Giters

ari-neto / tmds11-exporter

Deep Security 11 - Prometheus Exporter

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

deep-securitygrafana-dashboardprometheus-exporterpython

tmds11-exporter

This project creates a prometheus collector getting metrics from Deep Security DSM 11.0.

The data is aggregated in count and segmented in 3 groups:

  • deep_security_computers
  • deep_security_modules
  • deep_security_vulnerabilities

diagram

prometheus labels

  • deep_security_computers

    • labels:
      • metric: platform | os_type | agent_version | agent_version_major
      • type: managed | warning | critical | unmanaged | offline | unknown
      • platform: all | linux | windows
      • status: (os version) | (agent version)

  • deep_security_modules

    • labels:
      • metric: am_status | wr_status | fw_status | ip_status | im_status | li_status
      • type: managed | warning | critical | unmanaged | offline | unknown
      • platform: all | linux | windows
      • status: on | off

  • deep_security_vulnerabilities

    • labels:
      • metric: am_status | wr_status | fw_status | ip_status | im_status | li_status
      • type: managed | warning | critical | unmanaged | offline | unknown
      • platform: linux | windows
      • status: all | discovered | detect | prevent

About vulnerabilities status:

  • discovered: vulnerabilities that are detected but the IPS is not enabled on the host
  • detect: vulnerabilities with IPS enabled but configured on detect mode
  • prevent: vulnerabilities with IPS enabled and configured on prevent mode

environment:

  • python: python 2.7 (required)
  • prometheus: v2.16 (tested with this version)
  • grafana: 6.6.2 (tested with this version)

configuration

create a virtual environment

virtualenv

virtualenv venv
source venv/bin/activate
pip install -r requirements.txt

pipenv

pipenv --two
pipenv shell
pip install -r requiriments.txt

running the app:

You should configure a config.py (renaming config_sample.py to config.py with your configuration), or using environment variables, to configure:

Variable Description Value Value Type
DS_HOST DSM Hostname ip fqdn
DS_PORT DSM TCP Port port Number string
DS_USER User Account (read only) user_name - base64 encoded string
DS_PASS User Password user_pass - base64 encoded string
DS_VERIFY_SSL SSL Verify True False
DS_API_CHECK Cache API data time in minutes integer
SERVER_PORT Prometheus Collector TCP Port port number integer
LOG_LEVEL Log level INFO WARN

To encode your credentials:

echo -ne '<ds_user>'|base64
echo -ne '<ds_pass>'|base64

enabling soap web api

We need to enable SOAP Web API on the DSM. To do it, you should to to:

  • Administration tab
    • System settings* pane
  • SOAP Web Service API option - check 'enable' radio button

soap_api

grafana dashboard:

Import the dashboard located on: grafana/dash.json

  • dashboard:

dashboard

  • filtering by type:

dashboard

Referencess:

DS 9-11 SDK Python project:

I've included inside this project the last version of the SDK for DS 9 to 11 versions. The code was developed by @marknca and is available here: https://github.com/deep-security/deep-security-py/.

Prometheus Collecctor:

I've based the collector structure on this example https://github.com/jakirpatel/prometheus-custom-collector/blob/master/code/collector.py developed by @jakirpatel.

Support:

This project is not part of any Trend Micro Deep Security project and it is not supported by Trend Micro.

Use and adapt to your needs and PRs are welcomed.

About

Deep Security 11 - Prometheus Exporter

deep-securitygrafana-dashboardprometheus-exporterpython

Languages

Language:Python 100.0%