-
Notifications
You must be signed in to change notification settings - Fork 1
/
TA-bigfix.aob_meta
1 lines (1 loc) · 56.5 KB
/
TA-bigfix.aob_meta
1
{"basic_builder": {"appname": "TA-bigfix", "friendly_name": "HCL BigFix Add-on for Splunk", "version": "3.0.5", "author": "Jimmy Maple", "description": "Technical add-on for ingesting data from HCL BigFix into Splunk", "theme": "#63B8FF", "large_icon": "iVBORw0KGgoAAAANSUhEUgAAAEgAAABICAYAAABV7bNHAAAAAXNSR0IArs4c6QAAD8BJREFUeF7tXGmXHNdZfqp6X2bfN82MRhrJ0mixHaHVsmxLsR1hOMFg2YGEEDtw+AMsgbCENUCc5XD4SvjGl5gvnCQYDJZ1JMtI0TbaR7NpZjR7T+/d1V3VxXneW9UzLZJg55so1ZGOWt3VVfc+7/M+73Jvl/bb//CyXanYsMoV2LYN3adB0/gXnjpsGzL/imXL/H0BHbquQfutv3/J5puWqQDy+dQHUH88cdicpQ0IUayKAsivK7K89c0TwiCzVBEw/ESOH3oFHYcCFQJkVmCWHRyCDoPefPt41cWInD/oE/ToYvy/Fw56Dl2MXmSWLOVJrou99a0Ttl0BKqSWriEQ9CuA6H/ewEfAseleZgXlkimvdR8xALQvf/vTtut/1B5hUMBX1SEvMKiqP2VLGETJqerwb37nRVso5rzpDykGUaC8RCE3UJmGKQApD9KgVQFiiBcG+df9zyM+JuHdSXXMkgOQpDoatC9/R7kYGSQaFKJI+zyqQRbKhlXFQlIdArTuYno1ikmS5DUGOVGsUlEBSzHo2+sAabqOgBvmPRvFyKCHAaooH1yPYk6S5DUGlVUe5GIhLHrrWw6DWINUNcjNg7yRCLkSI3mQq0FuTSoAPcwghnmnHvNUHlTVIOVNikHfPEEAq5m0W2p4GaBqJs0o5harUubreBzFWItVIImysOhNMkjqEAVQbRTzoAY5APn8jovVAKQ9ZpCq5oF1gN52GVSR2utxHmSxtbje0XjzbdUwY4ijQ9WKtDdcjIC4GAiDQAY5ueCXvnHc0SB20moZ5KWe63o/yJL+a7UnRoDcUn8jg5gDeKnd4QJUwyAmi1/6O9VyNcsWNGxouXosUawFyIbfaRoqgKyNzWqnJ+3RYpUMqi5esO36G3/7grOqwQ+oQXrV/7ypQdRiW4KVJIoCkMVlHwc5AiQNaw9qED3JXf4iQNSgL/7NRoAUcusAeaJUlUVD0SABSHmSMGgdIHc9iHnQOoP8/gBCgTAC/iB8ug9WxUKxVEDZLKHCgoUp5485wsEIGuMt8OkBFEo5FEt5GOUiLMusOTsSiqKprg0+3Y9MPiXn8to8eM+gPyT313UfuDbFz3gt9/5SZf8MB+cVCcakY1idj2XBNLmqwZVVlQ/K0s8Xv04GcT1ILZi5DKL/RSN1aGvoRH2sGdFQVC42vzqDVC6BslVCpaLc8uGjs7kPezcfRDRchwcrU1hYm8Fyah65Yqbm1J7WAewbfhahYBR3Z0fl3FQ+Iec0xJrRXNeO1oZOhAIRuV86l8D86n25f8k0YFVqAf+4WNVHG9HdOgBd82Ep+QDpXBKlsoFyuSwMInCsKKoAkVplwxSqkUH8gAC1NnZiuHc3Opt6EQnFkMknMf7gFhYSM8gWUzDKhoxJbXZgkqAy74GOYRzb8wrqo024N3cDk4u3MbM8jnQ+CZ0VsRw2hrp34qV9ryEaiuPinTOYmL+NVG5FWNPXPoTW+k4BmWyi8fLFjADNSS0l55AtpMAVB5dIusYK3CdXp/EqP4FhHU3dGBnYB78vgLHZG1hcm0PByKFUMpQGaUCAy19k0K9//Xmba9LSSdvAIIp0f+cWHBl5CQOdw/DrASQyS7h9/yqmFu8KSJlCSgbDQfFzd/KDndvw/JO/gLpoI+7OXMP4/C1ML40JwAFfEJqmywS29OzEyQNvCEAf3fwvTC/eg2EW0dbQgT1DBxCPNGApOY+yaSAWrhPg/D4/5hMzuHDnNGZXJh0gnPV0nx9Bf1jGVDKLMB9yaZdhAx1bcXT3SXFhGmZqcQzZfApFo7DOoJBP9igIQNJqLLoA6QgEAggEgtjasxPHn/4s+tu3iIYk0suYWZ7A1MJdjD24jmR2FcFACPFwPZrireIKXBHoaunDvu1HZQA3py/L+ZyUWSmjKdaKoD+IkllCb9sgntn9klD9wxvvifuGAiF0NPfiif69Mp9b05eFeXWRBrQ3dmNTx5Dc9/0r/4qZ5UmEggo0gk6mRYJRGUOumBYDpnNrKFtlGQu1jsdg1za88OQvynsf3XpfmEsNzBeyKBYMWLYFf1CDzpbHF/5aMahUNBWDAj5EwhHUxxqxtW8Xju5+Ga0N7VhYnUWmkJZzqAOX7p2VgTbXtaGvfTN2bHoSTXWtMEpFUHy7Wjchb2RxfeIi5lamUTDycs0tPTtADcgXc4iG4+jvGEI6n8K56+8hmVkB9aupvhWxcByr6SVcGf8Qy8kFYQ8ndmTk09B1Hedv/idSuSR6WwckIKiAEkI4GIVplZBIr+D+0j3cmLokQDXF2wQ8Hr3tgzi44wUB9Oq9jzCzNCnum86lkEytoVDKQwtYgG4rgMigUsEFSEd9vBGdzb0Y7hvB08NHEIvUYWZpQoSMTKEGnBn9IVK5NXG/oa7t2No7IsCsphbFt3vaB8SvRycuYDW9jHAwhua6VvS09YubkY2cdH8nAUoKQNlCRq5F12REm12ewKV757CYmBXrD/ftwsn9p8T1Lo2dhVEyhOXN9W3OfibV5JK1dtvC5PxdnL72fRnn5s7tAiSP9sYu7Bx8Sq45PndL3JjulUitYHZxGsncKkytiIpmQvvCXz1XBYg1GaNYW2M7tvTuFGsP9TwhbrSYeACKIJmxtDaHdy++g1whi71bDqK7lZMOYC27gjsz18T6h0dOiDWvT/5Iol9P2yAY/nOFlDCCgDfVteDonpeFEWdH30O+mBUQ+H2yk7pFBtIgDAA0wmcOvI6GWBNGxy9IJNvctV0MSJZkC2lk82nEI3Uy7pXUIr5//p+RK2bxc9uPoae1XwCKRxvQ1dIrmrmcXJTv0A0XV+ZwY+IqHqxOIW+lUK4UHYDKFRhkkACko7ttE57cehCD3dvEhXiQ7rT4QNdWef3uhXdQKObw9PAzEopzRgYzS/dweexD1EUb8PMHXxeLXZ+8JPnT1t6dYrH7i+OYmr8j0bCtsQuvHP4couGYAMQJDnU/Id8vGFnRuyv3zmNpbV4MsLVvBC/ue1UE+/Ldc8JovkfmEgyOazW1hJb6duzfcQyZQhL/cuafsJZZFUMyGvNojDdhU+eQaN/86ixS2QRK5RKWEvO4O30Ti2uzKNoZmLYB7fN/6TAoXxaAuPVlsHsrju59WQTRRkV8MplZlYlwonSFM1ffFYs/0b8HDfEWFEs5YcWlsXMiqCcFoGZhEBNEMpKuN7s0iamFMYzP3ZQ04pXDb4g2nB39D5lId+smmWA8Wi/h9+zovwt7Cdq2vl147qmTklKcvvwDYeaeof3CCIZ9gkTXpcEOjTwvmvnOB98VV6OxwoGIAMR5Hdl1QjTo8t3zYjQaJ5NNI5VJwjAL0APsu9oOQGULpTzzIA3BUBDD/TtxYt9n0d7cjYVVJnkLgnJDvAm7hvZBszWMjl8U5W9p6EB9rEGsyATuzv1ReX1g5/MSJVwX620bQCQUR9HIi6UJJq93aNdxyZ7Ojb6HhcScuAej1UDXsITq0YmLYhzqUmdLr7g904UPrv5QgN+/4zmZPK2+kloQcSZAh3cfR66QxvdOfxc3py7X5JDU1s8cOIVgIIwzV/8NYzPXkc6uoVDMyxY85oDBKHe5+KB9/i+O2dzhauTL8GkBxONx7BjcixcPvopoKIb/vvUBJuZui3C1NdIyx6U8WEzMyWCYrHGiZBKtnswkxMIUTlrlxuQlmSATzdaGDvR1bBZXpcb4fAF0NvfI6/PX3xdmGaWCuN5T2w6hvalbQGLkdFMDXn964R6ujX8kmkYNo5EWma0nFUAc5+HdJ+T+33v/HyXV2HgM947g5MFTCPojAtBdApRLKIBKCqBQNCDbgAQgoiYAwS8ADfYMY//IMfh0HT+6fU4GxMyZk6Yvc0CMUGQVB0Wrj2x+WlyGyRlLAG4AWKPQzo8hmSVoQEt9B4Y3jYjIFoyC1HPMYRLpJdycuoK55WlJ2Brizdi1+VMSjgl6wB+SzJtAT82PSUJJBjJNoFaSQWuZJbkPQzVde9fQp2SMp6/8QMa/8eB1D+x8TqLptfELmFmclLzJMFQmzSKVAHFDq/Zrf64YVMyXgQoQDAdQF6tHS2O7RC3qAqOAyWQrEJLBMN+wLEuKRiaQ9OXm+naVpNkVyW6ZFJIN/K5bgEpxGm+T6/A9ijc1jucx1DNXMs2yXI+sZDhnlu3z+eX+LFTp1nSdvJGT95viLXI+IxqvWTaZFKrvc4zLSdaA2RqAqKUcL6MYjcycjN8zTdMBSEfYZRABYoFGgNgXUrWYJuB83J40w/TGUoMgESBmtBsPdgSqpYZtCUCVivkTaya/7hedYJZsWWWYPPennF9zs0/yH65qOJvIXQYRIKY82q/+GV3MgpEjQBXxu0/aD5IyVdOrDUg2IdiekK1rGw6eJ/Uawee+SCk01b8/7tDBopnFrVa93k87/5NgUnPuhn4QvYnFeihGF3MBIoNyJcUg7g9mo0h2kntkXYwm4g4XdlYFIA3hWNBh0NeeFQYVsyVYVYCcluvPbJJH74sKILV44SNA8aDDoK89a7NZpgCqOAziTntv7VFUP2RxAdIFIDbNtM/96VER6UK2JL9VYHL0STXo0ePLQyOu0SBL+kARMsgFiM0yYZC5gUGe1CCHQX6HQSEftDf+xGFQxlAu5nd6sR77uU9Vg0xLPChSF1IMIkDUoAIBIoPkZwiuSHstilVgUmboYnUhpUECkOECZMku+3WAHnl1+dgTcBlkkUF+nwLIdTGuaOTTikEKIGf7mUfyIElVnTxIAaQjWk+A/NBe/+NnFIOqAG10sY9tgEf+xHUGOS4mAPmgvf5HCqB1Bq1n0u461yM/+/9jArUMUgApBvmgnfrqRgYpenlbg5TMRGoBcjSIabb7a19P5kFqryYL9qoGnfrqEeViKUN2mT1mEJNlH6INVRc7YpeLJnICUC2DvKpB7GjECFDYD+3UH5JBJnLJxwxisarKLR9ijU6YJ0Bcdq4FyMmDPPR7sfU8aB2gIBn02h+4LlaUnQ3yg3qWGtJy/f8e4J35VZ/bUZFnmLAGizWElYsRIGFQygFoQxTzrAY5AAmDfsVlUPJ/A+QR/sg0a1yMADU6DCJASoOKMA03zFOD+DXv+Jh6PIfKg/whBZBi0FcO1wAkT36pNu29wyGXQeyq1gL0+wqg7BpdzFSPxhGR9hSBZJ8jw7wAFPQj3uQw6Jd/79A6QMZjgBSDNgD06u8eskuFMrKJgmzkrLqYJ8O8LQxiFR9vjiAYCUD7pd85aJfyZaRXCZCptgA7T37xjkTLUrCINN2MjbL6lgiC0QC0175y2DaoQS6D3G6iR7JoNwy5DxcgSC6DQoxi3P6imvYltUfYfaiHt6K87A5wQWImHalzFg75ax/Z3ZErSzXvPiLQYwRSj+lySg5W82FuXgj68D9EPnP9SxBdPgAAAABJRU5ErkJggg==", "small_icon": "iVBORw0KGgoAAAANSUhEUgAAACQAAAAkCAYAAADhAJiYAAAAAXNSR0IArs4c6QAABQRJREFUWEfNmHtQVFUcx7/n7i6XXVgeIi8lRO2h/qHZZFCS8VAcKzMdNRRRjCgfzYiPFF8jvhBQkRiSSCjLcUJElEJLS2FsHHVsJM0YNCSUhwKu7Lrve+/uac5dZcam8d+7558798y553zu9/c95/zOIUv3T6NOuwS1hgMhUKRQCkiiG7xWDfLh3snUaRXh6+8DlUoZIpeLwmERwPtpQLI+T6Eu0Q2tnodKzSmikEtyw252QsWi9HHJVOp2PQbSKAQkeoA4FQeSVZJC3ZJ3KMSpGdBAyHwUDpngCdlHxU885C1A+6ZQUXBBy2aZkh6yCND4qEAyGZDDBa1eeYU0vgyoaAoVHJJHISWnvUWAj+/jhVGwe4CYy5UobJbbGZC8Uu+ZTB020SuAfHUakMW7k6nDKkLrp1FWIbZ9sa0jozCZsn2EvSgZMiYK209JRkEytZmdMhAz9WujkhA5KApnr/4Ai8P4lKW2LCjH6d+P4lLLrwP1ez85ggMnC9DSeRWjn3sFE0YlwGwz4lxTHUw2wzMtOfXVObhw4xeYLA/BgHR6HmRRQRK1mTxATKF9S6vBEQ415yvx242f5A51Pnr5uTOzEnUXvkPj9XrofYMgSE6Ur6pHUfVGSC4R2bO3o/5SFYZHvIiY8BeQU5EBp2SXvw32C0W/te8pQDZWYdVadPW1eYACeZCF+UnUanSAGWpk1BisnVeIxqaTiBwUjeLajRg3Ig7L398Mg6kX4SFDcOhMKdxuivSU5bhv6EJ0xAjsqdqApPHTYResKK/PA6/R4osVtSiry8O7cfPhr9MjWB+C5vY/UFSzHmOHx8lgS97LQXVDpdx3c+ufcPN2kIW7Eqn5oUNWaE5iJmJHJ6Dl7nXEj52CZftmYuXsPPT0d+Kbn/eibGUdqhsq8HZcKs5fO4UzV2pRse4Udn+/HjMmpqOlowlHGyvkwUpXHMfRhgNIHD8df3f9hVsdN/DprM1YtCsZuYvK5DbDIkeiu68Dgiig8kQxuq23QNLzEqnFYAev0yB/6UH0mbpxp6cVM+LTUHwkFykTZspeqKjfg/2rjqPqbDmmxc7F5eZGnL5yDF+uOYHCwzkYE/Myxj0fiy1fL8OIyNHYlFGENaULsWTGBlxvu4TWzhasTctH2raEgbCVZh9D3qHV6Oxpg9Mmwj9EC5K+M4E+emBH9NAYlKyuwvqyLLT33ETu4jLcM3TgcnMDVqfugNVhBaUUNQ2VIITD4ney8cDYC71fAEqqt6Ktmw1YiCGh0VBxHGrOHcSPFw9je+ZXuHb7Ilo7WrAuvQDzcicNALEf3PntKnT03obTKiFgsBZkwY4EauqzgfdTQ6X6/5Vax3tMbXOaBzrTa4MhSA44RY9pn5Rg/zC53X/rnzXdXC63DBQYqgNJ255ATb1W8Dq1nLEpUVjG6rRJCAzzA0nb9hbt77HIHlIWSERwuD/I/K2TaP89LwGK9AeZlzuJPrxnBq9VWCG7iEGReg+QoesRfBQGEuwiQoYGgKRueZMaOs1yLqKkh1hOFhKlB/lgMwNiCnkDUAADiqd9d70DKDSaAW2Kp713TF6hUNiwQJC5GxmQ0UuAgkDmMKB2o5zxcwrdfrhdFOzkExbDgDZMpD3/GKFRGEh0SAgfHgQyO+cNev92v1cARYwMBpn12eu08+YDaHg1CKfMhRV1U4hOCVEvDfYcg4y9NnAcUfRKj6XFQWE6/AuAJ5ZVVwJuogAAAABJRU5ErkJggg==", "visible": true, "tab_version": "4.1.1", "tab_build_no": "0", "build_no": 4}, "data_input_builder": {"datainputs": [{"index": "default", "sourcetype": "bigfix:actions", "interval": "30", "use_external_validation": true, "streaming_mode_xml": true, "name": "bigfix_actions", "title": "BigFix Actions", "description": "REST input to collect actions taken in BigFix", "type": "customized", "parameters": [{"required": true, "name": "global_account", "label": "Global Account", "default_value": "", "placeholder": "", "help_string": "", "possible_values": [], "type": "global_account", "format_type": "global_account", "value": ""}, {"required": true, "name": "set_batch_value", "label": "Set Batch Value", "default_value": "1", "placeholder": "", "help_string": "Number of batches to use for ingestion. NOTE: This number should be very large in very large environments.", "type": "text", "format_type": "text", "value": "1"}], "data_inputs_options": [{"type": "customized_var", "name": "global_account", "title": "Global Account", "description": "", "required_on_edit": false, "required_on_create": true, "possible_values": [], "format_type": "global_account", "default_value": "", "placeholder": ""}, {"type": "customized_var", "name": "set_batch_value", "title": "Set Batch Value", "description": "Number of batches to use for ingestion. NOTE: This number should be very large in very large environments.", "required_on_edit": false, "required_on_create": true, "format_type": "text", "default_value": "1", "placeholder": ""}], "code": "\n# encoding = utf-8\n\nimport os\nimport sys\nimport time\nimport datetime\nimport base64\nimport json\n\ndef validate_input(helper, definition):\n \"\"\"Implement your own validation logic to validate the input stanza configurations\"\"\"\n # This example accesses the modular input variable\n # global_account = definition.parameters.get('global_account', None)\n pass\n \ndef collect_events(helper, ew):\n opt_root_url = helper.get_global_setting('bigfix_server_url')\n sourcee= helper.get_input_stanza_names()\n opt_rest_api_port = helper.get_global_setting('bigfix_server_port')\n opt_global_timeout = helper.get_global_setting('query_timeout_seconds')\n int_global_timeout = int(opt_global_timeout)\n opt_mac = helper.get_arg('mac_address_property')\n opt_sets = helper.get_arg('set_batch_value')\n int_sets = int(opt_sets)\n opt_global_account = helper.get_arg('global_account')\n account = opt_global_account[\"username\"] + \":\" + opt_global_account[\"password\"]\n base64string = base64.b64encode(account.encode()).decode()\n headers = { 'Authorization' : 'Basic %s' % base64string }\n \n opt_url_start=opt_root_url + \":\" + opt_rest_api_port + \"/api/query?output=json&relevance=\"\n\n query='%28%22nt_host%3D%22+%26+item+0+of+it%2C+%22client_id%3D%22+%26+item+12+of+it%2C+%22status%3D%22+%26+item+1+of+it%2C+%22issuer%3D%22+%26+item+2+of+it%2C+%22issue_time%3D%22+%26+item+3+of+it%2C+%22end_time%3D%22+%26+item+4+of+it%2C+%22start_time%3D%22+%26+item+5+of+it%2C+%22action_id%3D%22+%26+item+6+of+it%2C+%22action_name%3D%22+%26+item+7+of+it%2C+%22reapply%3D%22+%26+item+8+of+it%2C+%22restart_required%3D%22+%26+item+9+of+it%2C+%22stopper%3D%22+%26+item+10+of+it%2C+%22time_stopped%3D%22+%26+item+11+of+it%29+of+%28name+of+computers+of+item+0+of+it+as+string%2C+status+of+item+0+of+it+as+string%2C+name+of+issuer+of+item+1+of+it+as+string%2C+time+issued+of+item+1+of+it+as+string%2C+%28if+%28exists+end+date+of+item+1+of+it%29+then+end+date+of+item+1+of+it+as+string+%26+%22+%22+%26+end+time_of_day+of+item+1+of+it+as+string+else+%22%22%29%2C+%28if+%28exists+start+date+of+item+1+of+it%29+then+start+date+of+item+1+of+it+as+string+%26+%22+%22+%26+start+time_of_day+of+item+1+of+it+as+string+else+%22%22%29%2C+id+of+item+1+of+it+as+string%2C+%28concatenation+%22%252527%22+of+%28substrings+separated+by+%22%252522%22+of+name+of+item+1+of+it+as+string%29%29%2C+reapply+flag+of+item+1+of+it+as+string%2C+restart+flag+of+item+1+of+it+as+string%2C+%28if+%28exists+stopper+of+item+1+of+it%29+then+name+of+stopper+of+item+1+of+it+as+string+else+%22%22%29%2C+%28if+%28exists+time+stopped+of+item+1+of+it%29+then+time+stopped+of+item+1+of+it+as+string+else+%22%22%29%2C+%28it+mod+SETS+%3D+RESULT+of+it%29+of+id+of+computers+of+item+0+of+it+as+string%29+of+%28results+of+it%2C+it%29+of+%28bes+actions%29'.replace(\"SETS\", opt_sets)\n \n urlb=opt_url_start + query\n\n helper.log_info(\"Beginning job=\"+sourcee)\n\n for x in range(0, int_sets):\n strx=str(x)\n helper.log_info(\"job=\"+sourcee+\" Beginning MOD loop=\"+strx)\n\n url=urlb.replace(\"RESULT\", strx)\n for y in range(0, 100):\n try:\n response = helper.send_http_request(url, 'GET', parameters=None, payload=None, headers=headers, cookies=None, verify=False, cert=None, timeout=int_global_timeout, use_proxy=False)\n except Exception as e:\n helper.log_error(\"job=\"+sourcee+\" Error Response for loop=\"+str(x)+\" error=\"+str(e))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting\")\n return\n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n continue\n if response.status_code==200:\n break\n helper.log_error(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting \" + response.text )\n return \n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n helper.log_info(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n\n r_text = response.json()\n helper.log_info(\"job=\"+sourcee+\" Begin Event Processing for MOD loop=\"+str(x))\n