Committer: Doron Tzur <[email protected]>

 Changes to be committed:
	modified:   README.md
        modified:   getAttackAnalyticsInfo.js
	modified:   settings.js
	modified:   spv.js
	modified:   utils.js
* Added ability to configure period of getting Attack Analytics
incidents.
* Added summary of protected/not protected sites.
* Changed title to display a more user friendly date.

README.md

@@ -19,6 +19,7 @@ The tool can be used with it's default settings or if needed, user may change th
    - **getAttackAnalyticsInfo** (default true)- *true* When set to true Attack Analytics info is also displayed if licensed. This may take a longer time. When set to true, getSubAccountsInfo must also be true
    - **showFullDetails** (default false) - *true* - provides a table per website with detailed information
    - **useLegacyDisplay** (default false) - *true* html display will be as was before version 2 of the tool
+   - **attackAnalyticsPeriodInDays** (default 0) - How many days back should info be provided? E.g. 'Last n Days' 0 = All
    - **title** (default name of account) - the title of the web page
    - **fileName** (default name of account) - the filename
    - **filePath** (default project directory)- Where the files will be saved. Directory must be created prior to running the tool

getAttackAnalyticsInfo.js

@@ -5,14 +5,14 @@ var settings = require('./settings.js');
 var utils = require("./utils");
 var spv = require('./spv.js');
 
-function getAAInfoList(commonPostData, accountList, aASubAccountOutput, informCaller)
+function getAAInfoList(timeNow, commonPostData, accountList, aASubAccountOutput, informCaller)
 {
 	totalNumAccounts = accountList.length;
 	if(settings.printDebugInfo)
 		console.time("Get account info - total time");
 
 	async.forEachLimit(accountList, settings.numConcurrentConnections, function(account, cb){
-		getAaAccountInfo(commonPostData, account.accountId, aASubAccountOutput, cb);
+		getAaAccountInfo(timeNow, commonPostData, account.accountId, aASubAccountOutput, cb);
 	}, function(err){
 		if (err){
 			//deal with the error
@@ -27,10 +27,14 @@ function getAAInfoList(commonPostData, accountList, aASubAccountOutput, informCa
 }
 
 
-function getAaAccountInfo(commonPostData, accountId, aAAccountOutput, informCaller)
+function getAaAccountInfo(timeNow, commonPostData, accountId, aAAccountOutput, informCaller)
 {
+	var dayInMs = 86400000;
 	var urlString = 'https://api.imperva.com/analytics/v1/incidents?caid=' + accountId +
 		'&api_key=' + commonPostData.api_key + '&api_id=' + commonPostData.api_id;
+
+	if (settings.attackAnalyticsPeriodInDays != 0)
+		urlString += '&from_timestamp=' + (timeNow._created - (dayInMs * settings.attackAnalyticsPeriodInDays));
 
 // form data
 	var options = {
@@ -114,14 +118,24 @@ function setSubAccountAaInfo(accountId, aAPaylod, aAAccountOutput)
 
 function buildAaReport(isAttackAnalyticsPurchased, aASubAccountInfo, mainAccountInfo, subAccountsOutput)
 {
+
 	var aAOutput = '\n<h2><a name="AccountIncidentsSummary">Incidents Summary (Attck Analytics)</a></h2>\n';
+	var lastDayCaption;
 	var curAccountName = '';
 	var strCritical = '';
 	var strMajor = '';
 	var strMinor = '';
-	var aAUrl = 'https://console.imperva.com/analytics/ui/incidents?caid=';
+	var aAUrl = 'https://my.imperva.com/attack-analytics/ui/incidents?accountId='
+
+	if (settings.attackAnalyticsPeriodInDays == 0)
+		lastDayCaption = 'All';
+	else if (settings.attackAnalyticsPeriodInDays == 1)
+		lastDayCaption = 'Last 1 Day';
+	else 
+		lastDayCaption = 'Last ' + settings.attackAnalyticsPeriodInDays + ' Days';
+
+	aAOutput = '\n<h2><a name="AccountIncidentsSummary">' + lastDayCaption + ' Incidents Summary (Attack Analytics)</a></h2>\n';
 
-
 	if (isAttackAnalyticsPurchased)
 	{
 

settings.js

@@ -11,6 +11,8 @@ module.exports = Object.freeze({
 	showFullDetails: false, // When set to true, the setting details are listed per site. 
 	useLegacyDisplay: false, // When set to true, html display will be as was before version 2 of this tool.
 
