diff --git a/.github/workflows/paradrop.yml b/.github/workflows/paradrop.yml index 4fa4aa0..1f4c8ea 100755 --- a/.github/workflows/paradrop.yml +++ b/.github/workflows/paradrop.yml @@ -32,7 +32,7 @@ jobs: - name: Provision Paradrop Stack with Seed Data run: | - make docker + make local - name: Test with Python unittest run: | diff --git a/Makefile b/Makefile index 64932a8..ee512ea 100755 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ UI_NAME := paradrop_ui .PHONY: api elk superlinter develop docs -default: docker +default: local mkcert: openssl req -x509 -newkey rsa:4096 -nodes -keyout ui/localhost.key -out ui/localhost.pem -days 365 -sha256 -subj '/CN=127.0.0.1' -addext 'subjectAltName=IP:127.0.0.1' @@ -15,7 +15,7 @@ npm: docs: cd docs && npm install -docker: npm mkcert docs +local: npm mkcert docs sudo docker compose down --remove-orphans sudo URL='https:\/\/localhost:8443' docker compose up --build -d sleep 60 diff --git a/paradrop-agent/.github/workflows/go.yml b/agent/.github/workflows/go.yml similarity index 100% rename from paradrop-agent/.github/workflows/go.yml rename to agent/.github/workflows/go.yml diff --git a/paradrop-agent/.gitignore b/agent/.gitignore similarity index 100% rename from paradrop-agent/.gitignore rename to agent/.gitignore diff --git a/paradrop-agent/Dockerfile b/agent/Dockerfile similarity index 100% rename from paradrop-agent/Dockerfile rename to agent/Dockerfile diff --git a/paradrop-agent/Dockerfile-pkgs b/agent/Dockerfile-pkgs similarity index 100% rename from paradrop-agent/Dockerfile-pkgs rename to agent/Dockerfile-pkgs diff --git a/paradrop-agent/LICENSE b/agent/LICENSE similarity index 100% rename from paradrop-agent/LICENSE rename to agent/LICENSE diff --git a/paradrop-agent/Makefile b/agent/Makefile similarity index 100% rename from paradrop-agent/Makefile rename to agent/Makefile diff --git a/paradrop-agent/README.md b/agent/README.md similarity index 99% rename from paradrop-agent/README.md rename to agent/README.md index ec195e4..110f850 100644 --- a/paradrop-agent/README.md +++ b/agent/README.md @@ -421,7 +421,7 @@ make build To build the binary with Docker run the following command: ```sh -make docker +make local ``` To build the RPM and Deb packages with Docker run the following command: diff --git a/paradrop-agent/Vagrantfile b/agent/Vagrantfile similarity index 100% rename from paradrop-agent/Vagrantfile rename to agent/Vagrantfile diff --git a/paradrop-agent/cloud/aws.go b/agent/cloud/aws.go similarity index 100% rename from paradrop-agent/cloud/aws.go rename to agent/cloud/aws.go diff --git a/paradrop-agent/cloud/detect.go b/agent/cloud/detect.go similarity index 100% rename from paradrop-agent/cloud/detect.go rename to agent/cloud/detect.go diff --git a/paradrop-agent/config/config.go b/agent/config/config.go similarity index 100% rename from paradrop-agent/config/config.go rename to agent/config/config.go diff --git a/paradrop-agent/config/tags.go b/agent/config/tags.go similarity index 100% rename from paradrop-agent/config/tags.go rename to agent/config/tags.go diff --git a/paradrop-agent/containers/docker.go b/agent/containers/docker.go similarity index 100% rename from paradrop-agent/containers/docker.go rename to agent/containers/docker.go diff --git a/paradrop-agent/data/discoverjson.go b/agent/data/discoverjson.go similarity index 100% rename from paradrop-agent/data/discoverjson.go rename to agent/data/discoverjson.go diff --git a/paradrop-agent/gitleaks.toml b/agent/gitleaks.toml similarity index 100% rename from paradrop-agent/gitleaks.toml rename to agent/gitleaks.toml diff --git a/paradrop-agent/go.mod b/agent/go.mod similarity index 100% rename from paradrop-agent/go.mod rename to agent/go.mod diff --git a/paradrop-agent/go.sum b/agent/go.sum similarity index 100% rename from paradrop-agent/go.sum rename to agent/go.sum diff --git a/paradrop-agent/main.go b/agent/main.go similarity index 100% rename from paradrop-agent/main.go rename to agent/main.go diff --git a/paradrop-agent/mapping.json b/agent/mapping.json similarity index 100% rename from paradrop-agent/mapping.json rename to agent/mapping.json diff --git a/paradrop-agent/network/conns.go b/agent/network/conns.go similarity index 100% rename from paradrop-agent/network/conns.go rename to agent/network/conns.go diff --git a/paradrop-agent/network/domainname.go b/agent/network/domainname.go similarity index 100% rename from paradrop-agent/network/domainname.go rename to agent/network/domainname.go diff --git a/paradrop-agent/network/ip.go b/agent/network/ip.go similarity index 100% rename from paradrop-agent/network/ip.go rename to agent/network/ip.go diff --git a/paradrop-agent/network/iproutes.go b/agent/network/iproutes.go similarity index 100% rename from paradrop-agent/network/iproutes.go rename to agent/network/iproutes.go diff --git a/paradrop-agent/network/iptables.go b/agent/network/iptables.go similarity index 100% rename from paradrop-agent/network/iptables.go rename to agent/network/iptables.go diff --git a/paradrop-agent/network/nameservers.go b/agent/network/nameservers.go similarity index 100% rename from paradrop-agent/network/nameservers.go