Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: bug fix for pagination issue #5

Merged
merged 1 commit into from
Jul 13, 2022
Merged

fix: bug fix for pagination issue #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# Version 4.0.1
* Bug fix - Problem creating new AAD Audit Input - [Issue #3](https://github.com/splunk/splunk-add-on-microsoft-azure/issues/3)
* Bug fix - Azure AD User and Group pagination issue

# Version 4.0.0
* **BREAKING CHANGE**: removed deprecated event hub input. Use the [Splunk Add-on for Microsoft Cloud Services](https://splunkbase.splunk.com/app/3110/) to collect event hub data.
* Code is now open source [https://github.com/splunk/splunk-add-on-microsoft-azure](https://github.com/splunk/splunk-add-on-microsoft-azure)
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ This add-on is built with Splunk's [UCC Generator](https://github.com/splunk/add

Example:

ucc-gen --ta-version=4.0.0
ucc-gen --ta-version=4.0.1

The add-on will be built in an `output` directory in the root of the repository.

Expand Down
2 changes: 1 addition & 1 deletion globalConfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"meta": {
"name": "TA-MS-AAD",
"displayName": "Splunk Add-on for Microsoft Azure",
"version": "4.0.0",
"version": "4.0.1",
"apiVersion": "3.0.0",
"restRoot": "TA_MS_AAD",
"schemaVersion": "0.0.3"
Expand Down
2 changes: 1 addition & 1 deletion package/app.manifest
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"id": {
"group": null,
"name": "TA-MS-AAD",
"version": "4.0.0"
"version": "4.0.1"
},
"author": [
{
Expand Down
5 changes: 3 additions & 2 deletions package/bin/MS_AAD_audit.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ def collect_events(helper, ew):
max_activityDate = query_date

response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']

while items:
for item in items:
Expand All @@ -184,7 +184,8 @@ def collect_events(helper, ew):

# Check point the largest activityDate seen during the query
helper.save_check_point(check_point_key, max_activityDate)
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']
else:
helper.log_error("_Splunk_ Unable to obtain access token")

Expand Down
5 changes: 3 additions & 2 deletions package/bin/MS_AAD_device.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ def collect_events(helper, ew):
url = graph_base_url + "/%s/devices" % endpoint

response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']

while items:
for item in items:
Expand All @@ -116,7 +116,8 @@ def collect_events(helper, ew):
ew.write_event(event)

sys.stdout.flush()
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']

else:
helper.log_error("_Splunk_ Unable to obtain access token")
Expand Down
5 changes: 3 additions & 2 deletions package/bin/MS_AAD_group.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ def collect_events(helper, ew):
url = "%s?%s" % (url, filter)

response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']

while items:
for item in items:
Expand All @@ -122,7 +122,8 @@ def collect_events(helper, ew):
ew.write_event(event)

sys.stdout.flush()
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']

else:
helper.log_error("_Splunk_ Unable to obtain access token")
Expand Down
10 changes: 6 additions & 4 deletions package/bin/MS_AAD_identity_protection.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ def collect_events(helper, ew):
url = graph_base_url + "/%s/identityProtection/riskDetections?$orderby=lastUpdatedDateTime&$filter=lastUpdatedDateTime gt %s" % (endpoint, risk_detection_check_point)

response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']
max_risk_detection_date = risk_detection_check_point
while items:
for item in items:
Expand All @@ -152,7 +152,8 @@ def collect_events(helper, ew):

sys.stdout.flush()
helper.save_check_point(risk_detection_check_point_key, max_risk_detection_date)
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']


if(collect_risky_user_data):
Expand All @@ -167,7 +168,7 @@ def collect_events(helper, ew):
url = graph_base_url + "/%s/identityProtection/riskyUsers?$orderby=riskLastUpdatedDateTime&$filter=riskLastUpdatedDateTime gt %s" % (endpoint, risky_user_check_point)

response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']
max_risky_user_date = risky_user_check_point
while items:
for item in items:
Expand All @@ -186,7 +187,8 @@ def collect_events(helper, ew):

sys.stdout.flush()
helper.save_check_point(risky_user_check_point_key, max_risky_user_date)
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']

else:
raise RuntimeError("Unable to obtain access token. Please check the Client ID, Client Secret, and Tenant ID")
Expand Down
5 changes: 3 additions & 2 deletions package/bin/MS_AAD_signins.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ def collect_events(helper, ew):
max_signinDateTime = query_date

response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']

while items:
for item in items:
Expand All @@ -206,7 +206,8 @@ def collect_events(helper, ew):

# Check point the largest signinDateTime seen during the query
helper.save_check_point(check_point_key, max_signinDateTime)
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']
else:
helper.log_error("_Splunk_ Unable to obtain access token")

Expand Down
5 changes: 3 additions & 2 deletions package/bin/MS_AAD_user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ def collect_events(helper, ew):
url = "%s?%s" % (url, filter)

response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']

while items:
for item in items:
Expand All @@ -121,7 +121,8 @@ def collect_events(helper, ew):
ew.write_event(event)

sys.stdout.flush()
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']

else:
helper.log_error("_Splunk_ Unable to obtain access token")
Expand Down
20 changes: 12 additions & 8 deletions package/bin/azure_comp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ def collect_events(helper, ew):
helper.log_debug("_Splunk_ input_name=%s Collecting managed disk data. sourcetype='%s'" % (input_name, disk_sourcetype))
url = management_base_url + "/subscriptions/%s/providers/Microsoft.Compute/disks?api-version=%s" % (subscription_id, disk_api_version)
response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']
while items:
for item in items:
event = helper.new_event(
Expand All @@ -157,14 +157,15 @@ def collect_events(helper, ew):
sourcetype=disk_sourcetype)
ew.write_event(event)
sys.stdout.flush()
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']


