ARK-600: ISP Session Monitoring / Activites Support (#6)

* ARK-600: ISP Session Monitoring / Activites Support

* ARK-600: ISP Session Monitoring / Activites Support

* ARK-600: ISP Session Monitoring / Activites Support

Author: ofiriluz

Makefile

@@ -62,7 +62,8 @@ test:
 
 package:
 	@echo Package sdk
-	poetry build
+	poetry build --format wheel
+	poetry run scripts/wheel_editor.sh dist/ark_sdk_python*x86_64.whl
 
 publish-test:
 	@echo Release to test.pypi.org and create git tag

README.md

@@ -21,6 +21,7 @@ CyberArk's Official SDK and CLI for different services operations
     - [x] DPA SSO Service
     - [x] DPA K8S Service
     - [x] DPA DB Service
+    - [x] Session Monitoring Service
 - [x] All services contains CRUD and Statistics per respective service
 - [x] Ready to use SDK in Python
 - [x] CLI and SDK Examples

ark_sdk_python/ark_api.py

@@ -175,3 +175,15 @@ def dpa_k8s(self) -> "ArkDPAK8SService":
         from ark_sdk_python.services.dpa.k8s import ArkDPAK8SService
 
         return cast(ArkDPAK8SService, self.service(ArkDPAK8SService))
+
+    @property
+    def sm(self) -> "ArkSMService":
+        """
+        Returns the SM service if the appropriate authenticators were given
+
+        Returns:
+            ArkSMService: _description_
+        """
+        from ark_sdk_python.services.sm import ArkSMService
+
+        return cast(ArkSMService, self.service(ArkSMService))

ark_sdk_python/models/actions/services/__init__.py

@@ -1,12 +1,15 @@
 from typing import Any, List
 
 from ark_sdk_python.models.actions.services.ark_dpa_exec_action_consts import DPA_ACTIONS
+from ark_sdk_python.models.actions.services.ark_sm_exec_action_consts import SM_ACTIONS
 
 SUPPORTED_SERVICE_ACTIONS: List[Any] = [
     DPA_ACTIONS,
+    SM_ACTIONS,
 ]
 
 __all__ = [
     'DPA_ACTIONS',
+    'SM_ACTIONS',
     'SUPPORTED_SERVICE_ACTIONS',
 ]

ark_sdk_python/models/actions/services/ark_sm_exec_action_consts.py

@@ -0,0 +1,27 @@
+from typing import Any, Dict, Final, Optional, Type
+
+from ark_sdk_python.models import ArkModel
+from ark_sdk_python.models.actions.ark_service_action_definition import ArkServiceActionDefinition
+from ark_sdk_python.models.services.sm import ArkSMGetSession, ArkSMGetSessionActivities, ArkSMSessionActivitiesFilter, ArkSMSessionsFilter
+
+# Session Monitoring Definitions
+SM_ACTION_TO_SCHEMA_MAP: Final[Dict[str, Optional[Type[ArkModel]]]] = {
+    'list-sessions': None,
+    'count-sessions': None,
+    'list-sessions-by': ArkSMSessionsFilter,
+    'count-sessions-by': ArkSMSessionsFilter,
+    'session': ArkSMGetSession,
+    'list-session-activities': ArkSMGetSessionActivities,
+    'count-session-activities': ArkSMGetSessionActivities,
+    'list-session-activities-by': ArkSMSessionActivitiesFilter,
+    'count-session-activities-by': ArkSMSessionActivitiesFilter,
+    'sessions-stats': None,
+}
+SM_ACTION_DEFAULTS_MAP: Final[Dict[str, Dict[str, Any]]] = {}
+
+# Service Actions Definition
+SM_ACTIONS: Final[ArkServiceActionDefinition] = ArkServiceActionDefinition(
+    action_name='sm',
+    schemas=SM_ACTION_TO_SCHEMA_MAP,
+    defaults=SM_ACTION_DEFAULTS_MAP,
+)

ark_sdk_python/models/common/__init__.py

@@ -1,3 +1,5 @@
+from ark_sdk_python.models.common.ark_access_method import ArkAccessMethod
+from ark_sdk_python.models.common.ark_application_code import ArkApplicationCode
 from ark_sdk_python.models.common.ark_async_request_settings import ArkAsyncRequestSettings
 from ark_sdk_python.models.common.ark_async_status import ArkAsyncStatus
 from ark_sdk_python.models.common.ark_async_task import ArkAsyncTask
@@ -29,9 +31,11 @@
     'ArkWorkspaceType',
     'ArkNetworkEntityType',
     'ArkConnectorType',
+    'ArkApplicationCode',
     'ArkProtocolType',
     'VALID_DATE_REGEX',
     'VALID_LOGIN_MAX_LENGTH',
     'VALID_LOGIN_NAME_REGEX',
     'ArkConnectionMethod',
+    'ArkAccessMethod',
 ]