rename to agent/network/nameservers.go diff --git a/paradrop-agent/network/netstats.go b/agent/network/netstats.go similarity index 100% rename from paradrop-agent/network/netstats.go rename to agent/network/netstats.go diff --git a/paradrop-agent/network/ntp.go b/agent/network/ntp.go similarity index 100% rename from paradrop-agent/network/ntp.go rename to agent/network/ntp.go diff --git a/paradrop-agent/packages/deb.go b/agent/packages/deb.go similarity index 100% rename from paradrop-agent/packages/deb.go rename to agent/packages/deb.go diff --git a/paradrop-agent/packages/gem.go b/agent/packages/gem.go similarity index 100% rename from paradrop-agent/packages/gem.go rename to agent/packages/gem.go diff --git a/paradrop-agent/packages/pip.go b/agent/packages/pip.go similarity index 100% rename from paradrop-agent/packages/pip.go rename to agent/packages/pip.go diff --git a/paradrop-agent/packages/rpm.go b/agent/packages/rpm.go similarity index 100% rename from paradrop-agent/packages/rpm.go rename to agent/packages/rpm.go diff --git a/paradrop-agent/packages/snap.go b/agent/packages/snap.go similarity index 100% rename from paradrop-agent/packages/snap.go rename to agent/packages/snap.go diff --git a/paradrop-agent/packages/windows_darwin.go b/agent/packages/windows_darwin.go similarity index 100% rename from paradrop-agent/packages/windows_darwin.go rename to agent/packages/windows_darwin.go diff --git a/paradrop-agent/packages/windows_linux.go b/agent/packages/windows_linux.go similarity index 100% rename from paradrop-agent/packages/windows_linux.go rename to agent/packages/windows_linux.go diff --git a/paradrop-agent/packages/windows_windows.go b/agent/packages/windows_windows.go similarity index 100% rename from paradrop-agent/packages/windows_windows.go rename to agent/packages/windows_windows.go diff --git a/paradrop-agent/packaging/cmon.service b/agent/packaging/cmon.service similarity index 100% rename from paradrop-agent/packaging/cmon.service rename to agent/packaging/cmon.service diff --git a/paradrop-agent/packaging/install.sh b/agent/packaging/install.sh similarity index 100% rename from paradrop-agent/packaging/install.sh rename to agent/packaging/install.sh diff --git a/paradrop-agent/packaging/package.sh b/agent/packaging/package.sh similarity index 100% rename from paradrop-agent/packaging/package.sh rename to agent/packaging/package.sh diff --git a/paradrop-agent/packaging/uninstall.sh b/agent/packaging/uninstall.sh similarity index 100% rename from paradrop-agent/packaging/uninstall.sh rename to agent/packaging/uninstall.sh diff --git a/paradrop-agent/security/certs.go b/agent/security/certs.go similarity index 100% rename from paradrop-agent/security/certs.go rename to agent/security/certs.go diff --git a/paradrop-agent/security/clamav.go b/agent/security/clamav.go similarity index 100% rename from paradrop-agent/security/clamav.go rename to agent/security/clamav.go diff --git a/paradrop-agent/security/cpu.go b/agent/security/cpu.go similarity index 100% rename from paradrop-agent/security/cpu.go rename to agent/security/cpu.go diff --git a/paradrop-agent/security/logins.go b/agent/security/logins.go similarity index 100% rename from paradrop-agent/security/logins.go rename to agent/security/logins.go diff --git a/paradrop-agent/security/oscap.go b/agent/security/oscap.go similarity index 100% rename from paradrop-agent/security/oscap.go rename to agent/security/oscap.go diff --git a/paradrop-agent/security/trivy.go b/agent/security/trivy.go similarity index 100% rename from paradrop-agent/security/trivy.go rename to agent/security/trivy.go diff --git a/paradrop-agent/shipper/shipper.go b/agent/shipper/shipper.go similarity index 100% rename from paradrop-agent/shipper/shipper.go rename to agent/shipper/shipper.go diff --git a/paradrop-agent/start.sh b/agent/start.sh similarity index 100% rename from paradrop-agent/start.sh rename to agent/start.sh diff --git a/paradrop-agent/system/audit.go b/agent/system/audit.go similarity index 100% rename from paradrop-agent/system/audit.go rename to agent/system/audit.go diff --git a/paradrop-agent/system/chassistype.go b/agent/system/chassistype.go similarity index 100% rename from paradrop-agent/system/chassistype.go rename to agent/system/chassistype.go diff --git a/paradrop-agent/system/cron.go b/agent/system/cron.go similarity index 100% rename from paradrop-agent/system/cron.go rename to agent/system/cron.go diff --git a/paradrop-agent/system/dmesg.go b/agent/system/dmesg.go similarity index 100% rename from paradrop-agent/system/dmesg.go rename to agent/system/dmesg.go diff --git a/paradrop-agent/system/host_id.go b/agent/system/host_id.go similarity index 100% rename from paradrop-agent/system/host_id.go rename to agent/system/host_id.go diff --git a/paradrop-agent/system/journalctl.go b/agent/system/journalctl.go similarity index 100% rename from paradrop-agent/system/journalctl.go rename to agent/system/journalctl.go diff --git a/paradrop-agent/system/lsmod.go b/agent/system/lsmod.go similarity index 100% rename from paradrop-agent/system/lsmod.go rename to agent/system/lsmod.go