Contract(s) expiration nearing-checkpoint-False

error
false
checkpoint
ongoing-maintenance
Contract(s) expiration nearing-checkpoint-False
0

#1

Contract(s) expiration nearing-checkpoint-False

Vendor: checkpoint

OS: False

Description:
Indeni will alert when a contract is about to expire. " +
"The threshold for the number of days before contract expiration can be adjusted by the user.

Remediation Steps:
Renew any contracts that need to be renewed.
||Make sure you have purchased the required contracts and have updated them in your management server. Review:
|Solution sk33089 on Check Point Support Center.

cpmds-cplic-print

#! META
name: cpmds-cplic-print
description: get contract data via cplic for MDS
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: checkpoint
    vsx: true
    role-management: true
    mds: true

#! COMMENTS
contract-expiration:
    skip-documentation: true

license-expiration:
    skip-documentation: true

#! REMOTE::SSH
COLUMNS=150 && export COLUMNS && ${nice-path} -n 15 mdsstat |grep CMA | awk '{gsub(/\|/,"",$3); print $3}' | while read name; do mdsenv $name && ${nice-path} -n 15 mdsstat $name && ${nice-path} -n 15 cplic print; done

#! PARSER::AWK

############
# Why: Get information about contracts so we can alert before they expire.
# How: Use "cplic print"
###########

function addVsTags(tags) {
	tags["vs.ip"] = vsIp
    tags["vs.name"] = vsName
}

function dumpContracts() {
	addVsTags(contracttags)
	writeDoubleMetricWithLiveConfig("contract-expiration", contracttags, "gauge", "3600", contractexpiration, "Support Contract Expiration", "date", "")
}

function dumpLicenseExpr() {
	addVsTags(t)
	writeDoubleMetricWithLiveConfig("license-expiration", t, "gauge", 3600, date(yyyy, mm, dd), "License Expiration", "date", "name")
}

# | CMA |MDM-VSX_Management_Server | 10.10.6.14      | up 1531    | up 1616  | up 1493  | up 1720  |
/^\| CMA \|/ {
	vsName=$3
	vsIp=$5
	
	# Remove starting "|"
	gsub(/\|/,"",vsName)
}



# 1  | 38IH618   | 30Apr2017  | CPSB-ABOT-M-1Y
/^\d{1,2}  \| / {
    ddmmmyyyy = $5
    dd=substr(ddmmmyyyy, 1, length(ddmmmyyyy)-7) # need to handle 1 or 2 digits for day
	mmm=substr(ddmmmyyyy, length(dd)+1, 3)
    mm=parseMonthThreeLetter(mmm)
	yyyy=substr(ddmmmyyyy, length(ddmmmyyyy)-3, length(ddmmmyyyy))
	
    contracttags["name"] = $3 " - " $NF
    contractexpiration=date(yyyy, mm, dd)
    dumpContracts()
}


# 192.168.250.5    never       CPSB-ADNC-M CPSB-EVCR-10 CK-00-1C-7F-3E-CB-38
# 10.10.6.10       30Sep2017   CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-ADN CPSB-ACCL CPSB-IPSA CPSB-DLP CPSB-SSLVPN-50 CPSB-IA CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-ASPM CPSB-URLF CPSB-AV CPSB-APCL CPSB-ABOT-L CK-043C32F48B44
/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}/ {
	# extract the features, split on at least 2 spaces or more
	split($0,splitArr,/\s{2,}+/)
	gsub(/\sCK.+/, "", splitArr[3])
	
	t["features"] = splitArr[3]
	t["name"] = $NF
	
	if ($2 == "never") {
		# Since it never expires we set a expiry date very far in the future
		writeDoubleMetric("license-expiration", t, "gauge", 3600, date(2099,12,31))
	} else {
		
		ddmmmyyyy = $2
		dd=substr(ddmmmyyyy, 1, length(ddmmmyyyy)-7) # need to handle 1 or 2 digits for day
		mmm=substr(ddmmmyyyy, length(dd)+1, 3)
		mm=parseMonthThreeLetter(mmm)
		yyyy=substr(ddmmmyyyy, length(ddmmmyyyy)-3, length(ddmmmyyyy))
	
