py',
'plugins/wato/checkpoint_threat_emulation.py']},
'name': 'checkpoint_threat_emulation',
--
GitLab