helper.log_info(\"job=\"+sourcee+\" JSON item count=\"+str(len(r_text['result']))+\" for MOD loop=\"+str(x))\n for item in r_text['result']:\n eventitem=\"\"\n s=sourcee+strx\n space=\", \\\"\"\n output=[]\n for value in item:\n output.append(value.replace(\"=\",\"\\\": \\\"\",1)+\"\\\"\")\n eventitem=space.join(output)\n j_convert=\"{ \\\"\" + eventitem + \" }\"\n event = helper.new_event(source=s, index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=j_convert)\n ew.write_event(event)\n helper.log_info(\"job=\"+sourcee+\" Ending MOD loop=\"+str(x))\n helper.log_info(\"Ending job=\"+sourcee)\n\n", "customized_options": [{"name": "global_account", "value": "account0"}, {"name": "set_batch_value", "value": "1"}], "uuid": "b09aa807edcb4df49c6584aca8045cf5"}, {"index": "default", "sourcetype": "bigfix:analysis", "interval": "30", "use_external_validation": true, "streaming_mode_xml": true, "name": "bigfix_analysis", "title": "BigFix Analysis", "description": "REST Input to collect the results of a defined analysis from BigFix", "type": "customized", "parameters": [{"required": true, "name": "global_account", "label": "Global Account", "default_value": "", "placeholder": "", "help_string": "", "possible_values": [], "type": "global_account", "format_type": "global_account", "value": ""}, {"required": true, "name": "analysis_id", "label": "Analysis ID", "default_value": "", "placeholder": "", "help_string": "ID of the analysis", "type": "text", "format_type": "text", "value": ""}, {"required": true, "name": "site_name", "label": "Site Name", "default_value": "", "placeholder": "", "help_string": "Name of the site where the analysis is configured", "type": "text", "format_type": "text", "value": ""}, {"required": true, "name": "set_batch_value", "label": "Set Batch Value", "default_value": "1", "placeholder": "", "help_string": "Number of batches to use for ingestion. NOTE: This number should be very large in very large environments.", "type": "text", "format_type": "text", "value": "1"}], "data_inputs_options": [{"type": "customized_var", "name": "global_account", "title": "Global Account", "description": "", "required_on_edit": false, "required_on_create": true, "possible_values": [], "format_type": "global_account", "default_value": "", "placeholder": ""}, {"type": "customized_var", "name": "analysis_id", "title": "Analysis ID", "description": "ID of the analysis", "required_on_edit": false, "required_on_create": true, "format_type": "text", "default_value": "", "placeholder": ""}, {"type": "customized_var", "name": "site_name", "title": "Site Name", "description": "Name of the site where the analysis is configured", "required_on_edit": false, "required_on_create": true, "format_type": "text", "default_value": "", "placeholder": ""}, {"type": "customized_var", "name": "set_batch_value", "title": "Set Batch Value", "description": "Number of batches to use for ingestion. NOTE: This number should be very large in very large environments.", "required_on_edit": false, "required_on_create": true, "format_type": "text", "default_value": "1", "placeholder": ""}], "code": "import os\nimport sys\nimport time\nimport datetime\nimport base64\nimport json\n\ndef validate_input(helper, definition):\n \"\"\"Implement your own validation logic to validate the input stanza configurations\"\"\"\n # This example accesses the modular input variable\n # global_account = definition.parameters.get('global_account', None)\n pass\n \ndef collect_events(helper, ew):\n opt_root_url = helper.get_global_setting('bigfix_server_url')\n sourcee= helper.get_input_stanza_names()\n opt_rest_api_port = helper.get_global_setting('bigfix_server_port')\n opt_global_timeout = helper.get_global_setting('query_timeout_seconds')\n int_global_timeout = int(opt_global_timeout)\n opt_analysis_id = helper.get_arg('analysis_id')\n opt_analysis_site_name = helper.get_arg('site_name')\n opt_sets = helper.get_arg('set_batch_value')\n int_sets = int(opt_sets)\n opt_global_account = helper.get_arg('global_account')\n account = opt_global_account[\"username\"] + \":\" + opt_global_account[\"password\"]\n base64string = base64.b64encode(account.encode()).decode()\n headers = { 'Authorization' : 'Basic %s' % base64string }\n\n opt_url_start=opt_root_url + \":\" + opt_rest_api_port + \"/api/query?output=json&relevance=\"\n\n query='(%22analysis_id%3D%22+%2526+item+2+of+it+as+string%2C+%22analysis_name%3D%22+%2526+item+1+of+it%2C+%22property_name%3D%22+%2526+item+1+of+item+0+of+it%2C%22property_value%3D%22+%2526+item+0+of+item+0+of+item+0+of+it%2C+%22nt_host%3D%22+%2526+item+1+of+item+0+of+item+0+of+it%2C+%22client_id%3D%22+%2526+item+2+of+item+0+of+item+0+of+it+as+string%2C+%22site_name%3D%22+%2526+item+3+of+it)+of+((((values+of+it%2C+names+of+computer+of+it%2C+id+of+computer+of+it)+of+results+whose+(id+of+computer of+it+mod+SETS+%3D+RESULT)+of+it%2C+name+of+it)+of+properties+of+it)+of+it%2C+name+of+it%2C+id+of+it%2C+name+of+site+of+it)+of+bes+analysis+whose+((id+of+it+is+ANALYSISID)+AND+(name+of+site+of+it+is+%22SITENAME%22))'.replace(\"SETS\", opt_sets).replace(\"ANALYSISID\",opt_analysis_id).replace(\"SITENAME\",opt_analysis_site_name)\n \n urlb=opt_url_start + query\n\n helper.log_info(\"Beginning job=\"+sourcee)\n\n for x in range(0, int_sets):\n strx=str(x)\n helper.log_info(\"job=\"+sourcee+\" Beginning MOD loop=\"+strx)\n\n url=urlb.replace(\"RESULT\", strx)\n for y in range(0, 100):\n try:\n response = helper.send_http_request(url, 'GET', parameters=None, payload=None, headers=headers, cookies=None, verify=False, cert=None, timeout=int_global_timeout, use_proxy=False)\n except Exception as e:\n helper.log_error(\"job=\"+sourcee+\" Error Response for loop=\"+str(x)+\" error=\"+str(e))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting\")\n return\n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n continue\n if response.status_code==200:\n break\n helper.log_error(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting \" + response.text )\n return \n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n helper.log_info(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n\n r_text = response.json()\n helper.log_info(\"job=\"+sourcee+\" Begin Event Processing for MOD loop=\"+str(x))\n helper.log_info(\"job=\"+sourcee+\" JSON item count=\"+str(len(r_text['result']))+\" for MOD loop=\"+str(x))\n for item in r_text['result']:\n eventitem=\"\"\n s=sourcee+strx\n space=\", \\\"\"\n output=[]\n for value in item:\n output.append(value.replace(\"=\",\"\\\": \\\"\",1)+\"\\\"\")\n eventitem=space.join(output)\n j_convert=\"{ \\\"\" + eventitem + \" }\"\n event = helper.new_event(source=s, index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=j_convert)\n ew.write_event(event)\n helper.log_info(\"job=\"+sourcee+\" Ending MOD loop=\"+str(x))\n helper.log_info(\"Ending job=\"+sourcee)\n\n", "customized_options": [{"name": "global_account", "value": ""}, {"name": "analysis_id", "value": ""}, {"name": "site_name", "value": ""}, {"name": "set_batch_value", "value": "1"}], "uuid": "40c005f4fc714c3aa4a84e138dd54b75"}, {"index": "default", "sourcetype": "bigfix:clients", "interval": "30", "use_external_validation": true, "streaming_mode_xml": true, "name": "bigfix_clients", "title": "BigFix Clients", "description": "REST input to collect asset information from BigFix", "type": "customized", "parameters": [{"required": true, "name": "global_account", "label": "Global Account", "default_value": "", "placeholder": "", "help_string": "", "possible_values": [], "type": "global_account", "format_type": "global_account", "value": ""}, {"required": true, "name": "mac_address_property", "label": "MAC Address Property", "default_value": "", "placeholder": "", "help_string": "Name of property which captures the MAC address of the host. See documentation for property relevance if a property is not available.", "type": "text", "format_type": "text", "value": ""}, {"required": true, "name": "set_batch_value", "label": "Set Batch Value", "default_value": "1", "placeholder": "", "help_string": "Number of batches to use for ingestion. NOTE: This number should be very large in very large environments.", "type": "text", "format_type": "text", "value": "1"}], "data_inputs_options": [{"type": "customized_var", "name": "global_account", "title": "Global Account", "description": "", "required_on_edit": false, "required_on_create": true, "possible_values": [], "format_type": "global_account", "default_value": "", "placeholder": ""}, {"type": "customized_var", "name": "mac_address_property", "title": "MAC Address Property", "description": "Name of property which captures the MAC address of the host. See documentation for property relevance if a property is not available.", "required_on_edit": false, "required_on_create": true, "format_type": "text", "default_value": "", "placeholder": ""}, {"type": "customized_var", "name": "set_batch_value", "title": "Set Batch Value", "description": "Number of batches to use for ingestion. NOTE: This number should be very large in very large environments.", "required_on_edit": false, "required_on_create": true, "format_type": "text", "default_value": "1", "placeholder": ""}], "code": "\n# encoding = utf-8\n\nimport os\nimport sys\nimport time\nimport datetime\nimport base64\nimport json\n\ndef validate_input(helper, definition):\n \"\"\"Implement your own validation logic to validate the input stanza configurations\"\"\"\n # This example accesses the modular input variable\n # root_url = definition.parameters.get('root_url', None)\n # rest_api_port = definition.parameters.get('rest_api_port', None)\n # mac_address_property = definition.parameters.get('mac_address_property', None)\n # global_account = definition.parameters.get('global_account', None)\n pass\n\ndef collect_events(helper, ew):\n opt_root_url = helper.get_global_setting('bigfix_server_url')\n sourcee= helper.get_input_stanza_names()\n opt_rest_api_port = helper.get_global_setting('bigfix_server_port')\n opt_mac = helper.get_arg('mac_address_property')\n opt_sets = helper.get_arg('set_batch_value')\n int_sets = int(opt_sets)\n opt_global_account = helper.get_arg('global_account')\n opt_global_timeout = helper.get_global_setting('query_timeout_seconds')\n int_global_timeout = int(opt_global_timeout)\n account = opt_global_account[\"username\"] + \":\" + opt_global_account[\"password\"]\n base64string = base64.b64encode(account.encode()).decode()\n headers = { 'Authorization' : 'Basic %s' % base64string }\n\n opt_url_start=opt_root_url + \":\" + opt_rest_api_port + \"/api/query?output=json&relevance=\"\n \n query='(\"nt_host=\" %26 (name of item 0 of it | \"missing Name\") ,\"client_id=\" %26 id of item 0 of it as string, \"last_report_time=\" %26 concatenation \"|\" of values of results (item 0 of it , elements of item 1 of it) ,\"ip=\" %26 (if (size of item 3 of it = 1) then (concatenation \"|\" of values whose (it as string does not start with \"169.254\") of results (item 0 of it , elements of item 3 of it)) else (if (size of item 3 of it > 1) then ((\"IP Address property duplicates: \" %26 concatenation \"|\" of ((name of it) %26 \"=\" %26 (id of it as string)) of elements of item 3 of it) as string) else (\"\"))) , \"mac=\" %26 (concatenation \"|\" of values of results (item 0 of it , elements of item 4 of it) |\"\") ,\"dns=\" %26 (if (size of item 5 of it = 1) then ((if it = \"\" then \"\" else it) of concatenation \"|\" of values of results (item 0 of it , elements of item 5 of it)) else (if (size of item 5 of it > 1) then ((\"Property 3 duplicates: \" %26 concatenation \"|\" of ((name of it) %26 \"=\" %26 (id of it as string)) of elements of item 5 of it) as string) else (\"\"))) , \"operating_system=\" %26 concatenation \"|\" of values of results (item 0 of it , elements of item 6 of it) , (\"user=\" %26 concatenation \"|\" of values of results (item 0 of it , elements of item 7 of it)) , (\"client_version=\" %26 (value of result (item 0 of it , elements of item 8 of it))) , \"subscribed_sites=\" %26 concatenation \"|\" of display names of subscribed sites whose (custom site flag of it OR external site flag of it) of item 0 of it) of (elements of item 0 of it , item 1 of it , item 2 of it , item 3 of it , item 4 of it , item 5 of it , item 6 of it , item 7 of it, item 8 of it) of (set of BES computers whose (id of it mod SETS = RESULT), set of bes properties whose (name of it as lowercase = (\"Last Report Time\") as lowercase) , set of bes properties whose (reserved flag of it AND name of it as lowercase = (\"id\")) , set of bes properties whose (reserved flag of it and name of it as lowercase = (\"ip address\")) , (set of bes properties whose (name of it as lowercase = (\"MACFIELD\") as lowercase)) , set of bes properties whose (reserved flag of it and name of it as lowercase = (\"dns name\")) , set of bes properties whose (reserved flag of it and name of it as lowercase = (\"os\")) , (set of bes properties whose (name of it as lowercase = (\"user name\"))) , set of bes properties whose (reserved flag of it AND name of it as lowercase = (\"agent version\"))) '.replace(\"SETS\", opt_sets).replace(\"MACFIELD\",opt_mac)\n \n urlb=opt_url_start + query\n\n helper.log_info(\"Beginning job=\"+sourcee)\n\n for x in range(0, int_sets):\n strx=str(x)\n helper.log_info(\"job=\"+sourcee+\" Beginning MOD loop=\"+strx)\n\n url=urlb.replace(\"RESULT\", strx)\n for y in range(0, 100):\n try:\n response = helper.send_http_request(url, 'GET', parameters=None, payload=None, headers=headers, cookies=None, verify=False, cert=None, timeout=int_global_timeout, use_proxy=False)\n except Exception as e:\n helper.log_error(\"job=\"+sourcee+\" Error Response for loop=\"+str(x)+\" error=\"+str(e))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting\")\n return\n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n continue\n if response.status_code==200:\n break\n helper.log_error(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting \" + response.text )\n return \n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n helper.log_info(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n\n r_text = response.json()\n helper.log_info(\"job=\"+sourcee+\" Begin Event Processing for MOD loop=\"+str(x))\n helper.log_info(\"job=\"+sourcee+\" JSON item count=\"+str(len(r_text['result']))+\" for MOD loop=\"+str(x))\n for item in r_text['result']:\n eventitem=\"\"\n s=sourcee+strx\n space=\", \\\"\"\n output=[]\n for value in item:\n output.append(value.replace(\"=\",\"\\\": \\\"\",1)+\"\\\"\")\n eventitem=space.join(output)\n j_convert=\"{ \\\"\" + eventitem + \" }\"\n event = helper.new_event(source=s, index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=j_convert)\n ew.write_event(event)\n helper.log_info(\"job=\"+sourcee+\" Ending MOD loop=\"+str(x))\n helper.log_info(\"Ending job=\"+sourcee)\n\n", "customized_options": [{"name": "global_account", "value": ""}, {"name": "mac_address_property", "value": ""}, {"name": "set_batch_value", "value": "1"}], "uuid": "06f59fc141a34d98925b4ed3444412ed"}, {"index": "default", "sourcetype": "bigfix:relevant:fixlets", "interval": "30", "use_external_validation": true, "streaming_mode_xml": true, "name": "bigfix_relevant_fixlets", "title": "BigFix Relevant Fixlets", "description": "REST Input to collect list of relevant fixlets from a specified site in BigFix", "type": "customized", "parameters": [{"required": true, "name": "global_account", "label": "Global Account", "default_value": "", "placeholder": "", "help_string": "", "possible_values": [], "type": "global_account", "format_type": "global_account", "value": ""}, {"required": true, "name": "site_name", "label": "Site Name", "default_value": "", "placeholder": "", "help_string": "Name of the site to extract relevant fixlets from.", "type": "text", "format_type": "text", "value": ""}, {"required": true, "name": "set_batch_value", "label": "Set Batch Value", "default_value": "1", "placeholder": "", "help_string": "Number of batches to use for ingestion. NOTE: This number should be very large in very large environments.", "type": "text", "format_type": "text", "value": "1"}], "data_inputs_options": [{"type": "customized_var", "name": "global_account", "title": "Global Account", "description": "", "required_on_edit": false, "required_on_create": true, "possible_values": [], "format_type": "global_account", "default_value": "", "placeholder": ""}, {"type": "customized_var", "name": "site_name", "title": "Site Name", "description": "Name of the site to extract relevant fixlets from.", "required_on_edit": false, "required_on_create": true, "format_type": "text", "default_value": "", "placeholder": ""}, {"type": "customized_var", "name": "set_batch_value", "title": "Set Batch Value", "description": "Number of batches to use for ingestion. NOTE: This number should be very large in very large environments.", "required_on_edit": false, "required_on_create": true, "format_type": "text", "default_value": "1", "placeholder": ""}], "code": "\n# encoding = utf-8\n\nimport os\nimport sys\nimport time\nimport datetime\nimport base64\nimport json\n\ndef validate_input(helper, definition):\n \"\"\"Implement your own validation logic to validate the input stanza configurations\"\"\"\n pass\n \ndef collect_events(helper, ew):\n opt_root_url = helper.get_global_setting('bigfix_server_url')\n sourcee= helper.get_input_stanza_names()\n opt_rest_api_port = helper.get_global_setting('bigfix_server_port')\n opt_global_timeout = helper.get_global_setting('query_timeout_seconds')\n int_global_timeout = int(opt_global_timeout)\n opt_site_name = helper.get_arg('site_name')\n opt_sets = helper.get_arg('set_batch_value')\n int_sets = int(opt_sets)\n key=sourcee\n opt_global_account = helper.get_arg('global_account')\n account = opt_global_account[\"username\"] + \":\" + opt_global_account[\"password\"]\n base64string = base64.b64encode(account.encode()).decode()\n headers = { 'Authorization' : 'Basic %s' % base64string }\n\n opt_url_start=opt_root_url + \":\" + opt_rest_api_port + \"/api/query?output=json&relevance=\"\n\n query='%28%22client_id%3D%22+%26+item+0+of+it+as+string%2C+%22fixlet_id%3D%22+%26+item+0+of+item+2+of+it+as+string%2C+%22site_name%3D%22+%26+item+1+of+item+2+of+it+as+string%2C+%22last_report_time%3D%22+%26+item+1+of+it%2C+%22fixlet_type%3D%22+%26+item+2+of+item+2+of+it%29+of+%28id+of+it%2C+last+report+time+of+it+as+string%2C+%28id+of+it%2C+name+of+site+of+it%2C+type+of+it%29+of+relevant+fixlets+whose+%28name+of+site+of+it+%3D+%22SITENAME%22%29+of+it%29+of+bes+computers+whose+%28id+of+it+mod+SETS+%3D+RESULT%29'.replace(\"SETS\", opt_sets).replace(\"SITENAME\", opt_site_name)\n \n urlb=opt_url_start + query\n\n helper.log_info(\"Beginning job=\"+sourcee)\n\n for x in range(0, int_sets):\n strx=str(x)\n helper.log_info(\"job=\"+sourcee+\" Beginning MOD loop=\"+strx)\n\n url=urlb.replace(\"RESULT\", strx)\n for y in range(0, 100):\n try:\n response = helper.send_http_request(url, 'GET', parameters=None, payload=None, headers=headers, cookies=None, verify=False, cert=None, timeout=int_global_timeout, use_proxy=False)\n except Exception as e:\n helper.log_error(\"job=\"+sourcee+\" Error Response for loop=\"+str(x)+\" error=\"+str(e))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting\")\n return\n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n continue\n if response.status_code==200:\n break\n helper.log_error(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting \" + response.text )\n return \n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n helper.log_info(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n\n r_text = response.json()\n helper.log_info(\"job=\"+sourcee+\" Begin Event