		dumpLicenseExpr()
	}
}

cross_vendor_contract_will_expire

package com.indeni.server.rules.library.crossvendor

import com.indeni.apidata.time.TimeSpan
import com.indeni.apidata.time.TimeSpan.TimePeriod
import com.indeni.ruleengine.expressions.conditions.{And, GreaterThan, LesserThan}
import com.indeni.ruleengine.expressions.core.{StatusTreeExpression, _}
import com.indeni.ruleengine.expressions.data.{SelectTagsExpression, _}
import com.indeni.ruleengine.expressions.math.PlusExpression
import com.indeni.ruleengine.expressions.utility.NowExpression
import com.indeni.server.common.data.conditions.True
import com.indeni.server.params.ParameterDefinition
import com.indeni.server.params.ParameterDefinition.UIType
import com.indeni.server.rules._
import com.indeni.server.rules.library.core.PerDeviceRule
import com.indeni.server.rules.library.{ConditionalRemediationSteps, RuleHelper}
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class CrossVendorContractWillExpireRule() extends PerDeviceRule with RuleHelper {

  private val highThresholdParameterName = "Ahead_Alerting_Threshold"
  private val highThresholdParameter = new ParameterDefinition(highThresholdParameterName,
    "",
    "Expiration Threshold",
    "How long before expiration should Indeni alert.",
    UIType.TIMESPAN,
    TimeSpan.fromDays(56))

  override val metadata: RuleMetadata = RuleMetadata.builder("cross_vendor_contract_will_expire", "All Devices: Contract(s) expiration nearing",
    "Indeni will alert when a contract is about to expire. " +
      "The threshold for the number of days before contract expiration can be adjusted by the user.", AlertSeverity.ERROR).configParameter(highThresholdParameter).build()

  override def expressionTree(context: RuleContext): StatusTreeExpression = {
    val actualValue = TimeSeriesExpression[Double]("contract-expiration").last.toTimeSpan(TimePeriod.SECOND)

    StatusTreeExpression(
      // Which objects to pull (normally, devices)
      SelectTagsExpression(context.metaDao, Set(DeviceKey), True),

      // What constitutes an issue
      StatusTreeExpression(

        // The additional tags we care about (we'll be including this in alert data)
        SelectTagsExpression(context.tsDao, Set("name"), withTagsCondition("contract-expiration")),

        StatusTreeExpression(
          // The time-series we check the test condition against:
          SelectTimeSeriesExpression[Double](context.tsDao, Set("contract-expiration"), denseOnly = false),

          // The condition which, if true, we have an issue. Checked against the time-series we've collected
          And(
            GreaterThan(
              actualValue,
              NowExpression()
            ),
            LesserThan(
              actualValue,
              PlusExpression[TimeSpan](NowExpression(), getParameterTimeSpanForTimeSeries(highThresholdParameter)))
          )

          // The Alert Item to add for this specific item
        ).withSecondaryInfo(
          scopableStringFormatExpression("${scope(\"name\")}"),
          scopableStringFormatExpression("Will expire on %s", timeSpanToDateExpression(actualValue)),
          title = "Affected Contracts"
        ).asCondition()
      ).withoutInfo().asCondition()

      // Details of the alert itself
    ).withRootInfo(
      getHeadline(),
      ConstantExpression("One or more contracts are about to expire. See the list below."),
      ConditionalRemediationSteps("Renew any contracts that need to be renewed.",
        ConditionalRemediationSteps.VENDOR_CP ->
          """Make sure you have purchased the required contracts and have updated them in your management server. Review:
            |<a target="_blank" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk33089">Solution sk33089 on Check Point Support Center</a>.""".stripMargin,
        ConditionalRemediationSteps.VENDOR_PANOS ->
          """Review this article on Palo Alto Networks Support Site:
            |<a target="_blank" href="https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/activate-licenses-and-subscriptions">Activate Licenses and Subscriptions</a>.""".stripMargin
      )
    )
  }
}