Add -m flag for decisions list to display the machine (#1361)
* Add -m flag for decisions list to display the machine
This commit is contained in:
parent
023ac9e138
commit
e4cc5fc997
|
@ -329,7 +329,7 @@ cscli alerts list --type ban`,
|
||||||
cmdAlertsList.Flags().StringVar(alertListFilter.ScopeEquals, "scope", "", "restrict to alerts of this scope (ie. ip,range)")
|
cmdAlertsList.Flags().StringVar(alertListFilter.ScopeEquals, "scope", "", "restrict to alerts of this scope (ie. ip,range)")
|
||||||
cmdAlertsList.Flags().StringVarP(alertListFilter.ValueEquals, "value", "v", "", "the value to match for in the specified scope")
|
cmdAlertsList.Flags().StringVarP(alertListFilter.ValueEquals, "value", "v", "", "the value to match for in the specified scope")
|
||||||
cmdAlertsList.Flags().BoolVar(contained, "contained", false, "query decisions contained by range")
|
cmdAlertsList.Flags().BoolVar(contained, "contained", false, "query decisions contained by range")
|
||||||
cmdAlertsList.Flags().BoolVarP(&printMachine, "machine", "m", false, "print machines that sended alerts")
|
cmdAlertsList.Flags().BoolVarP(&printMachine, "machine", "m", false, "print machines that sent alerts")
|
||||||
cmdAlertsList.Flags().IntVarP(limit, "limit", "l", 50, "limit size of alerts list table (0 to view all alerts)")
|
cmdAlertsList.Flags().IntVarP(limit, "limit", "l", 50, "limit size of alerts list table (0 to view all alerts)")
|
||||||
cmdAlerts.AddCommand(cmdAlertsList)
|
cmdAlerts.AddCommand(cmdAlertsList)
|
||||||
|
|
||||||
|
|
|
@ -32,7 +32,7 @@ var (
|
||||||
defaultReason = "manual"
|
defaultReason = "manual"
|
||||||
)
|
)
|
||||||
|
|
||||||
func DecisionsToTable(alerts *models.GetAlertsResponse) error {
|
func DecisionsToTable(alerts *models.GetAlertsResponse, printMachine bool) error {
|
||||||
/*here we cheat a bit : to make it more readable for the user, we dedup some entries*/
|
/*here we cheat a bit : to make it more readable for the user, we dedup some entries*/
|
||||||
var spamLimit map[string]bool = make(map[string]bool)
|
var spamLimit map[string]bool = make(map[string]bool)
|
||||||
var skipped = 0
|
var skipped = 0
|
||||||
|
@ -53,13 +53,17 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
|
||||||
}
|
}
|
||||||
if csConfig.Cscli.Output == "raw" {
|
if csConfig.Cscli.Output == "raw" {
|
||||||
csvwriter := csv.NewWriter(os.Stdout)
|
csvwriter := csv.NewWriter(os.Stdout)
|
||||||
err := csvwriter.Write([]string{"id", "source", "ip", "reason", "action", "country", "as", "events_count", "expiration", "simulated", "alert_id"})
|
header := []string{"id", "source", "ip", "reason", "action", "country", "as", "events_count", "expiration", "simulated", "alert_id"}
|
||||||
|
if printMachine {
|
||||||
|
header = append(header, "machine")
|
||||||
|
}
|
||||||
|
err := csvwriter.Write(header)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
for _, alertItem := range *alerts {
|
for _, alertItem := range *alerts {
|
||||||
for _, decisionItem := range alertItem.Decisions {
|
for _, decisionItem := range alertItem.Decisions {
|
||||||
err := csvwriter.Write([]string{
|
raw := []string{
|
||||||
fmt.Sprintf("%d", decisionItem.ID),
|
fmt.Sprintf("%d", decisionItem.ID),
|
||||||
*decisionItem.Origin,
|
*decisionItem.Origin,
|
||||||
*decisionItem.Scope + ":" + *decisionItem.Value,
|
*decisionItem.Scope + ":" + *decisionItem.Value,
|
||||||
|
@ -71,7 +75,12 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
|
||||||
*decisionItem.Duration,
|
*decisionItem.Duration,
|
||||||
fmt.Sprintf("%t", *decisionItem.Simulated),
|
fmt.Sprintf("%t", *decisionItem.Simulated),
|
||||||
fmt.Sprintf("%d", alertItem.ID),
|
fmt.Sprintf("%d", alertItem.ID),
|
||||||
})
|
}
|
||||||
|
if printMachine {
|
||||||
|
raw = append(raw, alertItem.MachineID)
|
||||||
|
}
|
||||||
|
|
||||||
|
err := csvwriter.Write(raw)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -83,7 +92,11 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
|
||||||
fmt.Printf("%s", string(x))
|
fmt.Printf("%s", string(x))
|
||||||
} else if csConfig.Cscli.Output == "human" {
|
} else if csConfig.Cscli.Output == "human" {