diff --git a/paradrop-agent/system/processes.go b/agent/system/processes.go similarity index 100% rename from paradrop-agent/system/processes.go rename to agent/system/processes.go diff --git a/paradrop-agent/system/stats.go b/agent/system/stats.go similarity index 100% rename from paradrop-agent/system/stats.go rename to agent/system/stats.go diff --git a/paradrop-agent/system/sysctl.go b/agent/system/sysctl.go similarity index 100% rename from paradrop-agent/system/sysctl.go rename to agent/system/sysctl.go diff --git a/paradrop-agent/system/systemctl.go b/agent/system/systemctl.go similarity index 100% rename from paradrop-agent/system/systemctl.go rename to agent/system/systemctl.go diff --git a/paradrop-agent/system/systemdtimers.go b/agent/system/systemdtimers.go similarity index 100% rename from paradrop-agent/system/systemdtimers.go rename to agent/system/systemdtimers.go diff --git a/paradrop-agent/system/timezone.go b/agent/system/timezone.go similarity index 100% rename from paradrop-agent/system/timezone.go rename to agent/system/timezone.go diff --git a/paradrop-agent/system/users.go b/agent/system/users.go similarity index 100% rename from paradrop-agent/system/users.go rename to agent/system/users.go diff --git a/paradrop-agent/util/cmd.go b/agent/util/cmd.go similarity index 100% rename from paradrop-agent/util/cmd.go rename to agent/util/cmd.go diff --git a/docker-compose.yml b/docker-compose.yml index eb4a4a0..0b98675 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,7 +13,7 @@ services: - paradrop ports: - 127.0.0.1:9200:9200 - restart: always + restart: unless-stopped volumes: - ./elk/internal_users.yml:/usr/share/opensearch/config/opensearch-security/internal_users.yml:rw @@ -29,9 +29,9 @@ services: - paradrop ports: - 127.0.0.1:5601:5601 - restart: always + restart: unless-stopped volumes: - - ./elk/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml:ro + - ./elk/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml:ro api: build: @@ -44,7 +44,7 @@ services: - paradrop ports: - 127.0.0.1:5000:5000 - restart: always + restart: unless-stopped ui: build: @@ -61,7 +61,7 @@ services: - paradrop ports: - 8443:8443 - restart: always + restart: unless-stopped docs: build: @@ -74,7 +74,7 @@ services: - paradrop ports: - 127.0.0.1:3008:3008 - restart: always + restart: unless-stopped networks: paradrop: diff --git a/elk/demo.paradrop.io.json b/elk/hosts/demo.paradrop.io.json similarity index 100% rename from elk/demo.paradrop.io.json rename to elk/hosts/demo.paradrop.io.json diff --git a/elk/desktop-clear-1.json b/elk/hosts/desktop-clear-1.json similarity index 100% rename from elk/desktop-clear-1.json rename to elk/hosts/desktop-clear-1.json diff --git a/elk/desktop-win10-1.json b/elk/hosts/desktop-win10-1.json similarity index 100% rename from elk/desktop-win10-1.json rename to elk/hosts/desktop-win10-1.json diff --git a/elk/desktop-win11-1.json b/elk/hosts/desktop-win11-1.json similarity index 100% rename from elk/desktop-win11-1.json rename to elk/hosts/desktop-win11-1.json diff --git a/elk/notebook-ubuntu20-1.json b/elk/hosts/notebook-ubuntu20-1.json similarity index 100% rename from elk/notebook-ubuntu20-1.json rename to elk/hosts/notebook-ubuntu20-1.json diff --git a/elk/pi4-ubuntu20-1.json b/elk/hosts/pi4-ubuntu20-1.json similarity index 100% rename from elk/pi4-ubuntu20-1.json rename to elk/hosts/pi4-ubuntu20-1.json diff --git a/elk/vm-centos8-1.json b/elk/hosts/vm-centos8-1.json similarity index 100% rename from elk/vm-centos8-1.json rename to elk/hosts/vm-centos8-1.json diff --git a/elk/vm-centos9-1.json b/elk/hosts/vm-centos9-1.json similarity index 100% rename from elk/vm-centos9-1.json rename to elk/hosts/vm-centos9-1.json diff --git a/elk/vm-rocky9-1.json b/elk/hosts/vm-rocky9-1.json similarity index 100% rename from elk/vm-rocky9-1.json rename to elk/hosts/vm-rocky9-1.json diff --git a/elk/vm-winsrv2022-1.json b/elk/hosts/vm-winsrv2022-1.json similarity index 100% rename from elk/vm-winsrv2022-1.json rename to elk/hosts/vm-winsrv2022-1.json diff --git a/elk/paradrop_audit_mapping.json b/elk/mappings/paradrop_audit_mapping.json similarity index 100% rename from elk/paradrop_audit_mapping.json rename to elk/mappings/paradrop_audit_mapping.json diff --git a/elk/paradrop_changes_mapping.json b/elk/mappings/paradrop_changes_mapping.json similarity index 100% rename from elk/paradrop_changes_mapping.json rename to elk/mappings/paradrop_changes_mapping.json diff --git a/elk/paradrop_event_triggers_mapping.json b/elk/mappings/paradrop_event_triggers_mapping.json similarity index 100% rename from elk/paradrop_event_triggers_mapping.json rename to elk/mappings/paradrop_event_triggers_mapping.json diff --git a/elk/paradrop_events_mapping.json b/elk/mappings/paradrop_events_mapping.json similarity index 100% rename from elk/paradrop_events_mapping.json rename to elk/mappings/paradrop_events_mapping.json diff --git a/elk/paradrop_hosts_mapping.json b/elk/mappings/paradrop_hosts_mapping.json similarity index 100% rename from elk/paradrop_hosts_mapping.json rename to elk/mappings/paradrop_hosts_mapping.json diff --git a/elk/paradrop_reports_mapping.json b/elk/mappings/paradrop_reports_mapping.json similarity index 100% rename from elk/paradrop_reports_mapping.json rename to elk/mappings/paradrop_reports_mapping.json diff --git a/elk/paradrop_users_mapping.json b/elk/mappings/paradrop_users_mapping.json similarity index 100% rename from elk/paradrop_users_mapping.json rename to elk/mappings/paradrop_users_mapping.json diff --git a/elk/seed.sh b/elk/seed.sh index 317cbbb..721d528 100755 --- a/elk/seed.sh +++ b/elk/seed.sh @@ -1,46 +1,49 @@ #!