Processing for MOD loop=\"+str(x))\n helper.log_info(\"job=\"+sourcee+\" JSON item count=\"+str(len(r_text['result']))+\" for MOD loop=\"+str(x))\n for item in r_text['result']:\n eventitem=\"\"\n s=sourcee+strx\n space=\", \\\"\"\n output=[]\n for value in item:\n output.append(value.replace(\"=\",\"\\\": \\\"\",1)+\"\\\"\")\n eventitem=space.join(output)\n j_convert=\"{ \\\"\" + eventitem + \" }\"\n event = helper.new_event(source=s, index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=j_convert)\n ew.write_event(event)\n helper.log_info(\"job=\"+sourcee+\" Ending MOD loop=\"+str(x))\n helper.log_info(\"Ending job=\"+sourcee)\n\n", "customized_options": [{"name": "global_account", "value": ""}, {"name": "site_name", "value": ""}, {"name": "set_batch_value", "value": "1"}], "uuid": "2a971625126649cdbc691b436398e079"}, {"index": "default", "sourcetype": "bigfix:infrastructure", "interval": "30", "use_external_validation": true, "streaming_mode_xml": true, "name": "bigfix_infrastructure", "title": "BigFix Infrastructure", "description": "REST Input to collect information about the core server and relays of the BigFix deployment", "type": "customized", "parameters": [{"required": true, "name": "global_account", "label": "Global Account", "default_value": "", "placeholder": "", "help_string": "", "possible_values": [], "type": "global_account", "format_type": "global_account", "value": ""}], "data_inputs_options": [{"type": "customized_var", "name": "global_account", "title": "Global Account", "description": "", "required_on_edit": false, "required_on_create": true, "possible_values": [], "format_type": "global_account", "default_value": "", "placeholder": ""}], "code": "\n# encoding = utf-8\n\nimport os\nimport sys\nimport time\nimport datetime\nimport base64\nimport json\n\ndef validate_input(helper, definition):\n \"\"\"Implement your own validation logic to validate the input stanza configurations\"\"\"\n # This example accesses the modular input variable\n # root_url = definition.parameters.get('root_url', None)\n # rest_api_port = definition.parameters.get('rest_api_port', None)\n # mac_address_property = definition.parameters.get('mac_address_property', None)\n # global_account = definition.parameters.get('global_account', None)\n pass\n\ndef collect_events(helper, ew):\n opt_root_url = helper.get_global_setting('bigfix_server_url')\n sourcee= helper.get_input_stanza_names()\n opt_rest_api_port = helper.get_global_setting('bigfix_server_port')\n opt_global_timeout = helper.get_global_setting('query_timeout_seconds')\n int_global_timeout = int(opt_global_timeout)\n opt_sets = 1\n int_sets = int(opt_sets)\n opt_global_account = helper.get_arg('global_account')\n account = opt_global_account[\"username\"] + \":\" + opt_global_account[\"password\"]\n base64string = base64.b64encode(account.encode()).decode()\n headers = { 'Authorization' : 'Basic %s' % base64string }\n\n opt_url_start=opt_root_url + \":\" + opt_rest_api_port + \"/api/query?output=json&relevance=\"\n \n query='(%22nt_host%3D%22+%26+item+0+of+it%2C+%22last_report_time%3D%22+%26+item+1+of+it+as+string%2C+%22operating_system%3D%22+%26+item+2+of+it%2C+%22actionsite_size%3D%22+%26+item+3+of+it%2C+%22actionsite_version%3D%22+%26+item+4+of+it%2C+%22relay_free_space%3D%22+%26+item+5+of+it%2C+%22filldb_logfile_size%3D%22+%26+item+6+of+it%2C+%22bufferdir_file_count%3D%22+%26+item+7+of+it%2C+%22registration_list_size%3D%22+%26+item+8+of+it)+of+(name+of+it%2C+last+report+time+of+it%2C+operating+system+of+it%2C+values+of+results+(it+%2C+bes+property+%22BES+Health+Checks%3A%3AActionsite+Size%22)+%2C+values+of+results+(it+%2C+bes+property+%22BES+Health+Checks%3A%3AActionsite+Version%22)+%2C+(if+(value+of+result+(it+%2C+bes+property+%22BES+Health+Checks%3A%3ABES+Relay+Free+Disk+Space%22)+%3D+%22N%2FA%22)+then+%22%22+else+(value+of+result+(it+%2C+bes+property+%22BES+Health+Checks%3A%3ABES+Relay+Free+Disk+Space%22)))+%2C+values+of+results+(it+%2C+bes+property+%22BES+Health+Checks%3A%3AFillDB+Log+File+Size%22)+%2C+values+of+results+(it+%2C+bes+property+%22BES+Health+Checks%3A%3ANumber+of+Files+in+FillDB+Bufferdir%22)+%2C+values+of+results+(it+%2C+bes+property+%22BES+Health+Checks%3A%3ARegistration+List+Size%22))+of+bes+computers'\n \n urlb=opt_url_start + query\n\n helper.log_info(\"Beginning job=\"+sourcee)\n\n for x in range(0, int_sets):\n strx=str(x)\n helper.log_info(\"job=\"+sourcee+\" Beginning MOD loop=\"+strx)\n\n url=urlb.replace(\"RESULT\", strx)\n for y in range(0, 100):\n try:\n response = helper.send_http_request(url, 'GET', parameters=None, payload=None, headers=headers, cookies=None, verify=False, cert=None, timeout=int_global_timeout, use_proxy=False)\n except Exception as e:\n helper.log_error(\"job=\"+sourcee+\" Error Response for loop=\"+str(x)+\" error=\"+str(e))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting\")\n return\n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n continue\n if response.status_code==200:\n break\n helper.log_error(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting \" + response.text )\n return \n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n helper.log_info(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n\n r_text = response.json()\n helper.log_info(\"job=\"+sourcee+\" Begin Event Processing for MOD loop=\"+str(x))\n helper.log_info(\"job=\"+sourcee+\" JSON item count=\"+str(len(r_text['result']))+\" for MOD loop=\"+str(x))\n for item in r_text['result']:\n eventitem=\"\"\n s=sourcee\n space=\", \\\"\"\n output=[]\n for value in item:\n output.append(value.replace(\"=\",\"\\\": \\\"\",1)+\"\\\"\")\n eventitem=space.join(output)\n j_convert=\"{ \\\"\" + eventitem + \" }\"\n event = helper.new_event(source=sourcee, index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=j_convert)\n ew.write_event(event)\n helper.log_info(\"job=\"+sourcee+\" Ending MOD loop=\"+str(x))\n helper.log_info(\"Ending job=\"+sourcee)\n", "customized_options": [{"name": "global_account", "value": ""}], "uuid": "baa9ad0ca99f49a6a339c6d5ab85e6ce"}, {"index": "default", "sourcetype": "bigfix:fixlets:available", "interval": "30", "use_external_validation": true, "streaming_mode_xml": true, "name": "bigfix_available_fixlets", "title": "BigFix Available Fixlets", "description": "REST Input to collect list of available fixlets from a specified site in BigFix", "type": "customized", "parameters": [{"name": "global_account", "label": "Global Account", "help_string": "", "required": true, "possible_values": [], "format_type": "global_account", "default_value": "", "placeholder": "", "type": "global_account", "value": ""}, {"name": "site_name", "label": "Site