|
||||||
table := tablewriter.NewWriter(os.Stdout)
|
table := tablewriter.NewWriter(os.Stdout)
|
||||||
table.SetHeader([]string{"ID", "Source", "Scope:Value", "Reason", "Action", "Country", "AS", "Events", "expiration", "Alert ID"})
|
header := []string{"ID", "Source", "Scope:Value", "Reason", "Action", "Country", "AS", "Events", "expiration", "Alert ID"}
|
||||||
|
if printMachine {
|
||||||
|
header = append(header, "Machine")
|
||||||
|
}
|
||||||
|
table.SetHeader(header)
|
||||||
|
|
||||||
if len(*alerts) == 0 {
|
if len(*alerts) == 0 {
|
||||||
fmt.Println("No active decisions")
|
fmt.Println("No active decisions")
|
||||||
|
@ -95,7 +108,7 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
|
||||||
if *alertItem.Simulated {
|
if *alertItem.Simulated {
|
||||||
*decisionItem.Type = fmt.Sprintf("(simul)%s", *decisionItem.Type)
|
*decisionItem.Type = fmt.Sprintf("(simul)%s", *decisionItem.Type)
|
||||||
}
|
}
|
||||||
table.Append([]string{
|
raw := []string{
|
||||||
strconv.Itoa(int(decisionItem.ID)),
|
strconv.Itoa(int(decisionItem.ID)),
|
||||||
*decisionItem.Origin,
|
*decisionItem.Origin,
|
||||||
*decisionItem.Scope + ":" + *decisionItem.Value,
|
*decisionItem.Scope + ":" + *decisionItem.Value,
|
||||||
|
@ -106,7 +119,13 @@ func DecisionsToTable(alerts *models.GetAlertsResponse) error {
|
||||||
strconv.Itoa(int(*alertItem.EventsCount)),
|
strconv.Itoa(int(*alertItem.EventsCount)),
|
||||||
*decisionItem.Duration,
|
*decisionItem.Duration,
|
||||||
strconv.Itoa(int(alertItem.ID)),
|
strconv.Itoa(int(alertItem.ID)),
|
||||||
})
|
}
|
||||||
|
|
||||||
|
if printMachine {
|
||||||
|
raw = append(raw, alertItem.MachineID)
|
||||||
|
}
|
||||||
|
|
||||||
|
table.Append(raw)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
table.Render() // Send output
|
table.Render() // Send output
|
||||||
|
@ -170,6 +189,7 @@ func NewDecisionsCmd() *cobra.Command {
|
||||||
}
|
}
|
||||||
NoSimu := new(bool)
|
NoSimu := new(bool)
|
||||||
contained := new(bool)
|
contained := new(bool)
|
||||||
|
var printMachine bool
|
||||||
var cmdDecisionsList = &cobra.Command{
|
var cmdDecisionsList = &cobra.Command{
|
||||||
Use: "list [options]",
|
Use: "list [options]",
|
||||||
Short: "List decisions from LAPI",
|
Short: "List decisions from LAPI",
|
||||||
|
@ -255,7 +275,7 @@ cscli decisions list -t ban
|
||||||
log.Fatalf("Unable to list decisions : %v", err.Error())
|
log.Fatalf("Unable to list decisions : %v", err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
err = DecisionsToTable(alerts)
|
err = DecisionsToTable(alerts, printMachine)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("unable to list decisions : %v", err.Error())
|
log.Fatalf("unable to list decisions : %v", err.Error())
|
||||||
}
|
}
|
||||||
|
@ -274,6 +294,7 @@ cscli decisions list -t ban
|
||||||
cmdDecisionsList.Flags().StringVarP(filter.RangeEquals, "range", "r", "", "restrict to alerts from this source range (shorthand for --scope range --value <RANGE>)")
|
cmdDecisionsList.Flags().StringVarP(filter.RangeEquals, "range", "r", "", "restrict to alerts from this source range (shorthand for --scope range --value <RANGE>)")
|
||||||
cmdDecisionsList.Flags().IntVarP(filter.Limit, "limit", "l", 100, "number of alerts to get (use 0 to remove the limit)")
|
cmdDecisionsList.Flags().IntVarP(filter.Limit, "limit", "l", 100, "number of alerts to get (use 0 to remove the limit)")
|
||||||
cmdDecisionsList.Flags().BoolVar(NoSimu, "no-simu", false, "exclude decisions in simulation mode")
|
cmdDecisionsList.Flags().BoolVar(NoSimu, "no-simu", false, "exclude decisions in simulation mode")
|
||||||
|
cmdDecisionsList.Flags().BoolVarP(&printMachine, "machine", "m", false, "print machines that triggered decisions")
|
||||||
cmdDecisionsList.Flags().BoolVar(contained, "contained", false, "query decisions contained by range")
|
cmdDecisionsList.Flags().BoolVar(contained, "contained", false, "query decisions contained by range")
|
||||||
|
|
||||||
cmdDecisions.AddCommand(cmdDecisionsList)
|
cmdDecisions.AddCommand(cmdDecisionsList)
|
||||||
|
|
Loading…
Reference in a new issue