diff --git a/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/securitycenter/AzureSecurityCenterRule.java b/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/securitycenter/AzureSecurityCenterRule.java new file mode 100644 index 000000000..a95cca290 --- /dev/null +++ b/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/securitycenter/AzureSecurityCenterRule.java @@ -0,0 +1,89 @@ +package com.tmobile.cloud.awsrules.securitycenter; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.slf4j.MDC; + +import com.amazonaws.util.StringUtils; +import com.tmobile.cloud.awsrules.utils.PacmanUtils; +import com.tmobile.cloud.constants.PacmanRuleConstants; +import com.tmobile.pacman.commons.PacmanSdkConstants; +import com.tmobile.pacman.commons.exception.InvalidInputException; +import com.tmobile.pacman.commons.exception.RuleExecutionFailedExeption; +import com.tmobile.pacman.commons.rule.Annotation; +import com.tmobile.pacman.commons.rule.BaseRule; +import com.tmobile.pacman.commons.rule.PacmanRule; +import com.tmobile.pacman.commons.rule.RuleResult; +import com.tmobile.pacman.commons.utils.CommonUtils; + +@PacmanRule(key = "check-for-azure-security-rule", desc = "checks virtualmachines for network access control", severity = PacmanSdkConstants.SEV_HIGH, category = "networking") +public class AzureSecurityCenterRule extends BaseRule { + + private static final Logger logger = LoggerFactory.getLogger(AzureSecurityCenterRule.class); + + @Override + public RuleResult execute(Map ruleParam, Map resourceAttributes) { + + logger.debug("========AzureSecurityCenterRule started========="); + String entityId = ruleParam.get(PacmanSdkConstants.RESOURCE_ID); + String severity = ruleParam.get(PacmanRuleConstants.SEVERITY); + String category = ruleParam.get(PacmanRuleConstants.CATEGORY); + String targetType = ruleParam.get(PacmanRuleConstants.TARGET_TYPE); // need to specify the index type + String policyName = ruleParam.get("policyName").replaceAll("@", " "); + + MDC.put("executionId", ruleParam.get("executionId")); // this is the logback Mapped Diagnostic Contex + MDC.put("ruleId", ruleParam.get(PacmanSdkConstants.RULE_ID)); // this is the logback Mapped Diagnostic Contex + + if (!PacmanUtils.doesAllHaveValue(severity, category, targetType)) { + logger.info(PacmanRuleConstants.MISSING_CONFIGURATION); + throw new InvalidInputException(PacmanRuleConstants.MISSING_CONFIGURATION); + } + + String esUrl = null; + String url = CommonUtils.getEnvVariableValue(PacmanSdkConstants.ES_URI_ENV_VAR_NAME); + if (!StringUtils.isNullOrEmpty(url)) { + esUrl = url + "/azure_securitycenter/securitycenter/_search"; + } + + if (entityId != null && !entityId.isEmpty()) { + Map securityCenterData = new HashMap<>(); + try { + Map mustFilter = new HashMap<>(); + mustFilter.put(PacmanUtils.convertAttributetoKeyword(PacmanRuleConstants.POLICYNAME), policyName); + mustFilter.put(PacmanUtils.convertAttributetoKeyword(PacmanRuleConstants.AZURERESOURCEID), entityId.toLowerCase()); + mustFilter.put(PacmanRuleConstants.LATEST, true); + securityCenterData = PacmanUtils.checkResourceIdBypolicyName(esUrl, mustFilter); + } catch (Exception e) { + logger.error("unable to determine", e); + throw new RuleExecutionFailedExeption("unable to determine" + e); + } + if (!securityCenterData.isEmpty()) { + List> issueList = new ArrayList<>(); + LinkedHashMap issue = new LinkedHashMap<>(); + Annotation annotation = null; + annotation = Annotation.buildAnnotation(ruleParam, Annotation.Type.ISSUE); + annotation.put(PacmanSdkConstants.DESCRIPTION, policyName); + annotation.put(PacmanRuleConstants.SEVERITY, severity); + annotation.put(PacmanRuleConstants.CATEGORY, category); + issue.put(PacmanRuleConstants.VIOLATION_REASON, policyName+" Found!"); + issueList.add(issue); + annotation.put(PacmanRuleConstants.ISSUE_DETAILS, issueList.toString()); + logger.debug("========AzureSecurityCenterRule