extend pov start command with cloud security report and enforcement r…

…ules
PaloAltoNetworks · Jul 3, 2024 · 8667b12 · 8667b12
1 parent c7ac3eb
commit 8667b12
Show file tree

Hide file tree

Showing 4 changed files with 112 additions and 7 deletions.
diff --git a/prismacloud/cli/cspm/cmd_pov.py b/prismacloud/cli/cspm/cmd_pov.py
@@ -55,7 +55,7 @@ def start_pov():
     logging.info("API - Changed Unusual user activity policy.")
 
     # Get the resource list
-    resource_lists = pc_api.resource_list_list_read()
+    resource_lists = pc_api.resource_list_read()
 
     # Initialize the flag to False
     found = False
@@ -191,10 +191,115 @@ def start_pov():
         # Update the alert rule
         pc_api.alert_rule_create(body_params)
         logging.info("API - Create compute alert rule")
+
+    # Add current user to SSO Bypass List
+    current_user = pc_api.current_user()
+    logging.info(f"API - Current user email address: {current_user['email']}")    
+
+    body_params = [current_user['email']]
+    # Update the alert rule
+    pc_api.user_bypass_sso(body_params)
+    logging.info("API - Current user added to SSO Bypass list")
+
+    # Create Cloud Security report with a schedule
+    users = pc_api.user_list_read()
+    user_emails = [user['email'] for user in users]
+    logging.info(f"API - List email addresses: {user_emails}")
+
+
+    # Get the cloud security reports
+    reports = pc_api.adoptionadvisor_report_read()
+    logging.info("API - Update default alert rule")
+
+    # Initialize the flag to False
+    found = False
+
+    # Iterate through each resource in the list
+    for report in reports:
+        if report["name"] == "Scheduled Cloud Security Report":
+            found = True
+            break
+
+    # Add a resource list if flag is false
+    if found:
+        logging.info("API - Cloud Security Report exists.")
+    else:
+        # Prepare the body parameters for the update
+        body_params = {
+            "emailIds": user_emails,
+            "name": "Scheduled Cloud Security Report",
+            "widgetDays": 30,
+            "isRecurring": True,
+            "target": {
+                "scheduleEnabled": True,
+                "schedule": "DTSTART;TZID=Europe/Brussels:20240701T000000\nINTERVAL=1;FREQ=WEEKLY;BYHOUR=3;BYMINUTE=0;BYSECOND=0;BYDAY=MO"
+            },
+            "ruleOptions": {
+                "target": {
+                "schedule": {
+                    "interval": "1",
+                    "frequency": 2,
+                    "weekday": [
+                    0
+                    ],
+                    "hour": 3,
+                    "timezone": "Europe/Brussels"
+                }
+                }
+            },
+            "schedule": "DTSTART;TZID=Europe/Brussels:20240701T000000\nINTERVAL=1;FREQ=WEEKLY;BYHOUR=3;BYMINUTE=0;BYSECOND=0;BYDAY=MO",
+            "enabled": True
+        }
+
+        # Update the alert rule
+        pc_api.adoptionadvisor_report_create(report_to_add=body_params)
+        logging.info("API - Created Cloud Security Report")
+
+
+    # Prepare the body parameters for the update
+    body_params = {
+        "id": "8d57f69b-fbe6-4749-b53c-1e0f0881ad3d",
+        "name": "Security default findings",
+        "repositories": [],
+        "codeCategories": {
+            "LICENSES": {
+            "softFailThreshold": "LOW",
+            "hardFailThreshold": "OFF",
+            "commentsBotThreshold": "LOW"
+            },
+            "VULNERABILITIES": {
+            "softFailThreshold": "LOW",
+            "hardFailThreshold": "OFF",
+            "commentsBotThreshold": "LOW"
+            },
+            "IAC": {
+            "softFailThreshold": "INFO",
+            "hardFailThreshold": "OFF",
+            "commentsBotThreshold": "INFO"
+            },
+            "WEAKNESSES": {
+            "softFailThreshold": "OFF",
+            "hardFailThreshold": "OFF",
+            "commentsBotThreshold": "OFF"
+            },
+            "SECRETS": {
+            "softFailThreshold": "LOW",
+            "hardFailThreshold": "OFF",
+            "commentsBotThreshold": "LOW"
+            },
+            "BUILD_INTEGRITY": {
+            "softFailThreshold": "OFF",
+            "hardFailThreshold": "OFF",
+            "commentsBotThreshold": "OFF"
+            }
+        }
+    }
+
+    # Update the alert rule
+    pc_api.enforcement_rules_update(rules=body_params)
+    logging.info("API - Enforcement rules updated")
 
-    # users = pc_api.user_list_read()
-    # user_emails = [user['email'] for user in users]
-    # logging.info(f"API - List email addresses: {user_emails}")
 
+    logging.info("API - === END ===")
 
 cli.add_command(start_pov)
diff --git a/prismacloud/cli/version.py b/prismacloud/cli/version.py
@@ -1 +1 @@
-version = "0.8.9"
+version = "0.8.10"
diff --git a/requirements.txt b/requirements.txt
@@ -7,7 +7,7 @@ coloredlogs
 datetime
 jsondiff
 pandas
-prismacloud-api==5.2.20
+prismacloud-api==5.2.24
 pydantic-settings
 pydantic
 requests

diff --git a/setup.py b/setup.py
@@ -38,7 +38,7 @@ def read(fname):
         "pydantic",
         "datetime",
         "pyyaml",
-        "prismacloud-api==5.2.20",
+        "prismacloud-api==5.2.24",
         "pytest",
         "pytest-benchmark",
     ],