/bin/sh # shellcheck disable=SC2016 +USER=admin +PASSWD='dtYe2cKY2YtyBEJ49a' + # Seed Mock Data to paradrop_hosts Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT 'https://127.0.0.1:9200/paradrop_hosts' +curl -k -u "$USER:$PASSWD" -XPUT 'https://127.0.0.1:9200/paradrop_hosts' # To add settings, we have to close the index, update settings and then open index again. -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_close' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_close' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_settings' -d @es_settings.json +curl -k -u "$USER:$PASSWD" -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_settings' -d @es_settings.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_open' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_open' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_mapping' -d @paradrop_hosts_mapping.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_mapping' -d @./mappings/paradrop_hosts_mapping.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/' -d @notebook-ubuntu20-1.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/d07cad08fe26184300eb8b90a705bb5a753f58986131f577143be53d39a69e40' -d @./hosts/notebook-ubuntu20-1.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/' -d @desktop-clear-1.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/15a7117d10552dfa2aec759d76628397f1c73dd9069c9623136f43fbbf325f16' -d @./hosts/desktop-clear-1.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/' -d @pi4-ubuntu20-1.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/b7d523dab0f328039d889160823f9cf58574dbb9ac454daa033ff37ec4e7fdc1' -d @./hosts/pi4-ubuntu20-1.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/' -d @desktop-win10-1.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/c4c3989e55a61e26bee4fe95475355a73124137e439e0cd66e763695e66ec018' -d @./hosts/desktop-win10-1.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/' -d @vm-centos8-1.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/' -d @vm-centos9-1.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/' -d @vm-rocky9-1.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/' -d @vm-winsrv2022-1.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/' -d @demo.paradrop.io.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/' -d @desktop-win11-1.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/77f26a9d6a23d47fe328597c29fede19231ee1a28cc0668b6f634d1a77e80f99' -d @./hosts/vm-centos8-1.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/7df309c1722acd385c8c0eb6c2b3b02b853556998b71317ab304ad914740a74e' -d @./hosts/vm-centos9-1.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/fff03470dacec51e21fcb7dcdae3e86c9ff764ff8aab0baf1ac6199aaa6570d9' -d @./hosts/vm-rocky9-1.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/9d1b098f1a14c3a8b5192f552e5c4e9a185055a0144f9b44a7671c54cf7dec41' -d @./hosts/vm-winsrv2022-1.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/efdc88abb696c777d6242161194aadb7c1c94fcfd7013e9058a05501f993f010' -d @./hosts/demo.paradrop.io.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_doc/70048f0024b3dcf1367df019b787be477af37cb03b11ea0f5add348af6f7e575' -d @./hosts/desktop-win11-1.json # Seed Mock Data to paradrop_users Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT 'https://127.0.0.1:9200/paradrop_users' +curl -k -u "$USER:$PASSWD" -XPUT 'https://127.0.0.1:9200/paradrop_users' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_close' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_close' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_settings' -d @es_settings.json +curl -k -u "$USER:$PASSWD" -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_settings' -d @es_settings.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_open' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_open' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_mapping' -d @paradrop_users_mapping.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_mapping' -d @./mappings/paradrop_users_mapping.