Esempio n. 1
0
// runSearchQuery executes a search string against the API
func runSearchQuery(sp searchParameters, cli client.Client) (items []cljs.Item, err error) {
	defer func() {
		if e := recover(); e != nil {
			err = fmt.Errorf("runSearchQuery() -> %v", e)
		}
	}()
	fmt.Println("Search query:", sp.query)
	target := sp.query
	resource, err := cli.GetAPIResource(target)
	if err != nil {
		panic(err)
	}
	items = resource.Collection.Items
	return
}
Esempio n. 2
0
func printInvestigatorLastActions(iid float64, limit int, cli client.Client) (err error) {
	defer func() {
		if e := recover(); e != nil {
			err = fmt.Errorf("printInvestigatorLastActions() -> %v", e)
		}
	}()
	target := fmt.Sprintf("search?type=action&investigatorid=%.0f&limit=%d", iid, limit)
	resource, err := cli.GetAPIResource(target)
	if err != nil {
		panic(err)
	}
	fmt.Printf("-------  ID  ------- + --------    Action Name ------- + ----------- Target   ---------- + ----    Date    ---- +  -- Status --\n")
	for _, item := range resource.Collection.Items {
		for _, data := range item.Data {
			if data.Name != "action" {
				continue
			}
			a, err := client.ValueToAction(data.Value)
			if err != nil {
				panic(err)
			}
			name := a.Name
			if len(name) < 30 {
				for i := len(name); i < 30; i++ {
					name += " "
				}
			}
			if len(name) > 30 {
				name = name[0:27] + "..."
			}
			target := a.Target
			if len(target) < 30 {
				for i := len(target); i < 30; i++ {
					target += " "
				}
			}
			if len(target) > 30 {
				target = target[0:27] + "..."
			}
			fmt.Printf("%.0f     %s   %s   %s    %s\n", a.ID, name, target,
				a.StartTime.Format(time.RFC3339), a.Status)
		}
	}
	return
}
Esempio n. 3
0
func searchCommands(aid float64, show string, cli client.Client) (cmds []mig.Command, err error) {
	defer func() {
		fmt.Printf("\n")
		if e := recover(); e != nil {
			err = fmt.Errorf("searchCommands() -> %v", e)
		}
	}()
	base := fmt.Sprintf("search?type=command&actionid=%.0f", aid)
	switch show {
	case "found":
		base += "&foundanything=true"
	case "notfound":
		base += "&foundanything=false"
	}
	offset := 0
	// loop until all results have been retrieved using paginated queries
	for {
		fmt.Printf(".")
		target := fmt.Sprintf("%s&limit=50&offset=%d", base, offset)
		resource, err := cli.GetAPIResource(target)
		// because we query using pagination, the last query will return a 404 with no result.
		// When that happens, GetAPIResource returns an error which we do not report to the user
		if resource.Collection.Error.Message == "no results found" {
			err = nil
			break
		} else if err != nil {
			panic(err)
		}
		for _, item := range resource.Collection.Items {
			for _, data := range item.Data {
				if data.Name != "command" {
					continue
				}
				cmd, err := client.ValueToCommand(data.Value)
				if err != nil {
					panic(err)
				}
				cmds = append(cmds, cmd)
			}
		}
		// else increase limit and offset and continue
		offset += 50
	}
	return
}
Esempio n. 4
0
func searchFoundAnything(a mig.Action, wantFound bool, cli client.Client) (err error) {
	defer func() {
		if e := recover(); e != nil {
			err = fmt.Errorf("searchFoundAnything() -> %v", e)
		}
	}()
	target := "search?type=command&limit=1000000&actionid=" + fmt.Sprintf("%.0f", a.ID)
	if wantFound {
		target += "&foundanything=true"
	} else {
		target += "&foundanything=false"
	}
	resource, err := cli.GetAPIResource(target)
	if err != nil {
		panic(err)
	}
	agents := make(map[float64]mig.Command)
	for _, item := range resource.Collection.Items {
		for _, data := range item.Data {
			if data.Name != "command" {
				continue
			}
			cmd, err := client.ValueToCommand(data.Value)
			if err != nil {
				panic(err)
			}
			agents[cmd.Agent.ID] = cmd
		}
	}
	if wantFound {
		fmt.Printf("%d agents have found things\n", len(agents))
