Security Content Updates configuration is in bad state-fireeye-wMPS

Security Content Updates configuration is in bad state-fireeye-wMPS
0

Security Content Updates configuration is in bad state-fireeye-wMPS

Vendor: fireeye

OS: wMPS

Description:
Indeni will alert if Security Content Updates is not enabled or updates are not downloaded and installed.

Remediation Steps:
Users are advised to ensure Security Content Updates is enabled and updates are downloaded and installed on the FireEye NX device.

How does this work?
Indeni uses the FireEye NX cli “show fenet security-content status” command to retrieve the information and alerts the user if the update is not set to enabled.

Why is this important?
It is important to ensure that the security content update is enabled and the downloaded updates are installed on the FireEye NX device.

Without Indeni how would you find this?
User has to manually login to the device’s cli or web interface and check for the status update.

fireeye-nx-show-fenet-security-content-status

name: fireeye-nx-show-fenet-security-content-status
description: Fetch security content status update information
type: monitoring
monitoring_interval: 5 minute
requires:
    vendor: fireeye
    os.name: wMPS
    privileged-mode: 'true'
comments:
    fireeye-nx-content-update-status:
        why: |
            It is important to ensure that the security content update is enabled and the downloaded updates are installed on the FireEye NX device.
        how: |
            Indeni uses the FireEye NX cli "show fenet security-content status" command to retrieve the information and alerts the user if the update is not set to enabled.
        without-indeni: |
            User has to manually login to the device's cli or web interface and check for the status update.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: show fenet security-content status
    parse:
        type: AWK
        file: show-fenet-security-content-status.parser.1.awk

FireEyeNXSecurityContentStatusRule

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package templatebased.fireeye.nx

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.StateDownTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

/**
  *
  */
case class FireEyeNXSecurityContentStatusRule() extends StateDownTemplateRule(
  ruleName = "FireEyeNXSecurityContentStatusRule",
  ruleFriendlyName = "FireEye NX Devices: Security Content Updates configuration is in bad state",
  ruleDescription = "Indeni will alert if Security Content Updates is not enabled or updates are not downloaded and installed.",
  severity = AlertSeverity.WARN,
  metricName = "fireeye-nx-content-update-status",
  alertIfDown = true,
  alertDescription = "Security Content Updates is not enabled or updates are not downloaded and installed.",
  baseRemediationText = "Users are advised to ensure Security Content Updates is enabled and updates are downloaded and installed on the FireEye NX device.")()