Name", "help_string": "Name of the site to collect from", "required": true, "format_type": "text", "default_value": "", "placeholder": "", "type": "text", "value": ""}, {"name": "fixlet_types", "label": "Fixlet Types", "help_string": "Select which types of fixlets to ingest.", "required": true, "possible_values": [{"value": "Fixlet", "label": "Fixlet"}, {"value": "Task", "label": "Task"}, {"value": "Analysis", "label": "Analysis"}], "format_type": "multi_dropdownlist", "default_value": [], "placeholder": "", "type": "multi_dropdownlist", "value": []}, {"name": "set_batch_value", "label": "Set Batch Value", "help_string": "Number of batches to use for ingestion. NOTE: This number should be very large in very large environments.", "required": true, "format_type": "text", "default_value": "", "placeholder": "", "type": "text", "value": ""}], "data_inputs_options": [{"type": "customized_var", "name": "global_account", "title": "Global Account", "description": "", "required_on_edit": false, "required_on_create": true, "possible_values": [], "format_type": "global_account", "default_value": "", "placeholder": ""}, {"type": "customized_var", "name": "site_name", "title": "Site Name", "description": "Name of the site to collect from", "required_on_edit": false, "required_on_create": true, "format_type": "text", "default_value": "", "placeholder": ""}, {"type": "customized_var", "name": "fixlet_types", "title": "Fixlet Types", "description": "Select which types of fixlets to ingest.", "required_on_edit": false, "required_on_create": true, "possible_values": [{"value": "Fixlet", "label": "Fixlet"}, {"value": "Task", "label": "Task"}, {"value": "Analysis", "label": "Analysis"}], "format_type": "multi_dropdownlist", "default_value": [], "placeholder": ""}, {"type": "customized_var", "name": "set_batch_value", "title": "Set Batch Value", "description": "Number of batches to use for ingestion. NOTE: This number should be very large in very large environments.", "required_on_edit": false, "required_on_create": true, "format_type": "text", "default_value": "", "placeholder": ""}], "code": "\n# encoding = utf-8\n\nimport os\nimport sys\nimport time\nimport datetime\nimport base64\nimport re\n\n'''\n IMPORTANT\n Edit only the validate_input and collect_events functions.\n Do not edit any other part in this file.\n This file is generated only once when creating the modular input.\n'''\n'''\n# For advanced users, if you want to create single instance mod input, uncomment this method.\ndef use_single_instance_mode():\n return True\n'''\n\ndef validate_input(helper, definition):\n \"\"\"Implement your own validation logic to validate the input stanza configurations\"\"\"\n pass\n\ndef collect_events(helper, ew):\n opt_root_url = helper.get_global_setting('bigfix_server_url')\n sourcee= helper.get_input_stanza_names()\n opt_rest_api_port = helper.get_global_setting('bigfix_server_port')\n opt_global_account = helper.get_arg('global_account')\n opt_global_timeout = helper.get_global_setting('query_timeout_seconds')\n int_global_timeout = int(opt_global_timeout)\n opt_sets = helper.get_arg('set_batch_value')\n opt_site_name = helper.get_arg('site_name')\n opt_fixlet_types = helper.get_arg('fixlet_types')\n str_fixlet_types = str(opt_fixlet_types).replace(\"u\\'\",\"\\'\").replace(\",\",\"\").replace(\"\\'\",\"\\\"\").replace(\"[\\\"\",\"type of it is \\\"\").replace(\"\\\"]\",\"\\\"\").replace(\"\\\" \",\"\\\" OR type of it is \")\n int_sets = int(opt_sets)\n TAG_RE = re.compile(r'<[^>]+>')\n account = opt_global_account[\"username\"] + \":\" + opt_global_account[\"password\"]\n base64string = base64.b64encode(account.encode()).decode()\n headers = { 'Authorization' : 'Basic %s' % base64string }\n \n opt_url_start=opt_root_url + \":\" + opt_rest_api_port + \"/api/query?output=json&relevance=\"\n\n query='%28%22fixlet_id%3D%22+%26+item+0+of+it%2C+%22fixlet_name%3D%22+%26+item+1+of+it%2C+%22fixlet_severity%3D%22+%26+item+2+of+it%2C+%22fixlet_source%3D%22+%26+item+7+of+it%2C+%22fixlet_type%3D%22+%26+item+8+of+it+as+string%2C+%22site_name%3D%22+%26+item+3+of+it%2C+%22source_category%3D%22+%26+item+4+of+it%2C+%22source_release_date%3D%22+%26+item+5+of+it%2C+%22source_id%3D%22+%26+item+6+of+it%29+of+%28item+0+of+it+as+string%2C+item+1+of+it+as+string%2C+item+2+of+it+as+string%2C+item+3+of+it+as+string%2C+item+4+of+it+as+string%2C+item+5+of+it+as+string%2C+item+6+of+it+as+string%2C+item+7+of+it+as+string%2C+item+8+of+it+as+string%29+of+%28id+of+it%2C+name+of+it%2C+%28if+exists+source+severity+of+it+then+source+severity+of+it+else+%22N%252FA%22%29%2C+name+of+site+of+it%2C+%28if+exists+category+of+it+then+category+of+it+else+%22N%252FA%22%29%2C+%28if+exists+source+release+date+of+it+then+source+release+date+of+it+as+string+else+%22N%252FA%22%29%2C+%28if+exists+source+id+of+it+then+source+id+of+it+as+string+else+%22N%252FA%22%29%2C+%28if+exists+source+of+it+then+source+of+it+else+%22N%252FA%22%29%2Ctype+of+it%29+of+fixlets+whose+%28%28TYPES%29+AND+id+of+it+mod+SETS+%3D+RESULT%29+of+all+bes+sites+whose+%28name+of+it+%3D+%22SITENAME%22%29'.replace(\"SETS\",opt_sets).replace(\"TYPES\",str_fixlet_types).replace(\"SITENAME\",opt_site_name)\n \n urlb=opt_url_start + query\n\n helper.log_info(\"Beginning job=\"+sourcee)\n\n for x in range(0, int_sets):\n strx=str(x)\n helper.log_info(\"job=\"+sourcee+\" Beginning MOD loop=\"+strx)\n\n url=urlb.replace(\"RESULT\", strx)\n for y in range(0, 100):\n try:\n response = helper.send_http_request(url, 'GET', parameters=None, payload=None, headers=headers, cookies=None, verify=False, cert=None, timeout=int_global_timeout, use_proxy=False)\n except Exception as e:\n helper.log_error(\"job=\"+sourcee+\" Error Response for loop=\"+str(x)+\" error=\"+str(e))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting\")\n return\n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n continue\n if response.status_code==200:\n break\n helper.log_error(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting \" + response.text )\n return \n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n helper.log_info(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n \n r_text = response.json()\n helper.log_info(\"job=\"+sourcee+\" Begin Event Processing for MOD loop=\"+str(x))\n helper.log_info(\"job=\"+sourcee+\" JSON item count=\"+str(len(r_text['result']))+\" for MOD loop=\"+str(x))\n for item in r_text['result']:\n eventitem=\"\"\n s=sourcee+strx\n space=\", \\\"\"\n output=[]\n for value