-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathautomation-CheckpointFWCreateBackup.yml
79 lines (77 loc) · 3.29 KB
/
automation-CheckpointFWCreateBackup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
args:
- default: true
description: List of RemoteAccess instances of the checkpoint firewall appliances
to back up
name: devices
required: true
comment: Connect to a checkpoint firewall appliance using SSH and trigger a task to
create a configuration backup of the device. The user account being used to access
the device must be set to use the SSH shell and not the built in Checkpoint CLI.
Consult the Checkpoint documentation for instructions on how to do this.
commonfields:
id: CheckpointFWCreateBackup
version: -1
dependson:
must:
- ssh
enabled: true
name: CheckpointFWCreateBackup
outputs:
- contextPath: CheckpointBackup.DeviceName
description: Name of backed-up device
- contextPath: CheckpointBackup.System
description: Backed up system
- contextPath: CheckpointBackup.Status
description: Status of the backup process
- contextPath: CheckpointBackup.Path
description: Path of backup file
runonce: false
script: |-
CLI_ADD = "add backup local"
BASH_ADD = '/etc/cli.sh -c "' + CLI_ADD + '"'
res = []
tbl = []
devices = demisto.get(demisto.args(), 'devices')
devicesBackupStarted = []
devicesBackupError = []
if not devices:
res.append({"Type": entryTypes["error"], "ContentsFormat": formats["text"], "Contents": "Received empty device list!"})
else:
devices = ','.join(devices) if isinstance(devices, list) else devices
sshArgs = {"using": devices,
"cmd": CLI_ADD
}
resSSH = demisto.executeCommand("ssh", sshArgs)
try:
for entry in resSSH:
if isError(entry) and not demisto.get(entry, 'Contents.command'):
res += resSSH
break
else:
device = entry['ModuleName']
if demisto.get(entry, 'Contents.success'):
output = demisto.get(entry, 'Contents.output')
backFileLoc = output.find("Backup file location")
result = 'Answer returned'
devicesBackupStarted.append({
'DeviceName' : device,
'System' : demisto.get(entry, 'Contents.system'),
'Status': ("Done" if output.find("local backup succeeded.") > -1 else "Pending"),
'Path': (output[backFileLoc, :] if backFileLoc > -1 else None)
})
else:
devicesBackupError.append(device)
output = "Output:\n" + str(demisto.get(entry, 'Contents.output')) + "Error:\n" + str(demisto.get(entry, 'Contents.error'))
result = 'Failed to query'
tbl.append({'DeviceName': device, 'System': demisto.get(entry, 'Contents.system'), 'Query result': result, 'Output': output })
except Exception as ex:
res.append({"Type": entryTypes["error"], "ContentsFormat": formats["text"],
"Contents": "Error occurred while parsing output from command. Exception info:\n" + str(ex) + "\n\nInvalid output:\n" + str(resSSH)})
demisto.setContext('CheckpointBackup', devicesBackupStarted )
res.append({"Type": entryTypes["note"], "ContentsFormat": formats["table"], "Contents": tbl})
demisto.results(res)
scripttarget: 0
system: true
tags:
- checkpoint
type: python