Contract(s) expiration nearing-paloaltonetworks-panos

error
ongoing-maintenance
panos
paloaltonetworks
Contract(s) expiration nearing-paloaltonetworks-panos
0

#1

Contract(s) expiration nearing-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
Indeni will alert when a contract is about to expire. " +
"The threshold for the number of days before contract expiration can be adjusted by the user.

Remediation Steps:
Renew any contracts that need to be renewed.
||Review this article on Palo Alto Networks Support Site:
|Activate Licenses and Subscriptions.

How does this work?
This alert logs into the Palo Alto Networks firewall through SSH and retrieves the support information including the expiration date.

Why is this important?
To ensure the optimal performance of a device, it is critical to review the support periodically and make sure they are renewed on time.

Without Indeni how would you find this?
A manual review of the contracts is possible. Usually an organization’s purchasing team would also keep track of contracts and their expiration, but this is not always the case.

panos-request-support-info

#! META
name: panos-request-support-info
description: fetch support contract info
type: monitoring
monitoring_interval: 60 minute
requires:
    vendor: paloaltonetworks
    os.name: panos
	
#! COMMENTS
contract-expiration:
    why: |
        To ensure the optimal performance of a device, it is critical to review the support periodically and make sure they are renewed on time.
    how: |
        This alert logs into the Palo Alto Networks firewall through SSH and retrieves the support information including the expiration date.
    without-indeni: |
        A manual review of the contracts is possible. Usually an organization's purchasing team would also keep track of contracts and their expiration, but this is not always the case.
    can-with-snmp: true
    can-with-syslog: true

#! REMOTE::HTTP
url: /api?type=op&cmd=<request><support><info><%2Finfo><%2Fsupport><%2Frequest>&key=${api-key}
protocol: HTTPS

#! PARSER::XML
_vars:
    root: /response/result
_metrics:
    -
        _tags:
            "im.name":
                _constant: "contract-expiration"
            "name":
                _constant: "Support"
            "live-config":
                _constant: "true"
            "display-name":
                _constant: "Support Expiration"
            "im.dstype.displayType":
                _constant: "date"
            "im.identity-tags":
                _constant: "name"  
        _temp:
            expires:
                _text: "${root}/SupportInfoResponse/Support/ExpiryDate" # February 18, 2019
        _transform:
            _value.double: |
                {
                    # Parsing: February 18, 2019
                    datestring=temp("expires")

                    if (datestring != "Never") {
                        month = parseMonthThreeLetter(substr(datestring, 1, 3))
                        year = substr(datestring, length(datestring) - 4)
                        
                        day = datestring
                        sub(/^[A-Za-z]+ /, "", day)
                        sub(/,.*/, "", day)

                        licenseexpiration=date(year, month, day)
                        print licenseexpiration
                    } else {
                        print "0"
                    }
                }

cross_vendor_contract_will_expire

package com.indeni.server.rules.library.crossvendor

import com.indeni.apidata.time.TimeSpan
import com.indeni.apidata.time.TimeSpan.TimePeriod
import com.indeni.ruleengine.expressions.conditions.{And, GreaterThan, LesserThan}
import com.indeni.ruleengine.expressions.core.{StatusTreeExpression, _}
import com.indeni.ruleengine.expressions.data.{SelectTagsExpression, _}
import com.indeni.ruleengine.expressions.math.PlusExpression
import com.indeni.ruleengine.expressions.utility.NowExpression
import com.indeni.server.common.data.conditions.True
import com.indeni.server.params.ParameterDefinition
import com.indeni.server.params.ParameterDefinition.UIType
import com.indeni.server.rules._
import com.indeni.server.rules.library.core.PerDeviceRule
import com.indeni.server.rules.library.{ConditionalRemediationSteps, RuleHelper}
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class CrossVendorContractWillExpireRule() extends PerDeviceRule with RuleHelper {

  private val highThresholdParameterName = "Ahead_Alerting_Threshold"
  private val highThresholdParameter = new ParameterDefinition(highThresholdParameterName,
    "",
    "Expiration Threshold",
    "How long before expiration should Indeni alert.",
    UIType.TIMESPAN,
    TimeSpan.fromDays(56))

  override val metadata: RuleMetadata = RuleMetadata.builder("cross_vendor_contract_will_expire", "All Devices: Contract(s) expiration nearing",
    "Indeni will alert when a contract is about to expire. " +
      "The threshold for the number of days before contract expiration can be adjusted by the user.", AlertSeverity.ERROR).configParameter(highThresholdParameter).build()

  override def expressionTree(context: RuleContext): StatusTreeExpression = {
    val actualValue = TimeSeriesExpression[Double]("contract-expiration").last.toTimeSpan(TimePeriod.SECOND)

    StatusTreeExpression(
      // Which objects to pull (normally, devices)
      SelectTagsExpression(context.metaDao, Set(DeviceKey), True),

      // What constitutes an issue
      StatusTreeExpression(

        // The additional tags we care about (we'll be including this in alert data)
        SelectTagsExpression(context.tsDao, Set("name"), withTagsCondition("contract-expiration")),

        StatusTreeExpression(
          // The time-series we check the test condition against:
          SelectTimeSeriesExpression[Double](context.tsDao, Set("contract-expiration"), denseOnly = false),

          // The condition which, if true, we have an issue. Checked against the time-series we've collected
          And(
            GreaterThan(
              actualValue,
              NowExpression()
            ),
            LesserThan(
              actualValue,
              PlusExpression[TimeSpan](NowExpression(), getParameterTimeSpanForTimeSeries(highThresholdParameter)))
          )

          // The Alert Item to add for this specific item
        ).withSecondaryInfo(
          scopableStringFormatExpression("${scope(\"name\")}"),
          scopableStringFormatExpression("Will expire on %s", timeSpanToDateExpression(actualValue)),
          title = "Affected Contracts"
        ).asCondition()
      ).withoutInfo().asCondition()

      // Details of the alert itself
    ).withRootInfo(
      getHeadline(),
      ConstantExpression("One or more contracts are about to expire. See the list below."),
      ConditionalRemediationSteps("Renew any contracts that need to be renewed.",
        ConditionalRemediationSteps.VENDOR_CP ->
          """Make sure you have purchased the required contracts and have updated them in your management server. Review:
            |<a target="_blank" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk33089">Solution sk33089 on Check Point Support Center</a>.""".stripMargin,
        ConditionalRemediationSteps.VENDOR_PANOS ->
          """Review this article on Palo Alto Networks Support Site:
            |<a target="_blank" href="https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/activate-licenses-and-subscriptions">Activate Licenses and Subscriptions</a>.""".stripMargin
      )
    )
  }
}