in item:\n output.append(value.replace(\"=\",\"\\\": \\\"\",1)+\"\\\"\")\n eventitem=space.join(output)\n j_convert=\"{ \\\"\" + eventitem + \" }\"\n event = helper.new_event(source=s, index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=j_convert)\n ew.write_event(event)\n helper.log_info(\"job=\"+sourcee+\" Ending MOD loop=\"+str(x))\n helper.log_info(\"Ending job=\"+sourcee)\n", "customized_options": [{"name": "global_account", "value": ""}, {"name": "site_name", "value": ""}, {"name": "fixlet_types", "value": []}, {"name": "set_batch_value", "value": ""}], "uuid": "cc59a9ee9e9f4a818cc2dc7c595e1408", "sample_count": 0}, {"index": "default", "sourcetype": "bigfix:users", "interval": "30", "use_external_validation": true, "streaming_mode_xml": true, "name": "bigfix_users", "title": "BigFix Users", "description": "REST Input to collect information regarding users of a BigFix environment", "type": "customized", "parameters": [{"name": "global_account", "label": "Global Account", "help_string": "", "required": true, "possible_values": [], "format_type": "global_account", "default_value": "", "placeholder": "", "type": "global_account", "value": ""}], "data_inputs_options": [{"type": "customized_var", "name": "global_account", "title": "Global Account", "description": "", "required_on_edit": false, "required_on_create": true, "possible_values": [], "format_type": "global_account", "default_value": "", "placeholder": ""}], "code": "\n# encoding = utf-8\n\nimport os\nimport sys\nimport time\nimport datetime\nimport base64\nimport json\n\ndef validate_input(helper, definition):\n \"\"\"Implement your own validation logic to validate the input stanza configurations\"\"\"\n # This example accesses the modular input variable\n # global_account = definition.parameters.get('global_account', None)\n pass\n \ndef collect_events(helper, ew):\n opt_root_url = helper.get_global_setting('bigfix_server_url')\n sourcee= helper.get_input_stanza_names()\n opt_rest_api_port = helper.get_global_setting('bigfix_server_port')\n opt_global_account = helper.get_arg('global_account')\n opt_global_timeout = helper.get_global_setting('query_timeout_seconds')\n int_global_timeout = int(opt_global_timeout)\n opt_sets = 1\n int_sets = int(opt_sets)\n account = opt_global_account[\"username\"] + \":\" + opt_global_account[\"password\"]\n base64string = base64.b64encode(account.encode()).decode()\n headers = { 'Authorization' : 'Basic %s' % base64string }\n\n opt_url_start=opt_root_url + \":\" + opt_rest_api_port + \"/api/query?output=json&relevance=\"\n\n query='(%22name%3D%22+%26+name+of+it%2C+%22master_operator%3D%22+%26+master+flag+of+it+as+string%2C+%22action_count%3D%22+%26+number+of+issued+actions+of+it+as+string%2C+%22creation_time%3D%22+%26+creation+time+of+it+as+string%2C+%22last_login_time%3D%22+%26+(if+(exists+last+login+time+of+it)+then+last+login+time+of+it+as+string+else+%22%22))+of+bes+users'\n \n urlb=opt_url_start + query\n\n helper.log_info(\"Beginning job=\"+sourcee)\n\n for x in range(0, int_sets):\n strx=str(x)\n helper.log_info(\"job=\"+sourcee+\" Beginning MOD loop=\"+strx)\n\n url=urlb.replace(\"RESULT\", strx)\n for y in range(0, 100):\n try:\n response = helper.send_http_request(url, 'GET', parameters=None, payload=None, headers=headers, cookies=None, verify=False, cert=None, timeout=int_global_timeout, use_proxy=False)\n except Exception as e:\n helper.log_error(\"job=\"+sourcee+\" Error Response for loop=\"+str(x)+\" error=\"+str(e))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting\")\n return\n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n continue\n if response.status_code==200:\n break\n helper.log_error(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n if y == 99:\n helper.log_error(\"job=\"+sourcee+\" Total Failure. Exiting \" + response.text )\n return \n helper.log_error(\"job=\"+sourcee+\" Sleeping for 1 minute and retry=\"+str(y))\n time.sleep(30)\n helper.log_info(\"job=\"+sourcee+\" Response for MOD loop=\"+str(x)+\" code=\"+str(response.status_code))\n\n r_text = response.json()\n helper.log_info(\"job=\"+sourcee+\" Begin Event Processing for MOD loop=\"+str(x))\n helper.log_info(\"job=\"+sourcee+\" JSON item count=\"+str(len(r_text['result']))+\" for MOD loop=\"+str(x))\n for item in r_text['result']:\n eventitem=\"\"\n s=sourcee+strx\n space=\", \\\"\"\n output=[]\n for value in item:\n output.append(value.replace(\"=\",\"\\\": \\\"\",1)+\"\\\"\")\n eventitem=space.join(output)\n j_convert=\"{ \\\"\" + eventitem + \" }\"\n event = helper.new_event(source=s, index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=j_convert)\n ew.write_event(event)\n helper.log_info(\"job=\"+sourcee+\" Ending MOD loop=\"+str(x))\n helper.log_info(\"Ending job=\"+sourcee)\n\n", "customized_options": [{"name": "global_account", "value": ""}], "uuid": "9efca7b4376d4cc49b6630a80ce032af", "sample_count": 0}]}, "global_settings_builder": {"global_settings": {"log_settings": {"log_level": "DEBUG"}, "credential_settings": [], "customized_settings": [{"required": true, "name": "bigfix_server_url", "label": "BigFix Server URL", "default_value": "", "placeholder": "", "help_string": "", "type": "text", "format_type": "text", "value": ""}, {"required": true, "name": "bigfix_server_port", "label": "BigFix Server Port", "default_value": "52311", "placeholder": "", "help_string": "", "type": "text", "format_type": "text", "value": "52311"}, {"required": true, "name": "query_timeout_seconds", "label": "Query Timeout (Seconds)", "default_value": "120", "placeholder": "", "help_string": "This value configures the timeout value for all queries sent to BigFix in seconds. (Default: 120)", "type": "text", "format_type": "text", "value": "120"}]}}, "sourcetype_builder": {"bigfix:actions": {"metadata": {"event_count": 0, "data_input_name": "bigfix_actions", "extractions_count": 0, "cims_count": 0}}, "bigfix:analysis": {"metadata": {"event_count": 0, "data_input_name": "bigfix_analysis", "extractions_count": 0, "cims_count": 0}}, "bigfix:clients": {"metadata": {"event_count": 0, "data_input_name": "bigfix_clients", "extractions_count": 0, "cims_count": 0}}, "bigfix:infrastructure": {"metadata": {"event_count": 0, "data_input_name": "bigfix_infrastructure", "extractions_count": 0, "cims_count": 0}}, "bigfix:users": {"metadata": {"event_count": 0, "data_input_name": "bigfix_users", "extractions_count": 0, "cims_count": 0}}, "bigfix:fixlets:available": {"metadata": {"event_count": 0, "data_input_name": "bigfix_available_fixlets", "extractions_count": 0, "cims_count": 0}}}}