-
-
Save rylnd/28401767387f803cae2669797bc6fb96 to your computer and use it in GitHub Desktop.
Bulk Update Rules' API Keys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| KIBANA_URI="${KIBANA_URL:-"http://localhost:5601"}" | |
| KIBANA_USR="${KIBANA_USER:-"elastic"}" | |
| KIBANA_PWD="${KIBANA_PASS:-"changeme"}" | |
| KIBANA_SPACE="${SPACE_ID:-""}" | |
| if [ -n "$KIBANA_SPACE" ]; then | |
| SPACE_PART="s/${KIBANA_SPACE}/" | |
| fi | |
| RULE_ID=${1:-''} | |
| if [ ! -n "$RULE_ID" ] ; then | |
| echo "Please provide the rule ID as an argument to this script." | |
| exit 1 | |
| fi | |
| echo "Updating API Key for rule ${RULE_ID}..." | |
| curl -sS -k -u "${KIBANA_USR}:${KIBANA_PWD}" -H 'kbn-xsrf: true' -X POST "${KIBANA_URI}/${SPACE_PART}internal/alerting/rule/${RULE_ID}/_update_api_key" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| KIBANA_URI="${KIBANA_URL:-"http://localhost:5601"}" | |
| KIBANA_USR="${KIBANA_USER:-"elastic"}" | |
| KIBANA_PWD="${KIBANA_PASS:-"changeme"}" | |
| KIBANA_SPACE="${SPACE_ID:-""}" | |
| if [ -n "$KIBANA_SPACE" ]; then | |
| SPACE_PART="s/${KIBANA_SPACE}/" | |
| fi | |
| xIFS="$IFS" | |
| IFS=$'\n' | |
| RULES="$(./get_affected_rules.sh | jq -c '.[]')" | |
| for rule in $RULES; do | |
| echo "Fixing rule ${rule}..." | |
| rule_id="$(echo $rule | jq -r '.id')" | |
| if ./fix_affected_rule.sh "${rule_id}"; then | |
| echo -e "Fixed rule ${rule}.\n" | |
| fi | |
| done | |
| IFS="$xIFS" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| KIBANA_URI="${KIBANA_URL:-"http://localhost:5601"}" | |
| KIBANA_USR="${KIBANA_USER:-"elastic"}" | |
| KIBANA_PWD="${KIBANA_PASS:-"changeme"}" | |
| KIBANA_SPACE="${SPACE_ID:-""}" | |
| if [ -n "$KIBANA_SPACE" ]; then | |
| SPACE_PART="s/${KIBANA_SPACE}/" | |
| fi | |
| ERROR_MESSAGE="Reason: missing authentication credentials for REST request.* caused by \"\"" | |
| RULES="$(curl -s -k -u ${KIBANA_USR}:${KIBANA_PWD} -X GET ${KIBANA_URI}/${SPACE_PART}api/detection_engine/rules/_find\?page\=1\&per_page\=10000)" | |
| AFFECTED_RULES="$(echo "${RULES}" | jq --arg msg "${ERROR_MESSAGE}" -c '.data | map( select( .execution_summary.last_execution.status == "failed" and (.execution_summary.last_execution.message | match($msg))))')" | |
| AFFECTED_RULE_SUMMARY="$(echo ${AFFECTED_RULES} | jq -c 'map({ id, name })')" | |
| echo "$AFFECTED_RULE_SUMMARY" |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Requirements
jq,bashHow To Use
The following parameters are available:
KIBANA_URL: protocol and address of the kibana server (defaults tohttp://localhost:5601)SPACE_ID: kibana space ID (if unspecified, uses the default space)KIBANA_USER: kibana user (defaults toelastic)KIBANA_PASS: kibana password (defaults topassword)Retrieve names and IDs of all affected rules
NOTE: this action is read-only
Fix a single rule's encryption errors by updating its API key
NOTE: this action will destroy the existing API key for the rule, and a new one will be generated for the current user.
Fix ALL affected rules' encryption errors by updating their API keys
NOTE: this action will destroy the existing API key for each rule, and a new one will be generated for the current user.
NOTE: uses the output of
get_affected_rulesas input tofix_affected_rule