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_doc/2db4ff61-3075-4721-b2c8-98f59690ae31' -d \ +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_doc/2db4ff61-3075-4721-b2c8-98f59690ae31' -d \ '{ "id": "2db4ff61-3075-4721-b2c8-98f59690ae31", "name": "admin", @@ -55,7 +58,7 @@ curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' "reset_password": false }' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_doc/38db035f-c40a-49c4-8319-fb373c86bf23' -d \ +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_doc/38db035f-c40a-49c4-8319-fb373c86bf23' -d \ '{ "id" : "38db035f-c40a-49c4-8319-fb373c86bf23", "email" : "user@paradrop.io", @@ -71,14 +74,14 @@ curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' }' # Seed App Configurations Data to paradrop_configs Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_configs/_doc/1' -d \ +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_configs/_doc/1' -d \ '{ "id": "1", - "slack_url": "https://hooks.slack.com/services/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", + "slack_url": "", "ms_teams_url": "", "mattermost_url": "", - "email_server": "paradroptestingemail@gmail.com", - "email_password": "ojiuwcejglsaqgry", + "email_server": "", + "email_password": "", "alert_email": "", "slack_enable": false, "ms_teams_enable": false, @@ -89,20 +92,20 @@ curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' }' # Seed Reports Data to paradrop_reports Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT 'https://127.0.0.1:9200/paradrop_reports' +curl -k -u "$USER:$PASSWD" -XPUT 'https://127.0.0.1:9200/paradrop_reports' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_close' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_close' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_settings' -d @es_settings.json +curl -k -u "$USER:$PASSWD" -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_settings' -d @es_settings.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_open' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_open' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_mapping' -d @paradrop_reports_mapping.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_mapping' -d @./mappings/paradrop_reports_mapping.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_doc/14vBoULXeqiZcRRTq' -d \ +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_doc/14vBoULXeqiZcRRTq' -d \ '{ "id": "14vBoULXeqiZcRRTq", - "report_name": "inventory_report", + "report_name": "fedramp_inventory", "report_description": "SSP-A13 FedRAMP Integrated Inventory CSV", "report_mappings": { "Host ID": "id", @@ -120,18 +123,199 @@ curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' "updated_by": "admin@paradrop.io" }' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_doc/YIvlbVBoqasTGlFQ' -d \ +'{ + "report_name": "software_inventory", + "report_description": "Show all software installed on assets", + "report_mappings": { + "Environment": "environment", + "Gems": "gem", + "Hostname": "hostname", + "IP Address": "ip_address", + "Packages": "packages", + "Pip3": "pip3", + "Windows Software": "windows_software" + }, + "id": "YIvlbVBoqasTGlFQ", + "created_at": "2024-04-12T15:28:36", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:28:36", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_doc/ySvpy7c6SsJBbkq7' -d \ +'{ + "report_name": "failed_or_critical_errors", + "report_description": "Show failed software and critical errors", + "report_mappings": { + "Dmesg Errors": "dmesg_errors", + "Docker Stopped": "docker_stopped", + "Hostname": "hostname", + "IP Address": "ip_address", + "Journalctl Logs": "journalctl_logs", + "Systemctl Failed": "systemctl_failed" + }, + "id": "ySvpy7c6SsJBbkq7", + "created_at": "2024-04-12T15:19:18", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:19:18", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_doc/dIzIHRorTjMkUywM' -d \ +'{ + "report_name": "virtualization", + "report_description": "Show which systems are virtual machines and the environment theyre in", + "report_mappings": { + "Environment": "environment", + "Hostname": "hostname", + "IP Address": "ip_address", + "Virtualization": "virtualization", + "Virtualization System": "virtualization_system" + }, + "id": "dIzIHRorTjMkUywM", + "created_at": "2024-04-12T15:20:46", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:20:46", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_doc/pM7DQWpI8uXQcUz6' -d \ +'{ + "id": "pM7DQWpI8uXQcUz6", + "report_name": "network_processes", + "report_description": "Show open network ports and local processes mapping to ports", + "report_mappings": { + "Hostname": "hostname", + "Ip Address": "ip_address", + "Network Interfaces": "network_interfaces", + "Open Ports": "open_ports", + "Processes": "processes" + }, + "created_at": "2024-04-12T15:17:06", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:17:38", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_doc/72ryFQZoH6PJl9x1' -d \ +'{ + "report_name": "daily_vulnerability", + "report_description": "Get the latest Trivy vulnerabilities data", + "report_mappings": { + "Asset Type": "asset_type", + "CPU Vulnerabilities": "cpu_vulnerabilities", + "Hostname": "hostname", + "IP Address": "ip_address", + "Vulnerabilities ": "trivy" + }, + "id": "72ryFQZoH6PJl9x1", + "created_at": "2024-04-12T15:10:38", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:10:38", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_doc/oWBMYKKZxNs7YGiN' -d \ +'{ + "report_name": "scheduled_jobs", + "report_description": "Show scheduled jobs like cronjobs, systemd-timers, Windows scheduled tasks", + "report_mappings": { + "Crontabs": "crontabs", + "Hostname": "hostname", + "IP Address": "ip_address", + "Systemd