Contract(s) expiration nearing-checkpoint-all

discobot · July 25, 2019, 3:05pm

Contract(s) expiration nearing-checkpoint-all

Vendor: checkpoint

OS: all

Description:
Indeni will alert when a contract is about to expire. " +
"The threshold for the number of days before contract expiration can be adjusted by the user.

Remediation Steps:
Renew any contracts that need to be renewed.
||Make sure you have purchased the required contracts and have updated them in your management server. Review:
|Solution sk33089 on Check Point Support Center.

cpmds-cplic-print

name: cpmds-cplic-print
description: Get contract data via cplic for MDS
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: checkpoint
    vsx: true
    role-management: true
    mds: true
comments:
    contract-expiration:
        why: |
            To get information about contracts so we can alert before they expire
        how: |
            By running the Check point command "cplic print" for getting the contract information
        can-with-snmp: false
        can-with-syslog: false
    license-expiration:
        why: |
            To get information about licenses so we can alert before they expire
        how: |
            By running the Check point command "cplic print" for getting the contract information
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: cplic-print-mds.remote.1.bash
    parse:
        type: AWK
        file: cplic-print-mds.parser.1.awk

cross_vendor_contract_will_expire

package com.indeni.server.rules.library.crossvendor

import com.indeni.apidata.time.TimeSpan
import com.indeni.apidata.time.TimeSpan.TimePeriod
import com.indeni.ruleengine.expressions.conditions.{And, GreaterThan, LesserThan}
import com.indeni.ruleengine.expressions.core.{StatusTreeExpression, _}
import com.indeni.ruleengine.expressions.data.{SelectTagsExpression, _}
import com.indeni.ruleengine.expressions.math.PlusExpression
import com.indeni.ruleengine.expressions.utility.NowExpression
import com.indeni.server.common.data.conditions.True
import com.indeni.server.params.ParameterDefinition
import com.indeni.server.params.ParameterDefinition.UIType
import com.indeni.server.rules._
import com.indeni.server.rules.library.{ConditionalRemediationSteps, PerDeviceRule, RuleHelper}
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class CrossVendorContractWillExpireRule() extends PerDeviceRule with RuleHelper {

  private val highThresholdParameterName = "Ahead_Alerting_Threshold"
  private val highThresholdParameter = new ParameterDefinition(highThresholdParameterName,
    "",
    "Expiration Threshold",
    "How long before expiration should Indeni alert.",
    UIType.TIMESPAN,
    TimeSpan.fromDays(56))

  override val metadata: RuleMetadata = RuleMetadata.builder("cross_vendor_contract_will_expire", "Contract(s) expiration nearing",
    "Indeni will alert when a contract is about to expire. " +
      "The threshold for the number of days before contract expiration can be adjusted by the user.", AlertSeverity.WARN, categories = Set(RuleCategory.OngoingMaintenance), deviceCategory = DeviceCategory.AllDevices).configParameter(highThresholdParameter).build()

  override def expressionTree(context: RuleContext): StatusTreeExpression = {
    val actualValue = TimeSeriesExpression[Double]("contract-expiration").last.toTimeSpan(TimePeriod.SECOND)

    StatusTreeExpression(
      // Which objects to pull (normally, devices)
      SelectTagsExpression(context.metaDao, Set(DeviceKey), True),

      // What constitutes an issue
      StatusTreeExpression(

        // The additional tags we care about (we'll be including this in alert data)
        SelectTagsExpression(context.tsDao, Set("name"), withTagsCondition("contract-expiration")),

        StatusTreeExpression(
          // The time-series we check the test condition against:
          SelectTimeSeriesExpression[Double](context.tsDao, Set("contract-expiration"), denseOnly = false),

          // The condition which, if true, we have an issue. Checked against the time-series we've collected
          And(
            GreaterThan(
              actualValue,
              NowExpression()
            ),
            LesserThan(
              actualValue,
              PlusExpression[TimeSpan](NowExpression(), getParameterTimeSpanForTimeSeries(highThresholdParameter)))
          )

          // The Alert Item to add for this specific item
        ).withSecondaryInfo(
          scopableStringFormatExpression("${scope(\"name\")}"),
          scopableStringFormatExpression("Will expire on %s", timeSpanToDateExpression(actualValue)),
          title = "Affected Contracts"
        ).asCondition()
      ).withoutInfo().asCondition()

      // Details of the alert itself
    ).withRootInfo(
      getHeadline(),
      ConstantExpression("One or more contracts are about to expire. See the list below."),
      ConditionalRemediationSteps("Renew any contracts that need to be renewed.",
        RemediationStepCondition.VENDOR_CP ->
          """Make sure you have purchased the required contracts and have updated them in your management server. Review:
            |<a target="_blank" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk33089">Solution sk33089 on Check Point Support Center</a>.""".stripMargin,
        RemediationStepCondition.VENDOR_PANOS ->
          """Review this article on Palo Alto Networks Support Site:
            |<a target="_blank" href="https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/activate-licenses-and-subscriptions">Activate Licenses and Subscriptions</a>.""".stripMargin
      )
    )
  }
}