ended with annotation {} : =========", annotation); + return new RuleResult(PacmanSdkConstants.STATUS_FAILURE, PacmanRuleConstants.FAILURE_MESSAGE, annotation); + } + } + logger.debug("========AzureSecurityCenterRule Completed=========="); + return new RuleResult(PacmanSdkConstants.STATUS_SUCCESS, PacmanRuleConstants.SUCCESS_MESSAGE); + } + @Override + public String getHelpText() { + return "This rule checks the security center rules"; + } + +} diff --git a/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/utils/PacmanUtils.java b/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/utils/PacmanUtils.java index 247043160..73bf004b2 100644 --- a/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/utils/PacmanUtils.java +++ b/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/utils/PacmanUtils.java @@ -2908,5 +2908,53 @@ public static boolean checkInstanceIdForPortRuleInES(String instanceId, String e } return false; } + + /** + * Check Azure Security center rules. + * + * @param esUrl + * the es url + * @param mustfilter + * the must filter map + * @throws Exception + * the exception + */ + public static Map checkResourceIdBypolicyName(String esUrl, Map mustFilter) + throws Exception { + JsonParser jsonParser = new JsonParser(); + Map mustNotFilter = new HashMap<>(); + HashMultimap shouldFilter = HashMultimap.create(); + Map mustTermsFilter = new HashMap<>(); + Map secMap = new HashMap<>(); + + JsonObject resultJson = RulesElasticSearchRepositoryUtil.getQueryDetailsFromES(esUrl, mustFilter, mustNotFilter, + shouldFilter, null, 0, mustTermsFilter, null, null); + if (resultJson != null && resultJson.has(PacmanRuleConstants.HITS)) { + String hitsJsonString = resultJson.get(PacmanRuleConstants.HITS).toString(); + JsonObject hitsJson = (JsonObject) jsonParser.parse(hitsJsonString); + JsonArray jsonArray = hitsJson.getAsJsonObject().get(PacmanRuleConstants.HITS).getAsJsonArray(); + if (jsonArray.size() > 0) { + for (int i = 0; i < jsonArray.size(); i++) { + JsonObject firstObject = (JsonObject) jsonArray.get(i); + JsonObject sourceJson = (JsonObject) firstObject.get(PacmanRuleConstants.SOURCE); + if (null != sourceJson) { + JsonObject recomendationJson = (JsonObject) sourceJson.get(PacmanRuleConstants.RECOMMENDATION); + if ((null != recomendationJson.get(PacmanRuleConstants.RESOURCEID)) + && (!recomendationJson.get(PacmanRuleConstants.RESOURCEID).isJsonNull())) { + secMap.put(PacmanRuleConstants.RESOURCEID, + recomendationJson.get(PacmanRuleConstants.RESOURCEID).getAsString()); + if (null != recomendationJson.get(PacmanRuleConstants.DETAILS)) { + JsonObject detailJson = (JsonObject) sourceJson.get(PacmanRuleConstants.RECOMMENDATION); + secMap.put(PacmanRuleConstants.DETAILS, detailJson.get(PacmanRuleConstants.DETAILS)); + } + } + + } + + } + } + } + return secMap; + } } diff --git a/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/constants/PacmanRuleConstants.java b/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/constants/PacmanRuleConstants.java index 61af8b2ea..68a02ce34 100644 --- a/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/constants/PacmanRuleConstants.java +++ b/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/constants/PacmanRuleConstants.java @@ -355,4 +355,8 @@ private PacmanRuleConstants() { public static final String STATUS_EXEMPTED = "exempted"; public static final String ES_RESOURCE_WITH_VULN_INFO_SEVERITY_URL = "esResourceWithVulnInfoForSeverityUrl"; public static final int FIRST_DISCOVERED_DATE_FORMAT_LENGTH = 10; + public static final String POLICYNAME= "recommendation.policyName"; + public static final String AZURERESOURCEID= "recommendation._resourceIdLower"; + public static final String RECOMMENDATION = "recommendation"; + public static final String DETAILS = "details"; }