	} else {
		fmt.Printf("%d agents have not found anything\n", len(agents))
	}
	if len(agents) > 0 {
		fmt.Println("---- Command ID ----    ---- Agent Name & ID----")
		for agtid, cmd := range agents {
			fmt.Printf("%20.0f    %s [%.0f]\n", cmd.ID, cmd.Agent.Name, agtid)
		}
	}
	return
}
Esempio n. 5
0
func printStatus(cli client.Client) (err error) {
	defer func() {
		if e := recover(); e != nil {
			err = fmt.Errorf("printStatus() -> %v", e)
		}
	}()
	st, err := cli.GetAPIResource("dashboard")
	if err != nil {
		panic(err)
	}
	var onlineagt, idleagt []string
	actout := make([]string, 2)
	actout[0] = "Latest Actions:"
	actout[1] = "----    ID      ---- + ----         Name         ---- + -Sent- + ----    Date     ---- + ---- Investigators ----"
	var onlineagents, onlineendpoints, idleagents, idleendpoints, newendpoints, doubleagents, disappearedendpoints, flappingendpoints float64
	for _, item := range st.Collection.Items {
		for _, data := range item.Data {
			switch data.Name {
			case "action":
				idstr, name, datestr, invs, sent, err := actionPrintShort(data.Value)
				if err != nil {
					panic(err)
				}
				str := fmt.Sprintf("%s   %s   %6d   %s   %s", idstr, name, sent, datestr, invs)
				actout = append(actout, str)
			case "online agents":
				onlineagents = data.Value.(float64)
			case "online endpoints":
				onlineendpoints = data.Value.(float64)
			case "idle agents":
				idleagents = data.Value.(float64)
			case "idle endpoints":
				idleendpoints = data.Value.(float64)
			case "new endpoints":
				newendpoints = data.Value.(float64)
			case "endpoints running 2 or more agents":
				doubleagents = data.Value.(float64)
			case "disappeared endpoints":
				disappearedendpoints = data.Value.(float64)
			case "flapping endpoints":
				flappingendpoints = data.Value.(float64)
			case "online agents by version":
				bData, err := json.Marshal(data.Value)
				if err != nil {
					panic(err)
				}
				var sum []mig.AgentsVersionsSum
				err = json.Unmarshal(bData, &sum)
				if err != nil {
					panic(err)
				}
				for _, asum := range sum {
					s := fmt.Sprintf("* version %s: %.0f agent", asum.Version, asum.Count)
					if asum.Count > 1 {
						s += "s"
					}
					onlineagt = append(onlineagt, s)
				}
			case "idle agents by version":
				bData, err := json.Marshal(data.Value)
				if err != nil {
					panic(err)
				}
				var sum []mig.AgentsVersionsSum
				err = json.Unmarshal(bData, &sum)
				if err != nil {
					panic(err)
				}
				for _, asum := range sum {
					s := fmt.Sprintf("* version %s: %.0f agent", asum.Version, asum.Count)
					if asum.Count > 1 {
						s += "s"
					}
					idleagt = append(idleagt, s)
				}
			}
		}
	}
	fmt.Println("\x1b[31;1m+------\x1b[0m")
	fmt.Printf("\x1b[31;1m| Agents & Endpoints summary:\n"+
		"\x1b[31;1m|\x1b[0m * %.0f online agents on %.0f endpoints\n"+
		"\x1b[31;1m|\x1b[0m * %.0f idle agents on %.0f endpoints\n"+
		"\x1b[31;1m|\x1b[0m * %.0f endpoints are running 2 or more agents\n"+
		"\x1b[31;1m|\x1b[0m * %.0f endpoints appeared over the last 7 days\n"+
		"\x1b[31;1m|\x1b[0m * %.0f endpoints disappeared over the last 7 days\n"+
		"\x1b[31;1m|\x1b[0m * %.0f endpoints have been flapping\n",
		onlineagents, onlineendpoints, idleagents, idleendpoints, doubleagents, newendpoints,
		disappearedendpoints, flappingendpoints)
	fmt.Println("\x1b[31;1m| Online agents by version:\x1b[0m")
	for _, s := range onlineagt {
		fmt.Println("\x1b[31;1m|\x1b[0m " + s)
	}
	fmt.Println("\x1b[31;1m| Idle agents by version:\x1b[0m")
	for _, s := range idleagt {
		fmt.Println("\x1b[31;1m|\x1b[0m " + s)
	}
	fmt.Println("\x1b[31;1m|\x1b[0m")
	for _, s := range actout {
		fmt.Println("\x1b[31;1m|\x1b[0m " + s)
		if len(actout) < 2 {
			fmt.Println("\x1b[31;1m|\x1b[0m * None")
			break
		}
	}
	fmt.Println("\x1b[31;1m+------\x1b[0m")
	return
}