ark_sdk_python/models/common/ark_access_method.py

@@ -0,0 +1,6 @@
+from enum import Enum
+
+
+class ArkAccessMethod(str, Enum):
+    VAULTED = 'Vaulted'
+    JIT = 'JIT'

ark_sdk_python/models/common/ark_application_code.py

@@ -0,0 +1,20 @@
+from enum import Enum
+
+
+class ArkApplicationCode(str, Enum):
+    DPA = 'DPA'
+    CSM = 'CSM'
+    PAM = 'PAM'
+    DAP = 'DAP'
+    ITI = 'ITI'
+    UBA = 'UBA'
+    ADM = 'ADM'
+    USR = 'USR'
+    AUD = 'AUD'
+    ALR = 'ALR'
+    CEM = 'CEM'
+    EPM = 'EPM'
+    SCA = 'SCA'
+    SHSM = 'SHSM'
+    CLO = 'CLO'
+    CMS = 'CMS'

ark_sdk_python/models/common/ark_protocol_type.py

@@ -9,3 +9,5 @@ class ArkProtocolType(str, MultiValueEnum):
     CLI = 'cli', 'CLI'
     CONSOLE = 'console', 'Console'
     HTTPS = 'https', 'HTTPS'
+    K8S = 'K8S', 'k8s'
+    DB = 'Database', 'database', 'DATABASE'

ark_sdk_python/models/services/sm/__init__.py

@@ -0,0 +1,24 @@
+from ark_sdk_python.models.services.sm.ark_sm_get_session import ArkSMGetSession
+from ark_sdk_python.models.services.sm.ark_sm_get_session_activities import ArkSMGetSessionActivities
+from ark_sdk_python.models.services.sm.ark_sm_protocol_type_serializer import serialize_sm_protocol_type
+from ark_sdk_python.models.services.sm.ark_sm_session import ArkSMSession, ArkSMSessions, ArkSMSessionStatus
+from ark_sdk_python.models.services.sm.ark_sm_session_activity import ArkSMSessionActivities, ArkSMSessionActivity
+from ark_sdk_python.models.services.sm.ark_sm_session_activity_filter import ArkSMSessionActivitiesFilter
+from ark_sdk_python.models.services.sm.ark_sm_sessions_filter import ArkSMSessionsFilter
+from ark_sdk_python.models.services.sm.ark_sm_sessions_stats import ArkSMSessionsStats
+from ark_sdk_python.models.services.sm.ark_sm_workspace_type_serializer import serialize_sm_workspace_type
+
+__all__ = [
+    'ArkSMSession',
+    'ArkSMSessions',
+    'ArkSMSessionStatus',
+    'ArkSMSessionsFilter',
+    'ArkSMSessionsStats',
+    'ArkSMGetSession',
+    'ArkSMGetSessionActivities',
+    'ArkSMSessionActivity',
+    'ArkSMSessionActivities',
+    'ArkSMSessionActivitiesFilter',
+    'serialize_sm_workspace_type',
+    'serialize_sm_protocol_type',
+]

ark_sdk_python/models/services/sm/ark_sm_get_session.py

@@ -0,0 +1,7 @@
+from pydantic import Field
+
+from ark_sdk_python.models import ArkModel
+
+
+class ArkSMGetSession(ArkModel):
+    session_id: str = Field(description='Session id to get')

ark_sdk_python/models/services/sm/ark_sm_get_session_activities.py

@@ -0,0 +1,7 @@
+from pydantic import Field
+
+from ark_sdk_python.models import ArkModel
+
+
+class ArkSMGetSessionActivities(ArkModel):
+    session_id: str = Field(description='Session id to get the activities for')

ark_sdk_python/models/services/sm/ark_sm_protocol_type_serializer.py

@@ -0,0 +1,22 @@
+from ark_sdk_python.models import ArkException
+from ark_sdk_python.models.common import ArkProtocolType
+
+
+def serialize_sm_protocol_type(protocol_type: ArkProtocolType) -> str:
+    if isinstance(protocol_type, str):
+        protocol_type = ArkProtocolType(protocol_type)
+    if protocol_type == ArkProtocolType.SSH:
+        return 'SSH'
+    elif protocol_type == ArkProtocolType.RDP:
+        return 'RDP'
+    elif protocol_type == ArkProtocolType.CLI:
+        return 'CLI'
+    elif protocol_type == ArkProtocolType.CONSOLE:
+        return 'Console'
+    elif protocol_type == ArkProtocolType.HTTPS:
+        return 'HTTPS'
+    elif protocol_type == ArkProtocolType.K8S:
+        return 'K8S'
+    elif protocol_type == ArkProtocolType.DB:
+        return 'Database'
+    raise ArkException('Invalid SM Protocol Type')