+	attackAnalyticsPeriodInDays: 0, //How many days back should info be provided? E.g. 'Last n Days' 0 = All.
+
 	title: "", //When empty string it will use the account name as defined in MY
 
 //File
@@ -110,7 +112,7 @@ module.exports = Object.freeze({
 	originServerConnectionTimeout: 10000, //(In milliseconds)
 
 //Internal usage	
-	version: "2.0",
+	version: "2.1",
 	pageSize: 100
 
 });

spv.js

@@ -22,6 +22,8 @@ var fileName;
 var pageSize = 100;
 var timeNow = dateTime.create();
 
+
+
 //This information is used for calling different APIs
 var genericPostData = {
   api_id: settings.apiId,
@@ -31,8 +33,8 @@ var genericPostData = {
 };
 
 /**/ 
- var appVersion = "2.0.1";
- var requiredSettingsVersion = 2.0;
+ var appVersion = "2.1";
+ var requiredSettingsVersion = 2.1;
 /**/
 
 //Colored html status
@@ -244,7 +246,7 @@ function getSitesInfo(commonPostData, siteData, originsData, informCaller)
       function(callback) {
         //Get Attack Analytics Info
         if (getAttackAnalyticsInfo)
-          getAaInfo.getAAInfoList(commonPostData, subAccountIds, aASubAccountOutput, callback);
+          getAaInfo.getAAInfoList(timeNow, commonPostData, subAccountIds, aASubAccountOutput, callback);
         else
           callback();
       },
@@ -264,45 +266,72 @@ function getSitesInfo(commonPostData, siteData, originsData, informCaller)
 function buildHtmlSummaryTable(isWebVolDDosPurchased)
 {
   var output = '<h2><a name="AccountProtectionSettings">Protection Settings</a></h2>\n';
-
-  output += '<table>\n';
   var statusString;
   var hasTrafficString;
   statusString = "Fully Configured";
   hasTrafficString = '';
-  output += '<tr>';
+
+  var settingsSummary = {"totalSites": 0, "origNotProtected": 0, "totalNotProtected": 0, "totalNotConfigured": 0};
+
+  var tableOutput = '<table>\n';
+  tableOutput += '<tr>';
 
 
   if (getSubAccountsInfo)
-    output += '<th align="left">Account</th>';
+    tableOutput += '<th align="left">Account</th>';
 
-  output += '<th align="left">Site</th><th align="left">' + statusString + hasTrafficString + '<th align="left">Block Bad Bots</th><th align="left">Challenge Suspected Bots</th><th align="left">Backdoor Protection</th>' +
+  tableOutput += '<th align="left">Site</th><th align="left">' + statusString + hasTrafficString + '<th align="left">Block Bad Bots</th><th align="left">Challenge Suspected Bots</th><th align="left">Backdoor Protection</th>' +
     '<th align="left">Remote File Inclusion</th><th align="left">SQL Injection</th><th align="left">Cross Site Scripting</th><th align="left">Ilegal Resource Access</th>' +
     '<th align="left">DDoS Activity</th><th align="left">Volumetric DDoS</th>';
 
   //If checking orig servers
   if (checkOriginServers)
-    output += '<th align="left">Origin Server Protected</th></tr>\n';
+    tableOutput += '<th align="left">Origin Server Protected</th></tr>\n';
   else
-    output += '</tr>\n';
+    tableOutput += '</tr>\n';
 
   for (var i = 0; i < siteSummaryObject.length; i++)
   {
-    output += buildHtmlSumRow(siteSummaryObject[i]);
+    tableOutput += buildHtmlSumRow(siteSummaryObject[i], settingsSummary);
   }
 
-  output += '</table>';
+  tableOutput += '</table>';
+
+  output += '<p><b>Number of fully configured sites: </b>' + (settingsSummary.totalSites - settingsSummary.totalNotConfigured) + 
+    ' out of ' + settingsSummary.totalSites + '</p>\n';
+
+  output += '<p><b>Number of fully protected sites: </b>' + (settingsSummary.totalSites - settingsSummary.totalNotConfigured - settingsSummary.totalNotProtected) + 
+  ' out of ' + (settingsSummary.totalSites - settingsSummary.totalNotConfigured) + '</p>\n';
 
-  return output;
+  if (checkOriginServers)
+  {
+    output += '<p><b>Number of sites with protected origin-server:</b> ' + (settingsSummary.totalSites - settingsSummary.totalNotConfigured - settingsSummary.origNotProtected) + 
+    ' out of ' + (settingsSummary.totalSites - settingsSummary.totalNotConfigured) + '</p>\n'; 
+  }
+  else
+  {
+    output += '<p><b>Origin servers were not checked and their status not taken into account! </b></p>\n';
+  }
+
+
+  output += tableOutput;
+
+  return (output);
 }
 
 
-function buildHtmlSumRow(siteSummaryObject)
+function buildHtmlSumRow(siteSummaryObject, settingsSummary)
 {
   var output;
   var dispalyAccountName = "";
   var wafConfigUrl = 'https://my.incapsula.com/sites/settings?isolated=true&accountId=' + siteSummaryObject.accountId + '&extSiteId=' + siteSummaryObject.siteId + '&fragment=section%3Dsettings_section_threats#section=settings&settings_section=settings_section_threats';
   var accountUrl = 'https://my.incapsula.com/sites?accountId=' + siteSummaryObject.accountId;
+  var isFullyProtected = true;
+  var isFullyConfigured = true;
+  var isFullyConfigured = true;
+  var isOriginProtected = true;
+
+  settingsSummary.totalSites++;
 
   output = '<tr>' 
   if (getSubAccountsInfo)
@@ -317,50 +346,79 @@ function buildHtmlSumRow(siteSummaryObject)
 
   output += '<td align="left"><a href="' + wafConfigUrl + '">' + siteSummaryObject.site + '</a></td>';    
 
