Merge pull request #83 from jusso-dev/dev/jusso-dev/add-fixes-and-log…

…ging Added Key Vault logic fixes, more logging and additional checks
cudeso · Feb 29, 2024 · d1b5bef · d1b5bef
2 parents f9e4ef4 + 4ae16a9
commit d1b5bef
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 8 deletions.
diff --git a/AzureFunction/MISP2Sentinel/__init__.py b/AzureFunction/MISP2Sentinel/__init__.py
@@ -22,6 +22,7 @@
     urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 
 def _get_misp_events_stix():
+    logging.info(f"Using the following values for MISP API call: domain: {config.misp_domain}, misp API key: {config.misp_key[:-5] + '*' + '*' + '*' + '*' + '*'}...")
     misp = ExpandedPyMISP(config.misp_domain, config.misp_key, config.misp_verifycert, False)
     result_set = []
     logging.debug("Query MISP for events.")
@@ -87,6 +88,8 @@ def push_to_sentinel(tenant, id, secret, workspace):
     logging.info(f"Tenant: {tenant}")
     logging.info(f"Client ID: {id}")
     logging.info(f"Workspace ID: {workspace}")
+    obfuscated_secret = secret[:-5] + '*' + '*' + '*' + '*' + '*'
+    logging.info(f"Client Secret (obfuscated): {obfuscated_secret}")
     parsed_indicators, total_indicators = _get_misp_events_stix()
     logging.info("Found {} indicators in MISP".format(total_indicators))
 
@@ -100,9 +103,19 @@ def push_to_sentinel(tenant, id, secret, workspace):
                 fp.write(json_formatted_str)
 
 def pmain():
-    tenants = json.loads(os.getenv('tenants'))
-    for item in tenants:
-        push_to_sentinel(item['tenantId'], item['id'], item['secret'], item['workspaceId'])
+    ## Multi-tenant mode
+    tenants_env = os.getenv('tenants', '')
+    if not tenants_env == '':
+        tenants = json.loads(tenants_env)
+        for item in tenants:
+            push_to_sentinel(item['tenantId'], item['id'], item['secret'], item['workspaceId'])
+
+    # Single-tenant mode
+    tenant = config.ms_auth[TENANT]
+    id = config.ms_auth[CLIENT_ID]
+    secret = config.ms_auth[CLIENT_SECRET]
+    workspace = config.ms_auth[WORKSPACE_ID]
+    push_to_sentinel(tenant, id, secret, workspace)
 
 def main(mytimer: func.TimerRequest) -> None:
     utc_timestamp = datetime.utcnow().replace(
@@ -115,3 +128,4 @@ def main(mytimer: func.TimerRequest) -> None:
     pmain()
     logging.info("End MISP2Sentinel")
     logging.info('Python timer trigger function ran at %s', utc_timestamp)
+
diff --git a/AzureFunction/MISP2Sentinel/config.py b/AzureFunction/MISP2Sentinel/config.py
@@ -25,7 +25,7 @@
 }
 
 ## If Azure Key Vault name variable is set, use it for secret values
-if not len(keyVaultName) == 0:
+if not keyVaultName == '':
     # Key vault section
     # Key Vault name must be a globally unique DNS name
 
@@ -41,10 +41,10 @@
 
     # Set values with 
     mispkey = retrieved_mispkey.value
-    ms_auth['client_secret'] = retrieved_clientsecret
-
-print('key_vault_name env variable not set, falling back to env variable for config values....')
-mispkey=os.getenv('mispkey')
+    ms_auth['client_secret'] = retrieved_clientsecret.value
+else:
+    print('key_vault_name env variable not set, falling back to env variable for config values....')
+    mispkey=os.getenv('mispkey')
 
 #####################
 # Microsoft Section #