SNMP trap receiver servers configured do not match requirement-juniper-junos

SNMP trap receiver servers configured do not match requirement-juniper-junos

Vendor: juniper

OS: junos

Description:
Indeni can verify that certain SNMP trap receivers are configured on a specific device.

Remediation Steps:
Update the configuration of the device to match the requirement.

junos-show-configuration-snmp

name: junos-show-configuration-snmp
description: JUNOS SRX retrieving snmp configuration information
type: monitoring
monitoring_interval: 60 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall
comments:
    snmp-enabled:
        skip-documentation: true
    snmp-version:
        skip-documentation: true
    snmp-location:
        skip-documentation: true
    snmp-communities:
        skip-documentation: true
    snmp-traps-status:
        skip-documentation: true
    snmp-traps-receiver:
        skip-documentation: true
    snmp-users:
        skip-documentation: true
    unencrypted-snmp-configured:
        skip-documentation: true
        why: |
            The SRX device can be configured to allow snmp query or set, and also send traps to trap receivers.
        how: |
            This script retrieves how the snmp is configured on the SRX device by running the command "show configuration snmp" via SSH connection to a device.
        without-indeni: |
            An administrator could log on to the device to run the command "show configuration snmp" to collect the same information.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: The commamnd line is available to retrieve this
            information
steps:
-   run:
        type: SSH
        command: show configuration snmp | display set
    parse:
        type: AWK
        file: show-configuration-snmp.parser.1.awk

CrossVendorSnmpServersComplianceRule

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor.compliance

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.MultiSnapshotComplianceCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class CrossVendorSnmpServersComplianceRule() extends MultiSnapshotComplianceCheckTemplateRule(
  ruleName = "CrossVendorSnmpServersComplianceRule",
  ruleFriendlyName = "Compliance Check: SNMP trap receiver servers configured do not match requirement",
  ruleDescription = "Indeni can verify that certain SNMP trap receivers are configured on a specific device.",
  severity = AlertSeverity.WARN,
  metricName = "snmp-traps-receiver",
  itemKey = "ip",
  alertDescription = "The list of SNMP trap receivers configured on this device does not match the requirement. Please review the list below.\n\nThis alert was added per the request of <a target=\"_blank\" href=\"http://il.linkedin.com/pub/itzik-assaraf/2/870/1b5\">Itzik Assaraf</a> (Leumi Card).",
  baseRemediationText = "Update the configuration of the device to match the requirement.",
  requiredItemsParameterName = "SNMP trap receiver Servers",
  requiredItemsParameterDescription = "Enter the SNMP trap receiver servers required, each one on its own line."
)()