-
Notifications
You must be signed in to change notification settings - Fork 14
/
createinc.go
111 lines (100 loc) · 2.78 KB
/
createinc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package main
import (
"flag"
"fmt"
"os"
"path/filepath"
"strings"
"github.com/demisto/tools/client"
)
var (
name = flag.String("name", "", "The incident name")
details = flag.String("details", "", "The incident details")
attachment = flag.String("attachment", "", "The attachment file")
username = flag.String("u", "", "Username to login to the server")
password = flag.String("p", "", "Password to login to the server")
server = flag.String("s", "", "Demisto server URL")
level = flag.String("level", "low", "Incident level - low/medium/high/critical")
incidentType = flag.String("type", "Phishing", "Incident type - default/phishing/malware/...")
labels = flag.String("labels", "", "The labels to add to the incident in the form of name=value,name=value")
account = flag.String("account", "", "When in MT env, define an account to create the incident in")
)
var (
c *client.Client
u *client.User
)
func printAndExit(format string, args ...interface{}) {
fmt.Fprintf(os.Stderr, format, args...)
os.Exit(1)
}
func check(err error) {
if err != nil {
printAndExit("%v\n", err)
}
}
func checkParams() {
if *username == "" {
printAndExit("Please provide the username\n")
}
if *password == "" {
printAndExit("Please provide the password\n")
}
if *server == "" {
printAndExit("Please provide the Demisto server URL\n")
}
if *name == "" {
printAndExit("Please provide the incident name\n")
}
if *details == "" {
printAndExit("Please provide the incident details\n")
}
if *attachment != "" {
aInfo, err := os.Stat(*attachment)
check(err)
if !aInfo.Mode().IsRegular() {
printAndExit("File [%s] must be a regular file\n", *attachment)
}
}
}
func login() {
var err error
c, err = client.New(*username, *password, *server)
check(err)
u, err = c.Login()
check(err)
fmt.Printf("Logged in successfully with user %s [%s %s]\n", u.Username, u.Name, u.Email)
}
func logout() {
err := c.Logout()
check(err)
}
func main() {
flag.Parse()
checkParams()
login()
defer logout()
levels := map[string]int{"low": 1, "medium": 2, "high": 3, "critical": 4}
l := levels[*level]
if l == 0 {
l = 1
}
incident := &client.Incident{Type: *incidentType, Name: *name, Status: 0, Level: l, Details: *details, CreateInvestigation: true}
if *labels != "" {
lParts := strings.Split(*labels, ",")
for _, lPart := range lParts {
l := strings.Split(lPart, "=")
if len(l) == 2 {
incident.Labels = append(incident.Labels, client.Label{Type: l[0], Value: l[1]})
}
}
}
inc, err := c.CreateIncident(incident, *account)
check(err)
if *attachment != "" {
at, err := os.Open(*attachment)
check(err)
defer at.Close()
_, err = c.IncidentAddAttachment(inc, at, filepath.Base(*attachment), "Mail attachment", *account)
check(err)
}
}