This repository has been archived by the owner on Apr 25, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
process.sh
executable file
·50 lines (39 loc) · 1.79 KB
/
process.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/usr/bin/env bash
#
# Sample script to process pingcastle reports
#
#set -x
# Variables
_ZABBIX_SERVER='zabbix.example.com'
_scriptdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
_workdir=$(mktemp -d)
_inputfile=$1
_processstamp=$(date '+%F_%R')
function cleanup() {
rm -rf "${_workdir}"
}
trap cleanup ERR EXIT SIGINT SIGHUP SIGQUIT SIGTERM
# Get some nice stuff around the domain
# descriptive info
_domain_name=$(xmllint --xpath '/HealthcheckData/DomainFQDN/text()' "${_inputfile}")
_domain_sid=$(xmllint --xpath '/HealthcheckData/DomainSid/text()' "${_inputfile}")
# timestamp when the report was generated (for zabbix trapper)
_t=$(xmllint --xpath '/HealthcheckData/GenerationDate/text()' "${_inputfile}")
_unixtimestamp=$(date -d "${_t}" +%s)
# Main KPI
for _key in EngineVersion GlobalScore StaleObjectsScore PrivilegiedGroupScore TrustScore AnomalyScore ; do
echo "${_domain_sid}" pingcastle."${_key}" "${_unixtimestamp}" "$(xmllint \
--xpath "/HealthcheckData/${_key}/text()" \
"${_inputfile}")" >> "${_workdir}"/zabbix_data
done
# Admins list
echo "${_domain_sid}" pingcastle.PrivilegiedGroups.DomainAdministrators "${_unixtimestamp}" "$(xmllint \
--xpath '/HealthcheckData/PrivilegedGroups/HealthCheckGroupData/GroupName[contains(text(),"Domain Administrators")]/following-sibling::NumberOfMemberEnabled/text()' \
"${_inputfile}")" >> "${_workdir}"/zabbix_data
# Total risk points
# perl magic from https://stackoverflow.com/a/18382280
echo "${_domain_sid}" pingcastle.TotalRiskPoints "${_unixtimestamp}" "$(xmllint \
--xpath '/HealthcheckData/RiskRules/HealthcheckRiskRule/Points/text()' "${_inputfile}" | \
perl -nle '$sum += $_ } END { print $sum')" >> "${_workdir}"/zabbix_data
# And we are off to the races
zabbix_sender -z "${_ZABBIX_SERVER}" -T -i "${_workdir}"/zabbix_data