+  //Fully configured
   if (siteSummaryObject.status == statusOkString)
     output += htmlYStr;
   else 
-     output += htmlNStr;
+  {
+    isFullyConfigured = false;
+    output += htmlNStr;
+  }
+
 
   if (siteSummaryObject.blockBadBots == 'Y')
     output += htmlVStr;
   else
-    output += htmlXStr;
+  {
+    isFullyProtected = false;
+    output += htmlNStr;
+  }
 
   if (siteSummaryObject.challengeSuspected == 'Y')
     output += htmlVStr;
   else
-    output += htmlXStr;
+  {
+    isFullyProtected = false;
+    output += htmlNStr;
+  }
 
   if (siteSummaryObject.backDoorProtection == 'Y')
     output += htmlVStr;
   else
-    output += htmlXStr;
+  {
+    isFullyProtected = false;
+    output += htmlNStr;
+  }
 
   if (siteSummaryObject.remoteFileInclusion == 'Y')
     output += htmlVStr;
   else
-    output += htmlXStr;
+  {
+    isFullyProtected = false;
+    output += htmlNStr;
+  }
 
   if (siteSummaryObject.sqlInjection == 'Y')
     output += htmlVStr;
   else
-    output += htmlXStr;
+  {
+    isFullyProtected = false;
+    output += htmlNStr;
+  }
 
     if (siteSummaryObject.crossSiteScripting == 'Y')
     output += htmlVStr;
   else
-    output += htmlXStr;
+  {
+    isFullyProtected = false;
+    output += htmlNStr;
+  }
 
   if (siteSummaryObject.illegalResourceAccess == 'Y')
     output += htmlVStr;
   else
-    output += htmlXStr;
+  {
+    isFullyProtected = false;
+    output += htmlNStr;
+  }
 
   if (siteSummaryObject.ddosActivityMode == 'Y')
     output += htmlVStr;
   else
-    output += htmlXStr;
+  {
+    isFullyProtected = false;
+    output += htmlNStr;
+  }
 
   if (siteSummaryObject.isWebVolDDosPurchased == 'Y')
     output += htmlVStr;
@@ -372,12 +430,25 @@ function buildHtmlSumRow(siteSummaryObject)
     if (siteSummaryObject.origServerProtected == 'Y')
       output += htmlVStr;
     else
-      output += htmlXStr;
+    {
+      isFullyProtected = false;
+      output += htmlNStr;
+      isOriginProtected = false;
+    }
   }
 
+  if (isFullyConfigured == false)
+      settingsSummary.totalNotConfigured++;
+  else
+  { //Total not protected only relevant if site is fully configured
+    if (isFullyProtected == false)
+      settingsSummary.totalNotProtected += 1;
+    if (isOriginProtected == false)
+      settingsSummary.origNotProtected += 1;
+  }
   output += '</tr>\n';
 
-  return output;
+  return (output);
 }
 
 function setHasTrafficInHtmlSummaryTable(domain, hasTraffic)
@@ -411,9 +482,9 @@ function buildHtml(siteData, originServersInfo, mainAccountInfo, subAccountsOutp
   output += '<title>' + theTitle + ' - Report </title>\n'
   output += '<style> table, th, td {border: 1px solid black; border-collapse: collapse;} .redText { color:red; } .blackText { color:black; } .greenText { color:green; } .brownText { color:brown; } .orangeText { color:orange; }</style>\n'
   output += '<body>\n';
-  output += '<h1>' + theTitle + ' - (Account ID ' + accountId + ') - ' + timeNow.format('Y-m-d H:M:S') + '</h1>\n'
+  output += '<h1>' + theTitle + ' - (Account ID ' + accountId + ') - ' + timeNow.format('d-f-Y H:M:S') + '</h1>\n'
 
-  output += '<p> Number of sites : ' + siteData.sites.length + '<\p>\n';
+  output += '<p><b> Number of sites : ' + siteData.sites.length + '</b><\p>\n';
   if (getAttackAnalyticsInfo)
     output += '<a href="#AccountIncidentsSummary">Incidents Summary<\a><br>\n';
   output += '<a href="#AccountProtectionSettings">Protection Settings<\a><br>\n';

utils.js

@@ -9,7 +9,7 @@ function saveToFile(filename, data)
       console.log("Error: " + err.message)
       return// console.log(err);
     }
-    console.log("Results saved to " + filename);
+    console.log("\nResults saved to " + filename);
   });
 }