ark_sdk_python/models/services/sm/ark_sm_session.py

@@ -0,0 +1,40 @@
+from datetime import datetime, timedelta
+from enum import Enum
+from typing import Any, Dict, List, Optional
+
+from pydantic import Field
+
+from ark_sdk_python.models import ArkCamelizedModel
+from ark_sdk_python.models.common import ArkAccessMethod, ArkApplicationCode, ArkProtocolType, ArkWorkspaceType
+
+
+class ArkSMSessionStatus(str, Enum):
+    ACTIVE = 'Active'
+    ENDED = 'Ended'
+    FAILED = 'Failed'
+
+
+class ArkSMSession(ArkCamelizedModel):
+    tenant_id: Optional[str] = Field(description='Tenant id of the session')
+    session_id: str = Field(description='Session id')
+    session_status: Optional[ArkSMSessionStatus] = Field(description='Status of the session')
+    session_duration: Optional[timedelta] = Field(description='Duration of the session in seconds')
+    end_reason: Optional[str] = Field(description='End reason for the session')
+    error_code: Optional[str] = Field(description='Error code for the session')
+    application_code: Optional[ArkApplicationCode] = Field(description='Application code of the session')
+    access_method: Optional[ArkAccessMethod] = Field(description='Access method of the session')
+    start_time: Optional[datetime] = Field(description='Start time of the session')
+    end_time: Optional[datetime] = Field(description='End time of the session')
+    user: Optional[str] = Field(description='Username of the session')
+    source: Optional[str] = Field(description='Source of the session (Usually Ip)')
+    target: Optional[str] = Field(description='Target of the session (Usually Ip/Dns)')
+    target_username: Optional[str] = Field(description='Target username of the session')
+    protocol: Optional[ArkProtocolType] = Field(description='Connection protocol of the session')
+    platform: Optional[ArkWorkspaceType] = Field(description='Connection platform of the session')
+    custom_data: Optional[Dict[str, Any]] = Field(description='Custom data of the session')
+
+
+class ArkSMSessions(ArkCamelizedModel):
+    sessions: List[ArkSMSession] = Field(description='List of the sessions')
+    filtered_count: int = Field(description='How many sessions were filtered')
+    returned_count: int = Field(description='How many sessions were returned')

ark_sdk_python/models/services/sm/ark_sm_session_activity.py

@@ -0,0 +1,31 @@
+from datetime import datetime
+from typing import List, Optional
+
+from pydantic import Field
+
+from ark_sdk_python.models import ArkCamelizedModel
+from ark_sdk_python.models.common import ArkApplicationCode
+
+
+class ArkSMSessionActivity(ArkCamelizedModel):
+    uuid: str = Field(description='ID of the audit')
+    tenant_id: str = Field(description='Tenant id of the audit')
+    timestamp: datetime = Field(description='Time of the audit')
+    username: str = Field(description='Username of the audit')
+    application_code: ArkApplicationCode = Field(description='Application code of the audit')
+    action: str = Field(description='Action performed for the audit')
+    user_id: str = Field(description='Id of the user who performed the audit')
+    source: str = Field(description='Source of the audit')
+    action_type: str = Field(description='Type of action for the audit')
+    audit_code: Optional[str] = Field(description='Audit code of the audit')
+    command: Optional[str] = Field(description='Command performed as part of the audit')
+    target: Optional[str] = Field(description='Target of the audit')
+    service_name: Optional[str] = Field(description='Service name of the audit')
+    session_id: Optional[str] = Field(description='Session id of the audit if related to a session')
+    message: Optional[str] = Field(description='Message of the audit')
+
+
+class ArkSMSessionActivities(ArkCamelizedModel):
+    activities: List[ArkSMSessionActivity] = Field(description='List of the session activities')
+    filtered_count: int = Field(description='How many session activities were filtered')
+    returned_count: int = Field(description='How many session activities were returned')

ark_sdk_python/models/services/sm/ark_sm_session_activity_filter.py

@@ -0,0 +1,8 @@
+from pydantic import Field
+
+from ark_sdk_python.models import ArkCamelizedModel
+
+
+class ArkSMSessionActivitiesFilter(ArkCamelizedModel):
+    session_id: str = Field(description='Session id to get')
+    command_contains: str = Field(description='String which the command contains')

