azure crowdstrike remediation

Signed-off-by: Rahul Jadhav <[email protected]>
accuknox · Jul 21, 2024 · 4362982 · 4362982
1 parent 8fe1d90
commit 4362982
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 6 deletions.
diff --git a/crowdstrike-bsod-fix/csp_aws.py b/crowdstrike-bsod-fix/csp_aws.py
@@ -10,7 +10,7 @@
 import glob
 
 logging.basicConfig(level=logging.INFO)
-log = logging.getLogger("main")
+log = logging.getLogger("aws")
 
 def detach_volumes(ec2, inst_id, dry_run=False):
     try:

diff --git a/crowdstrike-bsod-fix/csp_azure.py b/crowdstrike-bsod-fix/csp_azure.py
@@ -3,18 +3,33 @@
 # Copyright 2024 XCitium
 
 # Import the needed credential and management objects from the libraries.
+import logging
 from azure.identity import DefaultAzureCredential
 from azure.mgmt.compute import ComputeManagementClient
+logging.basicConfig(level=logging.INFO)
+log = logging.getLogger("azure")
 
 def handle_azure(args):
+    if args.az_res_grp:
+        log.info(f"using azure resource group {args.az_res_grp}")
+    else:
+        log.error("CSP azure needs --az_res_grp <resource group> to be specified")
+        return
     # Acquire a credential object.
     client = ComputeManagementClient(
         credential=DefaultAzureCredential(),
         subscription_id="{subscription-id}",
     )
 
-    response = client.virtual_machines.get(
-        resource_group_name="myResourceGroup",
-        vm_name="myVM",
-    )
-    print(response)
+    instances=args.instances.split(",")
+    for inst_id in instances:
+        log.info(f"checking {inst_id}")
+        try:
+            response = client.virtual_machines.get(
+                resource_group_name=args.az_res_grp,
+                vm_name=inst_id,
+            )
+            print(response)
+        except Exception as err:
+            log.error(f"instance get failed {inst_id}: {err}")
+            continue
diff --git a/crowdstrike-bsod-fix/main.py b/crowdstrike-bsod-fix/main.py
@@ -16,6 +16,7 @@ def main() -> None:
     argp = argparse.ArgumentParser()
     argp.add_argument("--csp", required=True, help="Cloud Service Provider name [aws/gcp/azure]")
     argp.add_argument("--instances", required=True, help="Instance list separated by comma")
+    argp.add_argument("--az_res_grp", required=False, help="Azure resource group")
     argp.add_argument("--dry-run", action="store_true")
     args = argp.parse_args()