forked from flexera-public/policy_templates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmissing_active_machines.pt
119 lines (108 loc) · 3.15 KB
/
missing_active_machines.pt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
name "ITAM Missing Active Machines"
rs_pt_ver 20180301
type "policy"
short_description "Looks for machines that are active but haven't checked in and sends the result as an email. See the [README](https://github.com/flexera-public/policy_templates/tree/master/compliance/fnms/missing_active_machines/) and [docs.flexera.com/flexera/EN/Automation](https://docs.flexera.com/flexera/EN/Automation/AutomationGS.htm) to learn more."
long_description ""
severity "medium"
category "Compliance"
default_frequency "weekly"
info(
version: "2.1",
provider: "Flexera ITAM",
service: "",
policy_set: "ITAM"
)
parameter "param_days_missing" do
type "number"
label "Days missing while active"
description "Number of missing for a machine to be reported"
default 30
end
parameter "param_email" do
type "list"
label "Email addresses of the recipients you wish to notify"
description "A list of email addresse(s) to notify"
end
credentials "auth_flexeraone" do
schemes "oauth2"
label "flexera"
description "Select FlexeraOne OAuth2 credentials"
tags "provider=flexera"
end
pagination "itam_pagination" do
get_page_marker do
body_path jq(response, "if .total == 0 then null else .offset + 10000 end")
end
set_page_marker do
query "offset"
end
end
datasource "ds_inventories" do
request do
auth $auth_flexeraone
host "api.flexera.com"
path join(["/fnms/v1/orgs/", rs_org_id, "/inventories"])
header "Api-Version", "0.1"
header "User-Agent", "RS Policies"
query "status", "Active"
query "limit", "10000"
pagination $itam_pagination
end
end
datasource "ds_check_date" do
run_script $js_check_date, $ds_inventories, $param_days_missing
end
script "js_check_date", type: "javascript" do
parameters "ds_inventories", "param_days_missing"
result "results"
code <<-EOF
var results = [];
_.each(ds_inventories[0].values, function (asset) {
var startDate = new Date(asset.inventorySourceData.lastInventoryDate); // Inventory Date
var endDate = new Date();
var timeDifference = endDate.getTime() - startDate.getTime();
var daysDifference = parseInt(timeDifference / (1000 * 3600 * 24));
if (daysDifference >= param_days_missing) {
asset.missing = 1;
results.push(asset);
}
});
EOF
end
policy 'itam_policy' do
validate_each $ds_check_date do
summary_template 'ITAM - Missing active machines'
escalate $send_report
check eq(to_n(val(item,"missing")),0)
export do
field "name"
field "serialNumber"
field "os"
field "LastInventoryDate" do
path "inventorySourceData.lastInventoryDate"
end
field "LastInventorySource" do
path "inventorySourceData.lastInventorySource"
end
field "assetId"
field "complianceStatus"
field "computerId"
field "deviceType"
field "inventorySourceData"
field "ipAddress"
field "macAddresses"
field "manufacturer"
field "model"
field "ownership"
field "processorType"
field "ram"
field "userData"
end
end
end
escalation "send_report" do
automatic true
label "Send Email"
description "Send incident email"
email $param_email
end