Timers": "systemd_timers" + }, + "id": "oWBMYKKZxNs7YGiN", + "created_at": "2024-04-12T15:24:38", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:24:38", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_doc/QFw7PTalmGIhB3Am' -d \ +'{ + "report_name": "cloud_inventory", + "report_description": "Show all assets that are hosted in a cloud provider", + "report_mappings": { + "Cloud": "cloud", + "Environment": "environment", + "Hostname": "hostname", + "IP Address": "ip_address" + }, + "id": "QFw7PTalmGIhB3Am", + "created_at": "2024-04-12T15:27:01", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:27:01", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_doc/5hPJgHaZoQhEnm2k' -d \ +'{ + "report_name": "openscap_compliance", + "report_description": "Show OpenScap compliance scan results", + "report_mappings": { + "Environment": "environment", + "Hostname": "hostname", + "IP Address": "ip_address", + "Openscap": "openscap" + }, + "id": "5hPJgHaZoQhEnm2k", + "created_at": "2024-04-12T15:22:06", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:22:06", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_doc/jITJT43igqVq3wKo' -d \ +'{ + "report_name": "loggedin_users", + "report_description": "Show users logged into the assets across the network", + "report_mappings": { + "Hostname": "hostname", + "IP Address": "ip_address", + "Users Loggedin": "users_loggedin" + }, + "id": "jITJT43igqVq3wKo", + "created_at": "2024-04-12T15:30:23", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:30:23", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_reports/_doc/6runHG5hOFdn1us0' -d \ +'{ + "id": "6runHG5hOFdn1us0", + "report_name": "system_performance", + "report_description": "Show system performance across all assets ", + "report_mappings": { + "Disk Used Pct": "diskused_pct", + "Environment": "environment", + "Hostname": "hostname", + "IP Address": "ip_address", + "Load 1 Min": "load1", + "Load 15 Min": "load15", + "Load 5 Min": "load5", + "Memory Used Pct": "memoryused_pct" + }, + "created_at": "2024-04-12T15:32:47", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:34:00", + "updated_by": "admin@paradrop.io" +}' + # Seed Mock Data to paradrop_event_triggers Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT 'https://127.0.0.1:9200/paradrop_event_triggers' +curl -k -u "$USER:$PASSWD" -XPUT 'https://127.0.0.1:9200/paradrop_event_triggers' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_close' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_close' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_settings' -d @es_settings.json +curl -k -u "$USER:$PASSWD" -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_settings' -d @es_settings.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_open' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_open' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_mapping' -d @paradrop_event_triggers_mapping.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_mapping' -d @./mappings/paradrop_event_triggers_mapping.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/38db035f-c40a-49c4-8319-fb373c86bf23' -d \ +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/38db035f-c40a-49c4-8319-fb373c86bf23' -d \ '{ "id": "38db035f-c40a-49c4-8319-fb373c86bf23", "event_name": "low_disk_space", @@ -148,7 +332,7 @@ curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' "updated_by": "admin@paradrop.io" }' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/38db035f-c40a-49c4-8319-fb373c86bf24' -d \ +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/38db035f-c40a-49c4-8319-fb373c86bf24' -d \ '{ "id": "38db035f-c40a-49c4-8319-fb373c86bf24", "event_name": "low_memory", @@ -165,19 +349,235 @@ curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' "updated_by": "admin@paradrop.io" }' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/pjH2trDESeHlTVAE' -d \ +'{ + "event_name": "critical_vulnerabilities", + "send_alert": true, + "event_impact": "high", + "event_enable": true, + "event_trigger": { + "field": "trivy['"'"'vulnerabilities_critical'"'"']", + "operator": ">", + "expected_value": "0" + }, + "id": "pjH2trDESeHlTVAE", + "created_at": "2024-04-12T15:03:06", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:03:06", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/io0cr5NH9rufVynW' -d \ +'{ + "event_name": "high_vulnerabilities", + "send_alert": true, + "event_impact": "medium", + "event_enable": true, + "event_trigger": { + "field": "trivy['"'"'vulnerabilities_high'"'"']", + "operator": ">", + "expected_value": "0" + }, + "id": "io0cr5NH9rufVynW", + "created_at": "2024-04-12T15:03:45", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:03:45", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/joQ8SSlm2M2MhjpM' -d \ +'{ + "event_name": "compliance_failures", + "send_alert": true, + "event_impact": "medium", + "event_enable": true, + "event_trigger": { + "field": "openscap['"'"'fail_total'"'"']", + "operator": ">", + "expected_value": "5" + }, + "id": "joQ8SSlm2M2MhjpM", + "created_at": "2024-04-12T15:02:33", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:02:33", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/8ikdznQ86P1roTvW' -d \ +'{ + "event_name": "ntp_not_running", + "send_alert": true, + "event_impact": "medium", + "event_enable": true, + "event_trigger": { + "field": "ntp_running-bool", + "operator": "==", + "expected_value": "false" + }, + "id": "8ikdznQ86P1roTvW", + "created_at": "2024-04-12T15:01:45", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:01:45", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/OvO28UftXxVucASG' -d \ +'{ + "event_name": "cpu_vulnerabilities", + "send_alert": true, + "event_impact": "high", + "event_enable": true, + "event_trigger": { + "field": "cpu_vulnerabilities", + "operator": ">", + "expected_value": "0" + }, + "id": "OvO28UftXxVucASG", + "created_at": "2024-04-12T14:59:03", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T14:59:03", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/ybz05mqrEJ6Wzcmc' -d \ +'{ + "event_name": "stopped_containers", + "send_alert": true, + "event_impact": "medium", + "event_enable": true, + "event_trigger": { + "field": "docker_stopped", + "operator": ">", + "expected_value": "0" + }, + "id": "ybz05mqrEJ6Wzcmc", + "created_at": "2024-04-12T14:59:50", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T14:59:50", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/bORu8uvnd0x5sO44' -d \ +'{ + "event_name": "expired_certs", + "send_alert": true, + "event_impact": "high", + "event_enable": true, + "event_trigger": { + "field": "expired_certs", + "operator": ">", + "expected_value": "0" + }, + "id": "bORu8uvnd0x5sO44", + "created_at": "2024-04-12T15:00:10", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:00:10", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/GJLfIrcfOxcfPpTo' -d \ +'{ + "event_name": "failed_logins", + "send_alert": true, + "event_impact": "high", + "event_enable": true, + "event_trigger": { + "field": "failed_logins", + "operator": ">", + "expected_value": "10" + }, + "id": "GJLfIrcfOxcfPpTo", + "created_at": "2024-04-12T15:00:34", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:00:34", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/c04wi2cKUu0GVGDl' -d \ +'{ + "event_name": "high_cpu", + "send_alert": true, + "event_impact": "medium", + "event_enable": true, + "event_trigger": { + "field": "cpu_pct", + "operator": ">", + "expected_value": "95" + }, + "id": "c04wi2cKUu0GVGDl", + "created_at": "2024-04-12T14:58:38", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T14:58:38", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/BpbBmtUKD6HvL51r' -d \ +'{ + "event_name": "high_load", + "send_alert": true, + "event_impact": "medium", + "event_enable": true, + "event_trigger": { + "field": "load15", + "operator": ">", + "expected_value": "5" + }, + "id": "BpbBmtUKD6HvL51r", + "created_at": "2024-04-12T15:01:06", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:01:06", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/p8fYdOM3bbNlPoAJ' -d \ +'{ + "event_name": "systemctl_failures", + "send_alert": true, + "event_impact": "medium", + "event_enable": true, + "event_trigger": { + "field": "systemctl_failed", + "operator": ">", + "expected_value": "0" + }, + "id": "p8fYdOM3bbNlPoAJ", + "created_at": "2024-04-12T15:04:18", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:04:18", + "updated_by": "admin@paradrop.io" +}' + +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_doc/60xhW8vd43t7iZb9' -d \ +'{ + "event_name": "low_memory_info", + "send_alert": true, + "event_impact": "info", + "event_enable": true, + "event_trigger": { + "field": "memoryused_pct", + "operator": ">", + "expected_value": "80" + }, + "id": "60xhW8vd43t7iZb9", + "created_at": "2024-04-12T15:05:41", + "created_by": "admin@paradrop.io", + "updated_at": "2024-04-12T15:05:41", + "updated_by": "admin@paradrop.io" +}' + # Seed Event Data to paradrop_events Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT 'https://127.0.0.1:9200/paradrop_events' +curl -k -u "$USER:$PASSWD" -XPUT 'https://127.0.0.1:9200/paradrop_events' # To add settings, we have to close the index, update settings and then open index again. -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_events/_close' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_events/_close' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_events/_settings' -d @es_settings.json +curl -k -u "$USER:$PASSWD" -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_events/_settings' -d @es_settings.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_events/_open' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_events/_open' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_events/_mapping' -d @paradrop_events_mapping.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_events/_mapping' -d @./mappings/paradrop_events_mapping.