Scroll

How to automate and schedule periodic Cloud Discovery Scans in Windows 7 (e.g. SoftStone Firewall logs)?

Follow

Running Cloud Discovery scans interactively using GUI is very easy. In many enterprises, this process needs to be scripted and automated to be run periodically to generate Cloud Discovery reports. This can be achieved running the tool on command line and writing a small wrapper around it.  Please note that option of running the tool in command line is available only in Cloud Discovery Enterprise Edition, not in Free version.

There are three major steps to automate and schedule periodic Cloud Discovery Scans. (This article uses SoftStone Firewall logs as an example.  It also  includes helpful scripts/files (cloudcli.bat and LF) attached for quicker reference)

  1. Schedule export of logs from proxy or firewalls
  2. Configure the tool to run in command line
  3. Schedule run of the tool using Task Scheduler in Windows
  1. Schedule export of logs from proxy/firewalls/SIEM:

Please contact your system/network administrator to export logs periodically and store on a windows server or storage accessible for Cloud Discovery Tool.

Cloud Discovery tool can read from single, multiple files or all files within a folder in one scan, so it is easy to push all logs from proxy or firewalls or SIEM to a folder or in a single rotating file or one file a day stored in a folder.

Here are step by step instructions to schedule export of logs from SoftStone firewall.

  • Login to the SMC console.
  • Right click the Task branch under Configuration > Administration > Tasks, and choose Export Log Task from the drop-down menu. (Clipboard00.png)
  • Give the task a descriptive name, choose Operation Type “Export CEF” from the pull-down menu, add the desired Log Servers with relevant access logs to the Target list. (Clipboard01.png)
  • Choose FW Log as Target Data type under the Task tab and set the time range for the logs to export. (Clipboard02.png)
    In here we could also refer to a script to execute after the task. If we include a script in the SMC installation package for running the tool from command line, we could call it from here, right?
  • Set path for the exported logs. (You can only use a location on the management server as the scheduled tasks will be run on the server side.) (Clipboard03.png)
  • Clipboard00.png
  • Clipboard01.pngClipboard02.pngClipboard03.png

 

  • Choose your newly created task from the list and set the schedule for running it automatically. (Clipboard04.png)
  • Lastly set the time to run the task, and how often you want it to be repeated, expire time for task schedule, and if you want to be notified with an alert every time when the task has finished or just if the task has failed.Clipboard04.pngClipboard05.png

2. Configure the tool to run in command line

    • Create and configure a scan definition file

A .scan XML files is used by the Cloud Discovery Tool in order to determine the type of log and its location on the hard drive.

The XML should be in the following format:


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<scan>
<lastOutputPathname> </lastOutputPathname>
<name>MySoftStoneScanResult</name>
<task>
<logFormatName>SoftStone</logFormatName>
<pathname> C:\MyPath\MyLog.csv </pathname>
</task>
</scan>

lastOutputPathname: Specifies the path of the tool’s last run. Should remain empty when using the CLI.
name: Specify the name of your scan.
logFormatName: Specify the type of log to be scanned. Note: The name should correspond with one of the
available log types as they appear in the Cloud Discovery Tool UI.

pathname: Specify the path to the file or directory in which the log files reside.
NOTE: Make sure there are no spaces between the xml tags, eg.,
<pathname> C:\MyPath\MyLog.csv </pathname>, use
<pathname> C:\MyPath\MyLog.csv</pathname>
    • You can also use a scan file created from running the tool interactively using GUI.  By default .scan files are stored under My Documents folder of the user. eg. "C:\Users\abc\Documents"
    • Open/Run Command Prompt (All programs -> Accessories -> Command Prompt -> Right Click -> Run as Administrator)
    • Change directory to <Cloud Discovery Installation Path>
    • cloudDiscoveryCLI.bat –s “[Path to .scan file]” –d “[Path where output results are saved]” 
eg.

"C:\Program Files (x86)\CloudDiscovery\cloudDiscoveryCLI.bat"
-s "C:\Users\abc\Documents\websense.scan"
-d "C:\Users\abc\Documents\CloudDiscovery\results"

For more details about running Cloud Discovery command line options to install license and other details, please read article What are available CLI options for Cloud Discovery?

       3. Schedule run of Cloud Discovery CLI tool using Task Scheduler in Windows

    • Create a small batch file with contents like shown here and save.  Sample batch file is attached here.
cd c:\Program Files (x86)\CloudDiscovery
"c:\Program Files (x86)\CloudDiscovery\cloudDiscoveryCLI.bat"
-s "C:\Users\nattu\Documents\websense.scan"
-d "C:\Users\nattu\Documents\CloudDiscovery\results" <
"c:\Program Files (x86)\CloudDiscovery\LF"
exit
"c:\Program Files (x86)\CloudDiscovery\LF" 
- This is a file which contains single line feed character
which is input to batch file which is run to avoid prompt
caused by Cloud Discovery CLI tool java program. This will
be corrected in future versions and may not be needed to be used.

    • Run batch file in a command prompt to make sure it runs and creates results.  Sample output shown below.
C:\Windows\system32>"C:\Program Files (x86)\CloudDiscovery\cloudcli.bat"

C:\Windows\system32>cd C:\Program Files (x86)\CloudDiscovery

C:\Program Files (x86)\CloudDiscovery>"c:\Program Files (x86)\CloudDiscovery\cloudDiscoveryCLI.bat"
-s "C:\Users\nattu\Documents\websense.scan"
-d "C:\Users\nattu\Documents\CloudDiscovery\results" 0 <
"c:\Program Files (x86)\CloudDiscovery\LF"

C:\Program Files (x86)\CloudDiscovery>"C:\Program Files (x86)\Java\jre7\bin\java" -cp *
-Dlog4j.configuration=log4j.cli.properties
-Xverify:none com.skyfence.skyware.CloudDiscoveryToolCLI
-s "C:\Users\nattu\Documents\websense.scan"
-d "C:\Users\nattu\Documents\CloudDiscovery\results"
Scan started
[100%] 0 records analyzed
Scan done
Time: 37ms.
Sending scan results to your Skyfence Cloud Gateway
Uploading...
.......Upload done
Cloud Discovery tool finished analyzing your scan, websense
The reports can be found under: C:\Users\nattu\Documents\CloudDiscovery\results\
2014-09-13 websense (15)
Analysis summary
Total number of services found: 1
Total number of users: 1
Total number activities analyzed: 1
Press [Enter] key to exit...

C:\Program Files (x86)\CloudDiscovery>

    • Create a scheduled task using Task Scheduler to run it with a desired schedule
      • You can use AT command from Command Prompt to create a schedule task.

For eg. To run it every day at 12:35 PM, run as:

C:\Program Files (x86)\CloudDiscovery>at 12:35 /every:M,T,W,Th,F,S,Su cmd /c 
"c:\Program Files (x86)\CloudDiscovery\cloudcli.bat"

Make sure the permissions to run as current user is configured in Task Scheduler for the task which was just created.

      • Go to Control Panel -> Administrative Tools -> Task Scheduler -> Double Click desired Task from Task Scheduler Library -> Edit the job as below to run it with current user -> Choose "Configure for Windows Vista, Windows Server 2008"
Have more questions? Submit a request

Comments

Powered by Zendesk