lib/lita/handlers/alertlogic_threat_manager.rb
require 'lita'
# Lita Module
module Lita
# Plugin type Handler
module Handlers
# Alert Logic Threat Manager Routes
class AlertlogicThreatManager < Handler
config :api_auth
config :lm_api_url
config :tm_api_url
config :customer_api_url
config :incident_api_url
config :monitoring_api_url
config :customer_id
config :http_options, required: false, type: Hash, default: {}
namespace 'Alertlogic'
include ::AlertlogicHelper::Api
include ::AlertlogicHelper::Common
include ::AlertlogicHelper::Customer
include ::AlertlogicHelper::Appliances
include ::AlertlogicHelper::ThreatManager
# TM appliance routes
route(
/a(?:lertlogic)? tm appliances( (.+))?/i,
:tm_appliance_list,
help: {
t('help.tm.appliances.syntax') => t('help.tm.appliances.desc')
}
)
route(
/a(?:lertlogic)? tm applianceinfo? (.+)? (.+)?/i,
:tm_appliance_info,
help: {
t('help.tm.applianceinfo.syntax') => t('help.tm.applianceinfo.desc')
}
)
# Threat Policies route
route(
/a(?:lertlogic)? tm policies? (.+)?/i,
:tm_policies_list,
help: {
t('help.tm.policies.syntax') => t('help.tm.policies.desc')
}
)
# Threat hosts route
route(
/a(?:lertlogic)? tm hosts? (.+)?/i,
:tm_hosts_list,
help: {
t('help.tm.hosts.syntax') => t('help.tm.hosts.desc')
}
)
# Threat Protected hosts route
route(
/a(?:lertlogic)? protectedhosts status( (.+))?/i,
:protectedhosts_status,
help: {
t('help.tm.protectedhosts.status.syntax') => t('help.tm.protectedhosts.status.desc')
}
)
route(
/a(?:lertlogic)? protectedhosts list( (.+))?/i,
:protectedhosts_list,
help: {
t('help.tm.protectedhosts.list.syntax') => t('help.tm.protectedhosts.list.desc')
}
)
route(
/a(?:lertlogic)? protectedhosts search? (.+)? (.+)?/i,
:protectedhosts_search,
help: {
t('help.tm.protectedhosts.search.syntax') => t('help.tm.protectedhosts.search.desc')
}
)
# TM Data Definitions
def tm_appliance_info(response)
customer_id = valid_cid(response.match_data[1])
uuid = response.match_data[2]
return response.reply(t('validation.customer_id')) if customer_id.nil?
return response.reply(t('validation.uuid')) if uuid.nil?
response.reply(t('warn.standby'))
url_params = {
customer_id: customer_id,
api_type: 'tm',
source_type: 'appliances'
}
url = construct_api_url(url_params)
url = "#{url}/#{uuid}"
params = {
customer_id: customer_id,
url: url
}
appliance_info = pretty_json(
parse_json(
api_call(params)
)
)
reply_text = "/code #{appliance_info}"
response.reply(reply_text)
end
def tm_appliance_list(response)
customer_id = valid_cid(response.match_data[1])
return response.reply(t('validation.customer_id')) if customer_id.nil?
appliance_list = []
customers = get_customer_ids(customer_id)
return response.reply(customers) unless customers.is_a? Array
response.reply(t('warn.standby'))
customers.each do |cid|
params = {
customer_id: cid,
type: 'tm',
source: 'appliances'
}
resp = api_call(params)
appliance_list << process_appliances(resp, cid)
end
reply_text = appliance_list
response.reply(reply_text)
end
def tm_hosts_list(response)
customer_id = valid_cid(response.match_data[1])
response.reply(t('warn.standby'))
params = {
customer_id: customer_id,
type: 'tm',
source: 'hosts'
}
resp = parse_json(
api_call(params)
)
reply_text = process_tm_hosts(customer_id, resp)
if reply_text.length == 3
head = reply_text[0]
tables = reply_text[1]
summary = reply_text[2]
response.reply(head)
tables.each do |data, headers|
response.reply("/code #{build_table(data, headers)}")
end
response.reply(summary)
else
response.reply(reply_text)
end
end
def tm_policies_list(response)
customer_id = valid_cid(response.match_data[1])
response.reply(t('warn.standby'))
params = {
customer_id: customer_id,
type: 'tm',
source: 'policies'
}
resp = parse_json(
api_call(params)
)
reply_text = process_tm_policies(customer_id, resp)
if reply_text.length == 3
head = reply_text[0]
tables = reply_text[1]
summary = reply_text[2]
response.reply(head)
tables.each do |data, headers|
response.reply("/code #{build_table(data, headers)}")
end
response.reply(summary)
else
response.reply(reply_text)
end
end
def protectedhosts_list(response)
customer_id = valid_cid(response.match_data[1])
return response.reply(t('validation.customer_id')) if customer_id.nil?
response.reply(t('warn.standby'))
params = {
customer_id: customer_id,
type: 'tm',
source: 'protectedhosts'
}
resp = parse_json(api_call(params))
reply_text = process_protectedhosts_list(customer_id, resp)
if reply_text.length == 3
head = reply_text[0]
tables = reply_text[1]
summary = reply_text[2]
response.reply(head)
tables.each do |data, headers|
response.reply("/code #{build_table(data, headers)}")
end
response.reply(summary)
else
response.reply(reply_text)
end
end
def protectedhosts_status(response)
customer_id = valid_cid(response.match_data[1])
response.reply(t('warn.standby'))
params = {
customer_id: customer_id,
type: 'tm',
source: 'protectedhosts'
}
resp = parse_json(api_call(params))
return response.reply(t('validation.customer_id')) if customer_id.nil?
if resp['total_count'] == 0
reply_text = pretty_json(resp)
response.reply("/code #{reply_text}")
else
reply_text = process_protectedhosts(customer_id, resp)
response.reply(reply_text)
end
end
def protectedhosts_search(response)
customer_id = valid_cid(response.match_data[1])
term = response.match_data[2]
return response.reply(t('validation.customer_id')) if customer_id.nil?
response.reply(t('warn.standby'))
if valid_uuid?(term)
key = 'id'
else
key = 'name'
end
params = {
customer_id: customer_id,
type: 'tm',
source: 'protectedhosts'
}
resp = parse_json(api_call(params))
reply_text = search_phost_by_name(key, term, resp)
response.reply("/code #{reply_text}")
end
end
Lita.register_handler(AlertlogicThreatManager)
end
end