feat: add new warnings for hosts missing in MDM and/or EDR

hazcod · Sep 15, 2022 · 79d872e · 79d872e
1 parent 127b835
commit 79d872e
Show file tree

Hide file tree

Showing 6 changed files with 389 additions and 30 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -53,16 +53,25 @@ func main() {
 
 	// ---
 
-	falconMessages, usersWithSensors, err := falcon.GetMessages(config, ctx)
+	falconMessages, usersWithSensors, securityErrors, err := falcon.GetMessages(config, ctx)
 	if err != nil {
 		logrus.WithError(err).Fatal("could not get falcon messages")
 	}
 
-	ws1Messages, usersWithDevices, err := ws1.GetMessages(config, ctx)
+	ws1Messages, usersWithDevices, mdmSecurityErrors, err := ws1.GetMessages(config, ctx)
 	if err != nil {
 		logrus.WithError(err).Fatal("could not get WS1 messages")
 	}
 
+	securityErrors = append(securityErrors, mdmSecurityErrors...)
+	if len(securityErrors) > 0 {
+		for _, secError := range securityErrors {
+			logrus.WithField("module", "falcon").Warn(secError.Error())
+		}
+	}
+
+	usersWithMDMOrEDR := append(usersWithDevices, usersWithSensors...)
+
 	// ---
 
 	slackClient := slack.New(config.Slack.Token)
@@ -94,7 +103,7 @@ func main() {
 
 	logrus.WithField("users", len(slackUsers)).Info("found Slack users")
 
-	var errorsToReport []error
+	errorsToReport := securityErrors
 
 	for _, slackUser := range slackUsers {
 		userEmail := strings.ToLower(slackUser.Profile.Email)
@@ -114,7 +123,7 @@ func main() {
 
 		// check if every slack user has a device in MDM
 		hasDevice := false
-		for _, userWDevice := range usersWithDevices {
+		for _, userWDevice := range usersWithMDMOrEDR {
 			if strings.EqualFold(userWDevice, userEmail) {
 				hasDevice = true
 				break

diff --git a/go.mod b/go.mod
@@ -3,21 +3,23 @@ module github.com/hazcod/crowdstrike-spotlight-slacker
 go 1.16
 
 require (
-	github.com/crowdstrike/gofalcon v0.2.22
-	github.com/go-openapi/analysis v0.21.3 // indirect
-	github.com/go-openapi/spec v0.20.6 // indirect
+	github.com/crowdstrike/gofalcon v0.2.26
+	github.com/go-openapi/loads v0.21.2 // indirect
+	github.com/go-openapi/spec v0.20.7 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/pkg/errors v0.9.1
-	github.com/sirupsen/logrus v1.8.1
-	github.com/slack-go/slack v0.10.3
-	go.mongodb.org/mongo-driver v1.9.1 // indirect
-	golang.org/x/net v0.0.0-20220526153639-5463443f8c37 // indirect
-	golang.org/x/oauth2 v0.0.0-20220524215830-622c5d57e401 // indirect
+	github.com/sirupsen/logrus v1.9.0
+	github.com/slack-go/slack v0.11.3
+	go.mongodb.org/mongo-driver v1.10.2 // indirect
+	golang.org/x/net v0.0.0-20220909164309-bea034e7d591 // indirect
+	golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1
+	golang.org/x/sys v0.0.0-20220913175220-63ea55921009 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/errgo.v2 v2.1.0
-	gopkg.in/yaml.v3 v3.0.0
+	gopkg.in/yaml.v3 v3.0.1
 )