ark_sdk_python/models/services/sm/ark_sm_sessions_filter.py

@@ -0,0 +1,30 @@
+from pydantic import Field, constr
+
+from ark_sdk_python.models import ArkCamelizedModel
+
+
+class ArkSMSessionsFilter(ArkCamelizedModel):
+    search: constr(max_length=4096) = Field(
+        description='Free text query to search sessions by. For example: "startTime GE 2023-11-18T06:53:30Z AND status IN Failed,Ended AND endReason STARTSWITH Err008"'
+    )
+
+    class Config:
+        schema_extra = {
+            'examples': [
+                {
+                    'search': 'duration LE 01:00:00',
+                },
+                {
+                    'search': 'startTime GE 2023-11-18T06:53:30Z',
+                },
+                {
+                    'search': 'status IN Failed,Ended AND endReason STARTSWITH Err008',
+                },
+                {
+                    'search': 'command STARTSWITH ls',
+                },
+                {
+                    'search': 'protocol IN SSH,RDP',
+                },
+            ]
+        }

ark_sdk_python/models/services/sm/ark_sm_sessions_stats.py

@@ -0,0 +1,46 @@
+from typing import Dict
+
+from pydantic import Field, validator
+
+from ark_sdk_python.models import ArkModel
+from ark_sdk_python.models.common import ArkApplicationCode, ArkProtocolType, ArkWorkspaceType
+from ark_sdk_python.models.services.sm.ark_sm_session import ArkSMSessionStatus
+
+
+class ArkSMSessionsStats(ArkModel):
+    sessions_count: int = Field(description='Sessions count in the last 30 days')
+    sessions_count_per_application_code: Dict[ArkApplicationCode, int] = Field(description='Sessions count per application code')
+    sessions_count_per_platform: Dict[ArkWorkspaceType, int] = Field(description='Sessions count per platform')
+    sessions_count_per_status: Dict[ArkSMSessionStatus, int] = Field(description='Sessions count per status')
+    sessions_count_per_protocol: Dict[ArkProtocolType, int] = Field(description='Sessions count per protocol')
+    sessions_failure_count: int = Field(description='Sessions count with failures')
+
+    # pylint: disable=no-self-use,no-self-argument
+    @validator('sessions_count_per_platform')
+    def validate_sessions_count_per_platform(cls, val):
+        for platform in val.keys():
+            if ArkWorkspaceType(platform) not in [
+                ArkWorkspaceType.AWS,
+                ArkWorkspaceType.AZURE,
+                ArkWorkspaceType.GCP,
+                ArkWorkspaceType.ONPREM,
+                ArkWorkspaceType.UNKNOWN,
+            ]:
+                raise ValueError('Invalid Platform / Workspace Type')
+        return val
+
+    # pylint: disable=no-self-use,no-self-argument
+    @validator('sessions_count_per_protocol')
+    def validate_sessions_count_per_protocol(cls, val):
+        for protocol in val.keys():
+            if ArkProtocolType(protocol) not in [
+                ArkProtocolType.SSH,
+                ArkProtocolType.RDP,
+                ArkProtocolType.CLI,
+                ArkProtocolType.CONSOLE,
+                ArkProtocolType.HTTPS,
+                ArkProtocolType.K8S,
+                ArkProtocolType.DB,
+            ]:
+                raise ValueError('Invalid Protocol Type')
+        return val

ark_sdk_python/models/services/sm/ark_sm_workspace_type_serializer.py

@@ -0,0 +1,18 @@
+from ark_sdk_python.models import ArkException
+from ark_sdk_python.models.common import ArkWorkspaceType
+
+
+def serialize_sm_workspace_type(ws_type: ArkWorkspaceType):
+    if isinstance(ws_type, str):
+        ws_type = ArkWorkspaceType(ws_type)
+    if ws_type == ArkWorkspaceType.AWS:
+        return 'AWS'
+    elif ws_type == ArkWorkspaceType.AZURE:
+        return 'Azure'
+    elif ws_type == ArkWorkspaceType.ONPREM:
+        return 'OnPrem'
+    elif ws_type == ArkWorkspaceType.GCP:
+        return 'GCP'
+    elif ws_type == ArkWorkspaceType.UNKNOWN:
+        return 'Unknown'
+    raise ArkException('Invalid SM Workspace Type')

ark_sdk_python/services/sm/__init__.py

@@ -0,0 +1,3 @@
+from ark_sdk_python.services.sm.ark_sm_service import ArkSMService
+
+__all__ = ['ArkSMService']