Creating automation script to create alerts for existing assets in Maximo IT
About this task
An automation script is created for creating alerts for assets that are already in Maximo IT. Apart from this, this will also take care of the incident status in Maximo IT.
Follow the steps below to create the automation script:
Procedure
- Open the Automation Scripts application.
-
On the navigation panel, click Create and select
Script with Action Launch Point : Step 1 of 3, and
enter data in the fields as follows:
- Launch Point: Specify the launch point name, for example, VULNERABILITY.
- Object: Search for the ASSET object and select it.
- Action: Specify the Action name same as the name given for Launch Point, for example, VULNERABILITY.
- Check the checkbox for Active? and click Next.
-
On the Create Script with Action Launch Point : Step 2 of
3 pop-up, enter the details in the fields as follows:
- Script: Specify as Jython
- Script Language: Search and select jython
- Log level: Search and select ERROR
- Click Next.
-
On the Create Script with Action Launch Point : Step 3 of
3. In the Script box, enter the following script and click
Create.
Note: The below script is a sample and for reference only, update the script as per your custom field ID's and other changes as necessary.
from java.io import BufferedReader, IOException, InputStreamReader, BufferedInputStream, FileWriter from java.lang import System, Class, String, StringBuffer, Integer # from java.nio.charset import Charset from java.util import Date, Properties, List, ArrayList,HashMap # from org.apache.commons.codec.binary import Base64 from org.apache.http import HttpEntity, HttpHeaders, HttpResponse, HttpVersion from org.apache.http.client import ClientProtocolException, HttpClient from org.apache.http.client.entity import UrlEncodedFormEntity from org.apache.http.client.methods import HttpGet from org.apache.http.entity import StringEntity from org.apache.http.util import EntityUtils from org.apache.http.impl.client import DefaultHttpClient from org.apache.http.message import BasicNameValuePair from org.apache.http.params import BasicHttpParams, HttpParams, HttpProtocolParamBean from com.google.gson import JsonParser, JsonElement,JsonObject from psdi.mbo import Mbo, MboRemote, MboSet, MboSetRemote from psdi.security import UserInfo from psdi.server import MXServer from psdi.mbo import SqlFormat from psdi.mbo import MboConstants from sys import * def asset_exists(asset): mxServer = MXServer.getMXServer() asset_set = mxServer.getMboSet("ASSET", mxServer.getSystemUserInfo()) asset_set.setWhere("ASSETNUM='"+str(asset).upper()+"'"); # Check if the MBO set has any records if asset_set.isEmpty(): return False else: return True def createMapping(asset,vul): userInfo = MXServer.getMXServer().getUserInfo("MAXADMIN") mxServer = MXServer.getMXServer() # Get the MboSet for the Alert table alertSet = mxServer.getMboSet("ALERT_ENTITY_RELATIONSHIP", userInfo) alertMbo = alertSet.add() alertMbo.setValue("ENTITY_NAME",'ASSET') alertMbo.setValue("ENTITY_ID",str(asset)) alertMbo.setValue("ALERT_ID",str(vul)) alertMbo.setValue("ALERT_STATUS",1) print("Asset {} with Vulnerability {} created.".format(asset, vul)) alertSet.save() return "Done" def createAlert(res,element,alertSet): # list of key name from alert table key_set= res.keySet() assetId=element.get('device_asset_id') assetVal = assetId.toString().replace('"',"") #check if asset exist in asset table hasAsset = asset_exists(assetVal) alertId=element.get('vulnerability_id') alertVal = alertId.toString().replace('"',"") alertkey=str(alertVal) start=0 end=alertSet.count() map=HashMap() alertMbo = alertSet.add() for i in range(start, end+1): alert = alertSet.getMbo(i); alertkeys = alert.getString("ALERT_ID") map.put(alertkeys,"ALERT_ID") # if asset exist then check if vulnerability already stored if hasAsset: if alertkey in map.keys(): createMapping(assetVal,alertkey) else: for key in key_set: if(key == "ALERT_ID"): vid=res.get(key).getAsString() vul_id = element.get(vid).getAsString() if(key == "DESCRIPTION"): vname=res.get(key).getAsString() if element.get(vname) is None: vul_name = element.get(vname) else: vul_name = element.get(vname).getAsString() if(key == "LOCATION"): lval=res.get(key).getAsString() if element.get(lval).isJsonNull(): vul_loc = element.get(lval) else: vul_loc = element.get(lval).getAsString() if(key == "PRIORITY"): dval=res.get(key).getAsString() if element.get(dval) is None: vul_priority = element.get(dval) else: vul_priority = element.get(dval).getAsString() if(key == "SEVERITY"): rval=res.get(key).getAsString() if element.get(rval) is None: vul_sev = element.get(rval) else: vul_sev = element.get(rval).getAsString() if(key == "CREATED_AT"): dateval=res.get(key).getAsString() if element.get(dateval) is None: vul_date = element.get(dateval) else: vul_date = element.get(dateval).getAsString() if(key == "VULNERABILITY_SCORE"): pval=res.get(key).getAsString() if element.get(pval) is None: vul_score = element.get(pval) else: vul_score = element.get(pval).getAsString() if(key == "STATUS"): sval=res.get(key).getAsString() if element.get(sval) is None: vul_status = element.get(sval) else: vul_status = element.get(sval).getAsString() alertMbo.setValue("ALERT_ID",vul_id) alertMbo.setValue("LOCATION",str(vul_loc)) alertMbo.setValue("DESCRIPTION",str(vul_name)) alertMbo.setValue("PRIORITY",str(vul_priority)) alertMbo.setValue("SEVERITY",str(vul_sev)) alertMbo.setValue("VULNERABILITY_SCORE",str(vul_score)) alertMbo.setValue("CREATED_BY","Claroty") alertMbo.setValue("MODIFIED_BY","Maxadmin") alertMbo.setValue("CREATED_AT",str(vul_date)[:23].replace("T"," ")) alertMbo.setValue("STATUS",str(vul_status),MboConstants.NOACCESSCHECK) alertSet.save() createMapping(assetVal,alertkey) return "Recorded" def getAlerts(element): # get all the value key from claroty with open('/opt/ibm/wlp/usr/servers/defa ultServer/alert.json', 'r') as myfile: data=myfile.read() jsonElement = JsonParser().parse(data) jsonObject = jsonElement.getAsJsonObject() result=jsonObject.get('result') mxServer = MXServer.getMXServer() # Get the MboSet for the Alert table alertSet = mxServer.getMboSet("CDALERT", mxServer.getSystemUserInfo()) alert_data = [createAlert(el,element,alertSet)for el in result] return "get value successfully" def mappingdata(resp): # read mapping file jsonElement = JsonParser().parse(resp) jsonObject = jsonElement.getAsJsonObject() result=jsonObject.get('devices_vulnerabilities') alert_data = [getAlerts(element)for element in result] return "2" # Main part mappingdata(respData) -
Save your changes.