if(collect_images):
helper.log_debug("_Splunk_ input_name=%s Collecting image data. sourcetype='%s'" % (input_name, image_sourcetype))
url = management_base_url + "/subscriptions/%s/providers/Microsoft.Compute/images?api-version=%s" % (subscription_id, image_api_version)
response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']
while items:
for item in items:
event = helper.new_event(
Expand All @@ -174,13 +175,14 @@ def collect_events(helper, ew):
sourcetype=image_sourcetype)
ew.write_event(event)
sys.stdout.flush()
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']

if(collect_snapshots):
helper.log_debug("_Splunk_ input_name=%s Collecting snapshot data. sourcetype='%s'" % (input_name, snapshot_sourcetype))
url = management_base_url + "/subscriptions/%s/providers/Microsoft.Compute/snapshots?api-version=%s" % (subscription_id, snapshot_api_version)
response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']
while items:
for item in items:
event = helper.new_event(
Expand All @@ -190,13 +192,14 @@ def collect_events(helper, ew):
sourcetype=snapshot_sourcetype)
ew.write_event(event)
sys.stdout.flush()
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']

if(collect_vms):
helper.log_debug("_Splunk_ input_name=%s Collecting virtual machine data. sourcetype='%s'" % (input_name, vm_sourcetype))
url = management_base_url + "/subscriptions/%s/providers/Microsoft.Compute/virtualMachines?api-version=%s" % (subscription_id, vm_api_version)
response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']
while items:
for item in items:
try:
Expand Down Expand Up @@ -228,7 +231,8 @@ def collect_events(helper, ew):
sourcetype=vm_sourcetype)
ew.write_event(event)
sys.stdout.flush()
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']

else:
raise RuntimeError("Unable to obtain access token. Please check the Client ID, Client Secret, and Tenant ID")
Expand Down
5 changes: 3 additions & 2 deletions package/bin/azure_reservation_recommendation.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ def collect_events(helper, ew):
helper.log_debug("_Splunk_ input_name=%s Collecting reservation recommendation data." % input_name)
url = management_base_url + "/subscriptions/%s/providers/Microsoft.Consumption/reservationRecommendations?api-version=2019-05-01" % subscription_id
response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']
while items:
for item in items:
event = helper.new_event(
Expand All @@ -114,7 +114,8 @@ def collect_events(helper, ew):
ew.write_event(event)

sys.stdout.flush()
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']
else:
raise RuntimeError("Unable to obtain access token. Please check the Client ID, Client Secret, and Tenant ID")

Expand Down
5 changes: 3 additions & 2 deletions package/bin/azure_resource_group.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ def collect_events(helper, ew):
helper.log_debug("_Splunk_ input_name=%s Collecting resource group data." % input_name)
url = management_base_url + "/subscriptions/%s/resourcegroups?api-version=%s" % (subscription_id, resource_group_api_version)
response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']

while items:
for item in items:
Expand All @@ -115,7 +115,8 @@ def collect_events(helper, ew):

sys.stdout.flush()
sys.stdout.flush()
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']

else:
raise RuntimeError("Unable to obtain access token. Please check the Client ID, Client Secret, and Tenant ID")
Expand Down
10 changes: 6 additions & 4 deletions package/bin/azure_security_center_input.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ def collect_events(helper, ew):
url = management_base_url + "/subscriptions/%s/providers/Microsoft.Security/alerts?api-version=%s&$filter=Properties/DetectedTimeUtc gt %s" % (subscription_id, alert_api_version, alert_check_point)

response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']
max_asc_alert_date = alert_check_point

while items:
Expand All @@ -154,7 +154,8 @@ def collect_events(helper, ew):
sys.stdout.flush()

helper.save_check_point(alert_check_point_key, max_asc_alert_date)
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']

if(collect_tasks):
helper.log_debug("_Splunk_ input_name=%s Collecting security task data. sourcetype='%s'" % (input_name, task_sourcetype))
Expand All @@ -167,7 +168,7 @@ def collect_events(helper, ew):
url = management_base_url + "/subscriptions/%s/providers/Microsoft.Security/tasks?api-version=%s&$filter=Properties/LastStateChangeTimeUtc gt %s" % (subscription_id, task_api_version, task_check_point)

response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']
max_asc_task_date = task_check_point

while items:
Expand All @@ -186,7 +187,8 @@ def collect_events(helper, ew):

sys.stdout.flush()
helper.save_check_point(task_check_point_key, max_asc_task_date)
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']
else:
raise RuntimeError("Unable to obtain access token. Please check the Client ID, Client Secret, and Tenant ID")

Expand Down
5 changes: 3 additions & 2 deletions package/bin/azure_subscription.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ def collect_events(helper, ew):
helper.log_debug("_Splunk_ input_name=%s Collecting subscription data." % input_name)
url = management_base_url + "/subscriptions?api-version=%s" % api_version
response = azutils.get_items_batch_session(helper=helper, url=url, session=session)
items = response['value'] or None
items = None if response == None else response['value']
while items:
for item in items:
event = helper.new_event(
Expand All @@ -109,7 +109,8 @@ def collect_events(helper, ew):
sourcetype=source_type)
ew.write_event(event)
sys.stdout.flush()
items = azutils.handle_nextLink(helper=helper, response=response, session=session)
response = azutils.handle_nextLink(helper=helper, response=response, session=session)
items = None if response == None else response['value']
else:
raise RuntimeError("Unable to obtain access token. Please check the Client ID, Client Secret, and Tenant ID")

Expand Down
Loading