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_events/_doc/38db035f-c40a-49c4-8319-fb373c86bf23' -d \ +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_events/_doc/38db035f-c40a-49c4-8319-fb373c86bf23' -d \ '{ "id": "38db035f-c40a-49c4-8319-fb373c86bf23", "hostname": "notebook-ubuntu20-1", @@ -195,7 +595,7 @@ curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' }' # Seed data to paradrop_tokens Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_tokens/_doc/1' -d \ +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_tokens/_doc/1' -d \ '{ "agent_token": "b97a81c5-3c2b-4a96-8881-38af26dc8407", "user_tokens": { @@ -207,44 +607,44 @@ curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' }' # Add paradrop_audit Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT 'https://127.0.0.1:9200/paradrop_audit' +curl -k -u "$USER:$PASSWD" -XPUT 'https://127.0.0.1:9200/paradrop_audit' # To add settings, we have to close the index, update settings and then open index again. -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_audit/_close' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_audit/_close' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_audit/_settings' -d @es_settings.json +curl -k -u "$USER:$PASSWD" -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_audit/_settings' -d @es_settings.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_audit/_open' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_audit/_open' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_audit/_mapping' -d @paradrop_audit_mapping.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_audit/_mapping' -d @./mappings/paradrop_audit_mapping.json # Add paradrop_changes Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT 'https://127.0.0.1:9200/paradrop_changes' +curl -k -u "$USER:$PASSWD" -XPUT 'https://127.0.0.1:9200/paradrop_changes' # To add settings, we have to close the index, update settings and then open index again. -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_changes/_close' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_changes/_close' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_changes/_settings' -d @es_settings.json +curl -k -u "$USER:$PASSWD" -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_changes/_settings' -d @es_settings.json -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_changes/_open' +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_changes/_open' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_changes/_mapping' -d @paradrop_changes_mapping.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_changes/_mapping' -d @./mappings/paradrop_changes_mapping.json # Seed Mock Data to paradrop_changes Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_changes/_doc/41zt852v-g74x-65j2-1235-xy856s78ew65' -d @changes_data.json +curl -k -u "$USER:$PASSWD" -XPOST -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_changes/_doc/41zt852v-g74x-65j2-1235-xy856s78ew65' -d @changes_data.json # Increase Default Search Results Returned For paradrop_hosts Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_settings' -d '{"index.max_result_window": 100000}' +curl -k -u "$USER:$PASSWD" -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_hosts/_settings' -d '{"index.max_result_window": 100000}' # Increase Default Search Results Returned for paradrop_users Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_settings' -d '{"index.max_result_window": 100000}' +curl -k -u "$USER:$PASSWD" -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_users/_settings' -d '{"index.max_result_window": 100000}' # Increase Default Search Results Returned for paradrop_event_triggers Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_settings' -d '{"index.max_result_window": 100000}' +curl -k -u "$USER:$PASSWD" -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_event_triggers/_settings' -d '{"index.max_result_window": 100000}' # Increase Default Search Results Returned for paradrop_events Index -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_events/_settings' -d '{"index.max_result_window": 100000}' +curl -k -u "$USER:$PASSWD" -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop_events/_settings' -d '{"index.max_result_window": 100000}' # Setup Single Node Cluster Index Replica Count -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop*/_settings' -d'{"index":{"number_of_replicas":0}}' -curl -k -u 'admin:dtYe2cKY2YtyBEJ49a' -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/security*/_settings' -d'{"index":{"number_of_replicas":0}}' +curl -k -u "$USER:$PASSWD" -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/paradrop*/_settings' -d'{"index":{"number_of_replicas":0}}' +curl -k -u "$USER:$PASSWD" -XPUT -H 'Content-Type: application/json' 'https://127.0.0.1:9200/security*/_settings' -d'{"index":{"number_of_replicas":0}}' diff --git a/elk/seed_test_data.py b/elk/seed_test_data.py index 90a14a7..3f2009e 100755 --- a/elk/seed_test_data.py +++ b/elk/seed_test_data.py @@ -2,7 +2,7 @@ # autopep8: off import json, time, sys, os.path from string import ascii_letters -from random import randint +from random import randint, choices from datetime import datetime, timezone # Changing path from paradrop/elk to paradrop/api to be able to import things from that folder diff --git a/ui/event-triggers/index.html b/ui/event-triggers/index.html index f31a3c7..c215815 100755 --- a/ui/event-triggers/index.html +++ b/ui/event-triggers/index.html @@ -201,10 +201,10 @@ - - + + - +